[arch-commits] Commit in networkmanager-openconnect/trunk (2 files)
Felix Yan
fyan at archlinux.org
Sun Dec 28 17:22:04 UTC 2014
Date: Sunday, December 28, 2014 @ 18:22:03
Author: fyan
Revision: 228121
add missing patches
Added:
networkmanager-openconnect/trunk/libopenconnect.so.4.patch
networkmanager-openconnect/trunk/libopenconnect.so.5.patch
---------------------------+
libopenconnect.so.4.patch | 124 +++++++++++++++++++++++++++++
libopenconnect.so.5.patch | 182 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 306 insertions(+)
Added: libopenconnect.so.4.patch
===================================================================
--- libopenconnect.so.4.patch (rev 0)
+++ libopenconnect.so.4.patch 2014-12-28 17:22:03 UTC (rev 228121)
@@ -0,0 +1,124 @@
+From 58944a3ef9c92f7afa07cbb539d062e1956bafc0 Mon Sep 17 00:00:00 2001
+From: David Woodhouse <David.Woodhouse at intel.com>
+Date: Thu, 30 Oct 2014 23:09:14 +0000
+Subject: Support libopenconnect.so.4
+
+
+diff --git a/auth-dialog/main.c b/auth-dialog/main.c
+index 7171247..8285bf4 100644
+--- a/auth-dialog/main.c
++++ b/auth-dialog/main.c
+@@ -89,6 +89,21 @@
+ #define OC_FORM_RESULT_NEWGROUP 2
+ #endif
+
++#if OPENCONNECT_CHECK_VER(4,0)
++#define dup_option_value(opt) g_strdup((opt)->_value);
++#define OC3DUP(x) (x)
++#define write_config_const const
++#else
++#define dup_option_value(opt) g_strdup((opt)->value);
++#define openconnect_set_option_value(opt, val) do { \
++ struct oc_form_opt *_o = (opt); \
++ free(_o->value); _o->value = g_strdup(val); \
++ } while (0)
++#define openconnect_free_cert_info(v, x) free(x)
++#define OC3DUP(x) g_strdup(x)
++#define write_config_const /* */
++#endif
++
+ #ifdef OPENCONNECT_OPENSSL
+ #include <openssl/ssl.h>
+ #include <openssl/bio.h>
+@@ -712,7 +727,7 @@ static gboolean ui_form (struct oc_auth_form *form)
+ data->entry_text = g_strdup (find_form_answer(ui_data->secrets,
+ form, opt));
+ if (!data->entry_text)
+- data->entry_text = g_strdup (opt->value);
++ data->entry_text = dup_option_value(opt);
+ } else {
+ GHashTable *attrs;
+
+@@ -776,8 +791,7 @@ static gboolean set_initial_authgroup (auth_ui_data *ui_data, struct oc_auth_for
+ for (i = 0; i < sopt->nr_choices; i++) {
+ struct oc_choice *ch = FORMCHOICE(sopt, i);
+ if (!strcmp(saved_group, ch->name) && i != AUTHGROUP_SELECTION(form)) {
+- free(opt->value);
+- opt->value = g_strdup(saved_group);
++ openconnect_set_option_value(opt, saved_group);
+ return TRUE;
+ }
+ }
+@@ -823,7 +837,7 @@ static int nm_process_auth_form (void *cbdata, struct oc_auth_form *form)
+ g_cancellable_cancel(data->cancel);
+
+ if (data->entry_text) {
+- data->opt->value = g_strdup (data->entry_text);
++ openconnect_set_option_value(data->opt, data->entry_text);
+
+ if (data->opt->type == OC_FORM_OPT_TEXT ||
+ data->opt->type == OC_FORM_OPT_SELECT) {
+@@ -932,7 +946,7 @@ static gboolean user_validate_cert(cert_data *data)
+ text = gtk_text_view_new();
