vpnc one-time password patch

From: <gabrielalexm yahoo com>
To: networkmanager-list gnome org
Subject: vpnc one-time password patch
Date: Sun, 13 Aug 2006 08:28:09 -0700 (PDT)

Hi all,
At work we use one-time passwords for our VPN. The
group password doesn't change thought. Therefore, it
was inconvenient to use NetworkManager's vpnc auth
dialog because I had to retype the group password
every time (saving the passwords was even worse
because I had to resync passwords after NetworkManager
sent one that was already used).
I modified the auth dialog for vpnc and added a check
box to tell it that the password is a one-time
password.
Now, I'm happy that I can use NetworkManager to vpn.
I've seen other people requesting this feature, so I
thought some may want to use this.
The patch is attached.

Gabriel

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Index: main.c
===================================================================
RCS file: /cvs/gnome/NetworkManager/vpn-daemons/vpnc/auth-dialog/main.c,v
retrieving revision 1.3
diff -u -r1.3 main.c
--- main.c	10 Apr 2006 20:05:31 -0000	1.3
+++ main.c	13 Aug 2006 15:15:33 -0000
@@ -51,11 +51,10 @@
 						      &keyring_result) != GNOME_KEYRING_RESULT_OK)
 		return FALSE;
 
-	if (keyring_result != NULL && g_list_length (keyring_result) == 2) {
+	if (keyring_result != NULL && g_list_length (keyring_result) > 0) {
 		char *password;
 		char *group_password;
 		GnomeKeyringNetworkPasswordData *data1 = keyring_result->data;
-		GnomeKeyringNetworkPasswordData *data2 = (g_list_next (keyring_result))->data;
 
 		password = NULL;
 		group_password = NULL;
@@ -66,19 +65,26 @@
 			password = data1->password;
 		}
 
-		if (strcmp (data2->object, "group_password") == 0) {
+		if (strcmp (data1->keyring, "session") == 0)
+		    *is_session = TRUE;
+		else
+		    *is_session = FALSE;
+
+		if (g_list_length (keyring_result) > 1) {
+
+		    GnomeKeyringNetworkPasswordData *data2 = (g_list_next (keyring_result))->data;
+		    if (strcmp (data2->object, "group_password") == 0) {
 			group_password = data2->password;
-		} else if (strcmp (data2->object, "password") == 0) {
+		    } else if (strcmp (data2->object, "password") == 0) {
 			password = data2->password;
+		    }
 		}
 
-		if (password != NULL && group_password != NULL) {
+		if (group_password != NULL) {
 			passwords = g_slist_append (passwords, g_strdup (group_password));
-			passwords = g_slist_append (passwords, g_strdup (password));
-			if (strcmp (data1->keyring, "session") == 0)
-				*is_session = TRUE;
-			else
-				*is_session = FALSE;
+			if (password != NULL) {
+			    passwords = g_slist_append (passwords, g_strdup (password));
+			}
 		}
 
 		gnome_keyring_network_password_list_free (keyring_result);
@@ -93,7 +99,8 @@
 	guint32 item_id;
 	GnomeKeyringResult keyring_result;
 
-	keyring_result = gnome_keyring_set_network_password_sync (keyring,
+	if (password) {
+	    keyring_result = gnome_keyring_set_network_password_sync (keyring,
 								  g_get_user_name (),
 								  NULL,
 								  vpn_name,
@@ -103,11 +110,25 @@
 								  0,
 								  password,
 								  &item_id);
-	if (keyring_result != GNOME_KEYRING_RESULT_OK)
-	{
+	    if (keyring_result != GNOME_KEYRING_RESULT_OK)
+	    {
 		g_warning ("Couldn't store password in keyring, code %d", (int) keyring_result);
+	    }
+	} else { // remove old password if it exists
+	    GList *keyring_result_list;
+	    if (gnome_keyring_find_network_password_sync (g_get_user_name (),     /* user */
+							  NULL,                   /* domain */
+							  vpn_name,               /* server */
+							  "password",             /* object */
+							  vpn_service,            /* protocol */
+							  NULL,                   /* authtype */
+							  0,                      /* port */
+							  &keyring_result_list) == GNOME_KEYRING_RESULT_OK && keyring_result_list != NULL) {
+		GnomeKeyringNetworkPasswordData *data1 = keyring_result_list->data;
+		gnome_keyring_item_delete_sync (data1->keyring, data1->item_id);
+		gnome_keyring_network_password_list_free (keyring_result_list);
+	    }
 	}
-
 	keyring_result = gnome_keyring_set_network_password_sync (keyring,
 								  g_get_user_name (),
 								  NULL,
@@ -133,31 +154,37 @@
 	GtkWidget	*dialog;
 	char            *keyring_password;
 	char            *keyring_group_password;
-	gboolean         keyring_is_session;
+	gboolean         keyring_is_session = FALSE;
 	GSList          *keyring_result;
 	GnomeTwoPasswordDialogRemember remember;
+	gboolean        password_is_one_time = TRUE;
 
