[NetworkManager-openconnect] Add authentication dialog from openconnect package
David Woodhouse
dwmw2 at fedoraproject.org
Wed Mar 9 23:20:42 UTC 2011
commit ac2f31f3310a813d66579114aecef5ea59260e93
Author: David Woodhouse <David.Woodhouse at intel.com>
Date: Wed Mar 9 23:20:19 2011 +0000
Add authentication dialog from openconnect package
NetworkManager-openconnect-0.8.1-auth-dialog.patch | 2152 ++++++++++++++++++++
NetworkManager-openconnect.spec | 12 +-
2 files changed, 2162 insertions(+), 2 deletions(-)
---
diff --git a/NetworkManager-openconnect-0.8.1-auth-dialog.patch b/NetworkManager-openconnect-0.8.1-auth-dialog.patch
new file mode 100644
index 0000000..bfe686d
--- /dev/null
+++ b/NetworkManager-openconnect-0.8.1-auth-dialog.patch
@@ -0,0 +1,2152 @@
+diff --git a/COPYING.LGPL b/COPYING.LGPL
+new file mode 100644
+index 0000000..602bfc9
+--- /dev/null
++++ b/COPYING.LGPL
+@@ -0,0 +1,504 @@
++ GNU LESSER GENERAL PUBLIC LICENSE
++ Version 2.1, February 1999
++
++ Copyright (C) 1991, 1999 Free Software Foundation, Inc.
++ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
++ Everyone is permitted to copy and distribute verbatim copies
++ of this license document, but changing it is not allowed.
++
++[This is the first released version of the Lesser GPL. It also counts
++ as the successor of the GNU Library Public License, version 2, hence
++ the version number 2.1.]
++
++ Preamble
++
++ The licenses for most software are designed to take away your
++freedom to share and change it. By contrast, the GNU General Public
++Licenses are intended to guarantee your freedom to share and change
++free software--to make sure the software is free for all its users.
++
++ This license, the Lesser General Public License, applies to some
++specially designated software packages--typically libraries--of the
++Free Software Foundation and other authors who decide to use it. You
++can use it too, but we suggest you first think carefully about whether
++this license or the ordinary General Public License is the better
++strategy to use in any particular case, based on the explanations below.
++
++ When we speak of free software, we are referring to freedom of use,
++not price. Our General Public Licenses are designed to make sure that
++you have the freedom to distribute copies of free software (and charge
++for this service if you wish); that you receive source code or can get
++it if you want it; that you can change the software and use pieces of
++it in new free programs; and that you are informed that you can do
++these things.
++
++ To protect your rights, we need to make restrictions that forbid
++distributors to deny you these rights or to ask you to surrender these
++rights. These restrictions translate to certain responsibilities for
++you if you distribute copies of the library or if you modify it.
++
++ For example, if you distribute copies of the library, whether gratis
++or for a fee, you must give the recipients all the rights that we gave
++you. You must make sure that they, too, receive or can get the source
++code. If you link other code with the library, you must provide
++complete object files to the recipients, so that they can relink them
++with the library after making changes to the library and recompiling
++it. And you must show them these terms so they know their rights.
++
++ We protect your rights with a two-step method: (1) we copyright the
++library, and (2) we offer you this license, which gives you legal
++permission to copy, distribute and/or modify the library.
++
++ To protect each distributor, we want to make it very clear that
++there is no warranty for the free library. Also, if the library is
++modified by someone else and passed on, the recipients should know
++that what they have is not the original version, so that the original
++author's reputation will not be affected by problems that might be
++introduced by others.
++
++ Finally, software patents pose a constant threat to the existence of
++any free program. We wish to make sure that a company cannot
++effectively restrict the users of a free program by obtaining a
++restrictive license from a patent holder. Therefore, we insist that
++any patent license obtained for a version of the library must be
++consistent with the full freedom of use specified in this license.
++
++ Most GNU software, including some libraries, is covered by the
++ordinary GNU General Public License. This license, the GNU Lesser
++General Public License, applies to certain designated libraries, and
++is quite different from the ordinary General Public License. We use
++this license for certain libraries in order to permit linking those
++libraries into non-free programs.
++
++ When a program is linked with a library, whether statically or using
++a shared library, the combination of the two is legally speaking a
++combined work, a derivative of the original library. The ordinary
++General Public License therefore permits such linking only if the
++entire combination fits its criteria of freedom. The Lesser General
++Public License permits more lax criteria for linking other code with
++the library.
++
++ We call this license the "Lesser" General Public License because it
++does Less to protect the user's freedom than the ordinary General
++Public License. It also provides other free software developers Less
++of an advantage over competing non-free programs. These disadvantages
++are the reason we use the ordinary General Public License for many
++libraries. However, the Lesser license provides advantages in certain
++special circumstances.
++
++ For example, on rare occasions, there may be a special need to
++encourage the widest possible use of a certain library, so that it becomes
++a de-facto standard. To achieve this, non-free programs must be
++allowed to use the library. A more frequent case is that a free
++library does the same job as widely used non-free libraries. In this
++case, there is little to gain by limiting the free library to free
++software only, so we use the Lesser General Public License.
++
++ In other cases, permission to use a particular library in non-free
++programs enables a greater number of people to use a large body of
++free software. For example, permission to use the GNU C Library in
++non-free programs enables many more people to use the whole GNU
++operating system, as well as its variant, the GNU/Linux operating
++system.
++
++ Although the Lesser General Public License is Less protective of the
++users' freedom, it does ensure that the user of a program that is
++linked with the Library has the freedom and the wherewithal to run
++that program using a modified version of the Library.
++
++ The precise terms and conditions for copying, distribution and
++modification follow. Pay close attention to the difference between a
++"work based on the library" and a "work that uses the library". The
++former contains code derived from the library, whereas the latter must
++be combined with the library in order to run.
++
++ GNU LESSER GENERAL PUBLIC LICENSE
++ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
++
++ 0. This License Agreement applies to any software library or other
++program which contains a notice placed by the copyright holder or
++other authorized party saying it may be distributed under the terms of
++this Lesser General Public License (also called "this License").
++Each licensee is addressed as "you".
++
++ A "library" means a collection of software functions and/or data
++prepared so as to be conveniently linked with application programs
++(which use some of those functions and data) to form executables.
++
++ The "Library", below, refers to any such software library or work
++which has been distributed under these terms. A "work based on the
++Library" means either the Library or any derivative work under
++copyright law: that is to say, a work containing the Library or a
++portion of it, either verbatim or with modifications and/or translated
++straightforwardly into another language. (Hereinafter, translation is
++included without limitation in the term "modification".)
++
++ "Source code" for a work means the preferred form of the work for
++making modifications to it. For a library, complete source code means
++all the source code for all modules it contains, plus any associated
++interface definition files, plus the scripts used to control compilation
++and installation of the library.
++
++ Activities other than copying, distribution and modification are not
++covered by this License; they are outside its scope. The act of
++running a program using the Library is not restricted, and output from
++such a program is covered only if its contents constitute a work based
++on the Library (independent of the use of the Library in a tool for
++writing it). Whether that is true depends on what the Library does
++and what the program that uses the Library does.
++
++ 1. You may copy and distribute verbatim copies of the Library's
++complete source code as you receive it, in any medium, provided that
++you conspicuously and appropriately publish on each copy an
++appropriate copyright notice and disclaimer of warranty; keep intact
++all the notices that refer to this License and to the absence of any
++warranty; and distribute a copy of this License along with the
++Library.
++
++ You may charge a fee for the physical act of transferring a copy,
++and you may at your option offer warranty protection in exchange for a
++fee.
++
++ 2. You may modify your copy or copies of the Library or any portion
++of it, thus forming a work based on the Library, and copy and
++distribute such modifications or work under the terms of Section 1
++above, provided that you also meet all of these conditions:
++
++ a) The modified work must itself be a software library.
++
++ b) You must cause the files modified to carry prominent notices
++ stating that you changed the files and the date of any change.
++
++ c) You must cause the whole of the work to be licensed at no
++ charge to all third parties under the terms of this License.
++
++ d) If a facility in the modified Library refers to a function or a
++ table of data to be supplied by an application program that uses
++ the facility, other than as an argument passed when the facility
++ is invoked, then you must make a good faith effort to ensure that,
++ in the event an application does not supply such function or
++ table, the facility still operates, and performs whatever part of
++ its purpose remains meaningful.
++
++ (For example, a function in a library to compute square roots has
++ a purpose that is entirely well-defined independent of the
++ application. Therefore, Subsection 2d requires that any
++ application-supplied function or table used by this function must
++ be optional: if the application does not supply it, the square
++ root function must still compute square roots.)
++
++These requirements apply to the modified work as a whole. If
++identifiable sections of that work are not derived from the Library,
++and can be reasonably considered independent and separate works in
++themselves, then this License, and its terms, do not apply to those
++sections when you distribute them as separate works. But when you
++distribute the same sections as part of a whole which is a work based
++on the Library, the distribution of the whole must be on the terms of
++this License, whose permissions for other licensees extend to the
++entire whole, and thus to each and every part regardless of who wrote
++it.
++
++Thus, it is not the intent of this section to claim rights or contest
++your rights to work written entirely by you; rather, the intent is to
++exercise the right to control the distribution of derivative or
++collective works based on the Library.
++
++In addition, mere aggregation of another work not based on the Library
++with the Library (or with a work based on the Library) on a volume of
++a storage or distribution medium does not bring the other work under
++the scope of this License.
++
++ 3. You may opt to apply the terms of the ordinary GNU General Public
++License instead of this License to a given copy of the Library. To do
++this, you must alter all the notices that refer to this License, so
++that they refer to the ordinary GNU General Public License, version 2,
++instead of to this License. (If a newer version than version 2 of the
++ordinary GNU General Public License has appeared, then you can specify
++that version instead if you wish.) Do not make any other change in
++these notices.
++
++ Once this change is made in a given copy, it is irreversible for
++that copy, so the ordinary GNU General Public License applies to all
++subsequent copies and derivative works made from that copy.
++
++ This option is useful when you wish to copy part of the code of
++the Library into a program that is not a library.
++
++ 4. You may copy and distribute the Library (or a portion or
++derivative of it, under Section 2) in object code or executable form
++under the terms of Sections 1 and 2 above provided that you accompany
++it with the complete corresponding machine-readable source code, which
++must be distributed under the terms of Sections 1 and 2 above on a
++medium customarily used for software interchange.
++
++ If distribution of object code is made by offering access to copy
++from a designated place, then offering equivalent access to copy the
++source code from the same place satisfies the requirement to
++distribute the source code, even though third parties are not
++compelled to copy the source along with the object code.
