static void
get_existing_passwords (GHashTable *vpn_data,
GHashTable *existing_secrets,
const char *vpn_uuid,
gboolean need_password,
gboolean need_user_certpass,
gboolean need_machine_certpass,
char **out_password,
char **out_user_certpass,
char **out_machine_certpass)
{
NMSettingSecretFlags pw_flags = NM_SETTING_SECRET_FLAG_NONE;
NMSettingSecretFlags user_cp_flags = NM_SETTING_SECRET_FLAG_NONE;
NMSettingSecretFlags machine_cp_flags = NM_SETTING_SECRET_FLAG_NONE;
g_return_if_fail (out_password != NULL);
g_return_if_fail (out_user_certpass != NULL);
g_return_if_fail (out_machine_certpass != NULL);
nm_vpn_service_plugin_get_secret_flags (vpn_data, NM_L2TP_KEY_PASSWORD, &pw_flags);
if (need_password) {
if (!(pw_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED)) {
*out_password = g_strdup (g_hash_table_lookup (existing_secrets, NM_L2TP_KEY_PASSWORD));
if (!*out_password)
*out_password = keyring_lookup_secret (vpn_uuid, NM_L2TP_KEY_PASSWORD);
}
}
nm_vpn_service_plugin_get_secret_flags (vpn_data, NM_L2TP_KEY_USER_CERTPASS, &user_cp_flags);
if (need_user_certpass) {
if (!(user_cp_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED)) {
*out_user_certpass = g_strdup (g_hash_table_lookup (existing_secrets, NM_L2TP_KEY_USER_CERTPASS));
if (!*out_user_certpass)
*out_user_certpass = keyring_lookup_secret (vpn_uuid, NM_L2TP_KEY_USER_CERTPASS);
}
}
nm_vpn_service_plugin_get_secret_flags (vpn_data, NM_L2TP_KEY_MACHINE_CERTPASS, &machine_cp_flags);
if (need_machine_certpass) {
if (!(machine_cp_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED)) {
*out_machine_certpass = g_strdup (g_hash_table_lookup (existing_secrets, NM_L2TP_KEY_MACHINE_CERTPASS));
if (!*out_machine_certpass)
*out_machine_certpass = keyring_lookup_secret (vpn_uuid, NM_L2TP_KEY_MACHINE_CERTPASS);
}
}
}
static NMSettingSecretFlags
get_pw_flags (GHashTable *hash, const char *secret_name, const char *mode_name)
{
const char *val;
NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE;
/* Try new flags value first */
if (nm_vpn_service_plugin_get_secret_flags (hash, secret_name, &flags))
return flags;
/* Otherwise try old "password type" value */
val = g_hash_table_lookup (hash, mode_name);
if (val) {
if (g_strcmp0 (val, NM_LIBRESWAN_PW_TYPE_ASK) == 0)
return NM_SETTING_SECRET_FLAG_NOT_SAVED;
else if (g_strcmp0 (val, NM_LIBRESWAN_PW_TYPE_UNUSED) == 0)
return NM_SETTING_SECRET_FLAG_NOT_REQUIRED;
/* NM_LIBRESWAN_PW_TYPE_SAVE means FLAG_NONE */
}
return NM_SETTING_SECRET_FLAG_NONE;
}
static char *
get_passwords_required (GHashTable *data,
gboolean *out_need_password,
gboolean *out_need_user_certpass,
gboolean *out_need_machine_certpass)
{
const char *authtype, *val;
NMSettingSecretFlags flags;
*out_need_password = FALSE;
*out_need_user_certpass = FALSE;
*out_need_machine_certpass = FALSE;
authtype = g_hash_table_lookup (data, NM_L2TP_KEY_USER_AUTH_TYPE);
if (nm_streq0 (authtype, NM_L2TP_AUTHTYPE_TLS)) {
/* Encrypted PKCS#12 certificate or private key password */
val = g_hash_table_lookup (data, NM_L2TP_KEY_USER_KEY);
if (val)
