mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-10-15 04:24:32 +00:00
cli,tui: merge branch 'dwmw2:openconnect-cli'
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1625
This commit is contained in:
commit
a206042eda
|
@ -16,6 +16,7 @@
|
|||
#include <net/if.h>
|
||||
|
||||
#include "nm-client-utils.h"
|
||||
#include "nm-secret-agent-simple.h"
|
||||
#include "nm-utils.h"
|
||||
#include "libnm-glib-aux/nm-io-utils.h"
|
||||
#include "libnm-glib-aux/nm-secret-utils.h"
|
||||
|
@ -160,9 +161,10 @@ nm_vpn_get_secret_names(const char *service_type)
|
|||
};
|
||||
|
||||
if (NM_IN_STRSET(type, "openconnect")) {
|
||||
return _VPN_PASSWORD_LIST({"gateway", N_("Gateway")},
|
||||
return _VPN_PASSWORD_LIST({"gateway", N_("Gateway URL")},
|
||||
{"cookie", N_("Cookie")},
|
||||
{"gwcert", N_("Gateway certificate hash")}, );
|
||||
{"gwcert", N_("Gateway certificate hash")},
|
||||
{"resolve", N_("Gateway DNS resolution ('host:IP')")}, );
|
||||
};
|
||||
|
||||
return NULL;
|
||||
|
@ -186,18 +188,105 @@ _extract_variable_value(char *line, const char *tag, char **value)
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
gboolean
|
||||
nm_vpn_openconnect_authenticate_helper(const char *host,
|
||||
char **cookie,
|
||||
char **gateway,
|
||||
char **gwcert,
|
||||
int *status,
|
||||
GError **error)
|
||||
#define NM_OPENCONNECT_KEY_GATEWAY "gateway"
|
||||
#define NM_OPENCONNECT_KEY_COOKIE "cookie"
|
||||
#define NM_OPENCONNECT_KEY_GWCERT "gwcert"
|
||||
#define NM_OPENCONNECT_KEY_RESOLVE "resolve"
|
||||
#define NM_OPENCONNECT_KEY_AUTHTYPE "authtype"
|
||||
#define NM_OPENCONNECT_KEY_USERCERT "usercert"
|
||||
#define NM_OPENCONNECT_KEY_CACERT "cacert"
|
||||
#define NM_OPENCONNECT_KEY_PRIVKEY "userkey"
|
||||
#define NM_OPENCONNECT_KEY_KEY_PASS "key_pass"
|
||||
#define NM_OPENCONNECT_KEY_MTU "mtu"
|
||||
#define NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID "pem_passphrase_fsid"
|
||||
#define NM_OPENCONNECT_KEY_PREVENT_INVALID_CERT "prevent_invalid_cert"
|
||||
#define NM_OPENCONNECT_KEY_DISABLE_UDP "disable_udp"
|
||||
#define NM_OPENCONNECT_KEY_PROTOCOL "protocol"
|
||||
#define NM_OPENCONNECT_KEY_PROXY "proxy"
|
||||
#define NM_OPENCONNECT_KEY_CSD_ENABLE "enable_csd_trojan"
|
||||
#define NM_OPENCONNECT_KEY_USERAGENT "useragent"
|
||||
#define NM_OPENCONNECT_KEY_CSD_WRAPPER "csd_wrapper"
|
||||
#define NM_OPENCONNECT_KEY_TOKEN_MODE "stoken_source"
|
||||
#define NM_OPENCONNECT_KEY_TOKEN_SECRET "stoken_string"
|
||||
#define NM_OPENCONNECT_KEY_REPORTED_OS "reported_os"
|
||||
#define NM_OPENCONNECT_KEY_MCACERT "mcacert"
|
||||
#define NM_OPENCONNECT_KEY_MCAKEY "mcakey"
|
||||
#define NM_OPENCONNECT_KEY_MCA_PASS "mca_key_pass"
|
||||
|
||||
struct {
|
||||
const char *property;
|
||||
const char *cmdline;
|
||||
} oc_property_args[] = {
|
||||
{NM_OPENCONNECT_KEY_USERCERT, "--certificate"},
|
||||
{NM_OPENCONNECT_KEY_CACERT, "--caflle"},
|
||||
{NM_OPENCONNECT_KEY_PRIVKEY, "--sslkey"},
|
||||
{NM_OPENCONNECT_KEY_KEY_PASS, "--key-password"},
|
||||
{NM_OPENCONNECT_KEY_PROTOCOL, "--protocol"},
|
||||
{NM_OPENCONNECT_KEY_PROXY, "--proxy"},
|
||||
{NM_OPENCONNECT_KEY_USERAGENT, "--useragent"},
|
||||
{NM_OPENCONNECT_KEY_REPORTED_OS, "--os"},
|
||||
{NM_OPENCONNECT_KEY_MCACERT, "--mca-certificate"},
|
||||
{NM_OPENCONNECT_KEY_MCAKEY, "--mca-key"},
|
||||
{NM_OPENCONNECT_KEY_MCA_PASS, "--mca-key-password"},
|
||||
};
|
||||
|
||||
#define NR_OC_STRING_PROPS (sizeof(oc_property_args) / sizeof(oc_property_args[0]))
|
||||
#define OC_ARGS_MAX (12 + 2 * NR_OC_STRING_PROPS)
|
||||
|
||||
/*
|
||||
* For old versions of openconnect we need to extract the port# and
|
||||
* append it to the hostname that is returned to us. Use a cut-down
|
||||
* version of openconnect's own internal_parse_url() function.