++
++ 5. A program that contains no derivative of any portion of the
++Library, but is designed to work with the Library by being compiled or
++linked with it, is called a "work that uses the Library". Such a
++work, in isolation, is not a derivative work of the Library, and
++therefore falls outside the scope of this License.
++
++ However, linking a "work that uses the Library" with the Library
++creates an executable that is a derivative of the Library (because it
++contains portions of the Library), rather than a "work that uses the
++library". The executable is therefore covered by this License.
++Section 6 states terms for distribution of such executables.
++
++ When a "work that uses the Library" uses material from a header file
++that is part of the Library, the object code for the work may be a
++derivative work of the Library even though the source code is not.
++Whether this is true is especially significant if the work can be
++linked without the Library, or if the work is itself a library. The
++threshold for this to be true is not precisely defined by law.
++
++ If such an object file uses only numerical parameters, data
++structure layouts and accessors, and small macros and small inline
++functions (ten lines or less in length), then the use of the object
++file is unrestricted, regardless of whether it is legally a derivative
++work. (Executables containing this object code plus portions of the
++Library will still fall under Section 6.)
++
++ Otherwise, if the work is a derivative of the Library, you may
++distribute the object code for the work under the terms of Section 6.
++Any executables containing that work also fall under Section 6,
++whether or not they are linked directly with the Library itself.
++
++ 6. As an exception to the Sections above, you may also combine or
++link a "work that uses the Library" with the Library to produce a
++work containing portions of the Library, and distribute that work
++under terms of your choice, provided that the terms permit
++modification of the work for the customer's own use and reverse
++engineering for debugging such modifications.
++
++ You must give prominent notice with each copy of the work that the
++Library is used in it and that the Library and its use are covered by
++this License. You must supply a copy of this License. If the work
++during execution displays copyright notices, you must include the
++copyright notice for the Library among them, as well as a reference
++directing the user to the copy of this License. Also, you must do one
++of these things:
++
++ a) Accompany the work with the complete corresponding
++ machine-readable source code for the Library including whatever
++ changes were used in the work (which must be distributed under
++ Sections 1 and 2 above); and, if the work is an executable linked
++ with the Library, with the complete machine-readable "work that
++ uses the Library", as object code and/or source code, so that the
++ user can modify the Library and then relink to produce a modified
++ executable containing the modified Library. (It is understood
++ that the user who changes the contents of definitions files in the
++ Library will not necessarily be able to recompile the application
++ to use the modified definitions.)
++
++ b) Use a suitable shared library mechanism for linking with the
++ Library. A suitable mechanism is one that (1) uses at run time a
++ copy of the library already present on the user's computer system,
++ rather than copying library functions into the executable, and (2)
++ will operate properly with a modified version of the library, if
++ the user installs one, as long as the modified version is
++ interface-compatible with the version that the work was made with.
++
++ c) Accompany the work with a written offer, valid for at
++ least three years, to give the same user the materials
++ specified in Subsection 6a, above, for a charge no more
++ than the cost of performing this distribution.
++
++ d) If distribution of the work is made by offering access to copy
++ from a designated place, offer equivalent access to copy the above
++ specified materials from the same place.
++
++ e) Verify that the user has already received a copy of these
++ materials or that you have already sent this user a copy.
++
++ For an executable, the required form of the "work that uses the
++Library" must include any data and utility programs needed for
++reproducing the executable from it. However, as a special exception,
++the materials to be distributed need not include anything that is
++normally distributed (in either source or binary form) with the major
++components (compiler, kernel, and so on) of the operating system on
++which the executable runs, unless that component itself accompanies
++the executable.
++
++ It may happen that this requirement contradicts the license
++restrictions of other proprietary libraries that do not normally
++accompany the operating system. Such a contradiction means you cannot
++use both them and the Library together in an executable that you
++distribute.
++
++ 7. You may place library facilities that are a work based on the
++Library side-by-side in a single library together with other library
++facilities not covered by this License, and distribute such a combined
++library, provided that the separate distribution of the work based on
++the Library and of the other library facilities is otherwise
++permitted, and provided that you do these two things:
++
++ a) Accompany the combined library with a copy of the same work
++ based on the Library, uncombined with any other library
++ facilities. This must be distributed under the terms of the
++ Sections above.
++
++ b) Give prominent notice with the combined library of the fact
++ that part of it is a work based on the Library, and explaining
++ where to find the accompanying uncombined form of the same work.
++
++ 8. You may not copy, modify, sublicense, link with, or distribute
++the Library except as expressly provided under this License. Any
++attempt otherwise to copy, modify, sublicense, link with, or
++distribute the Library is void, and will automatically terminate your
++rights under this License. However, parties who have received copies,
++or rights, from you under this License will not have their licenses
++terminated so long as such parties remain in full compliance.
++
++ 9. You are not required to accept this License, since you have not
++signed it. However, nothing else grants you permission to modify or
++distribute the Library or its derivative works. These actions are
++prohibited by law if you do not accept this License. Therefore, by
++modifying or distributing the Library (or any work based on the
++Library), you indicate your acceptance of this License to do so, and
++all its terms and conditions for copying, distributing or modifying
++the Library or works based on it.
++
++ 10. Each time you redistribute the Library (or any work based on the
++Library), the recipient automatically receives a license from the
++original licensor to copy, distribute, link with or modify the Library
++subject to these terms and conditions. You may not impose any further
++restrictions on the recipients' exercise of the rights granted herein.
++You are not responsible for enforcing compliance by third parties with
++this License.
++
++ 11. If, as a consequence of a court judgment or allegation of patent
++infringement or for any other reason (not limited to patent issues),
++conditions are imposed on you (whether by court order, agreement or
++otherwise) that contradict the conditions of this License, they do not
++excuse you from the conditions of this License. If you cannot
++distribute so as to satisfy simultaneously your obligations under this
++License and any other pertinent obligations, then as a consequence you
++may not distribute the Library at all. For example, if a patent
++license would not permit royalty-free redistribution of the Library by
++all those who receive copies directly or indirectly through you, then
++the only way you could satisfy both it and this License would be to
++refrain entirely from distribution of the Library.
++
++If any portion of this section is held invalid or unenforceable under any
++particular circumstance, the balance of the section is intended to apply,
++and the section as a whole is intended to apply in other circumstances.
++
++It is not the purpose of this section to induce you to infringe any
++patents or other property right claims or to contest validity of any
++such claims; this section has the sole purpose of protecting the
++integrity of the free software distribution system which is
++implemented by public license practices. Many people have made
++generous contributions to the wide range of software distributed
++through that system in reliance on consistent application of that
++system; it is up to the author/donor to decide if he or she is willing
++to distribute software through any other system and a licensee cannot
++impose that choice.
++
++This section is intended to make thoroughly clear what is believed to
++be a consequence of the rest of this License.
++
++ 12. If the distribution and/or use of the Library is restricted in
++certain countries either by patents or by copyrighted interfaces, the
++original copyright holder who places the Library under this License may add
++an explicit geographical distribution limitation excluding those countries,
++so that distribution is permitted only in or among countries not thus
++excluded. In such case, this License incorporates the limitation as if
++written in the body of this License.
++
++ 13. The Free Software Foundation may publish revised and/or new
++versions of the Lesser General Public License from time to time.
++Such new versions will be similar in spirit to the present version,
++but may differ in detail to address new problems or concerns.
++
++Each version is given a distinguishing version number. If the Library
++specifies a version number of this License which applies to it and
++"any later version", you have the option of following the terms and
++conditions either of that version or of any later version published by
++the Free Software Foundation. If the Library does not specify a
++license version number, you may choose any version ever published by
++the Free Software Foundation.
++
++ 14. If you wish to incorporate parts of the Library into other free
++programs whose distribution conditions are incompatible with these,
++write to the author to ask for permission. For software which is
++copyrighted by the Free Software Foundation, write to the Free
++Software Foundation; we sometimes make exceptions for this. Our
++decision will be guided by the two goals of preserving the free status
++of all derivatives of our free software and of promoting the sharing
++and reuse of software generally.
++
++ NO WARRANTY
++
++ 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
++WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
++EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
++OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
++KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
++IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
++LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
++THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
++
++ 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
++WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
++AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
++FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
++CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
++LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
++RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
++FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
++SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
++DAMAGES.
++
++ END OF TERMS AND CONDITIONS
++
++ How to Apply These Terms to Your New Libraries
++
++ If you develop a new library, and you want it to be of the greatest
++possible use to the public, we recommend making it free software that
++everyone can redistribute and change. You can do so by permitting
++redistribution under these terms (or, alternatively, under the terms of the
++ordinary General Public License).
++
++ To apply these terms, attach the following notices to the library. It is
++safest to attach them to the start of each source file to most effectively
++convey the exclusion of warranty; and each file should have at least the
++"copyright" line and a pointer to where the full notice is found.
++
++ <one line to give the library's name and a brief idea of what it does.>
++ Copyright (C) <year> <name of author>
++
++ This library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ This library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with this library; if not, write to the Free Software
++ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
++
++Also add information on how to contact you by electronic and paper mail.
++
++You should also get your employer (if you work as a programmer) or your
++school, if any, to sign a "copyright disclaimer" for the library, if
++necessary. Here is a sample; alter the names:
++
++ Yoyodyne, Inc., hereby disclaims all copyright interest in the
++ library `Frob' (a library for tweaking knobs) written by James Random Hacker.
++
++ <signature of Ty Coon>, 1 April 1990
++ Ty Coon, President of Vice
++
++That's all there is to it!
++
++
+diff --git a/Makefile.am b/Makefile.am
+index aeef372..72f3e52 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -1,6 +1,6 @@
+ AUTOMAKE_OPTIONS = foreign
+
+-SUBDIRS = src
++SUBDIRS = src auth-dialog
+
+ if WITH_GNOME
+ SUBDIRS += properties po
+diff --git a/auth-dialog/Makefile.am b/auth-dialog/Makefile.am
+new file mode 100644
+index 0000000..07c8cdf
+--- /dev/null
++++ b/auth-dialog/Makefile.am
+@@ -0,0 +1,30 @@
++INCLUDES = -I${top_srcdir}
++
++libexec_PROGRAMS = nm-openconnect-auth-dialog
++
++nm_openconnect_auth_dialog_CPPFLAGS = \
++ $(NETWORKMANAGER_CFLAGS) \
++ $(GTHREAD_CFLAGS) \
++ $(GTK_CFLAGS) \
++ $(GCONF_CFLAGS) \
++ $(OPENCONNECT_CFLAGS) \
++ $(GNOMEKEYRING_CFLAGS) \
++ -DICONDIR=\""$(datadir)/pixmaps"\" \
++ -DBINDIR=\""$(bindir)"\" \
++ -DG_DISABLE_DEPRECATED \
++ -DGDK_DISABLE_DEPRECATED \
++ -DGNOME_DISABLE_DEPRECATED \
++ -DGNOMELOCALEDIR=\"$(datadir)/locale\" \
++ -DVERSION=\"$(VERSION)\"
++
++nm_openconnect_auth_dialog_SOURCES = \
++ main.c
++
++nm_openconnect_auth_dialog_LDADD = \
++ $(GTK_LIBS) \
++ $(NETWORKMANAGER_LIBS) \
++ $(GCONF_LIBS) \
++ $(OPENCONNECT_LIBS)
++
++CLEANFILES = *~
++
+diff --git a/auth-dialog/auth-dlg-settings.h b/auth-dialog/auth-dlg-settings.h
+new file mode 100644
+index 0000000..1e9105c
+--- /dev/null
++++ b/auth-dialog/auth-dlg-settings.h
+@@ -0,0 +1,41 @@
++/*
++ * OpenConnect (SSL + DTLS) VPN client
++ *
++ * Copyright © 2008-2010 Intel Corporation.
