Line
Link Here
|
0 |
-- |
0 |
++ b/vpn/openconnect/CMakeLists.txt |
1 |
-- |
|
|
2 |
-- a/vpn/openconnect/CMakeLists.txt |
Lines 15-20
Link Here
|
15 |
|
15 |
|
16 |
if (${OPENCONNECT_VERSION} VERSION_GREATER ${MINIMUM_OPENCONNECT_VERSION_REQUIRED} OR |
16 |
if (${OPENCONNECT_VERSION} VERSION_GREATER ${MINIMUM_OPENCONNECT_VERSION_REQUIRED} OR |
17 |
${OPENCONNECT_VERSION} VERSION_EQUAL ${MINIMUM_OPENCONNECT_VERSION_REQUIRED}) |
17 |
${OPENCONNECT_VERSION} VERSION_EQUAL ${MINIMUM_OPENCONNECT_VERSION_REQUIRED}) |
|
|
18 |
|
19 |
include_directories(${OPENCONNECT_INCLUDE_DIRS}) |
18 |
|
20 |
|
19 |
set(openconnect_SRCS |
21 |
set(openconnect_SRCS |
20 |
openconnectui.cpp |
22 |
openconnectui.cpp |
21 |
-- a/vpn/openconnect/openconnectauth.cpp |
23 |
++ b/vpn/openconnect/openconnectauth.cpp |
Lines 161-167
Link Here
|
161 |
} |
161 |
} |
162 |
if (!dataMap[NM_OPENCONNECT_KEY_CACERT].isEmpty()) { |
162 |
if (!dataMap[NM_OPENCONNECT_KEY_CACERT].isEmpty()) { |
163 |
const QByteArray crt = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_CACERT]); |
163 |
const QByteArray crt = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_CACERT]); |
164 |
openconnect_set_cafile(d->vpninfo, strdup(crt.data())); |
164 |
openconnect_set_cafile(d->vpninfo, OC3DUP(crt.data())); |
165 |
} |
165 |
} |
166 |
if (dataMap[NM_OPENCONNECT_KEY_CSD_ENABLE] == "yes") { |
166 |
if (dataMap[NM_OPENCONNECT_KEY_CSD_ENABLE] == "yes") { |
167 |
char *wrapper; |
167 |
char *wrapper; |
Lines 174-185
Link Here
|
174 |
} |
174 |
} |
175 |
if (!dataMap[NM_OPENCONNECT_KEY_PROXY].isEmpty()) { |
175 |
if (!dataMap[NM_OPENCONNECT_KEY_PROXY].isEmpty()) { |
176 |
const QByteArray proxy = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_PROXY]); |
176 |
const QByteArray proxy = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_PROXY]); |
177 |
openconnect_set_http_proxy(d->vpninfo, strdup(proxy.data())); |
177 |
openconnect_set_http_proxy(d->vpninfo, OC3DUP(proxy.data())); |
178 |
} |
178 |
} |
179 |
if (!dataMap[NM_OPENCONNECT_KEY_USERCERT].isEmpty()) { |
179 |
if (!dataMap[NM_OPENCONNECT_KEY_USERCERT].isEmpty()) { |
180 |
const QByteArray crt = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_USERCERT]); |
180 |
const QByteArray crt = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_USERCERT]); |
181 |
const QByteArray key = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_PRIVKEY]); |
181 |
const QByteArray key = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_PRIVKEY]); |
182 |
openconnect_set_client_cert (d->vpninfo, strdup(crt.data()), strdup(key.data())); |
182 |
openconnect_set_client_cert (d->vpninfo, OC3DUP(crt.data()), OC3DUP(key.data())); |
183 |
|
183 |
|
184 |
if (!crt.isEmpty() && dataMap[NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID] == "yes") { |
184 |
if (!crt.isEmpty() && dataMap[NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID] == "yes") { |
185 |
openconnect_passphrase_from_fsid(d->vpninfo); |
185 |
openconnect_passphrase_from_fsid(d->vpninfo); |
Lines 276-285
Link Here