crypto_file_format (val, out_need_user_certpass, NULL);
} else { /* NM_L2TP_AUTHTYPE_PASSWORD */
flags = NM_SETTING_SECRET_FLAG_NONE;
nm_vpn_service_plugin_get_secret_flags (data, NM_L2TP_KEY_PASSWORD, &flags);
if (!(flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED))
*out_need_password = TRUE;
}
authtype = g_hash_table_lookup (data, NM_L2TP_KEY_MACHINE_AUTH_TYPE);
if (nm_streq0 (authtype, NM_L2TP_AUTHTYPE_TLS)) {
/* Encrypted PKCS#12 certificate or private key password */
val = g_hash_table_lookup (data, NM_L2TP_KEY_MACHINE_KEY);
if (val)
crypto_file_format (val, out_need_machine_certpass, NULL);
}
return NULL;
}
int
main (int argc, char *argv[])
{
gboolean retry = FALSE, allow_interaction = FALSE, external_ui_mode = FALSE;
char *vpn_name = NULL, *vpn_uuid = NULL, *vpn_service = NULL, *password = NULL;
GHashTable *data = NULL, *secrets = NULL;
NMSettingSecretFlags pw_flags = NM_SETTING_SECRET_FLAG_NONE;
GOptionContext *context;
GOptionEntry entries[] = {
{ "reprompt", 'r', 0, G_OPTION_ARG_NONE, &retry, "Reprompt for passwords", NULL},
{ "uuid", 'u', 0, G_OPTION_ARG_STRING, &vpn_uuid, "UUID of VPN connection", NULL},
{ "name", 'n', 0, G_OPTION_ARG_STRING, &vpn_name, "Name of VPN connection", NULL},
{ "service", 's', 0, G_OPTION_ARG_STRING, &vpn_service, "VPN service type", NULL},
{ "allow-interaction", 'i', 0, G_OPTION_ARG_NONE, &allow_interaction, "Allow user interaction", NULL},
{ "external-ui-mode", 0, 0, G_OPTION_ARG_NONE, &external_ui_mode, "External UI mode", NULL},
{ NULL }
};
bindtextdomain (GETTEXT_PACKAGE, NULL);
bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
textdomain (GETTEXT_PACKAGE);
gtk_init (&argc, &argv);
context = g_option_context_new ("- fortisslvpn auth dialog");
g_option_context_add_main_entries (context, entries, GETTEXT_PACKAGE);
g_option_context_parse (context, &argc, &argv, NULL);
g_option_context_free (context);
if (!vpn_uuid || !vpn_service || !vpn_name) {
fprintf (stderr, "A connection UUID, name, and VPN plugin service name are required.\n");
return 1;
}
if (strcmp (vpn_service, NM_DBUS_SERVICE_FORTISSLVPN) != 0) {
fprintf (stderr, "This dialog only works with the '%s' service\n", NM_DBUS_SERVICE_FORTISSLVPN);
return 1;
}
if (!nm_vpn_service_plugin_read_vpn_details (0, &data, &secrets)) {
fprintf (stderr, "Failed to read '%s' (%s) data and secrets from stdin.\n",
vpn_name, vpn_uuid);
return 1;
}
nm_vpn_service_plugin_get_secret_flags (secrets, NM_FORTISSLVPN_KEY_PASSWORD, &pw_flags);
if (!get_secrets (vpn_uuid, vpn_name, retry, allow_interaction, external_ui_mode,
g_hash_table_lookup (secrets, NM_FORTISSLVPN_KEY_PASSWORD),
&password,
pw_flags))
return 1;
if (!external_ui_mode) {
/* dump the passwords to stdout */
if (password)
printf ("%s\n%s\n", NM_FORTISSLVPN_KEY_PASSWORD, password);
printf ("\n\n");
g_free (password);
/* for good measure, flush stdout since Kansas is going Bye-Bye */
fflush (stdout);
/* Wait for quit signal */
wait_for_quit ();
}
if (data)
g_hash_table_unref (data);
if (secrets)
g_hash_table_unref (secrets);
return 0;
}
