floppym 14/12/10 23:59:52
Added: 0025-Support-libopenconnect.so.4.patch
0016-Add-HOTP-support.patch
0028-Update-to-new-hash-handling-fix-to-match-stored-cert.patch
0026-Drop-support-for-libopenconnect.so.1.patch
0017-Always-return-success-from-auth-dialog.patch
Log:
Backport support for >=openconnect-7.0.
(Portage version: 2.2.15/cvs/Linux x86_64, signed Manifest commit with key
0BBEEA1FEA4843A4)
Revision Changes Path
1.1
net-misc/networkmanager-openconnect/files/0.9.10.0/0025-Support-libopenconnect.so.4.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/networkmanager-openconnect/files/0.9.10.0/0025-Support-libopenconnect.so.4.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/networkmanager-openconnect/files/0.9.10.0/0025-Support-libopenconnect.so.4.patch?rev=1.1&content-type=text/plain
Index: 0025-Support-libopenconnect.so.4.patch
===================================================================
>From 58944a3ef9c92f7afa07cbb539d062e1956bafc0 Mon Sep 17 00:00:00 2001
From: David Woodhouse <[email protected]>
Date: Thu, 30 Oct 2014 23:09:14 +0000
Subject: [PATCH 25/34] Support libopenconnect.so.4
---
auth-dialog/main.c | 38 ++++++++++++++++++++++++++------------
1 file changed, 26 insertions(+), 12 deletions(-)
diff --git a/auth-dialog/main.c b/auth-dialog/main.c
index 7171247..8285bf4 100644
--- a/auth-dialog/main.c
+++ b/auth-dialog/main.c
@@ -89,6 +89,21 @@
#define OC_FORM_RESULT_NEWGROUP 2
#endif
+#if OPENCONNECT_CHECK_VER(4,0)
+#define dup_option_value(opt) g_strdup((opt)->_value);
+#define OC3DUP(x) (x)
+#define write_config_const const
+#else
+#define dup_option_value(opt) g_strdup((opt)->value);
+#define openconnect_set_option_value(opt, val) do { \
+ struct oc_form_opt *_o = (opt); \
+ free(_o->value); _o->value = g_strdup(val); \
+ } while (0)
+#define openconnect_free_cert_info(v, x) free(x)
+#define OC3DUP(x) g_strdup(x)
+#define write_config_const /* */
+#endif
+
#ifdef OPENCONNECT_OPENSSL
#include <openssl/ssl.h>
#include <openssl/bio.h>
@@ -712,7 +727,7 @@ static gboolean ui_form (struct oc_auth_form *form)
data->entry_text = g_strdup
(find_form_answer(ui_data->secrets,
form, opt));
if (!data->entry_text)
- data->entry_text = g_strdup
(opt->value);
+ data->entry_text =
dup_option_value(opt);
} else {
GHashTable *attrs;
@@ -776,8 +791,7 @@ static gboolean set_initial_authgroup (auth_ui_data
*ui_data, struct oc_auth_for
for (i = 0; i < sopt->nr_choices; i++) {
struct oc_choice *ch = FORMCHOICE(sopt, i);
if (!strcmp(saved_group, ch->name) && i !=
AUTHGROUP_SELECTION(form)) {
- free(opt->value);
- opt->value = g_strdup(saved_group);
+ openconnect_set_option_value(opt, saved_group);
return TRUE;
}
}
@@ -823,7 +837,7 @@ static int nm_process_auth_form (void *cbdata, struct
oc_auth_form *form)
g_cancellable_cancel(data->cancel);
if (data->entry_text) {
- data->opt->value = g_strdup (data->entry_text);
+ openconnect_set_option_value(data->opt,
data->entry_text);
if (data->opt->type == OC_FORM_OPT_TEXT ||
data->opt->type == OC_FORM_OPT_SELECT) {
@@ -932,7 +946,7 @@ static gboolean user_validate_cert(cert_data *data)
text = gtk_text_view_new();
buffer = gtk_text_view_get_buffer(GTK_TEXT_VIEW(text));
gtk_text_buffer_set_text(buffer, details, -1);
- free(details);
+ openconnect_free_cert_info(data->ui_data->vpninfo, details);