++ *
++ * Author: David Woodhouse <dwmw2 at infradead.org>
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public License
++ * version 2.1, as published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public
++ * License along with this library; if not, write to:
++ *
++ * Free Software Foundation, Inc.
++ * 51 Franklin Street, Fifth Floor,
++ * Boston, MA 02110-1301 USA
++ */
++#ifndef __OPENCONNECT_AUTH_DLG_SETTINGS_H
++#define __OPENCONNECT_AUTH_DLG_SETTINGS_H
++
++#define NM_DBUS_SERVICE_OPENCONNECT "org.freedesktop.NetworkManager.openconnect"
++#define NM_DBUS_INTERFACE_OPENCONNECT "org.freedesktop.NetworkManager.openconnect"
++#define NM_DBUS_PATH_OPENCONNECT "/org/freedesktop/NetworkManager/openconnect"
++
++#define NM_OPENCONNECT_KEY_GATEWAY "gateway"
++#define NM_OPENCONNECT_KEY_COOKIE "cookie"
++#define NM_OPENCONNECT_KEY_GWCERT "gwcert"
++#define NM_OPENCONNECT_KEY_USERCERT "usercert"
++#define NM_OPENCONNECT_KEY_CACERT "cacert"
++#define NM_OPENCONNECT_KEY_PRIVKEY "userkey"
++#define NM_OPENCONNECT_KEY_USERNAME "username"
++#define NM_OPENCONNECT_KEY_XMLCONFIG "xmlconfig"
++
++
++#endif /* __OPENCONNECT_AUTH_DLG_SETTINGS_H */
+diff --git a/auth-dialog/main.c b/auth-dialog/main.c
+new file mode 100644
+index 0000000..f3feff9
+--- /dev/null
++++ b/auth-dialog/main.c
+@@ -0,0 +1,1506 @@
++/*
++ * OpenConnect (SSL + DTLS) VPN client
++ *
++ * Copyright © 2008-2010 Intel Corporation.
++ *
++ * Authors: Jussi Kukkonen <jku at linux.intel.com>
++ * David Woodhouse <dwmw2 at infradead.org>
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public License
++ * version 2.1, as published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public
++ * License along with this library; if not, write to:
++ *
++ * Free Software Foundation, Inc.
++ * 51 Franklin Street, Fifth Floor,
++ * Boston, MA 02110-1301 USA
++ */
++
++#include <string.h>
++#include <errno.h>
++#include <unistd.h>
++#define _GNU_SOURCE
++#include <getopt.h>
++
++#include <libxml/parser.h>
++#include <libxml/tree.h>
++
++#include <gconf/gconf-client.h>
++
++#include <gtk/gtk.h>
++
++#include "auth-dlg-settings.h"
++
++#include "openconnect.h"
++
++#include <openssl/ssl.h>
++#include <openssl/bio.h>
++#include <openssl/ui.h>
++
++static GConfClient *_gcl;
++static char *_config_path;
++
++static char *last_message;
++
++static char *lasthost;
++
++typedef struct vpnhost {
++ char *hostname;
++ char *hostaddress;
++ char *usergroup;
++ struct vpnhost *next;
++} vpnhost;
++
++vpnhost *vpnhosts;
++
++enum certificate_response{
++ CERT_DENIED = -1,
++ CERT_USER_NOT_READY,
++ CERT_ACCEPTED,
++};
++
++struct gconf_key {
++ char *key;
++ char *value;
++ struct gconf_key *next;
++};
++
++typedef struct auth_ui_data {
++ char *vpn_name;
++ struct openconnect_info *vpninfo;
++ struct gconf_key *success_keys;
++ GtkWidget *dialog;
++ GtkWidget *combo;
++ GtkWidget *connect_button;
++ GtkWidget *no_form_label;
++ GtkWidget *getting_form_label;
++ GtkWidget *ssl_box;
++ GtkWidget *cancel_button;
++ GtkWidget *login_button;
++ GtkTextBuffer *log;
++
++ int retval;
++ int cookie_retval;
++
++ gboolean cancelled; /* fully cancel the whole challenge-response series */
++ gboolean getting_cookie;
++
++ int form_grabbed;
++ GQueue *form_entries; /* modified from worker thread */
++ GMutex *form_mutex;
++
++ GCond *form_retval_changed;
++ gpointer form_retval;
++
++ GCond *form_shown_changed;
++ gboolean form_shown;
++
++ GCond *cert_response_changed;
++ enum certificate_response cert_response;
++} auth_ui_data;
++
++enum {
++ AUTH_DIALOG_RESPONSE_LOGIN = 1,
++ AUTH_DIALOG_RESPONSE_CANCEL,
++} auth_dialog_response;
++
++
++
++/* this is here because ssl ui (*opener) does not have a userdata pointer... */
++static auth_ui_data *_ui_data;
++
++static void connect_host(auth_ui_data *ui_data);
++
++static void container_child_remove(GtkWidget *widget, gpointer data)
++{
++ GtkContainer *container = GTK_CONTAINER(data);
++
++ gtk_container_remove(container, widget);
++}
++
++static void ssl_box_add_error(auth_ui_data *ui_data, const char *msg)
++{
++ GtkWidget *hbox, *text, *image;
++ int width;
++
++ hbox = gtk_hbox_new(FALSE, 8);
++ gtk_box_pack_start(GTK_BOX(ui_data->ssl_box), hbox, FALSE, FALSE, 0);
++
++ image = gtk_image_new_from_stock(GTK_STOCK_DIALOG_ERROR,
++ GTK_ICON_SIZE_DIALOG);
++ gtk_box_pack_start(GTK_BOX(hbox), image, FALSE, FALSE, 0);
++
++ text = gtk_label_new(msg);
++ gtk_label_set_line_wrap(GTK_LABEL(text), TRUE);
++ gtk_window_get_size(GTK_WINDOW(ui_data->dialog), &width, NULL);
++ /* FIXME: this is not very nice -- can't make the window thinner after this */
++ gtk_widget_set_size_request(text, width - 100, -1);
++ gtk_box_pack_start(GTK_BOX(hbox), text, FALSE, FALSE, 0);
++}
++
++static void ssl_box_add_info(auth_ui_data *ui_data, const char *msg)
++{
++ GtkWidget *text;
++ int width;
++
++ text = gtk_label_new(msg);
++ gtk_label_set_line_wrap(GTK_LABEL(text), TRUE);
++ gtk_window_get_size(GTK_WINDOW(ui_data->dialog), &width, NULL);
++ /* FIXME: this is not very nice -- can't make the window thinner after this */
++ gtk_widget_set_size_request(text, width - 40, -1);
++ gtk_box_pack_start(GTK_BOX(ui_data->ssl_box), text, FALSE, FALSE, 0);
++}
++
++static void ssl_box_clear(auth_ui_data *ui_data)
++{
++ gtk_widget_hide(ui_data->no_form_label);
++ gtk_widget_hide(ui_data->getting_form_label);
++ gtk_container_foreach(GTK_CONTAINER(ui_data->ssl_box),
++ container_child_remove, ui_data->ssl_box);
++ gtk_widget_set_sensitive (ui_data->login_button, FALSE);
++ gtk_widget_set_sensitive (ui_data->cancel_button, FALSE);
++}
++
++typedef struct ui_fragment_data {
++ GtkWidget *widget;
++ auth_ui_data *ui_data;
++ UI_STRING *uis;
++ struct oc_form_opt *opt;
++ char *entry_text;
++ int grab_focus;
++} ui_fragment_data;
++
++static void entry_activate_cb(GtkWidget *widget, auth_ui_data *ui_data)
++{
++ gtk_dialog_response(GTK_DIALOG(ui_data->dialog), AUTH_DIALOG_RESPONSE_LOGIN);
++}
++
++static void do_check_visibility(ui_fragment_data *data, gboolean *visible)
++{
++ int min_len;
++
++ if (!data->uis)
++ return;
++
++ min_len = UI_get_result_minsize(data->uis);
++
++ if (min_len && (!data->entry_text || strlen(data->entry_text) < min_len))
++ *visible = FALSE;
++}
++
++static void evaluate_login_visibility(auth_ui_data *ui_data)
++{
++ gboolean visible = TRUE;
++ g_queue_foreach(ui_data->form_entries, (GFunc)do_check_visibility,
++ &visible);
++
++ gtk_widget_set_sensitive (ui_data->login_button, visible);
++}
++
++static void entry_changed(GtkEntry *entry, ui_fragment_data *data)
++{
++ g_free (data->entry_text);
++ data->entry_text = g_strdup(gtk_entry_get_text(entry));
++ evaluate_login_visibility(data->ui_data);
++}
++
++static void do_override_label(ui_fragment_data *data, struct oc_choice *choice)
++{
++ const char *new_label = data->opt->label;
++
++ if (!data->widget)
++ return;
++
++ if (choice->override_name && !strcmp(choice->override_name, data->opt->name))
++ new_label = choice->override_label;
++
++ gtk_label_set_text(GTK_LABEL(data->widget), new_label);
++
++}
++static void combo_changed(GtkComboBox *combo, ui_fragment_data *data)
++{
++ struct oc_form_opt_select *sopt = (void *)data->opt;
++ int entry = gtk_combo_box_get_active(combo);
++ if (entry < 0)
++ return;
++
++ data->entry_text = sopt->choices[entry].name;
++
++ g_queue_foreach(data->ui_data->form_entries, (GFunc)do_override_label,
++ &sopt->choices[entry]);
++}
++
++static gboolean ui_write_error (ui_fragment_data *data)
++{
++ ssl_box_add_error(data->ui_data, UI_get0_output_string(data->uis));
++
++ g_slice_free (ui_fragment_data, data);
++
++ return FALSE;
++}
++
++static gboolean ui_write_info (ui_fragment_data *data)
++{
