NetworManager and openconnect: using cookies
David Woodhouse
dwmw2 at infradead.org
Thu Dec 2 13:16:37 EST 2010
On Thu, 2010-12-02 at 17:53 +0000, David Woodhouse wrote:
>
> Hrm, why not using the *same* 'keyname' string as we're using for the
> TEXT and SELECT cases? There was a reason we included the form->auth_id
> in that key.
Patch below should do that. But I notice two problems now I look closer.
Firstly, it's not optional. I think it needs to be; we don't want to
*unconditionally* save the password. Not only for security reasons, but
also because it might be a one-time password.
Secondly, it's saving the password even if the authentication fails.
You'll note that 'remember_gconf_key' doesn't actually set it
immediately; it just *stores* it, and the entry later gets set when the
cookie_obtained() function walks through the ui_data->success_keys list.
(Third problem was that your patch lacked a Signed-off-by)
diff -u b/nm-auth-dialog.c b/nm-auth-dialog.c
--- b/nm-auth-dialog.c
+++ b/nm-auth-dialog.c
@@ -117,6 +117,7 @@
GNOME_KEYRING_ITEM_GENERIC_SECRET,
{
{ "vpn_uuid", GNOME_KEYRING_ATTRIBUTE_TYPE_STRING },
+ { "form_id", GNOME_KEYRING_ATTRIBUTE_TYPE_STRING },
{ "name", GNOME_KEYRING_ATTRIBUTE_TYPE_STRING },
{ NULL, 0 }
}
@@ -498,7 +499,8 @@
}
}
-void remember_keyring_key(const char *name, const char *value)
+void remember_keyring_key(const char *form_id, const char *name,
+ const char *value)
{
char *description;
description = g_strdup_printf("openconnect %s", name);
@@ -507,6 +509,7 @@
description,
value,
"vpn_uuid", vpn_uuid,
+ "form_id", form_id,
"name", name,
NULL);
}
@@ -521,7 +524,7 @@
return result;
}
-char *find_form_password(const char *name)
+char *find_form_password(const char *form_id, const char *name)
{
char *ret = NULL;
char *password;
@@ -530,6 +533,7 @@
res = gnome_keyring_find_password_sync(&keyring_password_schema,
&password,
"vpn_uuid", vpn_uuid,
+ "form_id", form_id,
"name", name,
NULL);
@@ -583,7 +587,7 @@
if (opt->type == OC_FORM_OPT_PASSWORD) {
/* obtain password from gnome-keyring */
- data->entry_text = find_form_password(opt->name);
+ data->entry_text = find_form_password(form->auth_id, opt->name);
} else {
data->entry_text = find_form_answer(form, opt);
}
@@ -644,7 +648,8 @@
/* save user password in gnome-keyring */
if (data->opt->type == OC_FORM_OPT_PASSWORD) {
- remember_keyring_key(data->opt->name, strdup(data->entry_text));
+ remember_keyring_key(form->auth_id, data->opt->name,
+ strdup(data->entry_text));
}
}
g_slice_free (ui_fragment_data, data);
--
dwmw2
More information about the openconnect-devel
mailing list