gtk_text_view_set_editable(GTK_TEXT_VIEW(text), 0);
gtk_text_view_set_cursor_visible(GTK_TEXT_VIEW(text), FALSE);
gtk_container_add(GTK_CONTAINER(scroll), text);
@@ -1166,7 +1180,7 @@ static int get_config (GHashTable *options, GHashTable
*secrets,
cafile = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_CACERT);
if (cafile)
- openconnect_set_cafile(vpninfo, g_strdup (cafile));
+ openconnect_set_cafile(vpninfo, OC3DUP (cafile));
csd = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_CSD_ENABLE);
if (csd && !strcmp(csd, "yes")) {
@@ -1176,16 +1190,16 @@ static int get_config (GHashTable *options, GHashTable
*secrets,
if (csd_wrapper && !csd_wrapper[0])
csd_wrapper = NULL;
- openconnect_setup_csd(vpninfo, getuid(), 1, g_strdup
(csd_wrapper));
+ openconnect_setup_csd(vpninfo, getuid(), 1, OC3DUP
(csd_wrapper));
}
proxy = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_PROXY);
- if (proxy && proxy[0] && openconnect_set_http_proxy(vpninfo, g_strdup
(proxy)))
+ if (proxy && proxy[0] && openconnect_set_http_proxy(vpninfo, OC3DUP
(proxy)))
return -EINVAL;
cert = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_USERCERT);
sslkey = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_PRIVKEY);
- openconnect_set_client_cert (vpninfo, g_strdup (cert), g_strdup
(sslkey));
+ openconnect_set_client_cert (vpninfo, OC3DUP (cert), OC3DUP (sslkey));
pem_passphrase_fsid = g_hash_table_lookup (options,
NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID);
@@ -1245,7 +1259,7 @@ static int update_token(void *cbdata, const char *tok)
}
#endif
-static int write_new_config(void *cbdata, char *buf, int buflen)
+static int write_new_config(void *cbdata, write_config_const char *buf, int
buflen)
{
auth_ui_data *ui_data = cbdata;
g_hash_table_insert (ui_data->secrets, g_strdup ("xmlconfig"),
@@ -1472,11 +1486,11 @@ static void connect_host(auth_ui_data *ui_data)
if (openconnect_parse_url(ui_data->vpninfo, host->hostaddress)) {
fprintf(stderr, "Failed to parse server URL '%s'\n",
host->hostaddress);
- openconnect_set_hostname (ui_data->vpninfo,
g_strdup(host->hostaddress));
+ openconnect_set_hostname (ui_data->vpninfo, OC3DUP
(host->hostaddress));
}
if (!openconnect_get_urlpath(ui_data->vpninfo) && host->usergroup)
- openconnect_set_urlpath(ui_data->vpninfo,
g_strdup(host->usergroup));
+ openconnect_set_urlpath(ui_data->vpninfo, OC3DUP
(host->usergroup));
g_hash_table_insert (ui_data->success_secrets, g_strdup("lasthost"),
--
2.2.0
1.1
net-misc/networkmanager-openconnect/files/0.9.10.0/0016-Add-HOTP-support.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/networkmanager-openconnect/files/0.9.10.0/0016-Add-HOTP-support.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/networkmanager-openconnect/files/0.9.10.0/0016-Add-HOTP-support.patch?rev=1.1&content-type=text/plain
Index: 0016-Add-HOTP-support.patch
===================================================================
>From b3815e96635c8f89c6161bdb6de53cd3c01c8535 Mon Sep 17 00:00:00 2001
From: David Woodhouse <[email protected]>
Date: Tue, 12 Aug 2014 14:55:39 +0100
Subject: [PATCH 16/34] Add HOTP support
This requires migrating the token_secret from a config item to a secret,
which thankfully doesn't seem to be too diffcult.
---
auth-dialog/main.c | 24 +++++++++++++++++++++++-
properties/nm-openconnect-dialog.ui | 6 ++++++
properties/nm-openconnect.c | 18 ++++++++++++++----
3 files changed, 43 insertions(+), 5 deletions(-)
diff --git a/auth-dialog/main.c b/auth-dialog/main.c
index 2133e52..b078d48 100644
--- a/auth-dialog/main.c
+++ b/auth-dialog/main.c
@@ -1194,7 +1194,9 @@ static int get_config (GHashTable *options, GHashTable
*secrets,
openconnect_passphrase_from_fsid(vpninfo);
token_mode = g_hash_table_lookup (options,
NM_OPENCONNECT_KEY_TOKEN_MODE);
- token_secret = g_hash_table_lookup (options,
NM_OPENCONNECT_KEY_TOKEN_SECRET);
+ token_secret = g_hash_table_lookup (secrets,
NM_OPENCONNECT_KEY_TOKEN_SECRET);
+ if (!token_secret || !token_secret[0])
+ token_secret = g_hash_table_lookup (options,
NM_OPENCONNECT_KEY_TOKEN_SECRET);
if (token_mode) {
int ret = 0;
@@ -1204,6 +1206,10 @@ static int get_config (GHashTable *options, GHashTable
*secrets,
ret = __openconnect_set_token_mode(vpninfo,
OC_TOKEN_MODE_STOKEN, NULL);
else if (!strcmp(token_mode, "totp") && token_secret)
ret = __openconnect_set_token_mode(vpninfo,
OC_TOKEN_MODE_TOTP, token_secret);
+#if OPENCONNECT_CHECK_VER(3,4)
+ else if (!strcmp(token_mode, "hotp") && token_secret)
+ ret = __openconnect_set_token_mode(vpninfo,
OC_TOKEN_MODE_HOTP, token_secret);
+#endif
if (ret)
fprintf(stderr, "Failed to initialize software token:
%d\n", ret);
@@ -1229,6 +1235,17 @@ static void populate_vpnhost_combo(auth_ui_data *ui_data)
}
}
+#if OPENCONNECT_CHECK_VER(3,4)
+static int update_token(void *cbdata, const char *tok)
+{
+ auth_ui_data *ui_data = cbdata;
+ g_hash_table_insert (ui_data->secrets, g_strdup
(NM_OPENCONNECT_KEY_TOKEN_SECRET),
+ g_strdup(tok));
+
+ return 0;
+}
+#endif
+
static int write_new_config(void *cbdata, char *buf, int buflen)
{
auth_ui_data *ui_data = cbdata;
@@ -1801,6 +1818,11 @@ int main (int argc, char **argv)
fprintf(stderr, "Failed to find VPN UUID %s\n", vpn_uuid);
return 1;
}
+
+#if OPENCONNECT_CHECK_VER(3,4)
+ openconnect_set_token_callbacks (_ui_data->vpninfo, _ui_data, NULL,
update_token);
+#endif
+
build_main_dialog(_ui_data);
#ifdef OPENCONNECT_OPENSSL
diff --git a/properties/nm-openconnect-dialog.ui
b/properties/nm-openconnect-dialog.ui
index b3401db..4643b73 100644
--- a/properties/nm-openconnect-dialog.ui
+++ b/properties/nm-openconnect-dialog.ui
@@ -766,6 +766,12 @@
<col id="2" translatable="no">totp</col>
<col id="3" translatable="no">True</col>
</row>
+ <row>
+ <col id="0" translatable="yes">HOTP - manually entered</col>
+ <col id="1" translatable="no">hotp</col>
+ <col id="2" translatable="no">hotp</col>
+ <col id="3" translatable="no">True</col>
+ </row>
</data>
</object>
</interface>
diff --git a/properties/nm-openconnect.c b/properties/nm-openconnect.c
index e00e757..dfd5f5c 100644
--- a/properties/nm-openconnect.c
+++ b/properties/nm-openconnect.c
@@ -214,7 +214,7 @@ import (NMVpnPluginUiInterface *iface, const char *path,
GError **error)
/* Soft token secret */
buf = g_key_file_get_string (keyfile, "openconnect", "StokenString",
NULL);
if (buf)
- nm_setting_vpn_add_data_item (s_vpn,
NM_OPENCONNECT_KEY_TOKEN_SECRET, buf);
+ nm_setting_vpn_add_secret (s_vpn,
NM_OPENCONNECT_KEY_TOKEN_SECRET, buf);
return connection;
}
@@ -297,9 +297,14 @@ export (NMVpnPluginUiInterface *iface,
if (value && strlen (value))
token_mode = value;
- value = nm_setting_vpn_get_data_item (s_vpn,
NM_OPENCONNECT_KEY_TOKEN_SECRET);
+ value = nm_setting_vpn_get_secret (s_vpn,
NM_OPENCONNECT_KEY_TOKEN_SECRET);
if (value && strlen (value))