|
||||
*/
|
||||
static int
|
||||
extract_url_port(const char *url)
|
||||
{
|
||||
gs_free char *output = NULL;
|
||||
gs_free const char **output_v = NULL;
|
||||
const char *host, *port_str, *path;
|
||||
char *end;
|
||||
int port_nr;
|
||||
|
||||
/* Skip the scheme, if present */
|
||||
host = strstr(url, "://");
|
||||
if (host)
|
||||
host += 3;
|
||||
else
|
||||
host = url;
|
||||
|
||||
port_str = strrchr(host, ':');
|
||||
if (!port_str)
|
||||
return 0;
|
||||
|
||||
/*
|
||||
* If the host is an IPv6 literal, port_str may point somewhere
|
||||
* inside it rather than to an actual port#. But IPv6 literals
|
||||
* are always enclosed in [], e.g. '[fec0::1]:443'. So we check
|
||||
* that the end pointer returned by strtol points exactly to the
|
||||
* end of the hostname (either the end of the string, or to the
|
||||
* first '/' of the path element if there is one).
|
||||
*/
|
||||
path = strchr(host, '/');
|
||||
port_nr = strtol(port_str + 1, &end, 10);
|
||||
|
||||
if (end == path || (!path && !*end))
|
||||
return port_nr;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
gboolean
|
||||
nm_vpn_openconnect_authenticate_helper(NMSettingVpn *s_vpn, GPtrArray *secrets, GError **error)
|
||||
{
|
||||
gs_free char *output = NULL;
|
||||
gs_free char *legacy_host = NULL;
|
||||
gs_free char *connect_url = NULL;
|
||||
gs_free char *cookie = NULL;
|
||||
gs_free char *gwcert = NULL;
|
||||
gs_free char *resolve = NULL;
|
||||
gs_free const char **output_v = NULL;
|
||||
int status = 0;
|
||||
const char *const *iter;
|
||||
const char *path;
|
||||
const char *opt;
|
||||
const char *const DEFAULT_PATHS[] = {
|
||||
"/sbin/",
|
||||
"/usr/sbin/",
|
||||
|
@ -207,6 +296,22 @@ nm_vpn_openconnect_authenticate_helper(const char *host,
|
|||
"/usr/local/bin/",
|
||||
NULL,
|
||||
};
|
||||
int port = 0;
|
||||
const char *gw;
|
||||
const char *oc_argv[OC_ARGS_MAX];
|
||||
int i, oc_argc = 0;
|
||||
|
||||
/* Get gateway and port */
|
||||
gw = nm_setting_vpn_get_data_item(s_vpn, "gateway");
|
||||
if (!gw) {
|
||||
g_set_error(error,
|
||||
NM_VPN_PLUGIN_ERROR,
|
||||
NM_VPN_PLUGIN_ERROR_FAILED,
|
||||
_("no gateway configured"));
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
port = extract_url_port(gw);
|
||||
|
||||
path = nm_utils_file_search_in_paths("openconnect",
|
||||
"/usr/sbin/openconnect",
|
||||
|
@ -218,31 +323,143 @@ nm_vpn_openconnect_authenticate_helper(const char *host,
|
|||
if (!path)
|
||||
return FALSE;
|
||||
|
||||
oc_argv[oc_argc++] = path;
|
||||
oc_argv[oc_argc++] = "--authenticate";
|
||||
oc_argv[oc_argc++] = gw;
|
||||
|
||||
for (i = 0; i < NR_OC_STRING_PROPS; i++) {
|
||||
opt = nm_setting_vpn_get_data_item(s_vpn, oc_property_args[i].property);
|
||||
if (opt) {
|
||||
oc_argv[oc_argc++] = oc_property_args[i].cmdline;
|
||||
