Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Allow GUI to distinguish between PIN/passphrase callbacks
The UI may cache user input by form->auth_id, opt->name. But those were
always the same (and auth_id was even NULL for OpenSSL UI callbacks from
the TPM engine), so it wasn't very helpful. Fix it.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Jun 13, 2012
1 parent b60b88a commit 4af8c6c
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 12 deletions.
12 changes: 7 additions & 5 deletions gnutls.c
Expand Up @@ -329,7 +329,7 @@ static int load_pkcs12_certificate(struct openconnect_info *vpninfo,
_("Failed to decrypt PKCS#12 certificate file\n"));
free(pass);
vpninfo->cert_password = NULL;
err = request_passphrase(vpninfo, &pass,
err = request_passphrase(vpninfo, "openconnect_pkcs12", &pass,
_("Enter PKCS#12 pass phrase:"));
if (err) {
gnutls_pkcs12_deinit(p12);
Expand Down Expand Up @@ -586,7 +586,8 @@ static int load_tpm_key(struct openconnect_info *vpninfo, gnutls_datum_t *fdata,
if (err != TPM_E_AUTHFAIL)
goto out_srkpol;

err = request_passphrase(vpninfo, &pass, _("Enter TPM SRK PIN:"));
err = request_passphrase(vpninfo, "openconnect_tpm_srk",
&pass, _("Enter TPM SRK PIN:"));
if (err)
goto out_srkpol;
}
Expand Down Expand Up @@ -620,7 +621,8 @@ static int load_tpm_key(struct openconnect_info *vpninfo, gnutls_datum_t *fdata,
goto out_key_policy;
}
}
err = request_passphrase(vpninfo, &pass, _("Enter TPM key PIN:"));
err = request_passphrase(vpninfo, "openconnect_tpm_key",
&pass, _("Enter TPM key PIN:"));
if (err)
goto out_key_policy;

Expand Down Expand Up @@ -965,8 +967,8 @@ static int load_certificate(struct openconnect_info *vpninfo)
_("Failed to decrypt PKCS#8 certificate file\n"));
free(pass);
}
err = request_passphrase(vpninfo, &pass,
_("Enter PEM pass phrase:"));
err = request_passphrase(vpninfo, "openconnect_pem",
&pass, _("Enter PEM pass phrase:"));
if (err) {
ret = -EINVAL;
goto out;
Expand Down
2 changes: 1 addition & 1 deletion openconnect-internal.h
Expand Up @@ -333,7 +333,7 @@ int cstp_reconnect(struct openconnect_info *vpninfo);

/* ssl.c */
int connect_https_socket(struct openconnect_info *vpninfo);
int request_passphrase(struct openconnect_info *vpninfo,
int request_passphrase(struct openconnect_info *vpninfo, const char *label,
char **response, const char *fmt, ...);
int __attribute__ ((format (printf, 2, 3)))
openconnect_SSL_printf(struct openconnect_info *vpninfo, const char *fmt, ...);
Expand Down
7 changes: 4 additions & 3 deletions openssl.c
Expand Up @@ -257,6 +257,7 @@ static int ui_open(UI *ui)
memset(ui_data, 0, sizeof(*ui_data));
ui_data->last_opt = &ui_data->form.opts;
ui_data->vpninfo = vpninfo;
ui_data->form.auth_id = (char *)"openssl_ui";
UI_add_user_data(ui, ui_data);

return 1;
Expand Down Expand Up @@ -389,8 +390,8 @@ static int pem_pw_cb(char *buf, int len, int w, void *v)
if (vpninfo->cert_password) {
pass = vpninfo->cert_password;
vpninfo->cert_password = NULL;
} else if (request_passphrase(vpninfo, &pass,
_("Enter PEM pass phrase:")))
} else if (request_passphrase(vpninfo, "openconnect_pem",
&pass, _("Enter PEM pass phrase:")))
return -1;

plen = strlen(pass);
Expand Down Expand Up @@ -424,7 +425,7 @@ static int load_pkcs12_certificate(struct openconnect_info *vpninfo, PKCS12 *p12
when PKCS12_parse() returns an error, but *ca is left pointing
to the freed memory. */
ca = NULL;
if (!pass && request_passphrase(vpninfo, &pass,
if (!pass && request_passphrase(vpninfo, "openconnect_pkcs12", &pass,
_("Enter PKCS#12 pass phrase:")) < 0) {
PKCS12_free(p12);
return -EINVAL;
Expand Down
6 changes: 3 additions & 3 deletions ssl.c
Expand Up @@ -282,7 +282,7 @@ int __attribute__ ((format (printf, 2, 3)))

}

int request_passphrase(struct openconnect_info *vpninfo,
int request_passphrase(struct openconnect_info *vpninfo, const char *label,
char **response, const char *fmt, ...)
{
struct oc_auth_form f;
Expand All @@ -300,12 +300,12 @@ int request_passphrase(struct openconnect_info *vpninfo,
vsnprintf(buf, 1023, fmt, args);
va_end(args);

f.auth_id = (char *)"ssl_certificate";
f.auth_id = (char *)label;
f.opts = &o;

o.next = NULL;
o.type = OC_FORM_OPT_PASSWORD;
o.name = (char *)"passphrase";
o.name = (char *)label;
o.label = buf;
o.value = NULL;

Expand Down

0 comments on commit 4af8c6c

Please sign in to comment.