token_secret = value;
+ else {
+ value = nm_setting_vpn_get_data_item (s_vpn,
NM_OPENCONNECT_KEY_TOKEN_SECRET);
+ if (value && strlen (value))
+ token_secret = value;
+ }
fprintf (f,
"[openconnect]\n"
@@ -427,6 +432,9 @@ init_token_mode_options (GtkComboBox *token_mode)
iter_valid = gtk_list_store_remove (token_mode_list,
&iter);
else if (!strcmp (token_type, "totp") &&
!openconnect_has_oath_support ())
iter_valid = gtk_list_store_remove (token_mode_list,
&iter);
+ else if (!strcmp (token_type, "hotp") &&
+ (!openconnect_has_oath_support () ||
!OPENCONNECT_CHECK_VER(3,4)))
+ iter_valid = gtk_list_store_remove (token_mode_list,
&iter);
else {
iter_valid = gtk_tree_model_iter_next (model, &iter);
valid_rows++;
@@ -492,7 +500,9 @@ init_token_ui (OpenconnectPluginUiWidget *self,
if (!buffer)
return FALSE;
if (s_vpn) {
- value = nm_setting_vpn_get_data_item (s_vpn,
NM_OPENCONNECT_KEY_TOKEN_SECRET);
+ value = nm_setting_vpn_get_secret (s_vpn,
NM_OPENCONNECT_KEY_TOKEN_SECRET);
+ if (!value)
+ value = nm_setting_vpn_get_data_item (s_vpn,
NM_OPENCONNECT_KEY_TOKEN_SECRET);
if (value)
gtk_text_buffer_set_text (buffer, value, -1);
}
@@ -653,7 +663,7 @@ update_connection (NMVpnPluginUiWidgetInterface *iface,
*dst = 0;
if (strlen (str))
- nm_setting_vpn_add_data_item (s_vpn,
NM_OPENCONNECT_KEY_TOKEN_SECRET, str);
+ nm_setting_vpn_add_secret (s_vpn,
NM_OPENCONNECT_KEY_TOKEN_SECRET, str);
}
if (!check_validity (self, error))
--
2.2.0
1.1
net-misc/networkmanager-openconnect/files/0.9.10.0/0028-Update-to-new-hash-handling-fix-to-match-stored-cert.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/networkmanager-openconnect/files/0.9.10.0/0028-Update-to-new-hash-handling-fix-to-match-stored-cert.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/networkmanager-openconnect/files/0.9.10.0/0028-Update-to-new-hash-handling-fix-to-match-stored-cert.patch?rev=1.1&content-type=text/plain
Index: 0028-Update-to-new-hash-handling-fix-to-match-stored-cert.patch
===================================================================
>From 2dc45e25b200e1b70e862f46c9f7ad652e59c8a2 Mon Sep 17 00:00:00 2001
From: David Woodhouse <[email protected]>
Date: Mon, 3 Nov 2014 17:39:43 +0000
Subject: [PATCH 28/34] Update to new hash handling, fix to match stored certs
only for the same host/port
---
auth-dialog/main.c | 90 +++++++++++++++++++++++++++++-------------------------
1 file changed, 49 insertions(+), 41 deletions(-)
diff --git a/auth-dialog/main.c b/auth-dialog/main.c
index df0146c..38f3a8f 100644
--- a/auth-dialog/main.c
+++ b/auth-dialog/main.c
@@ -694,7 +694,7 @@ static char* get_title(const char *vpn_name)
typedef struct cert_data {
auth_ui_data *ui_data;
- OPENCONNECT_X509 *peer_cert;
+ char *cert_details;
const char *reason;
} cert_data;
@@ -722,13 +722,10 @@ static gboolean user_validate_cert(cert_data *data)
{
auth_ui_data *ui_data = _ui_data; /* FIXME global */
char *title;
- char *details;
GtkWidget *dlg, *text, *scroll;
GtkTextBuffer *buffer;
int result;
- details = openconnect_get_cert_details(ui_data->vpninfo,
data->peer_cert);
-
title = get_title(data->ui_data->vpn_name);
dlg = gtk_message_dialog_new(NULL, 0, GTK_MESSAGE_QUESTION,
GTK_BUTTONS_OK_CANCEL,
@@ -751,8 +748,7 @@ static gboolean user_validate_cert(cert_data *data)
text = gtk_text_view_new();
buffer = gtk_text_view_get_buffer(GTK_TEXT_VIEW(text));
- gtk_text_buffer_set_text(buffer, details, -1);
- openconnect_free_cert_info(data->ui_data->vpninfo, details);
+ gtk_text_buffer_set_text(buffer, data->cert_details, -1);
gtk_text_view_set_editable(GTK_TEXT_VIEW(text), 0);
