Hello community,
here is the log from the commit of package NetworkManager-openconnect for
openSUSE:Factory checked in at 2014-12-10 23:44:29
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/NetworkManager-openconnect (Old)
and /work/SRC/openSUSE:Factory/.NetworkManager-openconnect.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "NetworkManager-openconnect"
Changes:
--------
---
/work/SRC/openSUSE:Factory/NetworkManager-openconnect/NetworkManager-openconnect.changes
2014-07-24 00:21:55.000000000 +0200
+++
/work/SRC/openSUSE:Factory/.NetworkManager-openconnect.new/NetworkManager-openconnect.changes
2014-12-10 23:44:06.000000000 +0100
@@ -1,0 +2,6 @@
+Mon Dec 8 08:40:44 UTC 2014 - [email protected]
+
+- Add NetworkManager-openconnect-7.0.patch: Fix build with
+ OpenConnect 7.0. Patch taken from git, commit 58944a3.
+
+-------------------------------------------------------------------
New:
----
NetworkManager-openconnect-7.0.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ NetworkManager-openconnect.spec ++++++
--- /var/tmp/diff_new_pack.CMB8xt/_old 2014-12-10 23:44:07.000000000 +0100
+++ /var/tmp/diff_new_pack.CMB8xt/_new 2014-12-10 23:44:07.000000000 +0100
@@ -25,6 +25,8 @@
Group: Productivity/Networking/System
Url: http://www.gnome.org/projects/NetworkManager
Source0:
http://download.gnome.org/sources/NetworkManager-openconnect/0.9/%{name}-%{version}.tar.xz
+# PATCH-FIX-UPSTREAM NetworkManager-openconnect-7.0.patch [email protected]
-- Fix build with OpenConnect 7.0, taken from git.
+Patch0: NetworkManager-openconnect-7.0.patch
BuildRequires: intltool
BuildRequires: openconnect-devel >= 3.02
BuildRequires: translation-update-upstream
@@ -62,6 +64,7 @@
%lang_package
%prep
%setup -q
+%patch0 -p1
translation-update-upstream
%build
++++++ NetworkManager-openconnect-7.0.patch ++++++
>From b3815e96635c8f89c6161bdb6de53cd3c01c8535 Mon Sep 17 00:00:00 2001
From: David Woodhouse <[email protected]>
Date: Tue, 12 Aug 2014 14:55:39 +0100
Subject: Add HOTP support
This requires migrating the token_secret from a config item to a secret,
which thankfully doesn't seem to be too diffcult.
Index: NetworkManager-openconnect-0.9.10.0/auth-dialog/main.c
===================================================================
--- NetworkManager-openconnect-0.9.10.0.orig/auth-dialog/main.c
+++ NetworkManager-openconnect-0.9.10.0/auth-dialog/main.c
@@ -89,6 +89,21 @@
#define OC_FORM_RESULT_NEWGROUP 2
#endif
+#if OPENCONNECT_CHECK_VER(4,0)
+#define dup_option_value(opt) g_strdup((opt)->_value);
+#define OC3DUP(x) (x)
+#define write_config_const const
+#else
+#define dup_option_value(opt) g_strdup((opt)->value);
+#define openconnect_set_option_value(opt, val) do { \
+ struct oc_form_opt *_o = (opt); \
+ free(_o->value); _o->value = g_strdup(val); \
+ } while (0)
+#define openconnect_free_cert_info(v, x) free(x)
+#define OC3DUP(x) g_strdup(x)
+#define write_config_const /* */
+#endif
+
#ifdef OPENCONNECT_OPENSSL
#include <openssl/ssl.h>
#include <openssl/bio.h>
@@ -713,7 +728,7 @@ static gboolean ui_form (struct oc_auth_
data->entry_text = g_strdup
(find_form_answer(ui_data->secrets,
form, opt));