++ ssl_box_add_info(data->ui_data, UI_get0_output_string(data->uis));
++
++ g_slice_free (ui_fragment_data, data);
++
++ return FALSE;
++}
++
++static gboolean ui_write_prompt (ui_fragment_data *data)
++{
++ auth_ui_data *ui_data = _ui_data; /* FIXME global */
++ GtkWidget *hbox, *text, *entry;
++ int visible;
++ const char *label;
++
++ if (data->uis) {
++ label = UI_get0_output_string(data->uis);
++ visible = UI_get_input_flags(data->uis) & UI_INPUT_FLAG_ECHO;
++ } else {
++ label = data->opt->label;
++ visible = (data->opt->type == OC_FORM_OPT_TEXT);
++ }
++
++ hbox = gtk_hbox_new(FALSE, 0);
++ gtk_box_pack_start(GTK_BOX(data->ui_data->ssl_box), hbox, FALSE, FALSE, 0);
++
++ text = gtk_label_new(label);
++ gtk_box_pack_start(GTK_BOX(hbox), text, FALSE, FALSE, 0);
++ data->widget = text;
++
++ entry = gtk_entry_new();
++ gtk_box_pack_end(GTK_BOX(hbox), entry, FALSE, FALSE, 0);
++ if (!visible)
++ gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
++ if (data->entry_text)
++ gtk_entry_set_text(GTK_ENTRY(entry), data->entry_text);
++ if (!data->entry_text && !data->ui_data->form_grabbed) {
++ data->ui_data->form_grabbed = 1;
++ gtk_widget_grab_focus (entry);
++ }
++ g_signal_connect(G_OBJECT(entry), "changed", G_CALLBACK(entry_changed), data);
++ g_signal_connect(G_OBJECT(entry), "activate", G_CALLBACK(entry_activate_cb), ui_data);
++
++ /* data is freed in ui_flush in worker thread */
++
++ return FALSE;
++}
++
++static gboolean ui_add_select (ui_fragment_data *data)
++{
++ auth_ui_data *ui_data = _ui_data; /* FIXME global */
++ GtkWidget *hbox, *text, *combo;
++ struct oc_form_opt_select *sopt = (void *)data->opt;
++ int i;
++
++ hbox = gtk_hbox_new(FALSE, 0);
++ gtk_box_pack_start(GTK_BOX(data->ui_data->ssl_box), hbox, FALSE, FALSE, 0);
++
++ text = gtk_label_new(data->opt->label);
++ gtk_box_pack_start(GTK_BOX(hbox), text, FALSE, FALSE, 0);
++
++ combo = gtk_combo_box_new_text();
++ gtk_box_pack_end(GTK_BOX(hbox), combo, FALSE, FALSE, 0);
++ for (i = 0; i < sopt->nr_choices; i++) {
++ gtk_combo_box_append_text(GTK_COMBO_BOX(combo), sopt->choices[i].label);
++ if (data->entry_text &&
++ !strcmp(data->entry_text, sopt->choices[i].name)) {
++ gtk_combo_box_set_active(GTK_COMBO_BOX(combo), i);
++ g_free(data->entry_text);
++ data->entry_text = sopt->choices[i].name;
++ }
++ }
++ if (gtk_combo_box_get_active(GTK_COMBO_BOX(combo)) < 0) {
++ gtk_combo_box_set_active(GTK_COMBO_BOX(combo), 0);
++ data->entry_text = sopt->choices[0].name;
++ }
++
++ if (g_queue_peek_tail(ui_data->form_entries) == data)
++ gtk_widget_grab_focus (combo);
++ g_signal_connect(G_OBJECT(combo), "changed", G_CALLBACK(combo_changed), data);
++ /* Hook up the 'show' signal to ensure that we override prompts on
++ UI elements which may be coming later. */
++ g_signal_connect(G_OBJECT(combo), "show", G_CALLBACK(combo_changed), data);
++
++ /* data is freed in ui_flush in worker thread */
++
++ return FALSE;
++}
++
++static gboolean ui_show (auth_ui_data *ui_data)
++{
++ gtk_widget_hide (ui_data->getting_form_label);
++ gtk_widget_show_all (ui_data->ssl_box);
++ gtk_widget_set_sensitive (ui_data->cancel_button, TRUE);
++ g_mutex_lock (ui_data->form_mutex);
++ evaluate_login_visibility(ui_data);
++ ui_data->form_shown = TRUE;
++ g_cond_signal (ui_data->form_shown_changed);
++ g_mutex_unlock (ui_data->form_mutex);
++
++ return FALSE;
++}
++
++/* runs in worker thread */
++static int ui_open(UI *ui)
++{
++ auth_ui_data *ui_data = _ui_data; /* FIXME global */
++
++ UI_add_user_data(ui, ui_data);
++
++ return 1;
++}
++
++/* runs in worker thread */
++static int ui_write(UI *ui, UI_STRING *uis)
++{
++ auth_ui_data *ui_data;
++ ui_fragment_data *data;
++
++ ui_data = UI_get0_user_data(ui);
++
++ /* return if a new host has been selected */
++ if (ui_data->cancelled) {
++ return 1;
++ }
++
++ data = g_slice_new0 (ui_fragment_data);
++ data->ui_data = ui_data;
++ data->uis = uis;
++
++ switch(UI_get_string_type(uis)) {
++ case UIT_ERROR:
++ g_idle_add ((GSourceFunc)ui_write_error, data);
++ break;
++
++ case UIT_INFO:
++ g_idle_add ((GSourceFunc)ui_write_info, data);
++ break;
++
++ case UIT_PROMPT:
++ case UIT_VERIFY:
++ g_mutex_lock (ui_data->form_mutex);
++ g_queue_push_head(ui_data->form_entries, data);
++ g_mutex_unlock (ui_data->form_mutex);
++
++ g_idle_add ((GSourceFunc)ui_write_prompt, data);
++ break;
++
++ case UIT_BOOLEAN:
++ /* FIXME */
++ case UIT_NONE:
++ default:
++ g_slice_free (ui_fragment_data, data);
++ }
++ return 1;
++}
++
++/* runs in worker thread */
++static int ui_flush(UI* ui)
++{
++ auth_ui_data *ui_data;
++ int response;
++
++ ui_data = UI_get0_user_data(ui);
++
++ g_idle_add((GSourceFunc)ui_show, ui_data);
++ g_mutex_lock(ui_data->form_mutex);
++ /* wait for ui to show */
++ while (!ui_data->form_shown) {
++ g_cond_wait(ui_data->form_shown_changed, ui_data->form_mutex);
++ }
++ ui_data->form_shown = FALSE;
++
++ if (!ui_data->cancelled) {
++ /* wait for form submission or cancel */
++ while (!ui_data->form_retval) {
++ g_cond_wait(ui_data->form_retval_changed, ui_data->form_mutex);
++ }
++ response = GPOINTER_TO_INT (ui_data->form_retval);
++ ui_data->form_retval = NULL;
++ } else
++ response = AUTH_DIALOG_RESPONSE_CANCEL;
++
++ /* set entry results and free temporary data structures */
++ while (!g_queue_is_empty (ui_data->form_entries)) {
++ ui_fragment_data *data;
++ data = g_queue_pop_tail (ui_data->form_entries);
++ if (data->entry_text) {
++ UI_set_result(ui, data->uis, data->entry_text);
++ }
++ g_slice_free (ui_fragment_data, data);
++ }
++ ui_data->form_grabbed = 0;
++ g_mutex_unlock(ui_data->form_mutex);
++
++ /* -1 = cancel,
++ * 0 = failure,
++ * 1 = success */
++ return (response == AUTH_DIALOG_RESPONSE_LOGIN ? 1 : -1);
++}
++
++/* runs in worker thread */
++static int ui_close(UI *ui)
++{
++ return 1;
++}
++
++static int init_openssl_ui(void)
++{
++ UI_METHOD *ui_method = UI_create_method("OpenConnect VPN UI (gtk)");
++
++ UI_method_set_opener(ui_method, ui_open);
++ UI_method_set_flusher(ui_method, ui_flush);
++ UI_method_set_writer(ui_method, ui_write);
++ UI_method_set_closer(ui_method, ui_close);
++
++ UI_set_default_method(ui_method);
++ return 0;
++}
++
++static void remember_gconf_key(auth_ui_data *ui_data, char *key, char *value)
++{
++ struct gconf_key *k = g_malloc(sizeof(*k));
++
++ if (!k)
++ return;
++
++ k->next = ui_data->success_keys;
++ k->key = key;
++ k->value = value;
++
++ ui_data->success_keys = k;
++ while (k->next) {
++ if (!strcmp(k->next->key, key)) {
++ struct gconf_key *old = k->next;
++ k->next = old->next;
++ g_free(old->key);
++ g_free(old->value);
++ g_free(old);
++ break;
++ }
++ k = k->next;
++ }
++}
++
++static char *find_form_answer(struct oc_auth_form *form, struct oc_form_opt *opt)
++{
++ char *config_path = _config_path; /* FIXME global */
++ GConfClient *gcl = _gcl; /* FIXME global */
++ char *key, *result;
++ key = g_strdup_printf("%s/vpn/form:%s:%s", config_path,
++ form->auth_id, opt->name);
++ result = gconf_client_get_string(gcl, key, NULL);
++ g_free(key);
++ return result;
++}
++
++/* This part for processing forms from openconnect directly, rather than
++ through the SSL UI abstraction (which doesn't allow 'select' options) */
++
++static gboolean ui_form (struct oc_auth_form *form)
++{
++ auth_ui_data *ui_data = _ui_data; /* FIXME global */
++ struct oc_form_opt *opt;
++
++ ssl_box_clear(ui_data);
++
++ g_mutex_lock(ui_data->form_mutex);
++ while (!g_queue_is_empty (ui_data->form_entries)) {
++ ui_fragment_data *data;
++ data = g_queue_pop_tail (ui_data->form_entries);
++ g_slice_free (ui_fragment_data, data);
++ }
++ g_mutex_unlock(ui_data->form_mutex);
++
++ if (form->banner)
++ ssl_box_add_info(ui_data, form->banner);
++ if (form->error)
++ ssl_box_add_error(ui_data, form->error);