gtk_text_view_set_cursor_visible(GTK_TEXT_VIEW(text), FALSE);
gtk_container_add(GTK_CONTAINER(scroll), text);
@@ -775,36 +771,40 @@ static gboolean user_validate_cert(cert_data *data)
/* runs in worker thread */
static int validate_peer_cert(void *cbdata,
- OPENCONNECT_X509 *peer_cert, const char *reason)
+#if !OPENCONNECT_CHECK_VER(5,0)
+ OPENCONNECT_X509 *peer_cert,
+#endif
+ const char *reason)
{
auth_ui_data *ui_data = cbdata;
- char fingerprint[41];
- char *certs_data;
int ret = 0;
cert_data *data;
+ char *certkey;
+ char *accepted_hash = NULL;
+#if OPENCONNECT_CHECK_VER(5,0)
+ const char *fingerprint =
openconnect_get_peer_cert_hash(ui_data->vpninfo);
+#else
+ char fingerprint[41];
ret = openconnect_get_cert_sha1(ui_data->vpninfo, peer_cert,
fingerprint);
if (ret)
return ret;
- certs_data = g_hash_table_lookup (ui_data->secrets, "certsigs");
- if (certs_data) {
- char **certs = g_strsplit_set(certs_data, "\t", 0);
- char **this = certs;
+#define openconnect_check_peer_cert_hash(v, h) strcmp(h, fingerprint)
+#define openconnect_get_peer_cert_details(v) openconnect_get_cert_details(v,
peer_cert);
+#endif
- while (*this) {
- if (!strcmp(*this, fingerprint)) {
- g_strfreev(certs);
- goto out;
- }
- this++;
- }
- g_strfreev(certs);
- }
+ certkey = g_strdup_printf ("certificate:%s:%d",
+ openconnect_get_hostname(ui_data->vpninfo),
+ openconnect_get_port(ui_data->vpninfo));
+
+ accepted_hash = g_hash_table_lookup (ui_data->secrets, certkey);
+ if (accepted_hash &&
!openconnect_check_peer_cert_hash(ui_data->vpninfo, accepted_hash))
+ goto accepted;
data = g_slice_new(cert_data);
data->ui_data = ui_data; /* FIXME uses global */
- data->peer_cert = peer_cert;
+ data->cert_details =
openconnect_get_peer_cert_details(ui_data->vpninfo);
data->reason = reason;
g_mutex_lock(&ui_data->form_mutex);
@@ -813,27 +813,27 @@ static int validate_peer_cert(void *cbdata,
g_idle_add((GSourceFunc)user_validate_cert, data);
/* wait for user to accept or cancel */
- while (ui_data->cert_response == CERT_USER_NOT_READY) {
+ while (ui_data->cert_response == CERT_USER_NOT_READY)
g_cond_wait(&ui_data->cert_response_changed,
&ui_data->form_mutex);
- }
- if (ui_data->cert_response == CERT_ACCEPTED) {
- if (certs_data) {
- char *new = g_strdup_printf("%s\t%s", certs_data,
fingerprint);
- g_hash_table_insert (ui_data->secrets,
- g_strdup ("certsigs"), new);
- } else {
- g_hash_table_insert (ui_data->secrets, g_strdup
("certsigs"),
- g_strdup (fingerprint));
- }
+
+ openconnect_free_cert_info(data->ui_data->vpninfo, data->cert_details);
+ g_slice_free(cert_data, data);
+
+ if (ui_data->cert_response == CERT_ACCEPTED)
ret = 0;
- } else {
+ else
ret = -EINVAL;
- }
+
g_mutex_unlock (&ui_data->form_mutex);
- g_slice_free(cert_data, data);
+ accepted:
+ if (!ret) {
+ g_hash_table_insert (ui_data->secrets, certkey,
+ g_strdup(fingerprint));
+ certkey = NULL;
+ }
- out:
+ g_free (certkey);
return ret;
}
@@ -1196,7 +1196,7 @@ static gboolean cookie_obtained(auth_ui_data *ui_data)
gtk_widget_set_sensitive(ui_data->cancel_button, FALSE);
}
} else if (!ui_data->cookie_retval) {
- OPENCONNECT_X509 *cert;
+ const void *cert;
gchar *key, *value;
/* got cookie */
@@ -1218,14 +1218,22 @@ static gboolean cookie_obtained(auth_ui_data *ui_data)
g_hash_table_insert (ui_data->secrets, key, value);
openconnect_clear_cookie(ui_data->vpninfo);
+#if OPENCONNECT_CHECK_VER(5,0)
+ cert = openconnect_get_peer_cert_hash (ui_data->vpninfo);
+ if (cert) {
+ key = g_strdup (NM_OPENCONNECT_KEY_GWCERT);
+ value = g_strdup (cert);
