static void get_existing_passwords (GHashTable *vpn_data, GHashTable *existing_secrets, const char *vpn_uuid, gboolean need_password, gboolean need_user_certpass, gboolean need_machine_certpass, char **out_password, char **out_user_certpass, char **out_machine_certpass) { NMSettingSecretFlags pw_flags = NM_SETTING_SECRET_FLAG_NONE; NMSettingSecretFlags user_cp_flags = NM_SETTING_SECRET_FLAG_NONE; NMSettingSecretFlags machine_cp_flags = NM_SETTING_SECRET_FLAG_NONE; g_return_if_fail (out_password != NULL); g_return_if_fail (out_user_certpass != NULL); g_return_if_fail (out_machine_certpass != NULL); nm_vpn_service_plugin_get_secret_flags (vpn_data, NM_L2TP_KEY_PASSWORD, &pw_flags); if (need_password) { if (!(pw_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED)) { *out_password = g_strdup (g_hash_table_lookup (existing_secrets, NM_L2TP_KEY_PASSWORD)); if (!*out_password) *out_password = keyring_lookup_secret (vpn_uuid, NM_L2TP_KEY_PASSWORD); } } nm_vpn_service_plugin_get_secret_flags (vpn_data, NM_L2TP_KEY_USER_CERTPASS, &user_cp_flags); if (need_user_certpass) { if (!(user_cp_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED)) { *out_user_certpass = g_strdup (g_hash_table_lookup (existing_secrets, NM_L2TP_KEY_USER_CERTPASS)); if (!*out_user_certpass) *out_user_certpass = keyring_lookup_secret (vpn_uuid, NM_L2TP_KEY_USER_CERTPASS); } } nm_vpn_service_plugin_get_secret_flags (vpn_data, NM_L2TP_KEY_MACHINE_CERTPASS, &machine_cp_flags); if (need_machine_certpass) { if (!(machine_cp_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED)) { *out_machine_certpass = g_strdup (g_hash_table_lookup (existing_secrets, NM_L2TP_KEY_MACHINE_CERTPASS)); if (!*out_machine_certpass) *out_machine_certpass = keyring_lookup_secret (vpn_uuid, NM_L2TP_KEY_MACHINE_CERTPASS); } } }
static NMSettingSecretFlags get_pw_flags (GHashTable *hash, const char *secret_name, const char *mode_name) { const char *val; NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE; /* Try new flags value first */ if (nm_vpn_service_plugin_get_secret_flags (hash, secret_name, &flags)) return flags; /* Otherwise try old "password type" value */ val = g_hash_table_lookup (hash, mode_name); if (val) { if (g_strcmp0 (val, NM_LIBRESWAN_PW_TYPE_ASK) == 0) return NM_SETTING_SECRET_FLAG_NOT_SAVED; else if (g_strcmp0 (val, NM_LIBRESWAN_PW_TYPE_UNUSED) == 0) return NM_SETTING_SECRET_FLAG_NOT_REQUIRED; /* NM_LIBRESWAN_PW_TYPE_SAVE means FLAG_NONE */ } return NM_SETTING_SECRET_FLAG_NONE; }
static char * get_passwords_required (GHashTable *data, gboolean *out_need_password, gboolean *out_need_user_certpass, gboolean *out_need_machine_certpass) { const char *authtype, *val; NMSettingSecretFlags flags; *out_need_password = FALSE; *out_need_user_certpass = FALSE; *out_need_machine_certpass = FALSE; authtype = g_hash_table_lookup (data, NM_L2TP_KEY_USER_AUTH_TYPE); if (nm_streq0 (authtype, NM_L2TP_AUTHTYPE_TLS)) { /* Encrypted PKCS#12 certificate or private key password */ val = g_hash_table_lookup (data, NM_L2TP_KEY_USER_KEY); if (val) crypto_file_format (val, out_need_user_certpass, NULL); } else { /* NM_L2TP_AUTHTYPE_PASSWORD */ flags = NM_SETTING_SECRET_FLAG_NONE; nm_vpn_service_plugin_get_secret_flags (data, NM_L2TP_KEY_PASSWORD, &flags); if (!(flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED)) *out_need_password = TRUE; } authtype = g_hash_table_lookup (data, NM_L2TP_KEY_MACHINE_AUTH_TYPE); if (nm_streq0 (authtype, NM_L2TP_AUTHTYPE_TLS)) { /* Encrypted PKCS#12 certificate or private key password */ val = g_hash_table_lookup (data, NM_L2TP_KEY_MACHINE_KEY); if (val) crypto_file_format (val, out_need_machine_certpass, NULL); } return NULL; }
int main (int argc, char *argv[]) { gboolean retry = FALSE, allow_interaction = FALSE, external_ui_mode = FALSE; char *vpn_name = NULL, *vpn_uuid = NULL, *vpn_service = NULL, *password = NULL; GHashTable *data = NULL, *secrets = NULL; NMSettingSecretFlags pw_flags = NM_SETTING_SECRET_FLAG_NONE; GOptionContext *context; GOptionEntry entries[] = { { "reprompt", 'r', 0, G_OPTION_ARG_NONE, &retry, "Reprompt for passwords", NULL}, { "uuid", 'u', 0, G_OPTION_ARG_STRING, &vpn_uuid, "UUID of VPN connection", NULL}, { "name", 'n', 0, G_OPTION_ARG_STRING, &vpn_name, "Name of VPN connection", NULL}, { "service", 's', 0, G_OPTION_ARG_STRING, &vpn_service, "VPN service type", NULL}, { "allow-interaction", 'i', 0, G_OPTION_ARG_NONE, &allow_interaction, "Allow user interaction", NULL}, { "external-ui-mode", 0, 0, G_OPTION_ARG_NONE, &external_ui_mode, "External UI mode", NULL}, { NULL } }; bindtextdomain (GETTEXT_PACKAGE, NULL); bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8"); textdomain (GETTEXT_PACKAGE); gtk_init (&argc, &argv); context = g_option_context_new ("- fortisslvpn auth dialog"); g_option_context_add_main_entries (context, entries, GETTEXT_PACKAGE); g_option_context_parse (context, &argc, &argv, NULL); g_option_context_free (context); if (!vpn_uuid || !vpn_service || !vpn_name) { fprintf (stderr, "A connection UUID, name, and VPN plugin service name are required.\n"); return 1; } if (strcmp (vpn_service, NM_DBUS_SERVICE_FORTISSLVPN) != 0) { fprintf (stderr, "This dialog only works with the '%s' service\n", NM_DBUS_SERVICE_FORTISSLVPN); return 1; } if (!nm_vpn_service_plugin_read_vpn_details (0, &data, &secrets)) { fprintf (stderr, "Failed to read '%s' (%s) data and secrets from stdin.\n", vpn_name, vpn_uuid); return 1; } nm_vpn_service_plugin_get_secret_flags (secrets, NM_FORTISSLVPN_KEY_PASSWORD, &pw_flags); if (!get_secrets (vpn_uuid, vpn_name, retry, allow_interaction, external_ui_mode, g_hash_table_lookup (secrets, NM_FORTISSLVPN_KEY_PASSWORD), &password, pw_flags)) return 1; if (!external_ui_mode) { /* dump the passwords to stdout */ if (password) printf ("%s\n%s\n", NM_FORTISSLVPN_KEY_PASSWORD, password); printf ("\n\n"); g_free (password); /* for good measure, flush stdout since Kansas is going Bye-Bye */ fflush (stdout); /* Wait for quit signal */ wait_for_quit (); } if (data) g_hash_table_unref (data); if (secrets) g_hash_table_unref (secrets); return 0; }