oc_argv[oc_argc++] = opt;
|
||||
}
|
||||
}
|
||||
|
||||
opt = nm_setting_vpn_get_data_item(s_vpn, NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID);
|
||||
if (opt && nm_streq(opt, "yes"))
|
||||
oc_argv[oc_argc++] = "--key-password-from-fsid";
|
||||
|
||||
opt = nm_setting_vpn_get_data_item(s_vpn, NM_OPENCONNECT_KEY_CSD_ENABLE);
|
||||
if (opt && nm_streq(opt, "yes")) {
|
||||
opt = nm_setting_vpn_get_data_item(s_vpn, NM_OPENCONNECT_KEY_CSD_WRAPPER);
|
||||
if (opt) {
|
||||
oc_argv[oc_argc++] = "--csd-wrapper";
|
||||
oc_argv[oc_argc++] = opt;
|
||||
}
|
||||
}
|
||||
|
||||
opt = nm_setting_vpn_get_data_item(s_vpn, NM_OPENCONNECT_KEY_TOKEN_MODE);
|
||||
if (opt) {
|
||||
const char *token_secret =
|
||||
nm_setting_vpn_get_data_item(s_vpn, NM_OPENCONNECT_KEY_TOKEN_SECRET);
|
||||
if (nm_streq(opt, "manual") && token_secret) {
|
||||
opt = "rsa";
|
||||
} else if (nm_streq(opt, "stokenrc")) {
|
||||
opt = "rsa";
|
||||
token_secret = NULL;
|
||||
} else if (!nm_streq(opt, "totp") && !nm_streq(opt, "hotp") && !nm_streq(opt, "yubioath")) {
|
||||
opt = NULL;
|
||||
}
|
||||
if (opt) {
|
||||
oc_argv[oc_argc++] = "--token-mode";
|
||||
oc_argv[oc_argc++] = opt;
|
||||
}
|
||||
if (token_secret) {
|
||||
oc_argv[oc_argc++] = "--token-secret";
|
||||
oc_argv[oc_argc++] = token_secret;
|
||||
}
|
||||
}
|
||||
|
||||
oc_argv[oc_argc++] = NULL;
|
||||
g_return_val_if_fail(oc_argc <= OC_ARGS_MAX, FALSE);
|
||||
|
||||
if (!g_spawn_sync(NULL,
|
||||
(char **) NM_MAKE_STRV(path, "--authenticate", host),
|
||||
(char **) oc_argv,
|
||||
NULL,
|
||||
G_SPAWN_SEARCH_PATH | G_SPAWN_CHILD_INHERITS_STDIN,
|
||||
NULL,
|
||||
NULL,
|
||||
&output,
|
||||
NULL,
|
||||
status,
|
||||
&status,
|
||||
error))
|
||||
return FALSE;
|
||||
|
||||
if (WIFEXITED(status) && WEXITSTATUS(status) != 0) {
|
||||
/* The caller will prepend "Error: openconnect failed: " to this */
|
||||
g_set_error(error,
|
||||
NM_VPN_PLUGIN_ERROR,
|
||||
NM_VPN_PLUGIN_ERROR_FAILED,
|
||||
_("exited with status %d"),
|
||||
WEXITSTATUS(status));
|
||||
return FALSE;
|
||||
} else if (WIFSIGNALED(status)) {
|
||||
g_set_error(error,
|
||||
NM_VPN_PLUGIN_ERROR,
|
||||
NM_VPN_PLUGIN_ERROR_FAILED,
|
||||
_("exited on signal %d"),
|
||||
WTERMSIG(status));
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/* Parse output and set cookie, gateway and gwcert
|
||||
* output example:
|
||||
* COOKIE='loremipsum'
|
||||
* HOST='1.2.3.4'
|
||||
* FINGERPRINT='sha1:32bac90cf09a722e10ecc1942c67fe2ac8c21e2e'
|
||||
*
|
||||
* Since OpenConnect v8.20 (2022-02-20) OpenConnect has also passed e.g.:
|
||||
*
|
||||
* CONNECT_URL='https://vpn.example.com:8443/ConnectPath'
|
||||
* RESOLVE=vpn.example.com:1.2.3.4
|
||||
*/
|
||||
output_v = nm_strsplit_set_with_empty(output, "\r\n");
|
||||
for (iter = output_v; iter && *iter; iter++) {