if (!data->entry_text)
- data->entry_text = g_strdup
(opt->value);
+ data->entry_text =
dup_option_value(opt);
} else {
GHashTable *attrs;
@@ -777,8 +792,7 @@ static gboolean set_initial_authgroup (a
for (i = 0; i < sopt->nr_choices; i++) {
struct oc_choice *ch = FORMCHOICE(sopt, i);
if (!strcmp(saved_group, ch->name) && i !=
AUTHGROUP_SELECTION(form)) {
- free(opt->value);
- opt->value = g_strdup(saved_group);
+ openconnect_set_option_value(opt, saved_group);
return TRUE;
}
}
@@ -824,7 +838,7 @@ static int nm_process_auth_form (void *c
g_cancellable_cancel(data->cancel);
if (data->entry_text) {
- data->opt->value = g_strdup (data->entry_text);
+ openconnect_set_option_value(data->opt,
data->entry_text);
if (data->opt->type == OC_FORM_OPT_TEXT ||
data->opt->type == OC_FORM_OPT_SELECT) {
@@ -875,7 +889,7 @@ static char* get_title(const char *vpn_n
typedef struct cert_data {
auth_ui_data *ui_data;
- OPENCONNECT_X509 *peer_cert;
+ char *cert_details;
const char *reason;
} cert_data;
@@ -903,13 +917,10 @@ static gboolean user_validate_cert(cert_
{
auth_ui_data *ui_data = _ui_data; /* FIXME global */
char *title;
- char *details;
GtkWidget *dlg, *text, *scroll;
GtkTextBuffer *buffer;
int result;
- details = openconnect_get_cert_details(ui_data->vpninfo,
data->peer_cert);
-
title = get_title(data->ui_data->vpn_name);
dlg = gtk_message_dialog_new(NULL, 0, GTK_MESSAGE_QUESTION,
GTK_BUTTONS_OK_CANCEL,
@@ -932,8 +943,7 @@ static gboolean user_validate_cert(cert_
text = gtk_text_view_new();
buffer = gtk_text_view_get_buffer(GTK_TEXT_VIEW(text));
- gtk_text_buffer_set_text(buffer, details, -1);
- free(details);
+ gtk_text_buffer_set_text(buffer, data->cert_details, -1);
gtk_text_view_set_editable(GTK_TEXT_VIEW(text), 0);
gtk_text_view_set_cursor_visible(GTK_TEXT_VIEW(text), FALSE);
gtk_container_add(GTK_CONTAINER(scroll), text);
@@ -956,36 +966,40 @@ static gboolean user_validate_cert(cert_
/* runs in worker thread */
static int validate_peer_cert(void *cbdata,
- OPENCONNECT_X509 *peer_cert, const char *reason)
+#if !OPENCONNECT_CHECK_VER(5,0)
+ OPENCONNECT_X509 *peer_cert,
+#endif
+ const char *reason)
{
auth_ui_data *ui_data = cbdata;
- char fingerprint[41];
- char *certs_data;
int ret = 0;
cert_data *data;
+ char *certkey;
+ char *accepted_hash = NULL;
+#if OPENCONNECT_CHECK_VER(5,0)
+ const char *fingerprint =
openconnect_get_peer_cert_hash(ui_data->vpninfo);
+#else
+ char fingerprint[41];
ret = openconnect_get_cert_sha1(ui_data->vpninfo, peer_cert,
fingerprint);
if (ret)
return ret;
- certs_data = g_hash_table_lookup (ui_data->secrets, "certsigs");
- if (certs_data) {
- char **certs = g_strsplit_set(certs_data, "\t", 0);
- char **this = certs;
-
- while (*this) {
- if (!strcmp(*this, fingerprint)) {
- g_strfreev(certs);
- goto out;
- }
- this++;
- }
- g_strfreev(certs);
- }
+#define openconnect_check_peer_cert_hash(v, h) strcmp(h, fingerprint)
+#define openconnect_get_peer_cert_details(v) openconnect_get_cert_details(v,
peer_cert);
+#endif
+
+ certkey = g_strdup_printf ("certificate:%s:%d",
+ openconnect_get_hostname(ui_data->vpninfo),
+ openconnect_get_port(ui_data->vpninfo));
+