+ g_hash_table_insert (ui_data->secrets, key, value);
+ }
+#else
cert = openconnect_get_peer_cert (ui_data->vpninfo);
if (cert) {
key = g_strdup (NM_OPENCONNECT_KEY_GWCERT);
value = g_malloc0 (41);
- openconnect_get_cert_sha1(ui_data->vpninfo, cert,
value);
+ openconnect_get_cert_sha1(ui_data->vpninfo, (void
*)cert, value);
g_hash_table_insert (ui_data->secrets, key, value);
}
-
+#endif
if (get_save_passwords(ui_data->secrets)) {
g_hash_table_foreach(ui_data->success_passwords,
keyring_store_passwords,
--
2.2.0
1.1
net-misc/networkmanager-openconnect/files/0.9.10.0/0026-Drop-support-for-libopenconnect.so.1.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/networkmanager-openconnect/files/0.9.10.0/0026-Drop-support-for-libopenconnect.so.1.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/networkmanager-openconnect/files/0.9.10.0/0026-Drop-support-for-libopenconnect.so.1.patch?rev=1.1&content-type=text/plain
Index: 0026-Drop-support-for-libopenconnect.so.1.patch
===================================================================
>From b8c7e773204d3b4a85a27d7d2ae58dfc1939e1a8 Mon Sep 17 00:00:00 2001
From: David Woodhouse <[email protected]>
Date: Thu, 30 Oct 2014 23:16:20 +0000
Subject: [PATCH 26/34] Drop support for libopenconnect.so.1
---
auth-dialog/main.c | 201 +----------------------------------------------------
1 file changed, 2 insertions(+), 199 deletions(-)
diff --git a/auth-dialog/main.c b/auth-dialog/main.c
index 8285bf4..df0146c 100644
--- a/auth-dialog/main.c
+++ b/auth-dialog/main.c
@@ -49,20 +49,6 @@
#include "openconnect.h"
-#if OPENCONNECT_API_VERSION_MAJOR == 1
-#define openconnect_vpninfo_new openconnect_vpninfo_new_with_cbdata
-#define openconnect_init_ssl openconnect_init_openssl
-#endif
-
-#ifndef OPENCONNECT_CHECK_VER
-#define OPENCONNECT_CHECK_VER(x,y) 0
-#endif
-
-#if !OPENCONNECT_CHECK_VER(1,5)
-#define OPENCONNECT_X509 X509
-#define OPENCONNECT_OPENSSL
-#endif
-
#if !OPENCONNECT_CHECK_VER(2,1)
#define __openconnect_set_token_mode(...) -EOPNOTSUPP
#elif !OPENCONNECT_CHECK_VER(2,2)
@@ -104,12 +90,6 @@
#define write_config_const /* */
#endif
-#ifdef OPENCONNECT_OPENSSL
-#include <openssl/ssl.h>
-#include <openssl/bio.h>
-#include <openssl/ui.h>
-#endif
-
static const SecretSchema openconnect_secret_schema = {
"org.freedesktop.NetworkManager.Connection.Openconnect",
SECRET_SCHEMA_DONT_MATCH_NAME,
@@ -301,9 +281,6 @@ typedef struct ui_fragment_data {
GtkWidget *entry;
GCancellable *cancel;
auth_ui_data *ui_data;
-#ifdef OPENCONNECT_OPENSSL
- UI_STRING *uis;
-#endif
struct oc_form_opt *opt;
char *entry_text;
int initial_selection;
@@ -315,27 +292,9 @@ static void entry_activate_cb(GtkWidget *widget,
auth_ui_data *ui_data)
gtk_dialog_response(GTK_DIALOG(ui_data->dialog),
AUTH_DIALOG_RESPONSE_LOGIN);
}
-#ifdef OPENCONNECT_OPENSSL
-static void do_check_visibility(ui_fragment_data *data, gboolean *visible)
-{
- int min_len;
-
- if (!data->uis)
- return;
-
- min_len = UI_get_result_minsize(data->uis);
-
- if (min_len && (!data->entry_text || strlen(data->entry_text) <
min_len))
- *visible = FALSE;
-}
-#endif
static void evaluate_login_visibility(auth_ui_data *ui_data)
{
gboolean visible = TRUE;
-#ifdef OPENCONNECT_OPENSSL
- g_queue_foreach(ui_data->form_entries, (GFunc)do_check_visibility,
- &visible);
-#endif
gtk_widget_set_sensitive (ui_data->login_button, visible);
}
@@ -343,9 +302,6 @@ static void entry_changed(GtkEntry *entry, ui_fragment_data
*data)
{
g_free (data->entry_text);
data->entry_text = g_strdup(gtk_entry_get_text(entry));
-#ifdef OPENCONNECT_OPENSSL