++ if (form->message)
++ ssl_box_add_info(ui_data, form->message);
++
++ for (opt = form->opts; opt; opt = opt->next) {
++ ui_fragment_data *data;
++
++ if (opt->type == OC_FORM_OPT_HIDDEN)
++ continue;
++
++ data = g_slice_new0 (ui_fragment_data);
++ data->ui_data = ui_data;
++ data->opt = opt;
++
++ if (opt->type == OC_FORM_OPT_PASSWORD ||
++ opt->type == OC_FORM_OPT_TEXT) {
++ g_mutex_lock (ui_data->form_mutex);
++ g_queue_push_head(ui_data->form_entries, data);
++ g_mutex_unlock (ui_data->form_mutex);
++ if (opt->type != OC_FORM_OPT_PASSWORD)
++ data->entry_text = find_form_answer(form, opt);
++
++ ui_write_prompt(data);
++ } else if (opt->type == OC_FORM_OPT_SELECT) {
++ g_mutex_lock (ui_data->form_mutex);
++ g_queue_push_head(ui_data->form_entries, data);
++ g_mutex_unlock (ui_data->form_mutex);
++ data->entry_text = find_form_answer(form, opt);
++
++ ui_add_select(data);
++ } else
++ g_slice_free (ui_fragment_data, data);
++ }
++
++ return ui_show(ui_data);
++}
++
++static int nm_process_auth_form (struct openconnect_info *vpninfo,
++ struct oc_auth_form *form)
++{
++ auth_ui_data *ui_data = _ui_data; /* FIXME global */
++ int response;
++
++ g_idle_add((GSourceFunc)ui_form, form);
++
++ g_mutex_lock(ui_data->form_mutex);
++ /* wait for ui to show */
++ while (!ui_data->form_shown) {
++ g_cond_wait(ui_data->form_shown_changed, ui_data->form_mutex);
++ }
++ ui_data->form_shown = FALSE;
++
++ if (!ui_data->cancelled) {
++ /* wait for form submission or cancel */
++ while (!ui_data->form_retval) {
++ g_cond_wait(ui_data->form_retval_changed, ui_data->form_mutex);
++ }
++ response = GPOINTER_TO_INT (ui_data->form_retval);
++ ui_data->form_retval = NULL;
++ } else
++ response = AUTH_DIALOG_RESPONSE_CANCEL;
++
++ if (response == AUTH_DIALOG_RESPONSE_LOGIN) {
++ /* set entry results and free temporary data structures */
++ while (!g_queue_is_empty (ui_data->form_entries)) {
++ ui_fragment_data *data;
++ data = g_queue_pop_tail (ui_data->form_entries);
++ if (data->entry_text) {
++ data->opt->value = data->entry_text;
++
++ if (data->opt->type == OC_FORM_OPT_TEXT ||
++ data->opt->type == OC_FORM_OPT_SELECT) {
++ char *keyname;
++ keyname = g_strdup_printf("form:%s:%s", form->auth_id, data->opt->name);
++ remember_gconf_key(ui_data, keyname, strdup(data->entry_text));
++ }
++ }
++ g_slice_free (ui_fragment_data, data);
++ }
++ }
++
++
++ g_mutex_unlock(ui_data->form_mutex);
++
++ /* -1 = cancel,
++ * 0 = failure,
++ * 1 = success */
++ return (response == AUTH_DIALOG_RESPONSE_LOGIN ? 0 : 1);
++
++}
++
++static char* get_title(const char *vpn_name)
++{
++ if (vpn_name)
++ return g_strdup_printf("Connect to VPN '%s'", vpn_name);
++ else
++ return g_strdup("Connect to VPN");
++}
++
++typedef struct cert_data {
++ auth_ui_data *ui_data;
++ X509 *peer_cert;
++ const char *reason;
++} cert_data;
++
++
++static gboolean user_validate_cert(cert_data *data)
++{
++ auth_ui_data *ui_data = _ui_data; /* FIXME global */
++ BIO *bp = BIO_new(BIO_s_mem());
++ char *msg, *title;
++ BUF_MEM *certinfo;
++ char zero = 0;
++ GtkWidget *dlg, *text, *scroll;
++ GtkTextBuffer *buffer;
++ int result;
++
++ /* There are probably better ways to do this -- getting individual
++ elements of the cert info and formatting it nicely in the dialog
++ box. But this will do for now... */
++ X509_print_ex(bp, data->peer_cert, 0, 0);
++ BIO_write(bp, &zero, 1);
++ BIO_get_mem_ptr(bp, &certinfo);
++
++ title = get_title(data->ui_data->vpn_name);
++ msg = g_strdup_printf("Certificate from VPN server \"%s\" failed verification.\n"
++ "Reason: %s\nDo you want to accept it?",
++ openconnect_get_hostname(data->ui_data->vpninfo),
++ data->reason);
++
++ dlg = gtk_message_dialog_new(NULL, 0, GTK_MESSAGE_QUESTION,
++ GTK_BUTTONS_OK_CANCEL,
++ msg);
++ gtk_window_set_skip_taskbar_hint(GTK_WINDOW(dlg), FALSE);
++ gtk_window_set_skip_pager_hint(GTK_WINDOW(dlg), FALSE);
++ gtk_window_set_title(GTK_WINDOW(dlg), title);
++ gtk_window_set_default_size(GTK_WINDOW(dlg), 550, 600);
++ gtk_window_set_resizable(GTK_WINDOW(dlg), TRUE);
++ gtk_dialog_set_default_response(GTK_DIALOG(dlg), GTK_RESPONSE_CANCEL);
++
++ g_free(title);
++ g_free(msg);
++
++ scroll = gtk_scrolled_window_new(NULL, NULL);
++ gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dlg)->vbox), scroll, TRUE, TRUE, 0);
++ gtk_widget_show(scroll);
++
++ text = gtk_text_view_new();
++ buffer = gtk_text_view_get_buffer(GTK_TEXT_VIEW(text));
++ gtk_text_buffer_set_text(buffer, certinfo->data, -1);
++ gtk_text_view_set_editable(GTK_TEXT_VIEW(text), 0);
++ gtk_text_view_set_cursor_visible(GTK_TEXT_VIEW(text), FALSE);
++ gtk_container_add(GTK_CONTAINER(scroll), text);
++ gtk_widget_show(text);
++
++ result = gtk_dialog_run(GTK_DIALOG(dlg));
++
++ BIO_free(bp);
++ gtk_widget_destroy(dlg);
++
++ g_mutex_lock (ui_data->form_mutex);
++ if (result == GTK_RESPONSE_OK)
++ data->ui_data->cert_response = CERT_ACCEPTED;
++ else
++ data->ui_data->cert_response = CERT_DENIED;
++ g_cond_signal (ui_data->cert_response_changed);
++ g_mutex_unlock (ui_data->form_mutex);
++
++ return FALSE;
++}
++
++/* runs in worker thread */
++static int validate_peer_cert(struct openconnect_info *vpninfo,
++ X509 *peer_cert, const char *reason)
++{
++ char *config_path = _config_path; /* FIXME global */
++ GConfClient *gcl = _gcl; /* FIXME global */
++ auth_ui_data *ui_data = _ui_data; /* FIXME global */
++ char fingerprint[EVP_MAX_MD_SIZE * 2 + 1];
++ char *certs_data;
++ char *key;
++ int ret = 0;
++ cert_data *data;
++
++ ret = openconnect_get_cert_sha1(vpninfo, peer_cert, fingerprint);
++ if (ret)
++ return ret;
++
++ key = g_strdup_printf("%s/vpn/%s", config_path, "certsigs");
++ certs_data = gconf_client_get_string(gcl, key, NULL);
++ if (certs_data) {
++ char **certs = g_strsplit_set(certs_data, "\t", 0);
++ char **this = certs;
++
++ while (*this) {
++ if (!strcmp(*this, fingerprint)) {
++ g_strfreev(certs);
++ goto out;
++ }
++ this++;
++ }
++ g_strfreev(certs);
++ }
++
++ data = g_slice_new(cert_data);
++ data->ui_data = ui_data; /* FIXME uses global */
++ data->peer_cert = peer_cert;
++ data->reason = reason;
++
++ g_mutex_lock(ui_data->form_mutex);
++
++ ui_data->cert_response = CERT_USER_NOT_READY;
++ g_idle_add((GSourceFunc)user_validate_cert, data);
++
++ /* wait for user to accept or cancel */
++ while (ui_data->cert_response == CERT_USER_NOT_READY) {
++ g_cond_wait(ui_data->cert_response_changed, ui_data->form_mutex);
++ }
++ if (ui_data->cert_response == CERT_ACCEPTED) {
++ if (certs_data) {
++ char *new = g_strdup_printf("%s\t%s", certs_data, fingerprint);
++ gconf_client_set_string(gcl, key, new, NULL);
++ g_free(new);
++ } else {
++ gconf_client_set_string(gcl, key, fingerprint, NULL);
++ }
++ ret = 0;
++ } else {
++ ret = -EINVAL;
++ }
++ g_mutex_unlock (ui_data->form_mutex);
++
++ g_slice_free(cert_data, data);
++
++ out:
++ g_free(certs_data);
++ g_free(key);
++ return ret;
++}
++
++static char *get_config_path(GConfClient *gcl, const char *vpn_uuid)
++{
++ GSList *connections, *this;
++ char *key, *val;
++ char *config_path = NULL;
++
++ connections = gconf_client_all_dirs(gcl,
++ "/system/networking/connections",
++ NULL);
++
++ for (this = connections; this; this = this->next) {
++ const char *path = (const char *) this->data;
++
++ key = g_strdup_printf("%s/connection/type", path);
++ val = gconf_client_get_string(gcl, key, NULL);
++ g_free(key);
++
++ if (!val || strcmp(val, "vpn")) {
++ g_free(val);
++ continue;
++ }
++ g_free(val);
++
++ key = g_strdup_printf("%s/connection/uuid", path);
++ val = gconf_client_get_string(gcl, key, NULL);
++ g_free(key);
++
++ if (!val || strcmp(val, vpn_uuid)) {
++ g_free(val);
++ continue;
++ }
++ g_free(val);
++
++ config_path = g_strdup(path);