|
||||
char *s_mutable = (char *) *iter;
|
||||
|
||||
_extract_variable_value(s_mutable, "COOKIE=", cookie);
|
||||
_extract_variable_value(s_mutable, "HOST=", gateway);
|
||||
_extract_variable_value(s_mutable, "FINGERPRINT=", gwcert);
|
||||
_extract_variable_value(s_mutable, "COOKIE=", &cookie);
|
||||
_extract_variable_value(s_mutable, "CONNECT_URL=", &connect_url);
|
||||
_extract_variable_value(s_mutable, "HOST=", &legacy_host);
|
||||
_extract_variable_value(s_mutable, "FINGERPRINT=", &gwcert);
|
||||
_extract_variable_value(s_mutable, "RESOLVE=", &resolve);
|
||||
}
|
||||
|
||||
if (!cookie || !gwcert || (!legacy_host && !connect_url)) {
|
||||
g_set_error(error,
|
||||
NM_VPN_PLUGIN_ERROR,
|
||||
NM_VPN_PLUGIN_ERROR_FAILED,
|
||||
_("insufficent secrets returned"));
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
for (i = 0; i < secrets->len; i++) {
|
||||
NMSecretAgentSimpleSecret *secret = secrets->pdata[i];
|
||||
|
||||
if (secret->secret_type != NM_SECRET_AGENT_SECRET_TYPE_VPN_SECRET)
|
||||
continue;
|
||||
if (!nm_streq0(secret->vpn_type, NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT))
|
||||
continue;
|
||||
if (nm_streq0(secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "cookie")) {
|
||||
g_free(secret->value);
|
||||
secret->value = g_steal_pointer(&cookie);
|
||||
} else if (nm_streq0(secret->entry_id,
|
||||
NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gateway")) {
|
||||
g_free(secret->value);
|
||||
if (connect_url)
|
||||
secret->value = g_steal_pointer(&connect_url);
|
||||
else if (port)
|
||||
secret->value = g_strdup_printf("%s:%d", legacy_host, port);
|
||||
else
|
||||
secret->value = g_steal_pointer(&legacy_host);
|
||||
} else if (nm_streq0(secret->entry_id,
|
||||
NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gwcert")) {
|
||||
g_free(secret->value);
|
||||
secret->value = g_steal_pointer(&gwcert);
|
||||
} else if (nm_streq0(secret->entry_id,
|
||||
NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "resolve")) {
|
||||
g_free(secret->value);
|
||||
secret->value = g_steal_pointer(&resolve);
|
||||
}
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
|
|
|
@ -19,11 +19,7 @@ gboolean nm_vpn_supports_ipv6(NMConnection *connection);
|
|||
|
||||
const NmcVpnPasswordName *nm_vpn_get_secret_names(const char *service_type);
|
||||
|
||||
gboolean nm_vpn_openconnect_authenticate_helper(const char *host,
|
||||
char **cookie,
|
||||
char **gateway,
|
||||
char **gwcert,
|
||||
int *status,
|
||||
GError **error);
|
||||
gboolean
|
||||
nm_vpn_openconnect_authenticate_helper(NMSettingVpn *s_vpn, GPtrArray *secrets, GError **error);
|
||||
|
||||
#endif /* __NM_VPN_HELPERS_H__ */
|
||||
|
|
|
@ -635,12 +635,6 @@ vpn_openconnect_get_secrets(NMConnection *connection, GPtrArray *secrets)
|
|||
{
|
||||
