password request loop

David Woodhouse dwmw2 at infradead.org
Fri May 18 11:54:41 EDT 2012 

On Fri, 2012-05-18 at 08:09 -0700, Jeffrey May wrote:
> 
> Thanks for all the regarding this issue.
> Is there documentation for proper usage of libopenconnect?

Only what's in openconnect.h, I'm afraid, although I've tried to make it
relatively simple and clear.

The GNOME NetworkManager auth-dialog is a good reference.

Basically you call openconnect_vpninfo_new(), providing your callback
functions for:

validate_peer_cert(): called to ask permission from the user to accept a
certificate which fails normal validation.

write_new_config(): called with the XML configuration file from the
server, on a successful authentication. This includes the list of
servers that are available for this connection, which the auth-dialog is
responsible for parsing and using (optionally, but ideally).

process_auth_form(): This is the important part. It's called with the
data from each authentication request, and the auth-dialog should prompt
the user for any information that isn't already known, before returning
the answers.

progress(): This is the log output from openconnect, which can be
ignored or can be displayed to the user in a 'verbose' mode or optional
log window in the UI.

You might want the 'self' argument of these callbacks *not* to be the
vpninfo structure itself, but some other per-instance pointer that you
provide. In that case use openconnect_vpninfo_new_with_cbdata(). The
callback functions are actually the same.

You then check which server the user wants to connect to today (you were
responsible for storing the XML file, so you can parse it and ask the
user or just automatically reconnect to the same server as last time,
which you remembered).

Use openconnect_parse_url() to set the URL that it'll try to connect to.
You can also use openconnect_set_hostname() and
openconnect_set_urlpath() which do the same thing, if you have the
information separately.

Use openconnect_set_xml_sha1() to tell openconnect about the XML file
you had saved; it'll only call your write_new_config() callback if it
*changed*.

Optionally, but ideally, call openconnect_set_cancel_fd() with a file
descriptor which when *readable* will indicate that a connection attempt
should be aborted.

Then call openconnect_obtain_cookie().

Finally if it succeeds you use openconnect_get_cookie(),
openconnect_get_hostname() and openconnect_get_peer_cert() to get the
information you need to actually connect (using the --servercert and
--cookie-on-stdin options to openconnect).

That should get you started. Feel free to ask more questions, and I'll
also try to write it up more coherently. You can find me on IRC as dwmw2
or dwmw2_gone (or dwmw2_XXX where XXX is an airport code) on OFTC,
Freenode, GimpNET and others.

What exactly are you trying to do?

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120518/6da7772d/attachment.bin>

More information about the openconnect-devel mailing list