diff options
author | Guido Günther <agx@sigxcpu.org> | 2012-02-08 15:53:42 +0100 |
---|---|---|
committer | Guido Günther <agx@sigxcpu.org> | 2012-02-08 15:53:42 +0100 |
commit | 2fc4078bc842efa253f84398fad8e655a3714568 (patch) | |
tree | d24372b6c48d98b8f240cd5a2d2f92b81b314f4b /auth-dialog/main.c |
Initial commitv0.0.1
Diffstat (limited to 'auth-dialog/main.c')
-rw-r--r-- | auth-dialog/main.c | 246 |
1 files changed, 246 insertions, 0 deletions
diff --git a/auth-dialog/main.c b/auth-dialog/main.c new file mode 100644 index 0000000..a7f127b --- /dev/null +++ b/auth-dialog/main.c @@ -0,0 +1,246 @@ +/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */ +/* + * Authentication dialog for NetworkManager iodine VPN connections + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Copyright © 2012 Guido Günther <agx@sigxcpu.org> + * + * Heavily based on network-manager-pptp by Dan Williams <dcbw@redhat.com> + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <string.h> +#include <stdlib.h> +#include <errno.h> +#include <glib/gi18n.h> +#include <gtk/gtk.h> + +#include <gnome-keyring.h> +#include <gnome-keyring-memory.h> + +#include <nm-setting-vpn.h> +#include <nm-vpn-plugin-utils.h> + +#include "src/nm-iodine-service.h" + +#include "vpn-password-dialog.h" + +#define KEYRING_UUID_TAG "connection-uuid" +#define KEYRING_SN_TAG "setting-name" +#define KEYRING_SK_TAG "setting-key" + +static char * +keyring_lookup_secret (const char *uuid, const char *secret_name) +{ + GList *found_list = NULL; + GnomeKeyringResult ret; + GnomeKeyringFound *found; + char *secret = NULL; + + ret = gnome_keyring_find_itemsv_sync (GNOME_KEYRING_ITEM_GENERIC_SECRET, + &found_list, + KEYRING_UUID_TAG, + GNOME_KEYRING_ATTRIBUTE_TYPE_STRING, + uuid, + KEYRING_SN_TAG, + GNOME_KEYRING_ATTRIBUTE_TYPE_STRING, + NM_SETTING_VPN_SETTING_NAME, + KEYRING_SK_TAG, + GNOME_KEYRING_ATTRIBUTE_TYPE_STRING, + secret_name, + NULL); + if (ret == GNOME_KEYRING_RESULT_OK && found_list) { + found = g_list_nth_data (found_list, 0); + secret = gnome_keyring_memory_strdup (found->secret); + } + + gnome_keyring_found_list_free (found_list); + return secret; +} + +static gboolean +get_secrets (const char *vpn_uuid, + const char *vpn_name, + gboolean retry, + gboolean allow_interaction, + const char *in_pw, + char **out_pw, + NMSettingSecretFlags pw_flags) +{ + VpnPasswordDialog *dialog; + char *prompt, *pw = NULL; + const char *new_password = NULL; + + g_return_val_if_fail (vpn_uuid != NULL, FALSE); + g_return_val_if_fail (vpn_name != NULL, FALSE); + g_return_val_if_fail (out_pw != NULL, FALSE); + g_return_val_if_fail (*out_pw == NULL, FALSE); + + /* Get the existing secret, if any */ + if ( !(pw_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED) + && !(pw_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED)) { + if (in_pw) + pw = gnome_keyring_memory_strdup (in_pw); + else + pw = keyring_lookup_secret (vpn_uuid, NM_IODINE_KEY_PASSWORD); + } + + /* Don't ask if the passwords is unused */ + if (pw_flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) { + gnome_keyring_memory_free (pw); + return TRUE; + } + + if (!retry) { + /* Don't ask the user if we don't need a new password (ie, !retry), + * we have an existing PW, and the password is saved. + */ + if (pw && !