Commit 4af8c6cc authored by David Woodhouse's avatar David Woodhouse

Allow GUI to distinguish between PIN/passphrase callbacks

The UI may cache user input by form->auth_id, opt->name. But those were
always the same (and auth_id was even NULL for OpenSSL UI callbacks from
the TPM engine), so it wasn't very helpful. Fix it.
Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent b60b88ad
......@@ -329,7 +329,7 @@ static int load_pkcs12_certificate(struct openconnect_info *vpninfo,
_("Failed to decrypt PKCS#12 certificate file\n"));
free(pass);
vpninfo->cert_password = NULL;
err = request_passphrase(vpninfo, &pass,
err = request_passphrase(vpninfo, "openconnect_pkcs12", &pass,
_("Enter PKCS#12 pass phrase:"));
if (err) {
gnutls_pkcs12_deinit(p12);
......@@ -586,7 +586,8 @@ static int load_tpm_key(struct openconnect_info *vpninfo, gnutls_datum_t *fdata,
if (err != TPM_E_AUTHFAIL)
goto out_srkpol;
err = request_passphrase(vpninfo, &pass, _("Enter TPM SRK PIN:"));
err = request_passphrase(vpninfo, "openconnect_tpm_srk",
&pass, _("Enter TPM SRK PIN:"));
if (err)
goto out_srkpol;
}
......@@ -620,7 +621,8 @@ static int load_tpm_key(struct openconnect_info *vpninfo, gnutls_datum_t *fdata,
goto out_key_policy;
}
}
err = request_passphrase(vpninfo, &pass, _("Enter TPM key PIN:"));
err = request_passphrase(vpninfo, "openconnect_tpm_key",
&pass, _("Enter TPM key PIN:"));
if (err)
goto out_key_policy;
......@@ -965,8 +967,8 @@ static int load_certificate(struct openconnect_info *vpninfo)
_("Failed to decrypt PKCS#8 certificate file\n"));
free(pass);
}
err = request_passphrase(vpninfo, &pass,
_("Enter PEM pass phrase:"));
err = request_passphrase(vpninfo, "openconnect_pem",
&pass, _("Enter PEM pass phrase:"));
if (err) {
ret = -EINVAL;
goto out;
......
......@@ -333,7 +333,7 @@ int cstp_reconnect(struct openconnect_info *vpninfo);
/* ssl.c */
int connect_https_socket(struct openconnect_info *vpninfo);
int request_passphrase(struct openconnect_info *vpninfo,
int request_passphrase(struct openconnect_info *vpninfo, const char *label,
char **response, const char *fmt, ...);
int __attribute__ ((format (printf, 2, 3)))
openconnect_SSL_printf(struct openconnect_info *vpninfo, const char *fmt, ...);
......
......@@ -257,6 +257,7 @@ static int ui_open(UI *ui)
memset(ui_data, 0, sizeof(*ui_data));
ui_data->last_opt = &ui_data->form.opts;
ui_data->vpninfo = vpninfo;
ui_data->form.auth_id = (char *)"openssl_ui";
UI_add_user_data(ui, ui_data);
return 1;
......@@ -389,8 +390,8 @@ static int pem_pw_cb(char *buf, int len, int w, void *v)
if (vpninfo->cert_password) {
pass = vpninfo->cert_password;
vpninfo->cert_password = NULL;
} else if (request_passphrase(vpninfo, &pass,
_("Enter PEM pass phrase:")))
} else if (request_passphrase(vpninfo, "openconnect_pem",
&pass, _("Enter PEM pass phrase:")))
return -1;
plen = strlen(pass);
......@@ -424,7 +425,7 @@ static int load_pkcs12_certificate(struct openconnect_info *vpninfo, PKCS12 *p12
when PKCS12_parse() returns an error, but *ca is left pointing
to the freed memory. */
ca = NULL;
if (!pass && request_passphrase(vpninfo, &pass,
if (!pass && request_passphrase(vpninfo, "openconnect_pkcs12", &pass,
_("Enter PKCS#12 pass phrase:")) < 0) {
PKCS12_free(p12);
return -EINVAL;
......
......@@ -282,7 +282,7 @@ int __attribute__ ((format (printf, 2, 3)))
}
int request_passphrase(struct openconnect_info *vpninfo,
int request_passphrase(struct openconnect_info *vpninfo, const char *label,
char **response, const char *fmt, ...)
{
struct oc_auth_form f;
......@@ -300,12 +300,12 @@ int request_passphrase(struct openconnect_info *vpninfo,
vsnprintf(buf, 1023, fmt, args);
va_end(args);
f.auth_id = (char *)"ssl_certificate";
f.auth_id = (char *)label;
f.opts = &o;
o.next = NULL;
o.type = OC_FORM_OPT_PASSWORD;
o.name = (char *)"passphrase";
o.name = (char *)label;
o.label = buf;
o.value = NULL;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment