Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
auth: Rearrange stoken support code
Put everything under one giant #ifdef to make it easier to add helper
functions later.  No change to the program logic.

Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
  • Loading branch information
cernekee committed Aug 2, 2014
1 parent ec2eb27 commit a10d4d9
Showing 1 changed file with 45 additions and 32 deletions.
77 changes: 45 additions & 32 deletions auth.c
Expand Up @@ -1024,6 +1024,8 @@ static int xmlpost_append_form_opts(struct openconnect_info *vpninfo,
return -ENOMEM;
}

#ifdef HAVE_LIBSTOKEN

/*
* If the user clicks OK without entering any data, we will continue
* connecting but bypass soft token generation for the duration of
Expand All @@ -1038,7 +1040,6 @@ static int xmlpost_append_form_opts(struct openconnect_info *vpninfo,
*/
int prepare_stoken(struct openconnect_info *vpninfo)
{
#ifdef HAVE_LIBSTOKEN
struct oc_auth_form form;
struct oc_form_opt opts[3], *opt = opts;
char **devid = NULL, **pass = NULL, **pin = NULL;
Expand Down Expand Up @@ -1146,9 +1147,6 @@ int prepare_stoken(struct openconnect_info *vpninfo)

nuke_opt_values(opts);
return ret;
#else
return -EOPNOTSUPP;
#endif
}

/* Return value:
Expand All @@ -1159,7 +1157,6 @@ static int can_gen_stoken_code(struct openconnect_info *vpninfo,
struct oc_auth_form *form,
struct oc_form_opt *opt)
{
#ifdef HAVE_LIBSTOKEN
if ((strcmp(opt->name, "password") && strcmp(opt->name, "answer")) ||
vpninfo->token_bypassed)
return -EINVAL;
Expand All @@ -1179,11 +1176,53 @@ static int can_gen_stoken_code(struct openconnect_info *vpninfo,
return -ENOENT;
}
return 0;
}

static int do_gen_stoken_code(struct openconnect_info *vpninfo,
struct oc_auth_form *form,
struct oc_form_opt *opt)
{
char tokencode[STOKEN_MAX_TOKENCODE + 1];

if (!vpninfo->token_time)
vpninfo->token_time = time(NULL);
vpn_progress(vpninfo, PRG_INFO, _("Generating RSA token code\n"));

/* This doesn't normally fail */
if (stoken_compute_tokencode(vpninfo->stoken_ctx, vpninfo->token_time,
vpninfo->stoken_pin, tokencode) < 0) {
vpn_progress(vpninfo, PRG_ERR, _("General failure in libstoken.\n"));
return -EIO;
}

vpninfo->token_tries++;
opt->value = strdup(tokencode);
return opt->value ? 0 : -ENOMEM;
}

#else

int prepare_stoken(struct openconnect_info *vpninfo)
{
return -EOPNOTSUPP;
#endif
}

static int can_gen_stoken_code(struct openconnect_info *vpninfo,
struct oc_auth_form *form,
struct oc_form_opt *opt)
{
return -EOPNOTSUPP;
}

static int do_gen_stoken_code(struct openconnect_info *vpninfo,
struct oc_auth_form *form,
struct oc_form_opt *opt)
{
return 0;
}

#endif

/* Return value:
* < 0, if unable to generate a tokencode
* = 0, on success
Expand Down Expand Up @@ -1270,32 +1309,6 @@ static int can_gen_tokencode(struct openconnect_info *vpninfo,
}
}

static int do_gen_stoken_code(struct openconnect_info *vpninfo,
struct oc_auth_form *form,
struct oc_form_opt *opt)
{
#ifdef HAVE_LIBSTOKEN
char tokencode[STOKEN_MAX_TOKENCODE + 1];

if (!vpninfo->token_time)
vpninfo->token_time = time(NULL);
vpn_progress(vpninfo, PRG_INFO, _("Generating RSA token code\n"));

/* This doesn't normally fail */
if (stoken_compute_tokencode(vpninfo->stoken_ctx, vpninfo->token_time,
vpninfo->stoken_pin, tokencode) < 0) {
vpn_progress(vpninfo, PRG_ERR, _("General failure in libstoken.\n"));
return -EIO;
}

vpninfo->token_tries++;
opt->value = strdup(tokencode);
return opt->value ? 0 : -ENOMEM;
#else
return 0;
#endif
}

static int do_gen_totp_code(struct openconnect_info *vpninfo,
struct oc_auth_form *form,
struct oc_form_opt *opt)
Expand Down

0 comments on commit a10d4d9

Please sign in to comment.