[PATCH nm-openconnect 3/3] Add support for TOTP software tokens
Kevin Cernekee
cernekee at gmail.com
Sun Mar 24 21:15:23 EDT 2013
Create new TOTP option on the UI, and make the appropriate library calls
if the user enables it.
---
auth-dialog/main.c | 14 ++++++++++----
properties/nm-openconnect-dialog.ui | 13 ++++++++-----
properties/nm-openconnect.c | 16 ++++++++++++++--
3 files changed, 32 insertions(+), 11 deletions(-)
diff --git a/auth-dialog/main.c b/auth-dialog/main.c
index eadcce1..3be0e15 100644
--- a/auth-dialog/main.c
+++ b/auth-dialog/main.c
@@ -65,7 +65,11 @@
#endif
#if !OPENCONNECT_CHECK_VER(2,1)
-#define openconnect_set_stoken_mode(...) -EOPNOTSUPP
+#define __openconnect_set_token_mode(...) -EOPNOTSUPP
+#elif !OPENCONNECT_CHECK_VER(2,2)
+#define __openconnect_set_token_mode(vpninfo, mode, secret) openconnect_set_stoken_mode(vpninfo, 1, secret)
+#else
+#define __openconnect_set_token_mode openconnect_set_token_mode
#endif
#ifdef OPENCONNECT_OPENSSL
@@ -1103,12 +1107,14 @@ static int get_config (GHashTable *options, GHashTable *secrets,
int ret = 0;
if (!strcmp(token_mode, "manual") && token_secret)
- ret = openconnect_set_stoken_mode(vpninfo, 1, token_secret);
+ ret = __openconnect_set_token_mode(vpninfo, OC_TOKEN_MODE_STOKEN, token_secret);
else if (!strcmp(token_mode, "stokenrc"))
- ret = openconnect_set_stoken_mode(vpninfo, 1, NULL);
+ ret = __openconnect_set_token_mode(vpninfo, OC_TOKEN_MODE_STOKEN, NULL);
+ else if (!strcmp(token_mode, "totp") && token_secret)
+ ret = __openconnect_set_token_mode(vpninfo, OC_TOKEN_MODE_TOTP, token_secret);
if (ret)
- fprintf(stderr, "Failed to initialize stoken: %d\n", ret);
+ fprintf(stderr, "Failed to initialize software token: %d\n", ret);
}
return 0;
diff --git a/properties/nm-openconnect-dialog.ui b/properties/nm-openconnect-dialog.ui
index 66b9119..bc38374 100644
--- a/properties/nm-openconnect-dialog.ui
+++ b/properties/nm-openconnect-dialog.ui
@@ -636,7 +636,7 @@
<child>
<object class="GtkLabel" id="label5">
<property name="visible">True</property>
- <property name="label" translatable="yes">Token _Source:</property>
+ <property name="label" translatable="yes">Token _Mode:</property>
<property name="use_underline">True</property>
<property name="use_markup">False</property>
<property name="justify">GTK_JUSTIFY_LEFT</property>
@@ -646,7 +646,7 @@
<property name="yalign">0.5</property>
<property name="xpad">0</property>
<property name="ypad">0</property>
- <property name="mnemonic_widget">token_source</property>
+ <property name="mnemonic_widget">token_mode</property>
<property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
<property name="width_chars">-1</property>
<property name="single_line_mode">False</property>
@@ -663,7 +663,7 @@
<child>
<object class="GtkLabel" id="token_secret_label">
<property name="visible">True</property>
- <property name="label" translatable="yes">Token St_ring:</property>
+ <property name="label" translatable="yes">Token Sec_ret:</property>
<property name="use_underline">True</property>
<property name="use_markup">False</property>
<property name="justify">GTK_JUSTIFY_LEFT</property>
@@ -740,10 +740,13 @@
<col id="0" translatable="yes">Disabled</col>
</row>
<row>
- <col id="0" translatable="yes">Read from ~/.stokenrc</col>
+ <col id="0" translatable="yes">RSA SecurID - read from ~/.stokenrc</col>
</row>
<row>
- <col id="0" translatable="yes">Manually entered</col>
+ <col id="0" translatable="yes">RSA SecurID - manually entered</col>
+ </row>
+ <row>
+ <col id="0" translatable="yes">TOTP - manually entered</col>
</row>
</data>
</object>
diff --git a/properties/nm-openconnect.c b/properties/nm-openconnect.c
index f7c43d8..7a60937 100644
--- a/properties/nm-openconnect.c
+++ b/properties/nm-openconnect.c
@@ -45,6 +45,9 @@
#if !OPENCONNECT_CHECK_VER(2,1)
#define openconnect_has_stoken_support() 0
#endif
+#if !OPENCONNECT_CHECK_VER(2,2)
+#define openconnect_has_oath_support() 0
+#endif
#define NM_VPN_API_SUBJECT_TO_CHANGE
@@ -380,8 +383,11 @@ init_token_ui (OpenconnectPluginUiWidget *self,
GtkTextBuffer *buffer;
const char *value;
- /* don't advertise stoken properties if we can't use them anyway */
- if (!openconnect_has_stoken_support ())
+ /*
+ * don't advertise software token properties if we can't use them anyway
+ * TODO: Fix up the dialog accordingly if e.g. stoken is present but oath is missing
+ */
+ if (!openconnect_has_stoken_support () && !openconnect_has_oath_support ())
return TRUE;
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "token_vbox"));
@@ -399,6 +405,8 @@ init_token_ui (OpenconnectPluginUiWidget *self,
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 1);
else if (!strcmp (value, "manual"))
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 2);
+ else if (!strcmp (value, "totp"))
+ gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 3);
else
gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0);
}
@@ -558,6 +566,10 @@ update_connection (NMVpnPluginUiWidgetInterface *iface,
str = "manual";
token_secret_editable = TRUE;
break;
+ case 3:
+ str = "totp";
+ token_secret_editable = TRUE;
+ break;
}
if (str)
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_TOKEN_MODE, str);
--
1.7.10.4
More information about the openconnect-devel
mailing list