(pw_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED)) { + *out_pw = pw; + return TRUE; + } + } + + /* If interaction isn't allowed, just return existing secrets */ + if (allow_interaction == FALSE) { + *out_pw = pw; + return TRUE; + } + + /* Otherwise, we have no saved password, or the password flags indicated + * that the password should never be saved. + */ + prompt = g_strdup_printf (_("You need to authenticate to access the " + "Virtual Private Network '%s'."), vpn_name); + dialog = (VpnPasswordDialog *) \ + vpn_password_dialog_new (_("Authenticate VPN"), prompt, NULL); + g_free (prompt); + + vpn_password_dialog_set_show_password_secondary (dialog, FALSE); + + /* pre-fill dialog with the password */ + if (pw && !(pw_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED)) + vpn_password_dialog_set_password (dialog, pw); + + gtk_widget_show (GTK_WIDGET (dialog)); + + if (vpn_password_dialog_run_and_block (dialog)) { + + new_password = vpn_password_dialog_get_password (dialog); + if (new_password) + *out_pw = gnome_keyring_memory_strdup (new_password); + } + + gtk_widget_hide (GTK_WIDGET (dialog)); + gtk_widget_destroy (GTK_WIDGET (dialog)); + + return TRUE; +} + + +static void +wait_for_quit (void) +{ + GString *str; + char c; + ssize_t n; + time_t start; + + str = g_string_sized_new (10); + start = time (NULL); + do { + errno = 0; + n = read (0, &c, 1); + if (n == 0 || (n < 0 && errno == EAGAIN)) + g_usleep (G_USEC_PER_SEC / 10); + else if (n == 1) { + g_string_append_c (str, c); + if (strstr (str->str, "QUIT") || (str->len > 10)) + break; + } else + break; + } while (time (NULL) < start + 20); + g_string_free (str, TRUE); +} + +int +main (int argc, char *argv[]) +{ + gboolean retry = FALSE, allow_interaction = FALSE; + char *vpn_name = NULL, *vpn_uuid = NULL, *vpn_service = NULL; + char *password = NULL; + GHashTable *data = NULL, *secrets = NULL; + NMSettingSecretFlags pw_flags = NM_SETTING_SECRET_FLAG_NONE; + GOptionContext *context; + GOptionEntry entries[] = { + { "reprompt", 'r', 0, G_OPTION_ARG_NONE, &retry, + "Reprompt for passwords", NULL}, + { "uuid", 'u', 0, G_OPTION_ARG_STRING, &vpn_uuid, + "UUID of VPN connection", NULL}, + { "name", 'n', 0, G_OPTION_ARG_STRING, &vpn_name, + "Name of VPN connection", NULL}, + { "service", 's', 0, G_OPTION_ARG_STRING, &vpn_service, + "VPN service type", NULL}, + { "allow-interaction", 'i', 0, G_OPTION_ARG_NONE, + &allow_interaction, "Allow user interaction", NULL}, + { NULL } + }; + + bindtextdomain (GETTEXT_PACKAGE, NULL); + bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8"); + textdomain (GETTEXT_PACKAGE); + + gtk_init (&argc, &argv); + + context = g_option_context_new ("- iodine auth dialog"); + g_option_context_add_main_entries (context, entries, GETTEXT_PACKAGE); + g_option_context_parse (context, &argc, &argv, NULL); + g_option_context_free (context); + + if (!nm_vpn_plugin_utils_read_vpn_details (0, &data, &secrets)) { + fprintf (stderr, "Failed to read '%s' (%s) data and secrets from stdin.\n", + vpn_name, vpn_uuid); + return 1; + } + + nm_vpn_plugin_utils_get_secret_flags (secrets, NM_IODINE_KEY_PASSWORD, &pw_flags); + + if (!get_secrets (vpn_uuid, vpn_name, retry, allow_interaction, + g_hash_table_lookup (secrets, NM_IODINE_KEY_PASSWORD), + &password, + pw_flags)) + return 1; + + /* dump the passwords to stdout */ + if (password) + printf ("%s\n%s\n", NM_IODINE_KEY_PASSWORD, password); + printf ("\n\n"); + + /* for good measure, flush stdout since Kansas is going Bye-Bye */ + fflush (stdout); + + /* Wait for quit signal */ + wait_for_quit (); + + if (data) + g_hash_table_unref (data); + if (secrets) + g_hash_table_unref (secrets); + return 0; +} |