[arch-commits] Commit in networkmanager-openconnect/trunk (2 files)

Felix Yan Sun, 28 Dec 2014 09:22:17 -0800

    Date: Sunday, December 28, 2014 @ 18:22:03
  Author: fyan
Revision: 228121


add missing patches

Added:
  networkmanager-openconnect/trunk/libopenconnect.so.4.patch
  networkmanager-openconnect/trunk/libopenconnect.so.5.patch

---------------------------+
 libopenconnect.so.4.patch |  124 +++++++++++++++++++++++++++++
 libopenconnect.so.5.patch |  182 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 306 insertions(+)

Added: libopenconnect.so.4.patch
===================================================================
--- libopenconnect.so.4.patch                           (rev 0)
+++ libopenconnect.so.4.patch   2014-12-28 17:22:03 UTC (rev 228121)
@@ -0,0 +1,124 @@
+From 58944a3ef9c92f7afa07cbb539d062e1956bafc0 Mon Sep 17 00:00:00 2001
+From: David Woodhouse <david.woodho...@intel.com>
+Date: Thu, 30 Oct 2014 23:09:14 +0000
+Subject: Support libopenconnect.so.4
+
+
+diff --git a/auth-dialog/main.c b/auth-dialog/main.c
+index 7171247..8285bf4 100644
+--- a/auth-dialog/main.c
++++ b/auth-dialog/main.c
+@@ -89,6 +89,21 @@
+ #define OC_FORM_RESULT_NEWGROUP               2
+ #endif
+ 
++#if OPENCONNECT_CHECK_VER(4,0)
++#define dup_option_value(opt)         g_strdup((opt)->_value);
++#define OC3DUP(x)                     (x)
++#define write_config_const            const
++#else
++#define dup_option_value(opt)         g_strdup((opt)->value);
++#define openconnect_set_option_value(opt, val) do { \
++              struct oc_form_opt *_o = (opt);                         \
++              free(_o->value); _o->value = g_strdup(val);             \
++      } while (0)
++#define openconnect_free_cert_info(v, x) free(x)
++#define OC3DUP(x)                     g_strdup(x)
++#define write_config_const            /* */
++#endif
++
+ #ifdef OPENCONNECT_OPENSSL
+ #include <openssl/ssl.h>
+ #include <openssl/bio.h>
+@@ -712,7 +727,7 @@ static gboolean ui_form (struct oc_auth_form *form)
+                               data->entry_text = g_strdup 
(find_form_answer(ui_data->secrets,
+                                                                             
form, opt));
+                               if (!data->entry_text)
+-                                      data->entry_text = g_strdup 
(opt->value);
++                                      data->entry_text = 
dup_option_value(opt);
+                       } else {
+                               GHashTable *attrs;
+ 
+@@ -776,8 +791,7 @@ static gboolean set_initial_authgroup (auth_ui_data 
*ui_data, struct oc_auth_for
+               for (i = 0; i < sopt->nr_choices; i++) {
+                       struct oc_choice *ch = FORMCHOICE(sopt, i);
+                       if (!strcmp(saved_group, ch->name) && i != 
AUTHGROUP_SELECTION(form)) {
+-                              free(opt->value);
+-                              opt->value = g_strdup(saved_group);
++                              openconnect_set_option_value(opt, saved_group);
+                               return TRUE;
+                       }
+               }
+@@ -823,7 +837,7 @@ static int nm_process_auth_form (void *cbdata, struct 
oc_auth_form *form)
+                               g_cancellable_cancel(data->cancel);
+ 
+                       if (data->entry_text) {
+-                              data->opt->value = g_strdup (data->entry_text);
++                              openconnect_set_option_value(data->opt, 
