Send connman mailing list submissions to
[email protected]
To subscribe or unsubscribe via email, send a message with subject or
body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."
Today's Topics:
1. [PATCH v3 0/8] Rewrite OpenConnect plugin and enhance support for VPN
auth errors
(Jussi Laakkonen)
----------------------------------------------------------------------
Date: Fri, 4 Oct 2019 17:55:30 +0300
From: Jussi Laakkonen <[email protected]>
Subject: [PATCH v3 0/8] Rewrite OpenConnect plugin and enhance support
for VPN auth errors
To: [email protected]
Message-ID: <[email protected]>
This set of patches contains almost complete rewrite of OpenConnect VPN plugin,
introduces a method for informing VPN agent about authentication errors and
adds support for easier use of boolean type setting strings.
First of all, as the biggest change, OpenConnect VPN plugin is rewritten to
support the different authentication methods, which is configurable in provider
settings. If the configuration is omitted, cookie based authentication is set
as default. Support for automatic cookie (first use credentials to get cookie
and then connect with the cookie), credentials and separate public key with
private key and PKCS credential authentication is introduced. Credentials
and PKCS password are queried from VPN agent. Also support for the three
openconnect protocols is added also as provider settings for the OpenConnect
plugin. New options for OpenConnect are added as well to support allowing self
signed certificates and to toggle connection parameters, which may be required
with different server setups.
Second, the authentication and connection errors are tracked by vpn-provider.c
when vpn_provider_indicate_error() is called with appropriate error code. These
errors can be utilized in VPN plugins to indicate VPN agent that saved
authentication credentials should be cleared. After succesful connection or
after saving provider settings the error counters are cleared. Main reason for
implementing these into provider is that saving the values in plugin private
data would be cleared after the connection is terminated, and provider is more
permanent during the runtime of vpnd.
And last, a new function to better support setting strings expected to be
boolean in value ("true" or "false") is implemented. This function can be used
to check if the setting string is explicitly the desired boolean value as the
default value in case of missing or invalid value is to be given.
Changes since V2 and V3:
* Correct PKCS lines, remove PKCS#12 references.
* Update changed file contents as V1 cover letter was apparently sent.
Jussi Laakkonen (8):
vpn-provider: Implement simple connection and auth error counters
vpn-agent: Implement function to add auth failures to VPN agent msg
doc: Add VpnAgent.AuthFailure to VPN agent API documentation
vpn-provider: Implement setting string to bool conversion function
openconnect: Rewrite plugin to support more auth methods and protocols
openconnect: No PKCS auth mode restriction and support interactive
mode
doc: Add new OpenConnect PKCS parameters to VPN agent API
doc: Add new OpenConnect configuration options to VPN config format
doc/vpn-agent-api.txt | 18 +
doc/vpn-config-format.txt | 75 ++-
vpn/plugins/openconnect.c | 1309 ++++++++++++++++++++++++++++++++-----
vpn/vpn-agent.c | 53 ++
vpn/vpn-agent.h | 3 +
vpn/vpn-provider.c | 56 +-
vpn/vpn-provider.h | 8 +
7 files changed, 1365 insertions(+), 157 deletions(-)
--
2.20.1
------------------------------
Subject: Digest Footer
_______________________________________________
connman mailing list -- [email protected]
To unsubscribe send an email to [email protected]
------------------------------
End of connman Digest, Vol 48, Issue 10
***************************************