++ break;
++ }
++ g_slist_foreach(connections, (GFunc)g_free, NULL);
++ g_slist_free(connections);
++
++ return config_path;
++}
++
++static char *get_gconf_setting(GConfClient *gcl, char *config_path,
++ char *setting)
++{
++ char *result;
++ char *key = g_strdup_printf("%s/vpn/%s", config_path, setting);
++ result = gconf_client_get_string(gcl, key, NULL);
++ g_free(key);
++ return result;
++}
++
++static int get_gconf_autoconnect(GConfClient *gcl, char *config_path)
++{
++ char *autoconnect = get_gconf_setting(gcl, config_path, "autoconnect");
++ int ret = 0;
++
++ if (autoconnect) {
++ if (!strcmp(autoconnect, "yes"))
++ ret = 1;
++ g_free(autoconnect);
++ }
++ return ret;
++}
++
++static int parse_xmlconfig(char *xmlconfig)
++{
++ xmlDocPtr xml_doc;
++ xmlNode *xml_node, *xml_node2;
++ struct vpnhost *newhost, **list_end;
++
++ list_end = &vpnhosts->next;
++ /* gateway may be there already */
++ while (*list_end) {
++ list_end = &(*list_end)->next;
++ }
++
++ xml_doc = xmlReadMemory(xmlconfig, strlen(xmlconfig), "noname.xml", NULL, 0);
++
++ xml_node = xmlDocGetRootElement(xml_doc);
++ for (xml_node = xml_node->children; xml_node; xml_node = xml_node->next) {
++ if (xml_node->type == XML_ELEMENT_NODE &&
++ !strcmp((char *)xml_node->name, "ServerList")) {
++
++ for (xml_node = xml_node->children; xml_node;
++ xml_node = xml_node->next) {
++
++ if (xml_node->type == XML_ELEMENT_NODE &&
++ !strcmp((char *)xml_node->name, "HostEntry")) {
++ int match = 0;
++
++ newhost = malloc(sizeof(*newhost));
++ if (!newhost)
++ return -ENOMEM;
++
++ memset(newhost, 0, sizeof(*newhost));
++ for (xml_node2 = xml_node->children;
++ match >= 0 && xml_node2; xml_node2 = xml_node2->next) {
++
++ if (xml_node2->type != XML_ELEMENT_NODE)
++ continue;
++
++ if (!strcmp((char *)xml_node2->name, "HostName")) {
++ char *content = (char *)xmlNodeGetContent(xml_node2);
++ newhost->hostname = content;
++ } else if (!strcmp((char *)xml_node2->name, "HostAddress")) {
++ char *content = (char *)xmlNodeGetContent(xml_node2);
++ newhost->hostaddress = content;
++ } else if (!strcmp((char *)xml_node2->name, "UserGroup")) {
++ char *content = (char *)xmlNodeGetContent(xml_node2);
++ newhost->usergroup = content;
++ }
++ }
++ if (newhost->hostname && newhost->hostaddress) {
++ *list_end = newhost;
++ list_end = &newhost->next;
++
++ if (!strcasecmp(newhost->hostaddress, vpnhosts->hostaddress) &&
++ !strcasecmp(newhost->usergroup ?: "", vpnhosts->usergroup ?: "")) {
++ /* Remove originally configured host if it's in the list */
++ struct vpnhost *tmp = vpnhosts->next;
++ free(vpnhosts);
++ vpnhosts = tmp;
++ }
++
++ } else
++ free(newhost);
++ }
++ }
++ break;
++ }
++ }
++ xmlFreeDoc(xml_doc);
++ return 0;
++}
++
++static int get_config(char *vpn_uuid, struct openconnect_info *vpninfo)
++{
++ GConfClient *gcl;
++ char *config_path;
++ char *proxy;
++ char *xmlconfig;
++ char *hostname;
++ char *group;
++ char *csd;
++ char *sslkey, *cert;
++ char *csd_wrapper;
++ char *pem_passphrase_fsid;
++
++ _gcl = gcl = gconf_client_get_default();
++ _config_path = config_path = get_config_path(gcl, vpn_uuid);
++
++ if (!config_path)
++ return -EINVAL;
++
++ hostname = get_gconf_setting(gcl, config_path,
++ NM_OPENCONNECT_KEY_GATEWAY);
++ if (!hostname) {
++ fprintf(stderr, "No gateway configured\n");
++ return -EINVAL;
++ }
++
++ /* add gateway to host list */
++ vpnhosts = malloc(sizeof(*vpnhosts));
++ if (!vpnhosts)
++ return -ENOMEM;
++ vpnhosts->hostname = g_strdup(hostname);
++ group = strchr(hostname, '/');
++ if (group) {
++ *(group++) = 0;
++ vpnhosts->usergroup = g_strdup(group);
++ } else
++ vpnhosts->usergroup = NULL;
++ vpnhosts->hostaddress = hostname;
++ vpnhosts->next = NULL;
++
++if (0) {
++/* DEBUG add another copy of gateway to host list */
++ vpnhost *tmphost;
++ tmphost = malloc(sizeof(tmphost));
++ if (!tmphost)
++ return -ENOMEM;
++ tmphost->hostname = g_strdup("VPN Gateway 2");
++ tmphost->hostaddress = hostname;
++ tmphost->usergroup = NULL;
++ tmphost->next = NULL;
++ vpnhosts->next = tmphost;
++}
++ lasthost = get_gconf_setting(gcl, config_path, "lasthost");
++
++ xmlconfig = get_gconf_setting(gcl, config_path, NM_OPENCONNECT_KEY_XMLCONFIG);
++ if (xmlconfig) {
++ unsigned char sha1[SHA_DIGEST_LENGTH];
++ char sha1_text[SHA_DIGEST_LENGTH * 2];
++ EVP_MD_CTX c;
++ int i;
++
++ EVP_MD_CTX_init(&c);
++ EVP_Digest(xmlconfig, strlen(xmlconfig), sha1, NULL, EVP_sha1(), NULL);
++ EVP_MD_CTX_cleanup(&c);
++
++ for (i = 0; i < SHA_DIGEST_LENGTH; i++)
++ sprintf(&sha1_text[i*2], "%02x", sha1[i]);
++
++ openconnect_set_xmlsha1(vpninfo, sha1_text, sizeof(sha1_text));
++ parse_xmlconfig(xmlconfig);
++ g_free(xmlconfig);
++ }
++
++ openconnect_set_cafile(vpninfo,
++ get_gconf_setting(gcl, config_path, NM_OPENCONNECT_KEY_CACERT));
++
++ csd = get_gconf_setting(gcl, config_path, "enable_csd_trojan");
++ if (csd && !strcmp(csd, "yes")) {
++ /* We're not running as root; we can't setuid(). */
++ csd_wrapper = get_gconf_setting(gcl, config_path, "csd_wrapper");
++ if (csd_wrapper && !csd_wrapper[0]) {
++ g_free(csd_wrapper);
++ csd_wrapper = NULL;
++ }
++ openconnect_setup_csd(vpninfo, getuid(), 1, csd_wrapper);
++ }
++ g_free(csd);
++
++ proxy = get_gconf_setting(gcl, config_path, "proxy");
++ if (proxy && proxy[0] && openconnect_set_http_proxy(vpninfo, proxy))
++ return -EINVAL;
++
++ cert = get_gconf_setting(gcl, config_path, NM_OPENCONNECT_KEY_USERCERT);
++ sslkey = get_gconf_setting(gcl, config_path, NM_OPENCONNECT_KEY_PRIVKEY);
++ openconnect_set_client_cert (vpninfo, cert, sslkey);
++
++ pem_passphrase_fsid = get_gconf_setting(gcl, config_path, "pem_passphrase_fsid");
++ if (pem_passphrase_fsid && cert && !strcmp(pem_passphrase_fsid, "yes"))
++ openconnect_passphrase_from_fsid(vpninfo);
++ g_free(pem_passphrase_fsid);
++
++ return 0;
++}
++
++static void populate_vpnhost_combo(auth_ui_data *ui_data)
++{
++ struct vpnhost *host;
++ int i = 0;
++ GtkComboBox *combo = GTK_COMBO_BOX(ui_data->combo);
++
++ for (host = vpnhosts; host; host = host->next) {
++ gtk_combo_box_append_text(combo, host->hostname);
++
++ if (i == 0 ||
++ (lasthost && !strcmp(host->hostname, lasthost)))
++ gtk_combo_box_set_active(combo, i);
++ i++;
++
++ }
++}
++
++static int write_new_config(struct openconnect_info *vpninfo, char *buf, int buflen)
++{
++ char *config_path = _config_path; /* FIXME global */
++ GConfClient *gcl = _gcl; /* FIXME global */
++ char *key = g_strdup_printf("%s/vpn/%s", config_path,
++ NM_OPENCONNECT_KEY_XMLCONFIG);
++ gconf_client_set_string(gcl, key, buf, NULL);
++ return 0;
++}
++
++static void autocon_toggled(GtkWidget *widget)
++{
++ char *config_path = _config_path; /* FIXME global */
++ GConfClient *gcl = _gcl; /* FIXME global */
++ int enabled = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(widget));
++ char *key = g_strdup_printf("%s/vpn/autoconnect", config_path);
++
++ gconf_client_set_string(gcl, key, enabled ? "yes" : "no", NULL);
++}
++
++static void scroll_log(GtkTextBuffer *log, GtkTextView *view)
++{
++ GtkTextMark *mark;
++
++ g_return_if_fail(GTK_IS_TEXT_VIEW(view));
++
++ mark = gtk_text_buffer_get_insert(log);
++ gtk_text_view_scroll_to_mark(view, mark, 0.0, FALSE, 0.0, 0.0);
++}
++
++/* NOTE: write_progress_real() will free the given string */
++static gboolean write_progress_real(char *message)
++{
++ auth_ui_data *ui_data = _ui_data; /* FIXME global */
++ GtkTextIter iter;
++
++ g_return_val_if_fail(message, FALSE);
++
++ gtk_text_buffer_get_end_iter(ui_data->log, &iter);
++ gtk_text_buffer_insert(ui_data->log, &iter, message, -1);
++
++ g_free(message);
++
++ return FALSE;
++}
++
++/* runs in worker thread */
++static void write_progress(struct openconnect_info *info, int level, const char *fmt, ...)