data->entry_text);
+ 
+                               if (data->opt->type == OC_FORM_OPT_TEXT ||
+                                   data->opt->type == OC_FORM_OPT_SELECT) {
+@@ -932,7 +946,7 @@ static gboolean user_validate_cert(cert_data *data)
+       text = gtk_text_view_new();
+       buffer = gtk_text_view_get_buffer(GTK_TEXT_VIEW(text));
+       gtk_text_buffer_set_text(buffer, details, -1);
+-      free(details);
++      openconnect_free_cert_info(data->ui_data->vpninfo, details);
+       gtk_text_view_set_editable(GTK_TEXT_VIEW(text), 0);
+       gtk_text_view_set_cursor_visible(GTK_TEXT_VIEW(text), FALSE);
+       gtk_container_add(GTK_CONTAINER(scroll), text);
+@@ -1166,7 +1180,7 @@ static int get_config (GHashTable *options, GHashTable 
*secrets,
+ 
+       cafile = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_CACERT);
+       if (cafile)
+-              openconnect_set_cafile(vpninfo, g_strdup (cafile));
++              openconnect_set_cafile(vpninfo, OC3DUP (cafile));
+ 
+       csd = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_CSD_ENABLE);
+       if (csd && !strcmp(csd, "yes")) {
+@@ -1176,16 +1190,16 @@ static int get_config (GHashTable *options, GHashTable 
*secrets,
+               if (csd_wrapper && !csd_wrapper[0])
+                       csd_wrapper = NULL;
+ 
+-              openconnect_setup_csd(vpninfo, getuid(), 1, g_strdup 
(csd_wrapper));
++              openconnect_setup_csd(vpninfo, getuid(), 1, OC3DUP 
(csd_wrapper));
+       }
+ 
+       proxy = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_PROXY);
+-      if (proxy && proxy[0] && openconnect_set_http_proxy(vpninfo, g_strdup 
(proxy)))
++      if (proxy && proxy[0] && openconnect_set_http_proxy(vpninfo, OC3DUP 
(proxy)))
+               return -EINVAL;
+ 
+       cert = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_USERCERT);
+       sslkey = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_PRIVKEY);
+-      openconnect_set_client_cert (vpninfo, g_strdup (cert), g_strdup 
(sslkey));
++      openconnect_set_client_cert (vpninfo, OC3DUP (cert), OC3DUP (sslkey));
+ 
+       pem_passphrase_fsid = g_hash_table_lookup (options,
+                                                  
NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID);
+@@ -1245,7 +1259,7 @@ static int update_token(void *cbdata, const char *tok)
+ }
+ #endif
+ 
+-static int write_new_config(void *cbdata, char *buf, int buflen)
++static int write_new_config(void *cbdata, write_config_const char *buf, int 
buflen)
+ {
+       auth_ui_data *ui_data = cbdata;
+       g_hash_table_insert (ui_data->secrets, g_strdup ("xmlconfig"),
+@@ -1472,11 +1486,11 @@ static void connect_host(auth_ui_data *ui_data)
+       if (openconnect_parse_url(ui_data->vpninfo, host->hostaddress)) {
+               fprintf(stderr, "Failed to parse server URL '%s'\n",
+                       host->hostaddress);
+-              openconnect_set_hostname (ui_data->vpninfo, 
g_strdup(host->hostaddress));
++              openconnect_set_hostname (ui_data->vpninfo, OC3DUP 
(host->hostaddress));
+       }
+ 
+       if (!openconnect_get_urlpath(ui_data->vpninfo) && host->usergroup)
+-              openconnect_set_urlpath(ui_data->vpninfo, 
g_strdup(host->usergroup));
++              openconnect_set_urlpath(ui_data->vpninfo, OC3DUP 
(host->usergroup));
+ 
+ 
+       g_hash_table_insert (ui_data->success_secrets, g_strdup("lasthost"),
+-- 
+cgit v0.10.1
+

