[RFC/RFT] stoken and xmlconfig changes

Kevin Cernekee cernekee at gmail.com
Sat Aug 2 17:33:25 PDT 2014 

This implements a couple of items previously discussed on the list:

 - Prompt for a tokencode prefix, for "PASSCODE = PIN + TOKENCODE" style
   software tokens.  Currently this works with manual entry or
   --passwd-on-stdin; no --token-prefix argument was added.  No prefix is
   required for a standard soft token that incorporates a PIN into the
   tokencode calculation.

 - Fix "next tokencode" time offset if a 30-second token is being used.

 - Avoid looking at token metadata until the token is decrypted, to
   support using --token-secret with the new V3 token URIs.

 - Allow --token-secret to point to a file, so that SDTID XML tokens can
   be used directly.

Also, some other minor fixes:

 - Restore TTY state on aborted password prompt.  It looks like there was
   a regression when some of the Windows code was added.

 - Clean up handling of <HostAddress> entries from the xmlconfig file.

I have not yet looked at the Windows port, or getting libstoken running
on Windows.  I would also like to hold off on the tomcrypt/nettle changes
until I have a better idea of what will be needed to read/write the
X.509 certs/sigs in the SDTID <BatchSignature> section.


The following changes since commit 24c3fb45d6ad824e97a0223065d9419641e3b8d1:

  Update GUI page (2014-07-31 23:17:42 +0100)

are available in the git repository at:

  git://github.com/cernekee/openconnect token-20140802

for you to fetch changes up to 295a826b9c5719dac97e0002fdd52dfd2b17fe10:

  auth: Refactor stoken form handling (2014-08-02 16:31:54 -0700)

----------------------------------------------------------------
Kevin Cernekee (7):
      xml: Make a generic function to read a file into a string
      xml: Trim whitespace from xmlconfig entries
      xml: Call openconnect_parse_url() on <HostAddress> entries
      main: Restore tty state if password prompt is aborted
      main: Allow reading --token-secret from a file
      auth: Rearrange stoken support code
      auth: Refactor stoken form handling

 auth.c                 |  241 ++++++++++++++++++++++++++++++++++--------------
 main.c                 |   21 ++++-
 openconnect-internal.h |    4 +
 openconnect.8.in       |   13 ++-
 xml.c                  |  110 ++++++++++++++--------
 5 files changed, 272 insertions(+), 117 deletions(-)
-- 
1.7.9.5

More information about the openconnect-devel mailing list