-	result = NULL;
 	keyring_password = NULL;
 	keyring_group_password = NULL;
 	keyring_result = NULL;
+	result = NULL;
 
 	g_return_val_if_fail (vpn_name != NULL, NULL);
 
 	/* Use the system user name, since the VPN might have a different user name */
-	if (!retry) {
-		if ((result = lookup_pass (vpn_name, vpn_service, &keyring_is_session)) != NULL) {
-			return result;
-		}
-	} else {
-		if ((keyring_result = lookup_pass (vpn_name, vpn_service, &keyring_is_session)) != NULL) {
-			keyring_group_password = g_strdup ((char *) keyring_result->data);
-			keyring_password = g_strdup ((char *) (g_slist_next (keyring_result))->data);
+
+	keyring_result = lookup_pass (vpn_name, vpn_service, &keyring_is_session);
+	if (keyring_result != NULL) {
+		if (g_slist_length (keyring_result) > 1 && !retry) { // return if we have both pwds
+			return keyring_result;
 		}
+		
+		// either retrying or asking for OTP
+		keyring_group_password = g_strdup ((char *) (keyring_result->data));
+		if (g_slist_length (keyring_result) > 1) {
+			keyring_password = g_strdup ((char *) (g_slist_next (keyring_result))->data);
+			password_is_one_time = FALSE;
+		}	
 		g_slist_foreach (keyring_result, (GFunc)g_free, NULL);
 		g_slist_free (keyring_result);
 	}
 
+
 	prompt = g_strdup_printf (_("You need to authenticate to access the Virtual Private Network '%s'."), vpn_name);
 	dialog = gnome_two_password_dialog_new (_("Authenticate VPN"), prompt, NULL, NULL, FALSE);
 	g_free (prompt);
@@ -166,6 +193,7 @@
 	gnome_two_password_dialog_set_show_userpass_buttons (GNOME_TWO_PASSWORD_DIALOG (dialog), FALSE);
 	gnome_two_password_dialog_set_show_domain (GNOME_TWO_PASSWORD_DIALOG (dialog), FALSE);
 	gnome_two_password_dialog_set_show_remember (GNOME_TWO_PASSWORD_DIALOG (dialog), TRUE);
+	gnome_two_password_dialog_set_show_otp (GNOME_TWO_PASSWORD_DIALOG (dialog), TRUE);
 	gnome_two_password_dialog_set_password_secondary_label (GNOME_TWO_PASSWORD_DIALOG (dialog), _("_Group Password:"));
 	/* use the same keyring storage options as from the items we put in the entry boxes */
 	remember = GNOME_TWO_PASSWORD_DIALOG_REMEMBER_NOTHING;
@@ -177,6 +205,8 @@
 	}
 	gnome_two_password_dialog_set_remember (GNOME_TWO_PASSWORD_DIALOG (dialog), remember);
 
+	gnome_two_password_dialog_set_otp(GNOME_TWO_PASSWORD_DIALOG (dialog), password_is_one_time);
+
 	/* if retrying, put in the passwords from the keyring */
 	if (keyring_password != NULL) {
 		gnome_two_password_dialog_set_password (GNOME_TWO_PASSWORD_DIALOG (dialog), keyring_password);
@@ -197,6 +227,12 @@
 		result = g_slist_append (result, group_password);
 		result = g_slist_append (result, password);
 
+		/* don't save password if it is one-time */
+		password_is_one_time = gnome_two_password_dialog_get_otp (GNOME_TWO_PASSWORD_DIALOG (dialog));
+		if (password_is_one_time) {
+		    password = 0;
+		}
+
 		switch (gnome_two_password_dialog_get_remember (GNOME_TWO_PASSWORD_DIALOG (dialog)))
 		{
 			case GNOME_TWO_PASSWORD_DIALOG_REMEMBER_SESSION:
@@ -211,7 +247,7 @@
 