- evaluate_login_visibility(data->ui_data);
-#endif
}
static void do_override_label(ui_fragment_data *data, struct oc_choice *choice)
@@ -387,26 +343,6 @@ static void combo_changed(GtkComboBox *combo,
ui_fragment_data *data)
FORMCHOICE(sopt, entry));
}
-#ifdef OPENCONNECT_OPENSSL
-static gboolean ui_write_error (ui_fragment_data *data)
-{
- ssl_box_add_error(data->ui_data, UI_get0_output_string(data->uis));
-
- g_slice_free (ui_fragment_data, data);
-
- return FALSE;
-}
-
-static gboolean ui_write_info (ui_fragment_data *data)
-{
- ssl_box_add_info(data->ui_data, UI_get0_output_string(data->uis));
-
- g_slice_free (ui_fragment_data, data);
-
- return FALSE;
-}
-#endif
-
static gboolean ui_write_prompt (ui_fragment_data *data)
{
auth_ui_data *ui_data = _ui_data; /* FIXME global */
@@ -414,16 +350,8 @@ static gboolean ui_write_prompt (ui_fragment_data *data)
int visible;
const char *label;
-#ifdef OPENCONNECT_OPENSSL
- if (data->uis) {
- label = UI_get0_output_string(data->uis);
- visible = UI_get_input_flags(data->uis) & UI_INPUT_FLAG_ECHO;
- } else
-#endif
- {
- label = data->opt->label;
- visible = (data->opt->type == OC_FORM_OPT_TEXT);
- }
+ label = data->opt->label;
+ visible = (data->opt->type == OC_FORM_OPT_TEXT);
hbox = gtk_box_new (GTK_ORIENTATION_HORIZONTAL, 0);
gtk_box_pack_start(GTK_BOX(data->ui_data->ssl_box), hbox, FALSE, FALSE,
0);
@@ -512,128 +440,6 @@ static gboolean ui_show (auth_ui_data *ui_data)
return FALSE;
}
-#ifdef OPENCONNECT_OPENSSL
-/* runs in worker thread */
-static int ui_open(UI *ui)
-{
- auth_ui_data *ui_data = _ui_data; /* FIXME global */
-
- UI_add_user_data(ui, ui_data);
-
- return 1;
-}
-
-/* runs in worker thread */
-static int ui_write(UI *ui, UI_STRING *uis)
-{
- auth_ui_data *ui_data;
- ui_fragment_data *data;
-
- ui_data = UI_get0_user_data(ui);
-
- /* return if a new host has been selected */
- if (ui_data->cancelled) {
- return 1;
- }
-
- data = g_slice_new0 (ui_fragment_data);
- data->ui_data = ui_data;
- data->uis = uis;
-
- switch(UI_get_string_type(uis)) {
- case UIT_ERROR:
- g_idle_add ((GSourceFunc)ui_write_error, data);
- break;
-
- case UIT_INFO:
- g_idle_add ((GSourceFunc)ui_write_info, data);
- break;
-
- case UIT_PROMPT:
- case UIT_VERIFY:
- g_mutex_lock (&ui_data->form_mutex);
- g_queue_push_head(ui_data->form_entries, data);
- g_mutex_unlock (&ui_data->form_mutex);
-
- g_idle_add ((GSourceFunc)ui_write_prompt, data);
- break;
-
- case UIT_BOOLEAN:
- /* FIXME */
- case UIT_NONE:
- default:
- g_slice_free (ui_fragment_data, data);
- }
- return 1;
-}
-
-/* runs in worker thread */
-static int ui_flush(UI* ui)
-{
- auth_ui_data *ui_data;
- int response;
-
- ui_data = UI_get0_user_data(ui);
-
- g_idle_add((GSourceFunc)ui_show, ui_data);
- g_mutex_lock(&ui_data->form_mutex);
- /* wait for ui to show */
- while (!ui_data->form_shown) {
- g_cond_wait(&ui_data->form_shown_changed, &ui_data->form_mutex);
- }
- ui_data->form_shown = FALSE;
-
- if (!ui_data->cancelled) {
- /* wait for form submission or cancel */
- while (!ui_data->form_retval) {
- g_cond_wait(&ui_data->form_retval_changed,
&ui_data->form_mutex);
- }
- response = GPOINTER_TO_INT (ui_data->form_retval);
- ui_data->form_retval = NULL;
- } else
- response = AUTH_DIALOG_RESPONSE_CANCEL;
-
- /* set entry results and free temporary data structures */
- while (!g_queue_is_empty (ui_data->form_entries)) {
- ui_fragment_data *data;
- data = g_queue_pop_tail (ui_data->form_entries);
- if (data->entry_text) {
- UI_set_result(ui, data->uis, data->entry_text);
- }
- if (data->cancel) {
- g_cancellable_cancel(data->cancel);