++{
++ va_list args;
++ char *msg;
++
++ if (last_message) {
++ g_free(last_message);
++ last_message = NULL;
++ }
++
++ va_start(args, fmt);
++ msg = g_strdup_vprintf(fmt, args);
++ va_end(args);
++
++ if (level <= PRG_DEBUG) {
++ g_idle_add((GSourceFunc)write_progress_real, g_strdup(msg));
++ }
++
++ if (level <= PRG_ERR) {
++ last_message = msg;
++ return;
++ }
++ g_free(msg);
++}
++
++static void print_peer_cert(struct openconnect_info *vpninfo)
++{
++ char fingerprint[EVP_MAX_MD_SIZE * 2 + 1];
++ X509 *cert = openconnect_get_peer_cert(vpninfo);
++
++ if (cert && !openconnect_get_cert_sha1(vpninfo, cert, fingerprint))
++ printf("gwcert\n%s\n", fingerprint);
++}
++
++static gboolean cookie_obtained(auth_ui_data *ui_data)
++{
++ ui_data->getting_cookie = FALSE;
++ gtk_widget_hide (ui_data->getting_form_label);
++
++ if (ui_data->cancelled) {
++ /* user has chosen a new host, start from beginning */
++ while (ui_data->success_keys) {
++ struct gconf_key *k = ui_data->success_keys;
++
++ ui_data->success_keys = k->next;
++ g_free(k->key);
++ g_free(k->value);
++ g_free(k);
++ }
++ connect_host(ui_data);
++ return FALSE;
++ }
++
++ if (ui_data->cookie_retval < 0) {
++ /* error while getting cookie */
++ if (last_message) {
++ ssl_box_add_error(ui_data, last_message);
++ gtk_widget_show_all(ui_data->ssl_box);
++ gtk_widget_set_sensitive(ui_data->cancel_button, TRUE);
++ }
++ ui_data->retval = 1;
++ } else if (!ui_data->cookie_retval) {
++ /* got cookie */
++ while (ui_data->success_keys) {
++ char *config_path = _config_path; /* FIXME global */
++ GConfClient *gcl = _gcl; /* FIXME global */
++ struct gconf_key *k = ui_data->success_keys;
++ char *key = g_strdup_printf("%s/vpn/%s", config_path, k->key);
++
++ gconf_client_set_string(gcl, key, k->value, NULL);
++ g_free(key);
++
++ ui_data->success_keys = k->next;
++ g_free(k->key);
++ g_free(k->value);
++ g_free(k);
++ }
++
++ printf("%s\n%s:%d\n", NM_OPENCONNECT_KEY_GATEWAY,
++ openconnect_get_hostname(ui_data->vpninfo),
++ openconnect_get_port(ui_data->vpninfo));
++ printf("%s\n%s\n", NM_OPENCONNECT_KEY_COOKIE,
++ openconnect_get_cookie(ui_data->vpninfo));
++ print_peer_cert(ui_data->vpninfo);
++ openconnect_clear_cookie(ui_data->vpninfo);
++ printf("\n\n");
++ fflush(stdout);
++ ui_data->retval = 0;
++
++ gtk_main_quit();
++ } else {
++ /* no cookie; user cancellation */
++ gtk_widget_show (ui_data->no_form_label);
++ ui_data->retval = 1;
++ }
++
++ while (ui_data->success_keys) {
++ struct gconf_key *k = ui_data->success_keys;
++
++ ui_data->success_keys = k->next;
++ g_free(k->key);
++ g_free(k->value);
++ g_free(k);
++ }
++
++ return FALSE;
++}
++
++static gpointer obtain_cookie (auth_ui_data *ui_data)
++{
++ int ret;
++
++ ret = openconnect_obtain_cookie(ui_data->vpninfo);
++
++ ui_data->cookie_retval = ret;
++ g_idle_add ((GSourceFunc)cookie_obtained, ui_data);
++
++ return NULL;
++}
++
++static void connect_host(auth_ui_data *ui_data)
++{
++ GThread *thread;
++ vpnhost *host;
++ int i;
++ int host_nr;
++
++ ui_data->cancelled = FALSE;
++ ui_data->getting_cookie = TRUE;
++
++ g_mutex_lock (ui_data->form_mutex);
++ ui_data->form_retval = NULL;
++ g_mutex_unlock (ui_data->form_mutex);
++
++ ssl_box_clear(ui_data);
++ gtk_widget_show(ui_data->getting_form_label);
++
++ /* reset ssl context.
++ * TODO: this is probably not the way to go... */
++ openconnect_reset_ssl(ui_data->vpninfo);
++
++ host_nr = gtk_combo_box_get_active(GTK_COMBO_BOX(ui_data->combo));
++ host = vpnhosts;
++ for (i = 0; i < host_nr; i++)
++ host = host->next;
++
++ if (openconnect_parse_url(ui_data->vpninfo, host->hostaddress)) {
++ fprintf(stderr, "Failed to parse server URL '%s'\n",
++ host->hostaddress);
++ openconnect_set_hostname (ui_data->vpninfo, g_strdup(host->hostaddress));
++ }
++
++ if (!openconnect_get_urlpath(ui_data->vpninfo) && host->usergroup)
++ openconnect_set_urlpath(ui_data->vpninfo, g_strdup(host->usergroup));
++
++ remember_gconf_key(ui_data, g_strdup("lasthost"), g_strdup(host->hostname));
++
++ thread = g_thread_create((GThreadFunc)obtain_cookie, ui_data,
++ FALSE, NULL);
++ (void)thread;
++}
++
++
++static void queue_connect_host(auth_ui_data *ui_data)
++{
++ ssl_box_clear(ui_data);
++ gtk_widget_show(ui_data->getting_form_label);
++ gtk_widget_hide(ui_data->no_form_label);
++
++ if (!ui_data->getting_cookie) {
++ connect_host(ui_data);
++ } else if (!ui_data->cancelled) {
++ /* set state to cancelled. Current challenge-response-
++ * conversation will not be shown to user, and cookie_obtained()
++ * will start a new one conversation */
++ ui_data->cancelled = TRUE;
++ gtk_dialog_response(GTK_DIALOG(ui_data->dialog), AUTH_DIALOG_RESPONSE_CANCEL);
++ }
++}
++
++static void dialog_response (GtkDialog *dialog, int response, auth_ui_data *ui_data)
++{
++ switch (response) {
++ case AUTH_DIALOG_RESPONSE_CANCEL:
++ case AUTH_DIALOG_RESPONSE_LOGIN:
++ ssl_box_clear(ui_data);
++ if (ui_data->getting_cookie)
++ gtk_widget_show (ui_data->getting_form_label);
++ g_mutex_lock (ui_data->form_mutex);
++ ui_data->form_retval = GINT_TO_POINTER(response);
++ g_cond_signal (ui_data->form_retval_changed);
++ g_mutex_unlock (ui_data->form_mutex);
++ break;
++ case GTK_RESPONSE_CLOSE:
++ gtk_main_quit();
++ break;
++ default:
++ ;
++ }
++}
++
++static void cancel_clicked (GtkButton *btn, auth_ui_data *ui_data)
++{
++ gtk_dialog_response (GTK_DIALOG(ui_data->dialog), AUTH_DIALOG_RESPONSE_CANCEL);
++}
++
++static void login_clicked (GtkButton *btn, auth_ui_data *ui_data)
++{
++ gtk_dialog_response (GTK_DIALOG(ui_data->dialog), AUTH_DIALOG_RESPONSE_LOGIN);
++}
++
++static void build_main_dialog(auth_ui_data *ui_data)
++{
++ char *config_path = _config_path; /* FIXME global */
++ GConfClient *gcl = _gcl; /* FIXME global */
++ char *title;
++ GtkWidget *vbox, *hbox, *label, *frame, *image, *frame_box;
++ GtkWidget *exp, *scrolled, *view, *autocon;
++
++ gtk_window_set_default_icon_name(GTK_STOCK_DIALOG_AUTHENTICATION);
++
++ title = get_title(ui_data->vpn_name);
++ ui_data->dialog = gtk_dialog_new_with_buttons(title, NULL, GTK_DIALOG_MODAL,
++ GTK_STOCK_CLOSE, GTK_RESPONSE_CLOSE,
++ NULL);
++ g_signal_connect (ui_data->dialog, "response", G_CALLBACK(dialog_response), ui_data);
++ gtk_window_set_default_size(GTK_WINDOW(ui_data->dialog), 350, 300);
++ g_signal_connect_swapped(ui_data->dialog, "destroy",
++ G_CALLBACK(gtk_main_quit), NULL);
++ g_free(title);
++
++ vbox = gtk_vbox_new(FALSE, 8);
++ gtk_box_pack_start(GTK_BOX(GTK_DIALOG(ui_data->dialog)->vbox), vbox, TRUE, TRUE, 0);
++ gtk_container_set_border_width(GTK_CONTAINER(vbox), 8);
++ gtk_widget_show(vbox);
++
++ hbox = gtk_hbox_new(FALSE, 4);
++ gtk_box_pack_start(GTK_BOX(vbox), hbox, FALSE, FALSE, 0);
++ gtk_widget_show(hbox);
++
++ label = gtk_label_new("VPN host");
++ gtk_box_pack_start(GTK_BOX(hbox), label, FALSE, FALSE, 0);
++ gtk_widget_show(label);
++
++ ui_data->combo = gtk_combo_box_new_text();
++ populate_vpnhost_combo(ui_data);
++ gtk_box_pack_start(GTK_BOX(hbox), ui_data->combo, TRUE, TRUE, 0);
++ g_signal_connect_swapped(ui_data->combo, "changed",
++ G_CALLBACK(queue_connect_host), ui_data);
++ gtk_widget_show(ui_data->combo);
++
++ ui_data->connect_button = gtk_button_new();
++ gtk_box_pack_end(GTK_BOX(hbox), ui_data->connect_button, FALSE, FALSE, 0);
++ image = gtk_image_new_from_stock(GTK_STOCK_CONNECT, GTK_ICON_SIZE_BUTTON);
++ gtk_button_set_image (GTK_BUTTON(ui_data->connect_button), image);
++ gtk_widget_grab_focus(ui_data->connect_button);
++ g_signal_connect_swapped(ui_data->connect_button, "clicked",
++ G_CALLBACK(queue_connect_host), ui_data);
++ gtk_widget_show(ui_data->connect_button);
++
++ autocon = gtk_check_button_new_with_label("Automatically start connecting next time");
++ gtk_box_pack_start(GTK_BOX(vbox), autocon, FALSE, FALSE, 0);
++ if (get_gconf_autoconnect(gcl, config_path))
++ gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(autocon), 1);
++ g_signal_connect(autocon, "toggled", G_CALLBACK(autocon_toggled), NULL);
++ gtk_widget_show(autocon);
++
++ frame = gtk_frame_new(NULL);
++ gtk_box_pack_start(GTK_BOX(vbox), frame, TRUE, TRUE, 0);
++ gtk_widget_set_size_request(frame, -1, -1);
++ gtk_widget_show(frame);
++
++ frame_box = gtk_vbox_new(FALSE, 4);
++ gtk_container_set_border_width(GTK_CONTAINER(frame_box), 8);
