static void
set_account_password_cb (GObject *source,
GAsyncResult *result,
gpointer user_data)
{
TpAccount *tp_account = (TpAccount *) source;
AuthContext *ctx = user_data;
AuthContext *new_ctx;
GError *error = NULL;
if (!tpaw_keyring_set_account_password_finish (tp_account, result, &error))
{
DEBUG ("Failed to set empty password on UOA account: %s", error->message);
auth_context_done (ctx);
return;
}
new_ctx = auth_context_new (ctx->channel, ctx->service);
auth_context_free (ctx);
if (new_ctx->session != NULL)
{
/* The trick worked! */
request_password (new_ctx);
return;
}
DEBUG ("Still can't get a signon session, even after setting empty pwd");
auth_context_done (new_ctx);
}
void
empathy_uoa_auth_handler_start (EmpathyUoaAuthHandler *self,
TpChannel *channel,
TpAccount *tp_account)
{
const GValue *id_value;
AgAccountId id;
AgAccount *account;
GList *l = NULL;
AgAccountService *service;
AuthContext *ctx;
g_return_if_fail (TP_IS_CHANNEL (channel));
g_return_if_fail (TP_IS_ACCOUNT (tp_account));
g_return_if_fail (empathy_uoa_auth_handler_supports (self, channel,
tp_account));
DEBUG ("Start UOA auth for account: %s",
tp_proxy_get_object_path (tp_account));
id_value = tp_account_get_storage_identifier (tp_account);
id = g_value_get_uint (id_value);
account = ag_manager_get_account (self->priv->manager, id);
if (account != NULL)
l = ag_account_list_services_by_type (account, TPAW_UOA_SERVICE_TYPE);
if (l == NULL)
{
DEBUG ("Couldn't find IM service for AgAccountId %u", id);
g_object_unref (account);
tp_channel_close_async (channel, NULL, NULL);
return;
}
/* Assume there is only one IM service */
service = ag_account_service_new (account, l->data);
ag_service_list_free (l);
g_object_unref (account);
ctx = auth_context_new (channel, service);
if (ctx->session == NULL)
{
/* This (usually?) means we never stored credentials for this account.
* To ask user to type his password SSO needs a SignonIdentity bound to
* our account. Let's store an empty password. */
DEBUG ("Couldn't create a signon session");
tpaw_keyring_set_account_password_async (tp_account, "", FALSE,
set_account_password_cb, ctx);
}
else
{
/* All is fine! Query UOA for more info */
signon_identity_query_info (ctx->identity,
identity_query_info_cb, ctx);
}
g_object_unref (service);
}
OPENVPN_EXPORT int
openvpn_plugin_func_v2 (openvpn_plugin_handle_t handle,
const int type,
const char *argv[],
const char *envp[],
void *per_client_context,
struct openvpn_plugin_string_list **return_list)
{
ldap_context_t *context = (ldap_context_t *) handle;
auth_context_t *auth_context = NULL;
action_t *action = NULL;
int res = OPENVPN_PLUGIN_FUNC_ERROR;
if (type == OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY){
/* get username/password/auth_control_file from envp string array */
const char *username = get_env ("username", envp);
const char *password = get_env ("password", envp);
const char *auth_control_file = get_env ( "auth_control_file", envp );
const char *pf_file = get_env ("pf_file", envp);
/* required parameters check */
if (!username){
LOGERROR("No username supplied to OpenVPN plugin");
return OPENVPN_PLUGIN_FUNC_ERROR;
}
auth_context = auth_context_new( );
if( !auth_context ){
LOGERROR( "Could not allocate auth_context before calling thread" );
return res;
}
if( username ) auth_context->username = strdup( username );
if( password ) auth_context->password = strdup( password );
if( pf_file ) auth_context->pf_file = strdup( pf_file );
if( auth_control_file ) auth_context->auth_control_file = strdup( auth_control_file );
/* If some argument were missing or could not be duplicate */
if( !(auth_context->username && auth_context->password && auth_context->auth_control_file ) ){
auth_context_free( auth_context );
return res;
}
action = action_new( );
action->type = LDAP_AUTH_ACTION_AUTH;
action->context = auth_context;
action->client_context = per_client_context;
action->context_free_func = (void *)auth_context_free;
action_push( context->action_list, action );
return OPENVPN_PLUGIN_FUNC_DEFERRED;
}
else if (type == OPENVPN_PLUGIN_ENABLE_PF){
/* unfortunately, at this stage we dont know anything about the client
* yet. Let assume it is enabled, we will define default somewhere
*/
return OPENVPN_PLUGIN_FUNC_SUCCESS;
}else if( type == OPENVPN_PLUGIN_CLIENT_CONNECT_V2 ){
/* on client connect, we return conf options through return list
*/
const char *username = get_env ("username", envp);
client_context_t *cc = per_client_context;
char *ccd_options = NULL;
/* sanity check */
if (!username){
LOGERROR("No username supplied to OpenVPN plugin");
return OPENVPN_PLUGIN_FUNC_ERROR;
}
if (!cc || !cc->profile){
LOGERROR("No profile found for user");
return OPENVPN_PLUGIN_FUNC_ERROR;
}
#ifdef ENABLE_LDAPUSERCONF
ccd_options = ldap_account_get_options_to_string( cc->ldap_account );
#endif
if( cc->profile->redirect_gateway_prefix && strlen( cc->profile->redirect_gateway_prefix ) > 0 ){
/* do the username start with prefix? */
if( strncmp( cc->profile->redirect_gateway_prefix, username, strlen( cc->profile->redirect_gateway_prefix ) ) == 0 ){
char *tmp_ccd = ccd_options;
ccd_options = strdupf("push \"redirect-gateway %s\"\n%s",
cc->profile->redirect_gateway_flags ? cc->profile->redirect_gateway_flags : DFT_REDIRECT_GATEWAY_FLAGS,
tmp_ccd ? tmp_ccd : "");
if( tmp_ccd ) la_free( tmp_ccd );
}
}
if( ccd_options ){
*return_list = la_malloc( sizeof( struct openvpn_plugin_string_list ) );
if( *return_list != NULL){
(*return_list)->next = NULL;
(*return_list)->name = strdup( "config" );
(*return_list)->value = ccd_options;
}
}
return OPENVPN_PLUGIN_FUNC_SUCCESS;
}
#ifdef ENABLE_LDAPUSERCONF
else if( type == OPENVPN_PLUGIN_CLIENT_DISCONNECT ){
/* nothing done for now
* potentially, session could be logged
*/
return OPENVPN_PLUGIN_FUNC_SUCCESS;
}
#endif
return res;
}