Added: libopenconnect.so.5.patch
===================================================================
--- libopenconnect.so.5.patch                           (rev 0)
+++ libopenconnect.so.5.patch   2014-12-28 17:22:03 UTC (rev 228121)
@@ -0,0 +1,182 @@
+From 2dc45e25b200e1b70e862f46c9f7ad652e59c8a2 Mon Sep 17 00:00:00 2001
+From: David Woodhouse <david.woodho...@intel.com>
+Date: Mon, 3 Nov 2014 17:39:43 +0000
+Subject: Update to new hash handling, fix to match stored certs only for the
+ same host/port
+
+
+diff --git a/auth-dialog/main.c b/auth-dialog/main.c
+index df0146c..38f3a8f 100644
+--- a/auth-dialog/main.c
++++ b/auth-dialog/main.c
+@@ -694,7 +694,7 @@ static char* get_title(const char *vpn_name)
+ 
+ typedef struct cert_data {
+       auth_ui_data *ui_data;
+-      OPENCONNECT_X509 *peer_cert;
++      char *cert_details;
+       const char *reason;
+ } cert_data;
+ 
+@@ -722,13 +722,10 @@ static gboolean user_validate_cert(cert_data *data)
+ {
+       auth_ui_data *ui_data = _ui_data; /* FIXME global */
+       char *title;
+-      char *details;
+       GtkWidget *dlg, *text, *scroll;
+       GtkTextBuffer *buffer;
+       int result;
+ 
+-      details = openconnect_get_cert_details(ui_data->vpninfo, 
data->peer_cert);
+-
+       title = get_title(data->ui_data->vpn_name);
+       dlg = gtk_message_dialog_new(NULL, 0, GTK_MESSAGE_QUESTION,
+                                    GTK_BUTTONS_OK_CANCEL,
+@@ -751,8 +748,7 @@ static gboolean user_validate_cert(cert_data *data)
+ 
+       text = gtk_text_view_new();
+       buffer = gtk_text_view_get_buffer(GTK_TEXT_VIEW(text));
+-      gtk_text_buffer_set_text(buffer, details, -1);
+-      openconnect_free_cert_info(data->ui_data->vpninfo, details);
++      gtk_text_buffer_set_text(buffer, data->cert_details, -1);
+       gtk_text_view_set_editable(GTK_TEXT_VIEW(text), 0);
+       gtk_text_view_set_cursor_visible(GTK_TEXT_VIEW(text), FALSE);
+       gtk_container_add(GTK_CONTAINER(scroll), text);
+@@ -775,36 +771,40 @@ static gboolean user_validate_cert(cert_data *data)
+ 
+ /* runs in worker thread */
+ static int validate_peer_cert(void *cbdata,
+-                            OPENCONNECT_X509 *peer_cert, const char *reason)
++#if !OPENCONNECT_CHECK_VER(5,0)
++                            OPENCONNECT_X509 *peer_cert,
++#endif
++                            const char *reason)
+ {
+       auth_ui_data *ui_data = cbdata;
+-      char fingerprint[41];
+-      char *certs_data;
+       int ret = 0;
+       cert_data *data;
++      char *certkey;
++      char *accepted_hash = NULL;
++#if OPENCONNECT_CHECK_VER(5,0)
++      const char *fingerprint = 
openconnect_get_peer_cert_hash(ui_data->vpninfo);
++#else
++      char fingerprint[41];
+ 
+       ret = openconnect_get_cert_sha1(ui_data->vpninfo, peer_cert, 
fingerprint);
+       if (ret)
+               return ret;
+ 
+-      certs_data = g_hash_table_lookup (ui_data->secrets, "certsigs");
+-      if (certs_data) {
+-              char **certs = g_strsplit_set(certs_data, "\t", 0);
+-              char **this = certs;
++#define openconnect_check_peer_cert_hash(v, h) strcmp(h, fingerprint)
++#define openconnect_get_peer_cert_details(v) openconnect_get_cert_details(v, 
peer_cert);
++#endif
+ 
+-              while (*this) {
+-                      if (!strcmp(*this, fingerprint)) {
+-                              g_strfreev(certs);
+-                              goto out;
+-                      }
+-                      this++;
+-              }
+-              g_strfreev(certs);
+-      }
++      certkey = g_strdup_printf ("certificate:%s:%d",
++                                 openconnect_get_hostname(ui_data->vpninfo),
++                                 openconnect_get_port(ui_data->vpninfo));
++
