[network-manager-fortisslvpn/lr/otp: 2/4] service: add support for OTP



commit 591991e4b5b7a60ea4f484b0362d1938ba7e7d68
Author: Lubomir Rintel <lkundrak v3 sk>
Date:   Mon Jul 10 18:09:18 2017 +0200

    service: add support for OTP

 shared/nm-service-defines.h  |    3 +-
 src/nm-fortisslvpn-service.c |   44 +++++++++++++++++++++++++----------------
 2 files changed, 29 insertions(+), 18 deletions(-)
---
diff --git a/shared/nm-service-defines.h b/shared/nm-service-defines.h
index 3d67988..4bec745 100644
--- a/shared/nm-service-defines.h
+++ b/shared/nm-service-defines.h
@@ -18,7 +18,7 @@
  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  *
  * (C) Copyright 2008 Red Hat, Inc.
- * (C) Copyright 2015 Lubomir Rintel
+ * (C) Copyright 2015,2017 Lubomir Rintel
  */
 
 #ifndef __NM_SERVICE_DEFINES_H__
@@ -32,6 +32,7 @@
 #define NM_FORTISSLVPN_KEY_GATEWAY           "gateway"
 #define NM_FORTISSLVPN_KEY_USER              "user"
 #define NM_FORTISSLVPN_KEY_PASSWORD          "password"
+#define NM_FORTISSLVPN_KEY_OTP               "otp"
 #define NM_FORTISSLVPN_KEY_CA                "ca"
 #define NM_FORTISSLVPN_KEY_CERT              "cert"
 #define NM_FORTISSLVPN_KEY_KEY               "key"
diff --git a/src/nm-fortisslvpn-service.c b/src/nm-fortisslvpn-service.c
index bf1ffa6..2caa7e8 100644
--- a/src/nm-fortisslvpn-service.c
+++ b/src/nm-fortisslvpn-service.c
@@ -18,7 +18,7 @@
  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  *
  * (C) Copyright 2008 - 2014 Red Hat, Inc.
- * (C) Copyright 2015 Lubomir Rintel
+ * (C) Copyright 2015,2017 Lubomir Rintel
  */
 
 #include "nm-default.h"
@@ -102,11 +102,13 @@ static const ValidProperty valid_properties[] = {
        { NM_FORTISSLVPN_KEY_CERT,              G_TYPE_STRING, FALSE },
        { NM_FORTISSLVPN_KEY_KEY,               G_TYPE_STRING, FALSE },
        { NM_FORTISSLVPN_KEY_PASSWORD"-flags",  G_TYPE_UINT,   FALSE },
+       { NM_FORTISSLVPN_KEY_OTP"-flags",       G_TYPE_UINT,   FALSE },
        { NULL }
 };
 
 static const ValidProperty valid_secrets[] = {
        { NM_FORTISSLVPN_KEY_PASSWORD,          G_TYPE_STRING, TRUE },
+       { NM_FORTISSLVPN_KEY_OTP,               G_TYPE_STRING, TRUE },
        { NULL }
 };
 
@@ -540,6 +542,7 @@ static gboolean
 get_credentials (NMSettingVpn *s_vpn,
                  const char **username,
                  const char **password,
+                 const char **otp,
                  GError **error)
 {
        /* Username; try SSLVPN specific username first, then generic username */
@@ -564,6 +567,8 @@ get_credentials (NMSettingVpn *s_vpn,
                return FALSE;
        }
 
+       *otp = nm_setting_vpn_get_secret (s_vpn, NM_FORTISSLVPN_KEY_OTP);
+
        return TRUE;
 }
 
@@ -574,7 +579,7 @@ real_connect (NMVpnServicePlugin *plugin, NMConnection *connection, GError **err
        NMSettingVpn *s_vpn;
        mode_t old_umask;
        gchar *config;
-       const char *username, *password;
+       const char *username, *password, *otp;
 
        g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
 
@@ -587,7 +592,7 @@ real_connect (NMVpnServicePlugin *plugin, NMConnection *connection, GError **err
        if (!validate_secrets (s_vpn, error))
                return FALSE;
 
-       if (!get_credentials (s_vpn, &username, &password, error))
+       if (!get_credentials (s_vpn, &username, &password, &otp, error))
                return FALSE;
 
        g_clear_object (&priv->connection);
@@ -602,8 +607,9 @@ real_connect (NMVpnServicePlugin *plugin, NMConnection *connection, GError **err
         * secrets on the command line */
        priv->config_file = g_strdup_printf (NM_FORTISSLVPN_STATEDIR "/%s.config",
                                             nm_connection_get_uuid (connection));
-       config = g_strdup_printf ("username = %s\npassword = %s\n",
-                                 username, password);
+       config = g_strdup_printf ("username = %s\npassword = %s%s%s\n",
+                                 username, password,
+                                 otp ? "\notp = " : "", otp ? otp : "");
        old_umask = umask (0077);
        if (!g_file_set_contents (priv->config_file, config, -1, error)) {
                g_clear_pointer (&priv->config_file, g_free);
@@ -632,19 +638,23 @@ real_need_secrets (NMVpnServicePlugin *plugin,
 
        s_vpn = nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN);
 
-       nm_setting_get_secret_flags (NM_SETTING (s_vpn), NM_FORTISSLVPN_KEY_PASSWORD, &flags, NULL);
-
-       /* Don't need the password if it's not required */
-       if (flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED)
-               return FALSE;
-
-       /* Don't need the password if we already have one */
-       if (nm_setting_vpn_get_secret (NM_SETTING_VPN (s_vpn), NM_FORTISSLVPN_KEY_PASSWORD))
-               return FALSE;
-
-       /* Otherwise we need a password */
        *setting_name = NM_SETTING_VPN_SETTING_NAME;
-       return TRUE;
+
+       /* Do we require the password and don't have it? */
+       nm_setting_get_secret_flags (NM_SETTING (s_vpn), NM_FORTISSLVPN_KEY_PASSWORD, &flags, NULL);
+       if (   !(flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED)
+           && !nm_setting_vpn_get_secret (NM_SETTING_VPN (s_vpn), NM_FORTISSLVPN_KEY_PASSWORD))
+               return TRUE;
+
+       /* Do we require the one-time-password and don't have it? */
+       nm_setting_get_secret_flags (NM_SETTING (s_vpn), NM_FORTISSLVPN_KEY_OTP, &flags, NULL);
+       if (   (flags & NM_SETTING_SECRET_FLAG_NOT_SAVED)
+           && !nm_setting_vpn_get_secret (NM_SETTING_VPN (s_vpn), NM_FORTISSLVPN_KEY_OTP))
+               return TRUE;
+
+       /* Otherwise we're fine */
+       *setting_name = NULL;
+       return FALSE;
 }
 
 static gboolean


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]