 	}
 
-	g_free (keyring_password);
+	if (keyring_password) g_free (keyring_password);
 	g_free (keyring_group_password);
 
 	gtk_widget_destroy (dialog);
Index: gnome-two-password-dialog.c
===================================================================
RCS file: /cvs/gnome/NetworkManager/vpn-daemons/vpnc/auth-dialog/gnome-two-password-dialog.c,v
retrieving revision 1.4
diff -u -r1.4 gnome-two-password-dialog.c
--- gnome-two-password-dialog.c	2 Feb 2006 21:46:25 -0000	1.4
+++ gnome-two-password-dialog.c	13 Aug 2006 15:15:33 -0000
@@ -68,6 +68,7 @@
 	
 	GtkWidget *remember_session_button;
 	GtkWidget *remember_forever_button;
+	GtkWidget *otp_button;
 
 	GtkWidget *radio_vbox;
 	GtkWidget *connect_with_no_userpass_button;
@@ -461,13 +462,17 @@
 	
 	gtk_widget_show_all (GTK_DIALOG (password_dialog)->vbox);
 
+	password_dialog->details->otp_button =
+		gtk_check_button_new_with_mnemonic (_("One _Time User Password"));
 	password_dialog->details->remember_session_button =
 		gtk_check_button_new_with_mnemonic (_("_Remember passwords for this session"));
 	password_dialog->details->remember_forever_button =
 		gtk_check_button_new_with_mnemonic (_("_Save passwords in keyring"));
 
+	gtk_box_pack_start (GTK_BOX (vbox), password_dialog->details->otp_button, 
+			    TRUE, TRUE, 0);
 	gtk_box_pack_start (GTK_BOX (vbox), password_dialog->details->remember_session_button, 
-			    TRUE, TRUE, 6);
+			    TRUE, TRUE, 0);
 	gtk_box_pack_start (GTK_BOX (vbox), password_dialog->details->remember_forever_button, 
 			    TRUE, TRUE, 0);
 
@@ -728,6 +733,34 @@
 	}
 	return GNOME_TWO_PASSWORD_DIALOG_REMEMBER_NOTHING;
 }
+
+//-----
+void
+gnome_two_password_dialog_set_show_otp (GnomeTwoPasswordDialog         *password_dialog,
+					 gboolean                     show_otp)
+{
+	if (show_otp) {
+		gtk_widget_show (password_dialog->details->otp_button);
+	} else {
+		gtk_widget_hide (password_dialog->details->otp_button);
+	}
+}
+
+void
+gnome_two_password_dialog_set_otp      (GnomeTwoPasswordDialog         *password_dialog,
+					 gboolean  otp)
+{
+	gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (password_dialog->details->otp_button),
+				      otp);
+}
+
+gboolean
+gnome_two_password_dialog_get_otp (GnomeTwoPasswordDialog         *password_dialog)
+{
+	return gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (password_dialog->details->otp_button));
+}
+//----------
+
 
 void gnome_two_password_dialog_set_password_secondary_label (GnomeTwoPasswordDialog  *password_dialog,
 							     const char              *password_secondary_label)
Index: gnome-two-password-dialog.h
===================================================================
RCS file: /cvs/gnome/NetworkManager/vpn-daemons/vpnc/auth-dialog/gnome-two-password-dialog.h,v
retrieving revision 1.1
diff -u -r1.1 gnome-two-password-dialog.h
--- gnome-two-password-dialog.h	12 Jun 2005 14:34:53 -0000	1.1
+++ gnome-two-password-dialog.h	13 Aug 2006 15:15:33 -0000
@@ -100,6 +100,11 @@
 void                           gnome_two_password_dialog_set_remember              (GnomeTwoPasswordDialog         *password_dialog,
 										    GnomeTwoPasswordDialogRemember  remember);
 GnomeTwoPasswordDialogRemember gnome_two_password_dialog_get_remember              (GnomeTwoPasswordDialog         *password_dialog);
+void                           gnome_two_password_dialog_set_show_otp         (GnomeTwoPasswordDialog         *password_dialog,
+										    gboolean                        show_otp);
+void                           gnome_two_password_dialog_set_otp              (GnomeTwoPasswordDialog         *password_dialog,
+										    gboolean  otp);
+gboolean gnome_two_password_dialog_get_otp              (GnomeTwoPasswordDialog         *password_dialog);
 void                           gnome_two_password_dialog_set_show_userpass_buttons (GnomeTwoPasswordDialog         *password_dialog,
 										    gboolean                        show_userpass_buttons);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]