- }
- g_slice_free (ui_fragment_data, data);
- }
- ui_data->form_grabbed = 0;
- g_mutex_unlock(&ui_data->form_mutex);
-
- /* -1 = cancel,
- * 0 = failure,
- * 1 = success */
- return (response == AUTH_DIALOG_RESPONSE_LOGIN ? 1 : -1);
-}
-
-/* runs in worker thread */
-static int ui_close(UI *ui)
-{
- return 1;
-}
-
-static int init_openssl_ui(void)
-{
- UI_METHOD *ui_method = UI_create_method("OpenConnect VPN UI (gtk)");
-
- UI_method_set_opener(ui_method, ui_open);
- UI_method_set_flusher(ui_method, ui_flush);
- UI_method_set_writer(ui_method, ui_write);
- UI_method_set_closer(ui_method, ui_close);
-
- UI_set_default_method(ui_method);
- return 0;
-}
-#endif /* OPENCONNECT_OPENSSL */
-
static char *find_form_answer(GHashTable *secrets, struct oc_auth_form *form,
struct oc_form_opt *opt)
{
@@ -1834,9 +1640,6 @@ int main (int argc, char **argv)
build_main_dialog(_ui_data);
-#ifdef OPENCONNECT_OPENSSL
- init_openssl_ui();
-#endif
openconnect_init_ssl();
/* Start connecting now if there's only one host. Or if configured to */
--
2.2.0
1.1
net-misc/networkmanager-openconnect/files/0.9.10.0/0017-Always-return-success-from-auth-dialog.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/networkmanager-openconnect/files/0.9.10.0/0017-Always-return-success-from-auth-dialog.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/networkmanager-openconnect/files/0.9.10.0/0017-Always-return-success-from-auth-dialog.patch?rev=1.1&content-type=text/plain
Index: 0017-Always-return-success-from-auth-dialog.patch
===================================================================
>From 5e899ec0dfff56ac15f9e19cccb8b8d17f792afd Mon Sep 17 00:00:00 2001
From: David Woodhouse <[email protected]>
Date: Tue, 12 Aug 2014 14:58:05 +0100
Subject: [PATCH 17/34] Always return success from auth-dialog
We want to store the secrets even when we ultimately failed to log in.
This was slightly suboptimal even before, when we were failing to remember
things like the 'autoconnect' and 'certsigs' secrets. But now with HOTP
it's particularly important that we keep track of which tokens have been
used *even* if we end up failing to log in.
Even if we don't get a valid login cookie, it's OK to return success.
---
auth-dialog/main.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/auth-dialog/main.c b/auth-dialog/main.c
index b078d48..7171247 100644
--- a/auth-dialog/main.c
+++ b/auth-dialog/main.c
@@ -180,7 +180,6 @@ typedef struct auth_ui_data {
GtkWidget *last_notice_icon;
GtkTextBuffer *log;
- int retval;
int cookie_retval;
int cancel_pipes[2];
@@ -1376,7 +1375,6 @@ static gboolean cookie_obtained(auth_ui_data *ui_data)
gtk_widget_show_all(ui_data->ssl_box);
gtk_widget_set_sensitive(ui_data->cancel_button, FALSE);
}
- ui_data->retval = 1;
} else if (!ui_data->cookie_retval) {
OPENCONNECT_X509 *cert;
gchar *key, *value;
@@ -1413,13 +1411,11 @@ static gboolean cookie_obtained(auth_ui_data *ui_data)
keyring_store_passwords,
NULL);
}
- ui_data->retval = 0;
gtk_main_quit();
} else {
/* no cookie; user cancellation */
gtk_widget_show (ui_data->no_form_label);
- ui_data->retval = 1;
}
g_hash_table_remove_all (ui_data->success_secrets);
@@ -1672,7 +1668,6 @@ static auth_ui_data *init_ui_data (char *vpn_name,
GHashTable *options, GHashTab
auth_ui_data *ui_data;
ui_data = g_slice_new0(auth_ui_data);
- ui_data->retval = 1;
ui_data->form_entries = g_queue_new();
g_mutex_init(&ui_data->form_mutex);
@@ -1848,5 +1843,5 @@ int main (int argc, char **argv)
wait_for_quit ();
- return _ui_data->retval;
+ return 0;
}
--
2.2.0