+ buffer = gtk_text_view_get_buffer(GTK_TEXT_VIEW(text));
+ gtk_text_buffer_set_text(buffer, details, -1);
+- free(details);
++ openconnect_free_cert_info(data->ui_data->vpninfo, details);
+ gtk_text_view_set_editable(GTK_TEXT_VIEW(text), 0);
+ gtk_text_view_set_cursor_visible(GTK_TEXT_VIEW(text), FALSE);
+ gtk_container_add(GTK_CONTAINER(scroll), text);
+@@ -1166,7 +1180,7 @@ static int get_config (GHashTable *options, GHashTable *secrets,
+
+ cafile = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_CACERT);
+ if (cafile)
+- openconnect_set_cafile(vpninfo, g_strdup (cafile));
++ openconnect_set_cafile(vpninfo, OC3DUP (cafile));
+
+ csd = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_CSD_ENABLE);
+ if (csd && !strcmp(csd, "yes")) {
+@@ -1176,16 +1190,16 @@ static int get_config (GHashTable *options, GHashTable *secrets,
+ if (csd_wrapper && !csd_wrapper[0])
+ csd_wrapper = NULL;
+
+- openconnect_setup_csd(vpninfo, getuid(), 1, g_strdup (csd_wrapper));
++ openconnect_setup_csd(vpninfo, getuid(), 1, OC3DUP (csd_wrapper));
+ }
+
+ proxy = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_PROXY);
+- if (proxy && proxy[0] && openconnect_set_http_proxy(vpninfo, g_strdup (proxy)))
++ if (proxy && proxy[0] && openconnect_set_http_proxy(vpninfo, OC3DUP (proxy)))
+ return -EINVAL;
+
+ cert = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_USERCERT);
+ sslkey = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_PRIVKEY);
+- openconnect_set_client_cert (vpninfo, g_strdup (cert), g_strdup (sslkey));
++ openconnect_set_client_cert (vpninfo, OC3DUP (cert), OC3DUP (sslkey));
+
+ pem_passphrase_fsid = g_hash_table_lookup (options,
+ NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID);
+@@ -1245,7 +1259,7 @@ static int update_token(void *cbdata, const char *tok)
+ }
+ #endif
+
+-static int write_new_config(void *cbdata, char *buf, int buflen)
++static int write_new_config(void *cbdata, write_config_const char *buf, int buflen)
+ {
+ auth_ui_data *ui_data = cbdata;
+ g_hash_table_insert (ui_data->secrets, g_strdup ("xmlconfig"),
+@@ -1472,11 +1486,11 @@ static void connect_host(auth_ui_data *ui_data)
+ if (openconnect_parse_url(ui_data->vpninfo, host->hostaddress)) {
+ fprintf(stderr, "Failed to parse server URL '%s'\n",
+ host->hostaddress);
+- openconnect_set_hostname (ui_data->vpninfo, g_strdup(host->hostaddress));
++ openconnect_set_hostname (ui_data->vpninfo, OC3DUP (host->hostaddress));
+ }
+
+ if (!openconnect_get_urlpath(ui_data->vpninfo) && host->usergroup)
+- openconnect_set_urlpath(ui_data->vpninfo, g_strdup(host->usergroup));
++ openconnect_set_urlpath(ui_data->vpninfo, OC3DUP (host->usergroup));
+
+
+ g_hash_table_insert (ui_data->success_secrets, g_strdup("lasthost"),
+--
+cgit v0.10.1
+
Added: libopenconnect.so.5.patch
===================================================================
--- libopenconnect.so.5.patch (rev 0)