GError *error = NULL;
|
||||
NMSettingVpn *s_vpn;
|
||||
const char *gw, *port;
|
||||
gs_free char *cookie = NULL;
|
||||
gs_free char *gateway = NULL;
|
||||
gs_free char *gwcert = NULL;
|
||||
int status = 0;
|
||||
int i;
|
||||
gboolean ret;
|
||||
|
||||
if (!connection)
|
||||
|
@ -653,54 +647,15 @@ vpn_openconnect_get_secrets(NMConnection *connection, GPtrArray *secrets)
|
|||
if (!nm_streq0(nm_setting_vpn_get_service_type(s_vpn), NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT))
|
||||
return FALSE;
|
||||
|
||||
/* Get gateway and port */
|
||||
gw = nm_setting_vpn_get_data_item(s_vpn, "gateway");
|
||||
port = gw ? strrchr(gw, ':') : NULL;
|
||||
|
||||
/* Interactively authenticate to OpenConnect server and get secrets */
|
||||
ret = nm_vpn_openconnect_authenticate_helper(gw, &cookie, &gateway, &gwcert, &status, &error);
|
||||
ret = nm_vpn_openconnect_authenticate_helper(s_vpn, secrets, &error);
|
||||
|
||||
if (!ret) {
|
||||
nmc_printerr(_("Error: openconnect failed: %s\n"), error->message);
|
||||
g_clear_error(&error);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (WIFEXITED(status)) {
|
||||
if (WEXITSTATUS(status) != 0)
|
||||
nmc_printerr(_("Error: openconnect failed with status %d\n"), WEXITSTATUS(status));
|
||||
} else if (WIFSIGNALED(status))
|
||||
nmc_printerr(_("Error: openconnect failed with signal %d\n"), WTERMSIG(status));
|
||||
|
||||
/* Append port to the host value */
|
||||
if (gateway && port) {
|
||||
gs_free char *tmp = gateway;
|
||||
|
||||
gateway = g_strdup_printf("%s%s", tmp, port);
|
||||
}
|
||||
|
||||
/* Fill secrets to the array */
|
||||
for (i = 0; i < secrets->len; i++) {
|
||||
NMSecretAgentSimpleSecret *secret = secrets->pdata[i];
|
||||
|
||||
if (secret->secret_type != NM_SECRET_AGENT_SECRET_TYPE_VPN_SECRET)
|
||||
continue;
|
||||
if (!nm_streq0(secret->vpn_type, NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT))
|
||||
continue;
|
||||
|
||||
if (nm_streq0(secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "cookie")) {
|
||||
g_free(secret->value);
|
||||
secret->value = g_steal_pointer(&cookie);
|
||||
} else if (nm_streq0(secret->entry_id,
|
||||
NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gateway")) {
|
||||
g_free(secret->value);
|
||||
secret->value = g_steal_pointer(&gateway);
|
||||
} else if (nm_streq0(secret->entry_id,
|
||||
NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gwcert")) {
|
||||
g_free(secret->value);
|
||||
secret->value = g_steal_pointer(&gwcert);
|
||||
}
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
|
|
@ -26,58 +26,6 @@
|
|||
#include "libnmc-base/nm-client-utils.h"
|
||||
#include "nmt-utils.h"
|
||||
|
||||
/**
|
||||
* Runs openconnect to authenticate. The current screen state is saved
|
||||
* before starting the command and restored after it returns.