+ accepted_hash = g_hash_table_lookup (ui_data->secrets, certkey);
+ if (accepted_hash &&
!openconnect_check_peer_cert_hash(ui_data->vpninfo, accepted_hash))
+ goto accepted;
data = g_slice_new(cert_data);
data->ui_data = ui_data; /* FIXME uses global */
- data->peer_cert = peer_cert;
+ data->cert_details =
openconnect_get_peer_cert_details(ui_data->vpninfo);
data->reason = reason;
g_mutex_lock(&ui_data->form_mutex);
@@ -994,27 +1008,27 @@ static int validate_peer_cert(void *cbda
g_idle_add((GSourceFunc)user_validate_cert, data);
/* wait for user to accept or cancel */
- while (ui_data->cert_response == CERT_USER_NOT_READY) {
+ while (ui_data->cert_response == CERT_USER_NOT_READY)
g_cond_wait(&ui_data->cert_response_changed,
&ui_data->form_mutex);
- }
- if (ui_data->cert_response == CERT_ACCEPTED) {
- if (certs_data) {
- char *new = g_strdup_printf("%s\t%s", certs_data,
fingerprint);
- g_hash_table_insert (ui_data->secrets,
- g_strdup ("certsigs"), new);
- } else {
- g_hash_table_insert (ui_data->secrets, g_strdup
("certsigs"),
- g_strdup (fingerprint));
- }
+
+ openconnect_free_cert_info(data->ui_data->vpninfo, data->cert_details);
+ g_slice_free(cert_data, data);
+
+ if (ui_data->cert_response == CERT_ACCEPTED)
ret = 0;
- } else {
+ else
ret = -EINVAL;
- }
+
g_mutex_unlock (&ui_data->form_mutex);
- g_slice_free(cert_data, data);
+ accepted:
+ if (!ret) {
+ g_hash_table_insert (ui_data->secrets, certkey,
+ g_strdup(fingerprint));
+ certkey = NULL;
+ }
- out:
+ g_free (certkey);
return ret;
}
@@ -1167,7 +1181,7 @@ static int get_config (GHashTable *optio
cafile = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_CACERT);
if (cafile)
- openconnect_set_cafile(vpninfo, g_strdup (cafile));
+ openconnect_set_cafile(vpninfo, OC3DUP (cafile));
csd = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_CSD_ENABLE);
if (csd && !strcmp(csd, "yes")) {
@@ -1177,16 +1191,16 @@ static int get_config (GHashTable *optio
if (csd_wrapper && !csd_wrapper[0])
csd_wrapper = NULL;
- openconnect_setup_csd(vpninfo, getuid(), 1, g_strdup
(csd_wrapper));
+ openconnect_setup_csd(vpninfo, getuid(), 1, OC3DUP
(csd_wrapper));
}
proxy = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_PROXY);
- if (proxy && proxy[0] && openconnect_set_http_proxy(vpninfo, g_strdup
(proxy)))
+ if (proxy && proxy[0] && openconnect_set_http_proxy(vpninfo, OC3DUP
(proxy)))
return -EINVAL;
cert = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_USERCERT);
sslkey = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_PRIVKEY);
- openconnect_set_client_cert (vpninfo, g_strdup (cert), g_strdup
(sslkey));
+ openconnect_set_client_cert (vpninfo, OC3DUP (cert), OC3DUP (sslkey));
pem_passphrase_fsid = g_hash_table_lookup (options,
NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID);
@@ -1194,7 +1208,9 @@ static int get_config (GHashTable *optio
openconnect_passphrase_from_fsid(vpninfo);
token_mode = g_hash_table_lookup (options,
NM_OPENCONNECT_KEY_TOKEN_MODE);
- token_secret = g_hash_table_lookup (options,
NM_OPENCONNECT_KEY_TOKEN_SECRET);
+ token_secret = g_hash_table_lookup (secrets,
NM_OPENCONNECT_KEY_TOKEN_SECRET);