++ gtk_container_add(GTK_CONTAINER(frame), frame_box);
++ gtk_widget_show(frame_box);
++
++ ui_data->no_form_label = gtk_label_new("Select a host to fetch the login form");
++ gtk_widget_set_sensitive(ui_data->no_form_label, FALSE);
++ gtk_box_pack_start(GTK_BOX(frame_box), ui_data->no_form_label, FALSE, FALSE, 0);
++ gtk_widget_show(ui_data->no_form_label);
++
++ ui_data->getting_form_label = gtk_label_new("Contacting host, please wait...");
++ gtk_widget_set_sensitive(ui_data->getting_form_label, FALSE);
++ gtk_box_pack_start(GTK_BOX(frame_box), ui_data->getting_form_label, FALSE, FALSE, 0);
++
++ ui_data->ssl_box = gtk_vbox_new(FALSE, 4);
++ gtk_box_pack_start(GTK_BOX(frame_box), ui_data->ssl_box, FALSE, FALSE, 0);
++ gtk_widget_show(ui_data->ssl_box);
++
++ hbox = gtk_hbox_new (FALSE, 6);
++ gtk_box_pack_end(GTK_BOX(frame_box), hbox, FALSE, FALSE, 0);
++ gtk_widget_show(hbox);
++
++ ui_data->login_button = gtk_button_new_with_mnemonic("_Login");
++ image = gtk_image_new_from_stock(GTK_STOCK_APPLY, GTK_ICON_SIZE_BUTTON);
++ gtk_button_set_image (GTK_BUTTON(ui_data->login_button), image);
++ gtk_box_pack_end(GTK_BOX(hbox), ui_data->login_button, FALSE, FALSE, 0);
++ g_signal_connect (ui_data->login_button, "clicked", G_CALLBACK(login_clicked), ui_data);
++ gtk_widget_set_sensitive (ui_data->login_button, FALSE);
++ gtk_widget_show(ui_data->login_button);
++
++ ui_data->cancel_button = gtk_button_new_from_stock (GTK_STOCK_CANCEL);
++ gtk_box_pack_end(GTK_BOX(hbox), ui_data->cancel_button, FALSE, FALSE, 0);
++ g_signal_connect (ui_data->cancel_button, "clicked", G_CALLBACK(cancel_clicked), ui_data);
++ gtk_widget_set_sensitive (ui_data->cancel_button, FALSE);
++ gtk_widget_show(ui_data->cancel_button);
++
++ exp = gtk_expander_new("Log");
++ gtk_box_pack_end(GTK_BOX(vbox), exp, FALSE, FALSE, 0);
++ gtk_widget_show(exp);
++
++ scrolled = gtk_scrolled_window_new(NULL, NULL);
++ gtk_scrolled_window_set_policy(GTK_SCROLLED_WINDOW(scrolled),
++ GTK_POLICY_NEVER, GTK_POLICY_AUTOMATIC);
++ gtk_widget_set_size_request(scrolled, -1, 75);
++ gtk_container_add(GTK_CONTAINER(exp), scrolled);
++ gtk_widget_show(scrolled);
++
++ view = gtk_text_view_new();
++ gtk_text_view_set_editable(GTK_TEXT_VIEW(view), FALSE);
++ gtk_text_view_set_cursor_visible(GTK_TEXT_VIEW(view), FALSE);
++ gtk_text_view_set_wrap_mode(GTK_TEXT_VIEW(view), GTK_WRAP_WORD_CHAR);
++ gtk_text_view_set_left_margin(GTK_TEXT_VIEW(view), 5);
++ gtk_text_view_set_right_margin(GTK_TEXT_VIEW(view), 5);
++ gtk_text_view_set_indent(GTK_TEXT_VIEW(view), -10);
++ gtk_container_add(GTK_CONTAINER(scrolled), view);
++ gtk_widget_show(view);
++
++ ui_data->log = gtk_text_view_get_buffer(GTK_TEXT_VIEW(view));
++ g_signal_connect(ui_data->log, "changed", G_CALLBACK(scroll_log), view);
++}
++
++static auth_ui_data *init_ui_data (char *vpn_name)
++{
++ auth_ui_data *ui_data;
++
++ ui_data = g_slice_new0(auth_ui_data);
++ ui_data->retval = 1;
++
++ ui_data->form_entries = g_queue_new();
++ ui_data->form_mutex = g_mutex_new();
++ ui_data->form_retval_changed = g_cond_new();
++ ui_data->form_shown_changed = g_cond_new();
++ ui_data->cert_response_changed = g_cond_new();
++ ui_data->vpn_name = vpn_name;
++
++ ui_data->vpninfo = (void *)openconnect_vpninfo_new("OpenConnect VPN Agent (NetworkManager)",
++ validate_peer_cert, write_new_config,
++ nm_process_auth_form, write_progress);
++
++#if 0
++ ui_data->vpninfo->proxy_factory = px_proxy_factory_new();
++#endif
++
++ return ui_data;
++}
++
++static struct option long_options[] = {
++ {"reprompt", 0, 0, 'r'},
++ {"uuid", 1, 0, 'u'},
++ {"name", 1, 0, 'n'},
++ {"service", 1, 0, 's'},
++ {NULL, 0, 0, 0},
++};
++
++int main (int argc, char **argv)
++{
++ char *vpn_name = NULL, *vpn_uuid = NULL, *vpn_service = NULL;
++ int opt;
++
++ while ((opt = getopt_long(argc, argv, "ru:n:s:", long_options, NULL))) {
++ if (opt < 0)
++ break;
++
++ switch(opt) {
++ case 'r':
++ /* Reprompt does nothing */
++ break;
++
++ case 'u':
++ vpn_uuid = optarg;
++ break;
++
++ case 'n':
++ vpn_name = optarg;
++ break;
++
++ case 's':
++ vpn_service = optarg;
++ break;
++
++ default:
++ fprintf(stderr, "Unknown option\n");
++ return 1;
++ }
++ }
++
++ if (optind != argc) {
++ fprintf(stderr, "Superfluous command line options\n");
++ return 1;
++ }
++
++ if (!vpn_uuid || !vpn_name || !vpn_service) {
++ fprintf (stderr, "Have to supply UUID, name, and service\n");
++ return 1;
++ }
++
++ if (strcmp(vpn_service, NM_DBUS_SERVICE_OPENCONNECT) != 0) {
++ fprintf (stderr, "This dialog only works with the '%s' service\n",
++ NM_DBUS_SERVICE_OPENCONNECT);
++ return 1;
++ }
++
++ g_thread_init (NULL);
++ gtk_init(0, NULL);
++
++ _ui_data = init_ui_data(vpn_name);
++ if (get_config(vpn_uuid, _ui_data->vpninfo)) {
++ fprintf(stderr, "Failed to find VPN UUID %s in gconf\n", vpn_uuid);
++ return 1;
++ }
++ build_main_dialog(_ui_data);
++
++ init_openssl_ui();
++ openconnect_init_openssl();
++
++ if (get_gconf_autoconnect(_gcl, _config_path))
++ queue_connect_host(_ui_data);
++
++ gtk_window_present(GTK_WINDOW(_ui_data->dialog));
++ gtk_main();
++
++ return _ui_data->retval;
++}
+diff --git a/configure.ac b/configure.ac
+index a535c5f..eb680b2 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -42,6 +42,9 @@ dnl
+ AC_ARG_WITH(gnome, AS_HELP_STRING([--without-gnome], [Build NetworkManager-openconnect without GNOME support, e.g. vpn service only]))
+ AM_CONDITIONAL(WITH_GNOME, test x"$with_gnome" != xno)
+
++AC_ARG_WITH(authdlg, AS_HELP_STRING([--without-authdlg], [Build NetworkManager-openconnect without authentication dialog]))
++AM_CONDITIONAL(WITH_AUTHDLG, test x"$with_authdlg" != xno)
++
+ GETTEXT_PACKAGE=NetworkManager-openconnect
+ AC_SUBST(GETTEXT_PACKAGE)
+ AC_DEFINE_UNQUOTED(GETTEXT_PACKAGE,"$GETTEXT_PACKAGE", [Gettext package])
+@@ -57,6 +60,12 @@ PKG_CHECK_MODULES(DBUS, dbus-glib-1 >= 0.74)
+ AC_SUBST(DBUS_CFLAGS)
+ AC_SUBST(DBUS_LIBS)
+
++if test x"$with_authdlg" != xno; then
++ PKG_CHECK_MODULES(OPENCONNECT, openconnect)
++ AC_SUBST(OPENCONNECT_CFLAGS)
++ AC_SUBST(OPENCONNECT_LIBS)
++fi
++
+ if test x"$with_gnome" != xno; then
+ PKG_CHECK_MODULES(GTK, gtk+-2.0 >= 2.6)
+ AC_SUBST(GTK_CFLAGS)
+@@ -88,6 +97,7 @@ NM_COMPILER_WARNINGS
+ AC_CONFIG_FILES([
+ Makefile
+ src/Makefile
++auth-dialog/Makefile
+ properties/Makefile
+ po/Makefile.in
+ ])
diff --git a/NetworkManager-openconnect.spec b/NetworkManager-openconnect.spec
index ea78987..751f446 100644
--- a/NetworkManager-openconnect.spec
+++ b/NetworkManager-openconnect.spec
@@ -1,7 +1,7 @@
%define nm_version 1:0.8.1
%define dbus_version 1.1
%define gtk2_version 2.10.0
-%define openconnect_version 0.99
+%define openconnect_version 3.00
%define snapshot %{nil}
%define realversion 0.8.1
@@ -9,11 +9,12 @@
Summary: NetworkManager VPN integration for openconnect
Name: NetworkManager-openconnect
Version: 0.8.1
-Release: 2%{snapshot}%{?dist}
+Release: 3%{snapshot}%{?dist}
License: GPLv2+
Group: System Environment/Base
URL: http://www.gnome.org/projects/NetworkManager/
Source: %{name}-%{realversion}%{snapshot}.tar.bz2
+Patch0: NetworkManager-openconnect-0.8.1-auth-dialog.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-root
@@ -27,6 +28,7 @@ BuildRequires: gnome-keyring-devel
BuildRequires: libglade2-devel
BuildRequires: intltool gettext
BuildRequires: autoconf automake libtool
+BuildRequires: pkgconfig(openconnect)
Requires: NetworkManager >= %{nm_version}
Requires: openconnect >= %{openconnect_version}
@@ -43,8 +45,10 @@ with NetworkManager and the GNOME desktop
%prep
%setup -q -n NetworkManager-openconnect-%{realversion}
+%patch0 -p1
%build
+autoreconf
%configure --enable-more-warnings=yes
make %{?_smp_mflags}
@@ -93,10 +97,14 @@ fi
%{_sysconfdir}/NetworkManager/VPN/nm-openconnect-service.name
%{_libexecdir}/nm-openconnect-service
%{_libexecdir}/nm-openconnect-service-openconnect-helper
+%{_libexecdir}/nm-openconnect-auth-dialog
%dir %{_datadir}/gnome-vpn-properties/openconnect
%{_datadir}/gnome-vpn-properties/openconnect/nm-openconnect-dialog.glade
%changelog
+* Wed Mar 09 2011 David Woodhouse <dwmw2 at infradead.org> 1:0.8.1-3
+- Rebuild with auth-dialog, no longer in openconnect package
+
* Mon Feb 07 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.8.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
More information about the scm-commits
mailing list