[RFC/RFT] stoken and xmlconfig changes

David Woodhouse dwmw2 at infradead.org
Tue Aug 12 07:35:13 PDT 2014 

On Tue, 2014-08-05 at 11:42 +0100, David Woodhouse wrote:
> Perhaps I should follow your lead and allow the PSKC XML to be passed
> in as the "string". And then just add a function or callback for the
> library to give it *back* again. The library will hand it back in the
> same form (raw/PSKC) that it received it.

I've done this. I haven't yet made it support PSKC, but there are
lock/unlock callbacks for using a counter-based token, which will be
called before the token is used and then again afterwards with the new
data.

I've implemented this in openconnect itself, and also in
NetworkManager-openconnect.

Does this look correct for the Java side?

diff --git a/java/src/org/infradead/libopenconnect/LibOpenConnect.java b/java/src/org/infradead/libopenconnect/LibOpenConnect.java
index 2352675..f86edec 100644
--- a/java/src/org/infradead/libopenconnect/LibOpenConnect.java
+++ b/java/src/org/infradead/libopenconnect/LibOpenConnect.java
@@ -59,6 +59,8 @@ public abstract class LibOpenConnect {
 	public int onWriteNewConfig(byte[] buf) { return 0; }
 	public void onProtectSocket(int fd) { }
 	public void onStatsUpdate(VPNStats stats) { }
+	public int onTokenLock() { return 0; }
+	public int onTokenUnlock(String newToken) { return 0; }
 
 	/* create/destroy library instances */
 
diff --git a/jni.c b/jni.c
index 9936236..23fcbe1 100644
--- a/jni.c
+++ b/jni.c
@@ -525,6 +525,50 @@ out:
 	(*ctx->jenv)->PopLocalFrame(ctx->jenv, NULL);
 }
 
+static int lock_token_cb(void *privdata)
+{
+	struct libctx *ctx = privdata;
+	jmethodID mid;
+	int ret = -1;
+
+	if ((*ctx->jenv)->PushLocalFrame(ctx->jenv, 256) < 0)
+		return -1;
+
+	mid = get_obj_mid(ctx, ctx->jobj, "onTokenLock", "(V)I");
+	if (!mid)
+		goto out;
+
+	(*ctx->jenv)->CallIntMethod(ctx->jenv, ctx->jobj, mid);
+
+out:
+	(*ctx->jenv)->PopLocalFrame(ctx->jenv, NULL);
+	return ret;
+}
+
+static int unlock_token_cb(void *privdata, const char *new_token)
+{
+	struct libctx *ctx = privdata;
+	jstring jtoken;
+	int ret = -1;
+	jmethodID mid;
+
+	if ((*ctx->jenv)->PushLocalFrame(ctx->jenv, 256) < 0)
+		return -1;
+
+	jtoken = dup_to_jstring(ctx->jenv, new_token);
+	if (!jtoken)
+		goto out;
+
+	mid = get_obj_mid(ctx, ctx->jobj, "onTokenUnlock", "(Ljava/lang/String;)I");
+	if (mid)
+		ret = (*ctx->jenv)->CallIntMethod(ctx->jenv, ctx->jobj, mid, jtoken);
+
+out:
+	(*ctx->jenv)->PopLocalFrame(ctx->jenv, NULL);
+	return ret;
+}
+
+
 /* Library init/uninit */
 
 static jobject init_async_lock(struct libctx *ctx)
@@ -566,6 +610,8 @@ JNIEXPORT jlong JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_init(
 	if (!ctx->vpninfo)
 		goto bad_delete_ref;
 
+	openconnect_set_token_callbacks(ctx->vpninfo, ctx, lock_token_cb,
+					unlock_token_cb);
 	openconnect_set_protect_socket_handler(ctx->vpninfo, protect_socket_cb);
 	openconnect_set_stats_handler(ctx->vpninfo, stats_cb);
 


-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140812/f45d69a8/attachment.bin>

More information about the openconnect-devel mailing list