[network-manager-openconnect] Make OpenSSL UI support optional

From: David Woodhouse <dwmw2 src gnome org>
To: commits-list gnome org
Cc:
Subject: [network-manager-openconnect] Make OpenSSL UI support optional
Date: Thu, 31 May 2012 23:32:55 +0000 (UTC)
commit 192b8a6904a44c9772ece56f10d36aee6d45bb2a
Author: David Woodhouse <David Woodhouse intel com>
Date:   Fri Jun 1 00:21:09 2012 +0100

    Make OpenSSL UI support optional
    
    We only want this if libopenconnect was built against OpenSSL, not GnuTLS.
    
    For GnuTLS we'll want a PIN helper function, which will come later. It's
    not needed for basic file passwords; only for smart cards.

 auth-dialog/main.c |   35 +++++++++++++++++++++++++++--------
 1 files changed, 27 insertions(+), 8 deletions(-)
---
diff --git a/auth-dialog/main.c b/auth-dialog/main.c
index 146c0f3..755bbfa 100644
--- a/auth-dialog/main.c
+++ b/auth-dialog/main.c
@@ -48,9 +48,6 @@
 
 #include "openconnect.h"
 
-#include <openssl/ssl.h>
-#include <openssl/bio.h>
-#include <openssl/ui.h>
 
 #ifndef OPENCONNECT_CHECK_VER
 #define OPENCONNECT_CHECK_VER(x,y) 0
@@ -58,6 +55,13 @@
 
 #if !OPENCONNECT_CHECK_VER(1,5)
 #define OPENCONNECT_X509 X509
+#define OPENCONNECT_OPENSSL
+#endif
+
+#ifdef OPENCONNECT_OPENSSL
+#include <openssl/ssl.h>
+#include <openssl/bio.h>
+#include <openssl/ui.h>
 #endif
 
 static char *lasthost;
@@ -216,7 +220,9 @@ static void ssl_box_clear(auth_ui_data *ui_data)
 typedef struct ui_fragment_data {
 	GtkWidget *widget;
 	auth_ui_data *ui_data;
+#ifdef OPENCONNECT_OPENSSL
 	UI_STRING *uis;
+#endif
 	struct oc_form_opt *opt;
 	char *entry_text;
 	int grab_focus;
@@ -227,6 +233,7 @@ static void entry_activate_cb(GtkWidget *widget, auth_ui_data *ui_data)
 	gtk_dialog_response(GTK_DIALOG(ui_data->dialog), AUTH_DIALOG_RESPONSE_LOGIN);
 }
 
+#ifdef OPENCONNECT_OPENSSL
 static void do_check_visibility(ui_fragment_data *data, gboolean *visible)
 {
 	int min_len;
@@ -239,13 +246,14 @@ static void do_check_visibility(ui_fragment_data *data, gboolean *visible)
 	if (min_len && (!data->entry_text || strlen(data->entry_text) < min_len))
 		*visible = FALSE;
 }
-
+#endif
 static void evaluate_login_visibility(auth_ui_data *ui_data)
 {
 	gboolean visible = TRUE;
+#ifdef OPENCONNECT_OPENSSL
 	g_queue_foreach(ui_data->form_entries, (GFunc)do_check_visibility,
 			&visible);
-
+#endif
 	gtk_widget_set_sensitive (ui_data->login_button, visible);
 }
 
@@ -253,7 +261,9 @@ static void entry_changed(GtkEntry *entry, ui_fragment_data *data)
 {
 	g_free (data->entry_text);
 	data->entry_text = g_strdup(gtk_entry_get_text(entry));
+#ifdef OPENCONNECT_OPENSSL
 	evaluate_login_visibility(data->ui_data);
+#endif
 }
 
 static void do_override_label(ui_fragment_data *data, struct oc_choice *choice)
@@ -282,6 +292,7 @@ static void combo_changed(GtkComboBox *combo, ui_fragment_data *data)
 			&sopt->choices[entry]);
 }
 
+#ifdef OPENCONNECT_OPENSSL
 static gboolean ui_write_error (ui_fragment_data *data)
 {
 	ssl_box_add_error(data->ui_data, UI_get0_output_string(data->uis));
@@ -299,6 +310,7 @@ static gboolean ui_write_info (ui_fragment_data *data)
 
 	return FALSE;
 }
+#endif
 
 static gboolean ui_write_prompt (ui_fragment_data *data)
 {
@@ -307,10 +319,13 @@ static gboolean ui_write_prompt (ui_fragment_data *data)
 	int visible;
 	const char *label;
 
+#ifdef OPENCONNECT_OPENSSL
 	if (data->uis) {
 		label = UI_get0_output_string(data->uis);
 		visible = UI_get_input_flags(data->uis) & UI_INPUT_FLAG_ECHO;
-	} else {
+	} else 
+#endif
+	{
 		label = data->opt->label;
 		visible = (data->opt->type == OC_FORM_OPT_TEXT);
 	}
@@ -403,6 +418,7 @@ static gboolean ui_show (auth_ui_data *ui_data)
 	return FALSE;
 }
 
+#ifdef OPENCONNECT_OPENSSL
 /* runs in worker thread */
 static int ui_open(UI *ui)
 {
@@ -519,6 +535,7 @@ static int init_openssl_ui(void)
 	UI_set_default_method(ui_method);
 	return 0;
 }
+#endif /* OPENCONNECT_OPENSSL */
 
 static char *find_form_answer(GHashTable *secrets, struct oc_auth_form *form,
 			      struct oc_form_opt *opt)
@@ -738,7 +755,7 @@ static int validate_peer_cert(struct openconnect_info *vpninfo,
 			      OPENCONNECT_X509 *peer_cert, const char *reason)
 {
 	auth_ui_data *ui_data = _ui_data; /* FIXME global */
-	char fingerprint[EVP_MAX_MD_SIZE * 2 + 1];
+	char fingerprint[41];
 	char *certs_data;
 	int ret = 0;
 	cert_data *data;
@@ -1118,7 +1135,7 @@ static gboolean cookie_obtained(auth_ui_data *ui_data)
 		cert = openconnect_get_peer_cert (ui_data->vpninfo);
 		if (cert) {
 			key = g_strdup (NM_OPENCONNECT_KEY_GWCERT);
-			value = g_malloc0 (EVP_MAX_MD_SIZE * 2 + 1);
+			value = g_malloc0 (41);
 			openconnect_get_cert_sha1(ui_data->vpninfo, cert, value);
 			g_hash_table_insert (ui_data->secrets, key, value);
 		}
@@ -1560,7 +1577,9 @@ int main (int argc, char **argv)
 	}
 	build_main_dialog(_ui_data);
 
+#ifdef OPENCONNECT_OPENSSL
 	init_openssl_ui();
+#endif
 	openconnect_init_openssl();
 
 	if (get_autoconnect (secrets))
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]