|
276 |
const VPNHost &host = d->hosts.at(i); |
276 |
const VPNHost &host = d->hosts.at(i); |
277 |
if (openconnect_parse_url(d->vpninfo, host.address.toAscii().data())) { |
277 |
if (openconnect_parse_url(d->vpninfo, host.address.toAscii().data())) { |
278 |
kWarning() << "Failed to parse server URL" << host.address; |
278 |
kWarning() << "Failed to parse server URL" << host.address; |
279 |
openconnect_set_hostname(d->vpninfo, strdup(host.address.toAscii().data())); |
279 |
openconnect_set_hostname(d->vpninfo, OC3DUP(host.address.toAscii().data())); |
280 |
} |
280 |
} |
281 |
if (!openconnect_get_urlpath(d->vpninfo) && !host.group.isEmpty()) |
281 |
if (!openconnect_get_urlpath(d->vpninfo) && !host.group.isEmpty()) |
282 |
openconnect_set_urlpath(d->vpninfo, strdup(host.group.toAscii().data())); |
282 |
openconnect_set_urlpath(d->vpninfo, OC3DUP(host.group.toAscii().data())); |
283 |
d->secrets["lasthost"] = host.name; |
283 |
d->secrets["lasthost"] = host.name; |
284 |
addFormInfo(QLatin1String("dialog-information"), i18n("Contacting host, please wait...")); |
284 |
addFormInfo(QLatin1String("dialog-information"), i18n("Contacting host, please wait...")); |
285 |
d->worker->start(); |
285 |
d->worker->start(); |
Lines 301-309
Link Here
|
301 |
secrets.insert(QLatin1String(NM_OPENCONNECT_KEY_COOKIE), QLatin1String(openconnect_get_cookie(d->vpninfo))); |
301 |
secrets.insert(QLatin1String(NM_OPENCONNECT_KEY_COOKIE), QLatin1String(openconnect_get_cookie(d->vpninfo))); |
302 |
openconnect_clear_cookie(d->vpninfo); |
302 |
openconnect_clear_cookie(d->vpninfo); |
303 |
|
303 |
|
|
|
304 |
#if OPENCONNECT_CHECK_VER(5,0) |
305 |
const char *fingerprint = openconnect_get_peer_cert_hash(d->vpninfo); |
306 |
#else |
304 |
OPENCONNECT_X509 *cert = openconnect_get_peer_cert(d->vpninfo); |
307 |
OPENCONNECT_X509 *cert = openconnect_get_peer_cert(d->vpninfo); |
305 |
char fingerprint[41]; |
308 |
char fingerprint[41]; |
306 |
openconnect_get_cert_sha1(d->vpninfo, cert, fingerprint); |
309 |
openconnect_get_cert_sha1(d->vpninfo, cert, fingerprint); |
|
|
310 |
#endif |
307 |
secrets.insert(QLatin1String(NM_OPENCONNECT_KEY_GWCERT), QLatin1String(fingerprint)); |
311 |
secrets.insert(QLatin1String(NM_OPENCONNECT_KEY_GWCERT), QLatin1String(fingerprint)); |
308 |
secrets.insert(QLatin1String("certsigs"), d->certificateFingerprints.join("\t")); |
312 |
secrets.insert(QLatin1String("certsigs"), d->certificateFingerprints.join("\t")); |
309 |
secrets.insert(QLatin1String("autoconnect"), d->ui.chkAutoconnect->isChecked() ? "yes" : "no"); |
313 |
secrets.insert(QLatin1String("autoconnect"), d->ui.chkAutoconnect->isChecked() ? "yes" : "no"); |
Lines 578-591
Link Here
|
578 |
if (opt->type == OC_FORM_OPT_PASSWORD || opt->type == OC_FORM_OPT_TEXT) { |
582 |
if (opt->type == OC_FORM_OPT_PASSWORD || opt->type == OC_FORM_OPT_TEXT) { |
579 |
KLineEdit *le = qobject_cast<KLineEdit*>(widget); |
583 |
KLineEdit *le = qobject_cast<KLineEdit*>(widget); |
580 |
QByteArray text = le->text().toUtf8(); |
584 |