+++ libopenconnect.so.5.patch 2014-12-28 17:22:03 UTC (rev 228121)
@@ -0,0 +1,182 @@
+From 2dc45e25b200e1b70e862f46c9f7ad652e59c8a2 Mon Sep 17 00:00:00 2001
+From: David Woodhouse <David.Woodhouse at intel.com>
+Date: Mon, 3 Nov 2014 17:39:43 +0000
+Subject: Update to new hash handling, fix to match stored certs only for the
+ same host/port
+
+
+diff --git a/auth-dialog/main.c b/auth-dialog/main.c
+index df0146c..38f3a8f 100644
+--- a/auth-dialog/main.c
++++ b/auth-dialog/main.c
+@@ -694,7 +694,7 @@ static char* get_title(const char *vpn_name)
+
+ typedef struct cert_data {
+ auth_ui_data *ui_data;
+- OPENCONNECT_X509 *peer_cert;
++ char *cert_details;
+ const char *reason;
+ } cert_data;
+
+@@ -722,13 +722,10 @@ static gboolean user_validate_cert(cert_data *data)
+ {
+ auth_ui_data *ui_data = _ui_data; /* FIXME global */
+ char *title;
+- char *details;
+ GtkWidget *dlg, *text, *scroll;
+ GtkTextBuffer *buffer;
+ int result;
+
+- details = openconnect_get_cert_details(ui_data->vpninfo, data->peer_cert);
+-
+ title = get_title(data->ui_data->vpn_name);
+ dlg = gtk_message_dialog_new(NULL, 0, GTK_MESSAGE_QUESTION,
+ GTK_BUTTONS_OK_CANCEL,
+@@ -751,8 +748,7 @@ static gboolean user_validate_cert(cert_data *data)
+
+ text = gtk_text_view_new();
+ buffer = gtk_text_view_get_buffer(GTK_TEXT_VIEW(text));
+- gtk_text_buffer_set_text(buffer, details, -1);
+- openconnect_free_cert_info(data->ui_data->vpninfo, details);
++ gtk_text_buffer_set_text(buffer, data->cert_details, -1);
+ gtk_text_view_set_editable(GTK_TEXT_VIEW(text), 0);
+ gtk_text_view_set_cursor_visible(GTK_TEXT_VIEW(text), FALSE);
+ gtk_container_add(GTK_CONTAINER(scroll), text);
+@@ -775,36 +771,40 @@ static gboolean user_validate_cert(cert_data *data)
+
+ /* runs in worker thread */
+ static int validate_peer_cert(void *cbdata,
+- OPENCONNECT_X509 *peer_cert, const char *reason)
++#if !OPENCONNECT_CHECK_VER(5,0)
++ OPENCONNECT_X509 *peer_cert,
++#endif
++ const char *reason)
+ {
+ auth_ui_data *ui_data = cbdata;
+- char fingerprint[41];
+- char *certs_data;
+ int ret = 0;
+ cert_data *data;
++ char *certkey;
++ char *accepted_hash = NULL;
++#if OPENCONNECT_CHECK_VER(5,0)
++ const char *fingerprint = openconnect_get_peer_cert_hash(ui_data->vpninfo);
++#else
++ char fingerprint[41];
+
+ ret = openconnect_get_cert_sha1(ui_data->vpninfo, peer_cert, fingerprint);
+ if (ret)
+ return ret;
+
+- certs_data = g_hash_table_lookup (ui_data->secrets, "certsigs");
+- if (certs_data) {
+- char **certs = g_strsplit_set(certs_data, "\t", 0);
+- char **this = certs;
++#define openconnect_check_peer_cert_hash(v, h) strcmp(h, fingerprint)
++#define openconnect_get_peer_cert_details(v) openconnect_get_cert_details(v, peer_cert);
++#endif
+
+- while (*this) {
+- if (!strcmp(*this, fingerprint)) {
+- g_strfreev(certs);
+- goto out;
+- }
+- this++;
+- }
+- g_strfreev(certs);
+- }
++ certkey = g_strdup_printf ("certificate:%s:%d",