|
||||
*/
|
||||
static gboolean
|
||||
openconnect_authenticate(NMConnection *connection, char **cookie, char **gateway, char **gwcert)
|
||||
{
|
||||
GError *error = NULL;
|
||||
NMSettingVpn *s_vpn;
|
||||
gboolean ret;
|
||||
int status = 0;
|
||||
const char *gw, *port;
|
||||
|
||||
nmt_newt_message_dialog(
|
||||
_("openconnect will be run to authenticate.\nIt will return to nmtui when completed."));
|
||||
|
||||
/* Get port */
|
||||
s_vpn = nm_connection_get_setting_vpn(connection);
|
||||
gw = nm_setting_vpn_get_data_item(s_vpn, "gateway");
|
||||
port = gw ? strrchr(gw, ':') : NULL;
|
||||
|
||||
newtSuspend();
|
||||
|
||||
ret = nm_vpn_openconnect_authenticate_helper(gw, cookie, gateway, gwcert, &status, &error);
|
||||
|
||||
newtResume();
|
||||
|
||||
if (!ret) {
|
||||
nmt_newt_message_dialog(_("Error: openconnect failed: %s"), error->message);
|
||||
g_clear_error(&error);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (WIFEXITED(status)) {
|
||||
if (WEXITSTATUS(status) != 0) {
|
||||
nmt_newt_message_dialog(_("openconnect failed with status %d"), WEXITSTATUS(status));
|
||||
return FALSE;
|
||||
}
|
||||
} else if (WIFSIGNALED(status)) {
|
||||
nmt_newt_message_dialog(_("openconnect failed with signal %d"), WTERMSIG(status));
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (gateway && *gateway && port) {
|
||||
char *tmp = *gateway;
|
||||
*gateway = g_strdup_printf("%s%s", *gateway, port);
|
||||
g_free(tmp);
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
static void
|
||||
secrets_requested(NMSecretAgentSimple *agent,
|
||||
const char *request_id,
|
||||
|
@ -88,7 +36,7 @@ secrets_requested(NMSecretAgentSimple *agent,
|
|||
{
|
||||
NmtNewtForm *form;
|
||||
NMConnection *connection = NM_CONNECTION(user_data);
|
||||
int i;
|
||||
gboolean success = FALSE;
|
||||
|
||||
/* Get secrets for OpenConnect VPN */
|
||||
if (connection && nm_connection_is_type(connection, NM_SETTING_VPN_SETTING_NAME)) {
|
||||
|
@ -96,45 +44,37 @@ secrets_requested(NMSecretAgentSimple *agent,
|
|||
|
||||
if (nm_streq0(nm_setting_vpn_get_service_type(s_vpn),
|
||||
NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT)) {
|
||||
gs_free char *cookie = NULL;
|
||||
gs_free char *gateway = NULL;
|
||||
gs_free char *gwcert = NULL;
|
||||
GError *error = NULL;
|
||||
|
||||
openconnect_authenticate(connection, &cookie, &gateway, &gwcert);
|
||||
nmt_newt_message_dialog(_("openconnect will be run to authenticate.\nIt will return to "
|
||||
"nmtui when completed."));
|
||||
|
||||
for (i = 0; i < secrets->len; i++) {
|
||||
NMSecretAgentSimpleSecret *secret = secrets->pdata[i];
|
||||
newtSuspend();
|
||||
|
||||
if (secret->secret_type != NM_SECRET_AGENT_SECRET_TYPE_VPN_SECRET)
|
||||
continue;
|
||||
if (!nm_streq0(secret->vpn_type, NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT))
|
||||
continue;
|
||||
if (nm_streq0(secret->entry_id,
|
||||
NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "cookie")) {
|
||||
g_free(secret->value);
|
||||
secret->value = g_steal_pointer(&cookie);
|
||||
} else if (nm_streq0(secret->entry_id,
|
||||
NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gateway")) {
|
||||
g_free(secret->value);
|
||||
secret->value = g_steal_pointer(&gateway);
|
||||
} else if (nm_streq0(secret->entry_id,
|
||||
NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gwcert")) {
|
||||
g_free(secret->value);
|
||||
secret->value = g_steal_pointer(&gwcert);
|
||||
}
|
||||
success = nm_vpn_openconnect_authenticate_helper(s_vpn, secrets, &error);
|
||||
|
||||
newtResume();
|
||||
|
||||
if (!success) {
|
||||
nmt_newt_message_dialog(_("Error: openconnect failed: %s"), error->message);
|
||||
g_clear_error(&error);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
form = nmt_password_dialog_new(request_id, title, msg, secrets);
|
||||
nmt_newt_form_run_sync(form);
|
||||
if (!success) {
|
||||
form = nmt_password_dialog_new(request_id, title, msg, secrets);
|
||||
nmt_newt_form_run_sync(form);
|
||||
|
||||
if (nmt_password_dialog_succeeded(NMT_PASSWORD_DIALOG(form)))
|
||||
success = nmt_password_dialog_succeeded(NMT_PASSWORD_DIALOG(form));
|
||||
|
||||
g_object_unref(form);
|
||||
}
|
||||
|
||||
if (success)
|
||||
nm_secret_agent_simple_response(agent, request_id, secrets);
|
||||
else
|
||||
nm_secret_agent_simple_response(agent, request_id, NULL);
|
||||
|
||||
g_object_unref(form);
|
||||
}
|
||||
|
||||
typedef struct {
|
||||
|
|
Loading…
Reference in a new issue