++      accepted_hash = g_hash_table_lookup (ui_data->secrets, certkey);
++      if (accepted_hash && 
!openconnect_check_peer_cert_hash(ui_data->vpninfo, accepted_hash))
++              goto accepted;
+ 
+       data = g_slice_new(cert_data);
+       data->ui_data = ui_data; /* FIXME uses global */
+-      data->peer_cert = peer_cert;
++      data->cert_details = 
openconnect_get_peer_cert_details(ui_data->vpninfo);
+       data->reason = reason;
+ 
+       g_mutex_lock(&ui_data->form_mutex);
+@@ -813,27 +813,27 @@ static int validate_peer_cert(void *cbdata,
+       g_idle_add((GSourceFunc)user_validate_cert, data);
+ 
+       /* wait for user to accept or cancel */
+-      while (ui_data->cert_response == CERT_USER_NOT_READY) {
++      while (ui_data->cert_response == CERT_USER_NOT_READY)
+               g_cond_wait(&ui_data->cert_response_changed, 
&ui_data->form_mutex);
+-      }
+-      if (ui_data->cert_response == CERT_ACCEPTED) {
+-              if (certs_data) {
+-                      char *new = g_strdup_printf("%s\t%s", certs_data, 
fingerprint);
+-                      g_hash_table_insert (ui_data->secrets,
+-                                           g_strdup ("certsigs"), new);
+-              } else {
+-                      g_hash_table_insert (ui_data->secrets, g_strdup 
("certsigs"),
+-                                           g_strdup (fingerprint));
+-              }
++
++      openconnect_free_cert_info(data->ui_data->vpninfo, data->cert_details);
++      g_slice_free(cert_data, data);
++
++      if (ui_data->cert_response == CERT_ACCEPTED)
+               ret = 0;
+-      } else {
++      else
+               ret = -EINVAL;
+-      }
++
+       g_mutex_unlock (&ui_data->form_mutex);
+ 
+-      g_slice_free(cert_data, data);
++ accepted:
++      if (!ret) {
++              g_hash_table_insert (ui_data->secrets, certkey,
++                                   g_strdup(fingerprint));
++              certkey = NULL;
++      }
+ 
+- out:
++      g_free (certkey);
+       return ret;
+ }
+ 
+@@ -1196,7 +1196,7 @@ static gboolean cookie_obtained(auth_ui_data *ui_data)
+                       gtk_widget_set_sensitive(ui_data->cancel_button, FALSE);
+               }
+       } else if (!ui_data->cookie_retval) {
+-              OPENCONNECT_X509 *cert;
++              const void *cert;
+               gchar *key, *value;
+ 
+               /* got cookie */
+@@ -1218,14 +1218,22 @@ static gboolean cookie_obtained(auth_ui_data *ui_data)
+               g_hash_table_insert (ui_data->secrets, key, value);
+               openconnect_clear_cookie(ui_data->vpninfo);
+ 
++#if OPENCONNECT_CHECK_VER(5,0)
++              cert = openconnect_get_peer_cert_hash (ui_data->vpninfo);
++              if (cert) {
++                      key = g_strdup (NM_OPENCONNECT_KEY_GWCERT);
++                      value = g_strdup (cert);
++                      g_hash_table_insert (ui_data->secrets, key, value);
++              }
++#else
+               cert = openconnect_get_peer_cert (ui_data->vpninfo);
+               if (cert) {
+                       key = g_strdup (NM_OPENCONNECT_KEY_GWCERT);
+                       value = g_malloc0 (41);
+-                      openconnect_get_cert_sha1(ui_data->vpninfo, cert, 
value);
++                      openconnect_get_cert_sha1(ui_data->vpninfo, (void 
*)cert, value);
+                       g_hash_table_insert (ui_data->secrets, key, value);
+               }
+-
++#endif
+               if (get_save_passwords(ui_data->secrets)) {
+                       g_hash_table_foreach(ui_data->success_passwords,
+                                            keyring_store_passwords,
+-- 
+cgit v0.10.1
+

[arch-commits] Commit in networkmanager-openconnect/trunk (2 files)

Reply via email to