[PATCH] Add openconnect_get_client_cert() to API
David Woodhouse
dwmw2 at infradead.org
Thu Sep 29 10:22:32 EDT 2011
On Tue, 2011-09-27 at 15:07 +0100, David Woodhouse wrote:
> Something like http://david.woodhou.se/openconnect-show-notice.patch ?
>
> I think we need to do that *anyway*, even if we also do something
> special for certificate expiry. So perhaps we should do that first, and
> then see if we can live with the resulting behaviour for expired certs?
>
> We should probably add a 'PRG_NOTICE' log level; currently we only have
> ERR, INFO, DEBUG and TRACE. The UI can then show NOTICE messages with
> GTK_STOCK_DIALOG_WARNING and ERR messages with GTK_STOCK_DIALOG_ERROR.
The patch below fixes the biggest issue facing us right now, which is
that users weren't seeing the certificate warnings.
I haven't (yet) added the PRG_NOTICE (or PRG_WARNING) log level. It
wouldn't be hard to add it but for now I've taken a different approach —
PRG_ERR messages are displayed with GTK_STOCK_DIALOG_WARNING but when
the obtain_cookie call *fails*, the last one is switched to
GTK_STOCK_DIALOG_ERROR. It's kind of icky, but works fairly well.
As I get asked for my username and password, the warning icon is right
above the form, telling me that my certificate is expiring. In fact it's
there even before the form is displayed; even while it's first trying to
establish the TCP connection and SSL session to the server.
Btw, do you remember the reason for the gtk_widget_set_size_request()
call in ssl_box_add_error(), and why you didn't just set the 'expand'
and 'fill' flags in the gtk_box_pack_start() call to TRUE, as I do in
this patch?
diff --git a/auth-dialog/main.c b/auth-dialog/main.c
index 30e0366..139f5c6 100644
--- a/auth-dialog/main.c
+++ b/auth-dialog/main.c
@@ -51,8 +51,6 @@
#include <openssl/bio.h>
#include <openssl/ui.h>
-static char *last_message;
-
static char *lasthost;
typedef struct vpnhost {
@@ -90,6 +88,7 @@ typedef struct auth_ui_data {
GtkWidget *ssl_box;
GtkWidget *cancel_button;
GtkWidget *login_button;
+ GtkWidget *last_notice_icon;
GtkTextBuffer *log;
int retval;
@@ -134,7 +133,6 @@ static void container_child_remove(GtkWidget *widget, gpointer data)
static void ssl_box_add_error(auth_ui_data *ui_data, const char *msg)
{
GtkWidget *hbox, *text, *image;
- int width;
hbox = gtk_hbox_new(FALSE, 8);
gtk_box_pack_start(GTK_BOX(ui_data->ssl_box), hbox, FALSE, FALSE, 0);
@@ -145,10 +143,26 @@ static void ssl_box_add_error(auth_ui_data *ui_data, const char *msg)
text = gtk_label_new(msg);
gtk_label_set_line_wrap(GTK_LABEL(text), TRUE);
- gtk_window_get_size(GTK_WINDOW(ui_data->dialog), &width, NULL);
- /* FIXME: this is not very nice -- can't make the window thinner after this */
- gtk_widget_set_size_request(text, width - 100, -1);
- gtk_box_pack_start(GTK_BOX(hbox), text, FALSE, FALSE, 0);
+ gtk_box_pack_start(GTK_BOX(hbox), text, TRUE, TRUE, 0);
+ ui_data->last_notice_icon = NULL;
+}
+
+static void ssl_box_add_notice(auth_ui_data *ui_data, const char *msg)
+{
+ GtkWidget *hbox, *text, *image;
+
+ hbox = gtk_hbox_new(FALSE, 8);
+ gtk_box_pack_start(GTK_BOX(ui_data->ssl_box), hbox, FALSE, FALSE, 0);
+
+ image = gtk_image_new_from_stock(GTK_STOCK_DIALOG_WARNING,
+ GTK_ICON_SIZE_DIALOG);
+ gtk_box_pack_start(GTK_BOX(hbox), image, FALSE, FALSE, 0);
+
+ text = gtk_label_new(msg);
+ gtk_label_set_line_wrap(GTK_LABEL(text), TRUE);
+ gtk_box_pack_start(GTK_BOX(hbox), text, TRUE, TRUE, 0);
+ gtk_widget_show_all(ui_data->ssl_box);
+ ui_data->last_notice_icon = image;
}
static void ssl_box_add_info(auth_ui_data *ui_data, const char *msg)
@@ -166,8 +180,9 @@ static void ssl_box_add_info(auth_ui_data *ui_data, const char *msg)
static void ssl_box_clear(auth_ui_data *ui_data)
{
gtk_widget_hide(ui_data->no_form_label);
gtk_widget_hide(ui_data->getting_form_label);
+ ui_data->last_notice_icon = NULL;
gtk_container_foreach(GTK_CONTAINER(ui_data->ssl_box),
container_child_remove, ui_data->ssl_box);
gtk_widget_set_sensitive (ui_data->login_button, FALSE);
@@ -492,7 +508,7 @@ static gboolean ui_form (struct oc_auth_form *form)
auth_ui_data *ui_data = _ui_data; /* FIXME global */
struct oc_form_opt *opt;
- ssl_box_clear(ui_data);
+ // ssl_box_clear(ui_data);
g_mutex_lock(ui_data->form_mutex);
while (!g_queue_is_empty (ui_data->form_entries)) {
@@ -972,30 +988,37 @@ static gboolean write_progress_real(char *message)
return FALSE;
}
+/* NOTE: write_progress_real() will free the given string */
+static gboolean write_notice_real(char *message)
+{
+ auth_ui_data *ui_data = _ui_data; /* FIXME global */
+
+ g_return_val_if_fail(message, FALSE);
+
+ ssl_box_add_notice(ui_data, message);
+ g_free(message);
+
+ return FALSE;
+}
+
/* runs in worker thread */
static void write_progress(struct openconnect_info *info, int level, const char *fmt, ...)
{
va_list args;
char *msg;
- if (last_message) {
- g_free(last_message);
- last_message = NULL;
- }
-
va_start(args, fmt);
msg = g_strdup_vprintf(fmt, args);
va_end(args);
- if (level <= PRG_DEBUG) {
- g_idle_add((GSourceFunc)write_progress_real, g_strdup(msg));
- }
-
if (level <= PRG_ERR) {
- last_message = msg;
- return;
+ g_idle_add((GSourceFunc)write_notice_real, g_strdup(msg));
}
- g_free(msg);
+
+ if (level <= PRG_DEBUG)
+ g_idle_add((GSourceFunc)write_progress_real, msg);
+ else
+ g_free(msg);
}
static gboolean hash_merge_one (gpointer key, gpointer value, gpointer new_hash)
@@ -1023,8 +1046,10 @@ static gboolean cookie_obtained(auth_ui_data *ui_data)
if (ui_data->cookie_retval < 0) {
/* error while getting cookie */
- if (last_message) {
- ssl_box_add_error(ui_data, last_message);
+ if (ui_data->last_notice_icon) {
+ gtk_image_set_from_stock(GTK_IMAGE (ui_data->last_notice_icon),
+ GTK_STOCK_DIALOG_ERROR,
+ GTK_ICON_SIZE_DIALOG);
gtk_widget_show_all(ui_data->ssl_box);
gtk_widget_set_sensitive(ui_data->cancel_button, TRUE);
}
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5818 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20110929/b80384c2/attachment.bin>
More information about the openconnect-devel
mailing list