+ if (!token_secret || !token_secret[0])
+ token_secret = g_hash_table_lookup (options,
NM_OPENCONNECT_KEY_TOKEN_SECRET);
if (token_mode) {
int ret = 0;
@@ -1204,6 +1220,10 @@ static int get_config (GHashTable *optio
ret = __openconnect_set_token_mode(vpninfo,
OC_TOKEN_MODE_STOKEN, NULL);
else if (!strcmp(token_mode, "totp") && token_secret)
ret = __openconnect_set_token_mode(vpninfo,
OC_TOKEN_MODE_TOTP, token_secret);
+#if OPENCONNECT_CHECK_VER(3,4)
+ else if (!strcmp(token_mode, "hotp") && token_secret)
+ ret = __openconnect_set_token_mode(vpninfo,
OC_TOKEN_MODE_HOTP, token_secret);
+#endif
if (ret)
fprintf(stderr, "Failed to initialize software token:
%d\n", ret);
@@ -1229,7 +1249,18 @@ static void populate_vpnhost_combo(auth_
}
}
-static int write_new_config(void *cbdata, char *buf, int buflen)
+#if OPENCONNECT_CHECK_VER(3,4)
+static int update_token(void *cbdata, const char *tok)
+{
+ auth_ui_data *ui_data = cbdata;
+ g_hash_table_insert (ui_data->secrets, g_strdup
(NM_OPENCONNECT_KEY_TOKEN_SECRET),
+ g_strdup(tok));
+
+ return 0;
+}
+#endif
+
+static int write_new_config(void *cbdata, write_config_const char *buf, int
buflen)
{
auth_ui_data *ui_data = cbdata;
g_hash_table_insert (ui_data->secrets, g_strdup ("xmlconfig"),
@@ -1361,7 +1392,7 @@ static gboolean cookie_obtained(auth_ui_
}
ui_data->retval = 1;
} else if (!ui_data->cookie_retval) {
- OPENCONNECT_X509 *cert;
+ const void *cert;
gchar *key, *value;
/* got cookie */
@@ -1383,14 +1414,22 @@ static gboolean cookie_obtained(auth_ui_
g_hash_table_insert (ui_data->secrets, key, value);
openconnect_clear_cookie(ui_data->vpninfo);
+#if OPENCONNECT_CHECK_VER(5,0)
+ cert = openconnect_get_peer_cert_hash (ui_data->vpninfo);
+ if (cert) {
+ key = g_strdup (NM_OPENCONNECT_KEY_GWCERT);
+ value = g_strdup (cert);
+ g_hash_table_insert (ui_data->secrets, key, value);
+ }
+#else
cert = openconnect_get_peer_cert (ui_data->vpninfo);
if (cert) {
key = g_strdup (NM_OPENCONNECT_KEY_GWCERT);
value = g_malloc0 (41);
- openconnect_get_cert_sha1(ui_data->vpninfo, cert,
value);
+ openconnect_get_cert_sha1(ui_data->vpninfo, (void
*)cert, value);
g_hash_table_insert (ui_data->secrets, key, value);
}
-
+#endif
if (get_save_passwords(ui_data->secrets)) {
g_hash_table_foreach(ui_data->success_passwords,
keyring_store_passwords,
@@ -1459,11 +1498,11 @@ static void connect_host(auth_ui_data *u
if (openconnect_parse_url(ui_data->vpninfo, host->hostaddress)) {
fprintf(stderr, "Failed to parse server URL '%s'\n",
host->hostaddress);
- openconnect_set_hostname (ui_data->vpninfo,
g_strdup(host->hostaddress));
+ openconnect_set_hostname (ui_data->vpninfo, OC3DUP
(host->hostaddress));
}
if (!openconnect_get_urlpath(ui_data->vpninfo) && host->usergroup)
- openconnect_set_urlpath(ui_data->vpninfo,
g_strdup(host->usergroup));
+ openconnect_set_urlpath(ui_data->vpninfo, OC3DUP
(host->usergroup));
g_hash_table_insert (ui_data->success_secrets, g_strdup("lasthost"),
@@ -1801,6 +1840,11 @@ int main (int argc, char **argv)
fprintf(stderr, "Failed to find VPN UUID %s\n", vpn_uuid);
return 1;
}
+
+#if OPENCONNECT_CHECK_VER(3,4)
+ openconnect_set_token_callbacks (_ui_data->vpninfo, _ui_data, NULL,
