[network-manager-openvpn/dcbw/openvpn-restart: 4/5] core: use '--auth-retry interact' to query for failed passwords

[Dan Williams <dcbw src gnome org>]

commit d71f48b12cb074e23da28ce811a17d8284230c5e
Author: Dan Williams <dcbw redhat com>
Date:   Fri Oct 17 12:48:40 2014 -0500

    core: use '--auth-retry interact' to query for failed passwords
    
    If authentication fails allow the management interface to ask for
    new passwords instead of just terminating the VPN connection.

 src/nm-openvpn-service.c |   25 ++++++++++++++++++++-----
 1 files changed, 20 insertions(+), 5 deletions(-)
---
diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
index 8f0e257..9345850 100644
--- a/src/nm-openvpn-service.c
+++ b/src/nm-openvpn-service.c
@@ -546,17 +546,30 @@ handle_management_socket (NMVPNPlugin *plugin,
 
        auth = get_detail (str, ">PASSWORD:Verification Failed: '");
        if (auth) {
-               if (!strcmp (auth, "Auth"))
+               gboolean fail = TRUE;
+
+               if (!strcmp (auth, "Auth")) {
                        g_warning ("Password verification failed");
-               else if (!strcmp (auth, "Private Key"))
+                       if (priv->interactive) {
+                               /* Clear existing password in interactive mode, openvpn
+                                * will request a new one after restarting.
+                                */
+                               if (priv->io_data->password)
+                                       memset (priv->io_data->password, 0, strlen (priv->io_data->password));
+                               g_clear_pointer (&priv->io_data->password, g_free);
+                               fail = FALSE;
+                       }
+               } else if (!strcmp (auth, "Private Key"))
                        g_warning ("Private key verification failed");
                else
                        g_warning ("Unknown verification failed: %s", auth);
 
-               g_free (auth);
+               if (fail) {
+                       *out_failure = NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED;
+                       again = FALSE;
+               }
 
-               *out_failure = NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED;
-               again = FALSE;
+               g_free (auth);
        }
 
 out:
@@ -1185,6 +1198,8 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
 
        /* Query on the management socket for user/pass */
        add_openvpn_arg (args, "--management-query-passwords");
+       add_openvpn_arg (args, "--auth-retry");
+       add_openvpn_arg (args, "interact");
 
        /* do not let openvpn setup routes or addresses, NM will handle it */
        add_openvpn_arg (args, "--route-noexec");