++ openconnect_get_hostname(ui_data->vpninfo),
++ openconnect_get_port(ui_data->vpninfo));
++
++ accepted_hash = g_hash_table_lookup (ui_data->secrets, certkey);
++ if (accepted_hash && !openconnect_check_peer_cert_hash(ui_data->vpninfo, accepted_hash))
++ goto accepted;
+
+ data = g_slice_new(cert_data);
+ data->ui_data = ui_data; /* FIXME uses global */
+- data->peer_cert = peer_cert;
++ data->cert_details = openconnect_get_peer_cert_details(ui_data->vpninfo);
+ data->reason = reason;
+
+ g_mutex_lock(&ui_data->form_mutex);
+@@ -813,27 +813,27 @@ static int validate_peer_cert(void *cbdata,
+ g_idle_add((GSourceFunc)user_validate_cert, data);
+
+ /* wait for user to accept or cancel */
+- while (ui_data->cert_response == CERT_USER_NOT_READY) {
++ while (ui_data->cert_response == CERT_USER_NOT_READY)
+ g_cond_wait(&ui_data->cert_response_changed, &ui_data->form_mutex);
+- }
+- if (ui_data->cert_response == CERT_ACCEPTED) {
+- if (certs_data) {
+- char *new = g_strdup_printf("%s\t%s", certs_data, fingerprint);
+- g_hash_table_insert (ui_data->secrets,
+- g_strdup ("certsigs"), new);
+- } else {
+- g_hash_table_insert (ui_data->secrets, g_strdup ("certsigs"),
+- g_strdup (fingerprint));
+- }
++
++ openconnect_free_cert_info(data->ui_data->vpninfo, data->cert_details);
++ g_slice_free(cert_data, data);
++
++ if (ui_data->cert_response == CERT_ACCEPTED)
+ ret = 0;
+- } else {
++ else
+ ret = -EINVAL;
+- }
++
+ g_mutex_unlock (&ui_data->form_mutex);
+
+- g_slice_free(cert_data, data);
++ accepted:
++ if (!ret) {
++ g_hash_table_insert (ui_data->secrets, certkey,
++ g_strdup(fingerprint));
++ certkey = NULL;
++ }
+
+- out:
++ g_free (certkey);
+ return ret;
+ }
+
+@@ -1196,7 +1196,7 @@ static gboolean cookie_obtained(auth_ui_data *ui_data)
+ gtk_widget_set_sensitive(ui_data->cancel_button, FALSE);
+ }
+ } else if (!ui_data->cookie_retval) {
+- OPENCONNECT_X509 *cert;
++ const void *cert;
+ gchar *key, *value;
+
+ /* got cookie */
+@@ -1218,14 +1218,22 @@ static gboolean cookie_obtained(auth_ui_data *ui_data)
+ g_hash_table_insert (ui_data->secrets, key, value);
+ openconnect_clear_cookie(ui_data->vpninfo);
+
++#if OPENCONNECT_CHECK_VER(5,0)
++ cert = openconnect_get_peer_cert_hash (ui_data->vpninfo);
++ if (cert) {
++ key = g_strdup (NM_OPENCONNECT_KEY_GWCERT);
++ value = g_strdup (cert);
++ g_hash_table_insert (ui_data->secrets, key, value);
++ }
++#else
+ cert = openconnect_get_peer_cert (ui_data->vpninfo);
+ if (cert) {
+ key = g_strdup (NM_OPENCONNECT_KEY_GWCERT);
+ value = g_malloc0 (41);
+- openconnect_get_cert_sha1(ui_data->vpninfo, cert, value);
++ openconnect_get_cert_sha1(ui_data->vpninfo, (void *)cert, value);
+ g_hash_table_insert (ui_data->secrets, key, value);
+ }
+-
++#endif
+ if (get_save_passwords(ui_data->secrets)) {
+ g_hash_table_foreach(ui_data->success_passwords,
+ keyring_store_passwords,
+--
+cgit v0.10.1
+
More information about the arch-commits
mailing list