update_token);
+#endif
+
build_main_dialog(_ui_data);
#ifdef OPENCONNECT_OPENSSL
Index: NetworkManager-openconnect-0.9.10.0/properties/nm-openconnect-dialog.ui
===================================================================
--- NetworkManager-openconnect-0.9.10.0.orig/properties/nm-openconnect-dialog.ui
+++ NetworkManager-openconnect-0.9.10.0/properties/nm-openconnect-dialog.ui
@@ -766,6 +766,12 @@
<col id="2" translatable="no">totp</col>
<col id="3" translatable="no">True</col>
</row>
+ <row>
+ <col id="0" translatable="yes">HOTP - manually entered</col>
+ <col id="1" translatable="no">hotp</col>
+ <col id="2" translatable="no">hotp</col>
+ <col id="3" translatable="no">True</col>
+ </row>
</data>
</object>
</interface>
Index: NetworkManager-openconnect-0.9.10.0/properties/nm-openconnect.c
===================================================================
--- NetworkManager-openconnect-0.9.10.0.orig/properties/nm-openconnect.c
+++ NetworkManager-openconnect-0.9.10.0/properties/nm-openconnect.c
@@ -214,7 +214,7 @@ import (NMVpnPluginUiInterface *iface, c
/* Soft token secret */
buf = g_key_file_get_string (keyfile, "openconnect", "StokenString",
NULL);
if (buf)
- nm_setting_vpn_add_data_item (s_vpn,
NM_OPENCONNECT_KEY_TOKEN_SECRET, buf);
+ nm_setting_vpn_add_secret (s_vpn,
NM_OPENCONNECT_KEY_TOKEN_SECRET, buf);
return connection;
}
@@ -297,9 +297,14 @@ export (NMVpnPluginUiInterface *iface,
if (value && strlen (value))
token_mode = value;
- value = nm_setting_vpn_get_data_item (s_vpn,
NM_OPENCONNECT_KEY_TOKEN_SECRET);
+ value = nm_setting_vpn_get_secret (s_vpn,
NM_OPENCONNECT_KEY_TOKEN_SECRET);
if (value && strlen (value))
token_secret = value;
+ else {
+ value = nm_setting_vpn_get_data_item (s_vpn,
NM_OPENCONNECT_KEY_TOKEN_SECRET);
+ if (value && strlen (value))
+ token_secret = value;
+ }
fprintf (f,
"[openconnect]\n"
@@ -427,6 +432,9 @@ init_token_mode_options (GtkComboBox *to
iter_valid = gtk_list_store_remove (token_mode_list,
&iter);
else if (!strcmp (token_type, "totp") &&
!openconnect_has_oath_support ())
iter_valid = gtk_list_store_remove (token_mode_list,
&iter);
+ else if (!strcmp (token_type, "hotp") &&
+ (!openconnect_has_oath_support () ||
!OPENCONNECT_CHECK_VER(3,4)))
+ iter_valid = gtk_list_store_remove (token_mode_list,
&iter);
else {
iter_valid = gtk_tree_model_iter_next (model, &iter);
valid_rows++;
@@ -492,7 +500,9 @@ init_token_ui (OpenconnectPluginUiWidget
if (!buffer)
return FALSE;
if (s_vpn) {
- value = nm_setting_vpn_get_data_item (s_vpn,
NM_OPENCONNECT_KEY_TOKEN_SECRET);
+ value = nm_setting_vpn_get_secret (s_vpn,
NM_OPENCONNECT_KEY_TOKEN_SECRET);
+ if (!value)
+ value = nm_setting_vpn_get_data_item (s_vpn,
NM_OPENCONNECT_KEY_TOKEN_SECRET);
if (value)
gtk_text_buffer_set_text (buffer, value, -1);
}
@@ -653,7 +663,7 @@ update_connection (NMVpnPluginUiWidgetIn
*dst = 0;
if (strlen (str))
- nm_setting_vpn_add_data_item (s_vpn,
NM_OPENCONNECT_KEY_TOKEN_SECRET, str);
+ nm_setting_vpn_add_secret (s_vpn,
NM_OPENCONNECT_KEY_TOKEN_SECRET, str);
}
if (!check_validity (self, error))
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