QByteArray text = le->text().toUtf8(); |
581 |
opt->value = strdup(text.data()); |
585 |
openconnect_set_option_value(opt, text.data()); |
582 |
if (opt->type == OC_FORM_OPT_TEXT) { |
586 |
if (opt->type == OC_FORM_OPT_TEXT) { |
583 |
d->secrets.insert(key,le->text()); |
587 |
d->secrets.insert(key,le->text()); |
584 |
} |
588 |
} |
585 |
} else if (opt->type == OC_FORM_OPT_SELECT) { |
589 |
} else if (opt->type == OC_FORM_OPT_SELECT) { |
586 |
KComboBox *cbo = qobject_cast<KComboBox*>(widget); |
590 |
KComboBox *cbo = qobject_cast<KComboBox*>(widget); |
587 |
QByteArray text = cbo->itemData(cbo->currentIndex()).toString().toAscii(); |
591 |
QByteArray text = cbo->itemData(cbo->currentIndex()).toString().toAscii(); |
588 |
opt->value = strdup(text.data()); |
592 |
openconnect_set_option_value(opt, text.data()); |
589 |
d->secrets.insert(key,cbo->itemData(cbo->currentIndex()).toString()); |
593 |
d->secrets.insert(key,cbo->itemData(cbo->currentIndex()).toString()); |
590 |
} |
594 |
} |
591 |
} |
595 |
} |
592 |
-- a/vpn/openconnect/openconnectauthworkerthread.cpp |
596 |
++ b/vpn/openconnect/openconnectauthworkerthread.cpp |
Lines 43-48
Link Here
|
43 |
class OpenconnectAuthStaticWrapper |
43 |
class OpenconnectAuthStaticWrapper |
44 |
{ |
44 |
{ |
45 |
public: |
45 |
public: |
|
|
46 |
#if OPENCONNECT_CHECK_VER(5,0) |
47 |
static int writeNewConfig(void *obj, const char *str, int num) |
48 |
{ |
49 |
if (obj) |
50 |
return static_cast<OpenconnectAuthWorkerThread*>(obj)->writeNewConfig(str, num); |
51 |
return -1; |
52 |
} |
53 |
static int validatePeerCert(void *obj, const char *str) |
54 |
{ |
55 |
if (obj) |
56 |
return static_cast<OpenconnectAuthWorkerThread*>(obj)->validatePeerCert(NULL, str); |
57 |
return -1; |
58 |
} |
59 |
#else |
46 |
static int writeNewConfig(void *obj, char *str, int num) |
60 |
static int writeNewConfig(void *obj, char *str, int num) |
47 |
{ |
61 |
{ |
48 |
if (obj) |
62 |
if (obj) |
Lines 55-61
Link Here
|
55 |
return static_cast<OpenconnectAuthWorkerThread*>(obj)->validatePeerCert(cert, str); |
69 |
return static_cast<OpenconnectAuthWorkerThread*>(obj)->validatePeerCert(cert, str); |
56 |
return -1; |
70 |
return -1; |
57 |
} |
71 |
} |
58 |
static int processAuthForm(void *obj, struct oc_auth_form *form) |
72 |
#endif |
|
|
73 |
static int processAuthForm(void *obj, struct oc_auth_form *form) |
59 |
{ |
74 |
{ |
60 |
if (obj) |
75 |
if (obj) |
61 |
return static_cast<OpenconnectAuthWorkerThread*>(obj)->processAuthFormP(form); |
76 |
return static_cast<OpenconnectAuthWorkerThread*>(obj)->processAuthFormP(form); |
Lines 108-114
Link Here
|
108 |
return m_openconnectInfo; |
123 |
return m_openconnectInfo; |
109 |
} |
124 |
} |
110 |
|
125 |
|
111 |
int OpenconnectAuthWorkerThread::writeNewConfig(char *buf, int buflen) |
126 |
int OpenconnectAuthWorkerThread::writeNewConfig(const char *buf, int buflen) |
112 |
{ |
127 |
{ |
113 |
Q_UNUSED(buflen) |
128 |
Q_UNUSED(buflen) |
114 |
if (*m_userDecidedToQuit) |
129 |
if (*m_userDecidedToQuit) |
Lines 139-148
Link Here
|
139 |
} |
