Commit 3a22e11d authored by David Woodhouse's avatar David Woodhouse

Move nuke_opt_values() and process_auth_form() to library.c

Again probably not the perfect place for them but they aren't CSTP-specific.
Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent 7d86a788
......@@ -699,81 +699,6 @@ int parse_xml_response(struct openconnect_info *vpninfo, char *response, struct
return ret;
}
void nuke_opt_values(struct oc_form_opt *opt)
{
for (; opt; opt = opt->next) {
if (opt->type == OC_FORM_OPT_TEXT ||
opt->type == OC_FORM_OPT_PASSWORD) {
free(opt->_value);
opt->_value = NULL;
}
}
}
int process_auth_form(struct openconnect_info *vpninfo, struct oc_auth_form *form)
{
int ret;
struct oc_form_opt_select *grp = form->authgroup_opt;
struct oc_choice *auth_choice;
struct oc_form_opt *opt;
if (!vpninfo->process_auth_form) {
vpn_progress(vpninfo, PRG_ERR, _("No form handler; cannot authenticate.\n"));
return OC_FORM_RESULT_ERR;
}
retry:
auth_choice = NULL;
if (grp && grp->nr_choices && !vpninfo->xmlpost) {
if (vpninfo->authgroup) {
/* For non-XML-POST, the server doesn't tell us which group is selected */
int i;
for (i = 0; i < grp->nr_choices; i++)
if (!strcmp(grp->choices[i]->name, vpninfo->authgroup))
form->authgroup_selection = i;
}
auth_choice = grp->choices[form->authgroup_selection];
}
for (opt = form->opts; opt; opt = opt->next) {
int second_auth = opt->flags & OC_FORM_OPT_SECOND_AUTH;
opt->flags &= ~OC_FORM_OPT_IGNORE;
if (!auth_choice ||
(opt->type != OC_FORM_OPT_TEXT && opt->type != OC_FORM_OPT_PASSWORD))
continue;
if (auth_choice->noaaa ||
(!auth_choice->second_auth && second_auth))
opt->flags |= OC_FORM_OPT_IGNORE;
else if (!strcmp(opt->name, "secondary_username") && second_auth) {
if (auth_choice->secondary_username) {
free(opt->_value);
opt->_value = strdup(auth_choice->secondary_username);
}
if (!auth_choice->secondary_username_editable)
opt->flags |= OC_FORM_OPT_IGNORE;
}
}
ret = vpninfo->process_auth_form(vpninfo->cbdata, form);
if (ret == OC_FORM_RESULT_NEWGROUP &&
form->authgroup_opt &&
form->authgroup_opt->form._value) {
free(vpninfo->authgroup);
vpninfo->authgroup = strdup(form->authgroup_opt->form._value);
if (!vpninfo->xmlpost)
goto retry;
}
if (ret == OC_FORM_RESULT_CANCELLED || ret < 0)
nuke_opt_values(form->opts);
return ret;
}
/* Return value:
* < 0, on error
* = OC_FORM_RESULT_OK (0), when form parsed and POST required
......
......@@ -861,6 +861,7 @@ const char *openconnect_get_peer_cert_hash(struct openconnect_info *vpninfo)
{
return vpninfo->peer_cert_hash;
}
int openconnect_set_compression_mode(struct openconnect_info *vpninfo,
oc_compression_mode_t mode)
{
......@@ -878,3 +879,79 @@ int openconnect_set_compression_mode(struct openconnect_info *vpninfo,
return -EINVAL;
}
}
void nuke_opt_values(struct oc_form_opt *opt)
{
for (; opt; opt = opt->next) {
if (opt->type == OC_FORM_OPT_TEXT ||
opt->type == OC_FORM_OPT_PASSWORD) {
free(opt->_value);
opt->_value = NULL;
}
}
}
int process_auth_form(struct openconnect_info *vpninfo, struct oc_auth_form *form)
{
int ret;
struct oc_form_opt_select *grp = form->authgroup_opt;
struct oc_choice *auth_choice;
struct oc_form_opt *opt;
if (!vpninfo->process_auth_form) {
vpn_progress(vpninfo, PRG_ERR, _("No form handler; cannot authenticate.\n"));
return OC_FORM_RESULT_ERR;
}
retry:
auth_choice = NULL;
if (grp && grp->nr_choices && !vpninfo->xmlpost) {
if (vpninfo->authgroup) {
/* For non-XML-POST, the server doesn't tell us which group is selected */
int i;
for (i = 0; i < grp->nr_choices; i++)
if (!strcmp(grp->choices[i]->name, vpninfo->authgroup))
form->authgroup_selection = i;
}
auth_choice = grp->choices[form->authgroup_selection];
}
for (opt = form->opts; opt; opt = opt->next) {
int second_auth = opt->flags & OC_FORM_OPT_SECOND_AUTH;
opt->flags &= ~OC_FORM_OPT_IGNORE;
if (!auth_choice ||
(opt->type != OC_FORM_OPT_TEXT && opt->type != OC_FORM_OPT_PASSWORD))
continue;
if (auth_choice->noaaa ||
(!auth_choice->second_auth && second_auth))
opt->flags |= OC_FORM_OPT_IGNORE;
else if (!strcmp(opt->name, "secondary_username") && second_auth) {
if (auth_choice->secondary_username) {
free(opt->_value);
opt->_value = strdup(auth_choice->secondary_username);
}
if (!auth_choice->secondary_username_editable)
opt->flags |= OC_FORM_OPT_IGNORE;
}
}
ret = vpninfo->process_auth_form(vpninfo->cbdata, form);
if (ret == OC_FORM_RESULT_NEWGROUP &&
form->authgroup_opt &&
form->authgroup_opt->form._value) {
free(vpninfo->authgroup);
vpninfo->authgroup = strdup(form->authgroup_opt->form._value);
if (!vpninfo->xmlpost)
goto retry;
}
if (ret == OC_FORM_RESULT_CANCELLED || ret < 0)
nuke_opt_values(form->opts);
return ret;
}
......@@ -781,11 +781,8 @@ int do_gen_yubikey_code(struct openconnect_info *vpninfo,
struct oc_form_opt *opt);
/* auth.c */
void nuke_opt_values(struct oc_form_opt *opt);
int parse_xml_response(struct openconnect_info *vpninfo, char *response,
struct oc_auth_form **form, int *cert_rq);
int process_auth_form(struct openconnect_info *vpninfo,
struct oc_auth_form *form);
int handle_auth_form(struct openconnect_info *vpninfo,
struct oc_auth_form *form,
struct oc_text_buf *request_body, const char **method,
......@@ -837,6 +834,10 @@ int socks_gssapi_auth(struct openconnect_info *vpninfo);
/* digest.c */
int digest_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *buf);
/* library.c */
void nuke_opt_values(struct oc_form_opt *opt);
int process_auth_form(struct openconnect_info *vpninfo, struct oc_auth_form *form);
/* version.c */
extern const char *openconnect_version_str;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment