[PATCH nm-openconnect 3/3] Add support for TOTP software tokens

Kevin Cernekee cernekee at gmail.com
Sun Mar 24 21:15:23 EDT 2013


Create new TOTP option on the UI, and make the appropriate library calls
if the user enables it.
---
 auth-dialog/main.c                  |   14 ++++++++++----
 properties/nm-openconnect-dialog.ui |   13 ++++++++-----
 properties/nm-openconnect.c         |   16 ++++++++++++++--
 3 files changed, 32 insertions(+), 11 deletions(-)

diff --git a/auth-dialog/main.c b/auth-dialog/main.c
index eadcce1..3be0e15 100644
--- a/auth-dialog/main.c
+++ b/auth-dialog/main.c
@@ -65,7 +65,11 @@
 #endif
 
 #if !OPENCONNECT_CHECK_VER(2,1)
-#define openconnect_set_stoken_mode(...) -EOPNOTSUPP
+#define __openconnect_set_token_mode(...) -EOPNOTSUPP
+#elif !OPENCONNECT_CHECK_VER(2,2)
+#define __openconnect_set_token_mode(vpninfo, mode, secret) openconnect_set_stoken_mode(vpninfo, 1, secret)
+#else
+#define __openconnect_set_token_mode openconnect_set_token_mode
 #endif
 
 #ifdef OPENCONNECT_OPENSSL
@@ -1103,12 +1107,14 @@ static int get_config (GHashTable *options, GHashTable *secrets,
 		int ret = 0;
 
 		if (!strcmp(token_mode, "manual") && token_secret)
-			ret = openconnect_set_stoken_mode(vpninfo, 1, token_secret);
+			ret = __openconnect_set_token_mode(vpninfo, OC_TOKEN_MODE_STOKEN, token_secret);
 		else if (!strcmp(token_mode, "stokenrc"))
-			ret = openconnect_set_stoken_mode(vpninfo, 1, NULL);
+			ret = __openconnect_set_token_mode(vpninfo, OC_TOKEN_MODE_STOKEN, NULL);
+		else if (!strcmp(token_mode, "totp") && token_secret)
+			ret = __openconnect_set_token_mode(vpninfo, OC_TOKEN_MODE_TOTP, token_secret);
 
 		if (ret)
-			fprintf(stderr, "Failed to initialize stoken: %d\n", ret);
+			fprintf(stderr, "Failed to initialize software token: %d\n", ret);
 	}
 
 	return 0;
diff --git a/properties/nm-openconnect-dialog.ui b/properties/nm-openconnect-dialog.ui
index 66b9119..bc38374 100644
--- a/properties/nm-openconnect-dialog.ui
+++ b/properties/nm-openconnect-dialog.ui
@@ -636,7 +636,7 @@
                 <child>
                   <object class="GtkLabel" id="label5">
                     <property name="visible">True</property>
-                    <property name="label" translatable="yes">Token _Source:</property>
+                    <property name="label" translatable="yes">Token _Mode:</property>
                     <property name="use_underline">True</property>
                     <property name="use_markup">False</property>
                     <property name="justify">GTK_JUSTIFY_LEFT</property>
@@ -646,7 +646,7 @@
                     <property name="yalign">0.5</property>
                     <property name="xpad">0</property>
                     <property name="ypad">0</property>
-                    <property name="mnemonic_widget">token_source</property>
+                    <property name="mnemonic_widget">token_mode</property>
                     <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
                     <property name="width_chars">-1</property>
                     <property name="single_line_mode">False</property>
@@ -663,7 +663,7 @@
                 <child>
                   <object class="GtkLabel" id="token_secret_label">
                     <property name="visible">True</property>
-                    <property name="label" translatable="yes">Token St_ring:</property>
+                    <property name="label" translatable="yes">Token Sec_ret:</property>
                     <property name="use_underline">True</property>
                     <property name="use_markup">False</property>
                     <property name="justify">GTK_JUSTIFY_LEFT</property>
@@ -740,10 +740,13 @@
             <col id="0" translatable="yes">Disabled</col>
           </row>
           <row>
-            <col id="0" translatable="yes">Read from ~/.stokenrc</col>
+            <col id="0" translatable="yes">RSA SecurID - read from ~/.stokenrc</col>
           </row>
           <row>
-            <col id="0" translatable="yes">Manually entered</col>
+            <col id="0" translatable="yes">RSA SecurID - manually entered</col>
+          </row>
+          <row>
+            <col id="0" translatable="yes">TOTP - manually entered</col>
           </row>
         </data>
       </object>
diff --git a/properties/nm-openconnect.c b/properties/nm-openconnect.c
index f7c43d8..7a60937 100644
--- a/properties/nm-openconnect.c
+++ b/properties/nm-openconnect.c
@@ -45,6 +45,9 @@
 #if !OPENCONNECT_CHECK_VER(2,1)
 #define openconnect_has_stoken_support() 0
 #endif
+#if !OPENCONNECT_CHECK_VER(2,2)
+#define openconnect_has_oath_support() 0
+#endif
 
 #define NM_VPN_API_SUBJECT_TO_CHANGE
 
@@ -380,8 +383,11 @@ init_token_ui (OpenconnectPluginUiWidget *self,
 	GtkTextBuffer *buffer;
 	const char *value;
 
-	/* don't advertise stoken properties if we can't use them anyway */
-	if (!openconnect_has_stoken_support ())
+	/*
+	 * don't advertise software token properties if we can't use them anyway
+	 * TODO: Fix up the dialog accordingly if e.g. stoken is present but oath is missing
+	 */
+	if (!openconnect_has_stoken_support () && !openconnect_has_oath_support ())
 		return TRUE;
 
 	widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "token_vbox"));
@@ -399,6 +405,8 @@ init_token_ui (OpenconnectPluginUiWidget *self,
 				gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 1);
 			else if (!strcmp (value, "manual"))
 				gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 2);
+			else if (!strcmp (value, "totp"))
+				gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 3);
 			else
 				gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0);
 		}
@@ -558,6 +566,10 @@ update_connection (NMVpnPluginUiWidgetInterface *iface,
 		str = "manual";
 		token_secret_editable = TRUE;
 		break;
+	case 3:
+		str = "totp";
+		token_secret_editable = TRUE;
+		break;
 	}
 	if (str)
 		nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_TOKEN_MODE, str);
-- 
1.7.10.4




More information about the openconnect-devel mailing list