154 |
} |
140 |
#endif |
155 |
#endif |
141 |
|
156 |
|
142 |
int OpenconnectAuthWorkerThread::validatePeerCert(OPENCONNECT_X509 *cert, const char *reason) |
157 |
int OpenconnectAuthWorkerThread::validatePeerCert(void *cert, const char *reason) |
143 |
{ |
158 |
{ |
144 |
if (*m_userDecidedToQuit) |
159 |
if (*m_userDecidedToQuit) |
145 |
return -EINVAL; |
160 |
return -EINVAL; |
|
|
161 |
|
162 |
#if OPENCONNECT_CHECK_VER(5,0) |
163 |
(void)cert; |
164 |
const char *fingerprint = openconnect_get_peer_cert_hash(m_openconnectInfo); |
165 |
char *details = openconnect_get_peer_cert_details(m_openconnectInfo); |
166 |
#else |
146 |
char fingerprint[41]; |
167 |
char fingerprint[41]; |
147 |
int ret = 0; |
168 |
int ret = 0; |
148 |
|
169 |
|
Lines 151-157
Link Here
|
151 |
return ret; |
172 |
return ret; |
152 |
|
173 |
|
153 |
char *details = openconnect_get_cert_details(m_openconnectInfo, cert); |
174 |
char *details = openconnect_get_cert_details(m_openconnectInfo, cert); |
154 |
|
175 |
#endif |
155 |
bool accepted = false; |
176 |
bool accepted = false; |
156 |
m_mutex->lock(); |
177 |
m_mutex->lock(); |
157 |
QString qFingerprint(fingerprint); |
178 |
QString qFingerprint(fingerprint); |
Lines 160-166
Link Here
|
160 |
emit validatePeerCert(qFingerprint, qCertinfo, qReason, &accepted); |
181 |
emit validatePeerCert(qFingerprint, qCertinfo, qReason, &accepted); |
161 |
m_waitForUserInput->wait(m_mutex); |
182 |
m_waitForUserInput->wait(m_mutex); |
162 |
m_mutex->unlock(); |
183 |
m_mutex->unlock(); |
163 |
::free(details); |
184 |
openconnect_free_cert_info(m_openconnectInfo, details); |
164 |
if (*m_userDecidedToQuit) |
185 |
if (*m_userDecidedToQuit) |
165 |
return -EINVAL; |
186 |
return -EINVAL; |
166 |
|
187 |
|
167 |
-- a/vpn/openconnect/openconnectauthworkerthread.h |
188 |
++ b/vpn/openconnect/openconnectauthworkerthread.h |
Lines 59-64
Link Here
|
59 |
#define OC_FORM_RESULT_NEWGROUP 2 |
59 |
#define OC_FORM_RESULT_NEWGROUP 2 |
60 |
#endif |
60 |
#endif |
61 |
|
61 |
|
|
|
62 |
#if OPENCONNECT_CHECK_VER(4,0) |
63 |
#define OC3DUP(x) (x) |
64 |
#else |
65 |
#define openconnect_set_option_value(opt, val) do { \ |
66 |
struct oc_form_opt *_o = (opt); \ |
67 |
free(_o->value); _o->value = strdup(val); \ |
68 |
} while (0) |
69 |
#define openconnect_free_cert_info(v, x) ::free(x) |
70 |
#define OC3DUP(x) strdup(x) |
71 |
#endif |
72 |
|
62 |
#include <QThread> |
73 |
#include <QThread> |
63 |
|
74 |
|
64 |
class QMutex; |
75 |
class QMutex; |
Lines 85-92
Link Here
|
85 |
void run(); |
96 |
void run(); |
86 |
|
97 |
|
87 |
private: |
98 |
private: |
88 |
int writeNewConfig(char *, int); |
99 |
int writeNewConfig(const char *, int); |
89 |
int validatePeerCert(OPENCONNECT_X509 *, const char *); |
100 |
int validatePeerCert(void *, const char *); |
90 |
int processAuthFormP(struct oc_auth_form *); |
101 |
int processAuthFormP(struct oc_auth_form *); |
91 |
void writeProgress(int level, const char *, va_list); |
102 |
void writeProgress(int level, const char *, va_list); |
92 |
|
103 |
|