Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Allow custom stoken rcfile to be specfied
Fixes: #71

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
  • Loading branch information
dwmw2 committed Dec 29, 2019
1 parent 848ceff commit 3382337
Show file tree
Hide file tree
Showing 4 changed files with 39 additions and 4 deletions.
5 changes: 4 additions & 1 deletion main.c
Expand Up @@ -2204,7 +2204,10 @@ static void init_token(struct openconnect_info *vpninfo,
fprintf(stderr, _("Soft token string is invalid\n"));
exit(1);
case -ENOENT:
fprintf(stderr, _("Can't open ~/.stokenrc file\n"));
if (token_str)
fprintf(stderr, _("Can't open stoken file\n"));
else
fprintf(stderr, _("Can't open ~/.stokenrc file\n"));
exit(1);
case -EOPNOTSUPP:
fprintf(stderr, _("OpenConnect was not built with libstoken support\n"));
Expand Down
31 changes: 28 additions & 3 deletions stoken.c
Expand Up @@ -34,16 +34,41 @@
int set_libstoken_mode(struct openconnect_info *vpninfo, const char *token_str)
{
int ret;
char *file_token = NULL;

if (!vpninfo->stoken_ctx) {
vpninfo->stoken_ctx = stoken_new();
if (!vpninfo->stoken_ctx)
return -EIO;
}

ret = token_str ?
stoken_import_string(vpninfo->stoken_ctx, token_str) :
stoken_import_rcfile(vpninfo->stoken_ctx, NULL);
if (token_str) {
switch(token_str[0]) {
case '@':
token_str++;
/* fall through */
case '/':
ret = openconnect_read_file(vpninfo, token_str, &file_token);
if (ret < 0)
return ret;
}
}

/* Ug. If it's an XML STDID file or a raw token string, we need to
* pass its contents to stoken_import_string(). If it's an rcfile,
* we need to pass the *filename* to stoken_import_rcfile(). So
* let's just depend on stoken_import_string() failing gracefully. */
if (file_token) {
ret = stoken_import_string(vpninfo->stoken_ctx, file_token);
free(file_token);
if (ret == -EINVAL)
ret = stoken_import_rcfile(vpninfo->stoken_ctx, token_str);
} else if (token_str) {
ret = stoken_import_string(vpninfo->stoken_ctx, token_str);
} else {
ret = stoken_import_rcfile(vpninfo->stoken_ctx, NULL);
}

if (ret)
return ret;

Expand Down
1 change: 1 addition & 0 deletions www/changelog.xml
Expand Up @@ -16,6 +16,7 @@
<li><b>OpenConnect HEAD</b>
<ul>
<li>Fix Windows build with MSYS2 (<a href="https://gitlab.com/openconnect/openconnect/issues/74">#74</a>).</li>
<li>Allow custom stoken rcfile to be specified (<a href="https://gitlab.com/openconnect/openconnect/issues/71">#71</a>).</li>
</ul><br/>
</li>
<li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.05.tar.gz">OpenConnect v8.05</a></b>
Expand Down
6 changes: 6 additions & 0 deletions www/token.xml
Expand Up @@ -70,6 +70,12 @@ it may take one of the many forms accepted by the <tt>stoken import</tt> command
RSA sdtid-formatted XML files. These should be generally be imported from a
file: '<tt>--token-secret @<i>FILE.SDTID</i></tt>'</li>
</ul>
<p>Additionally, a filename <i>(prefixed by the <tt>@</tt> or <tt>/</tt> characters)</i>
may refer to a stoken rcfile. The default behaviour if no <tt>--token-secret</tt> file
is provided is therefore equivalent to:</p>
<ul>
<li><b>@<i>${HOME}</i>/.stokenrc</b></li>
</ul>

<p>SecurID two-factor authentication is based on something you have (a
hardware or software token) and something you know (a 4-8 digit PIN code).
Expand Down

0 comments on commit 3382337

Please sign in to comment.