Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F5290046
D7795.diff
bcooksley (Ben Cooksley)
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
bcooksley
Nov 23 2017, 9:13 AM
2017-11-23 09:13:04 (UTC+0)
Size
3 KB
Referenced Files
None
Subscribers
None
D7795.diff
View Options
diff --git a/plasma-nm-5.10.5.orig/vpn/openconnect/nm-openconnect-service.h b/plasma-nm-5.10.5/vpn/openconnect/nm-openconnect-service.h
--- a/plasma-nm-5.10.5.orig/vpn/openconnect/nm-openconnect-service.h
+++ b/plasma-nm-5.10.5/vpn/openconnect/nm-openconnect-service.h
@@ -36,6 +36,7 @@
#define NM_OPENCONNECT_KEY_USERCERT "usercert"
#define NM_OPENCONNECT_KEY_CACERT "cacert"
#define NM_OPENCONNECT_KEY_PRIVKEY "userkey"
+#define NM_OPENCONNECT_KEY_PIN "pin"
#define NM_OPENCONNECT_KEY_MTU "mtu"
#define NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID "pem_passphrase_fsid"
#define NM_OPENCONNECT_KEY_PROTOCOL "protocol"
diff --git a/plasma-nm-5.10.5.orig/vpn/openconnect/openconnectauth.cpp b/plasma-nm-5.10.5/vpn/openconnect/openconnectauth.cpp
--- a/plasma-nm-5.10.5.orig/vpn/openconnect/openconnectauth.cpp
+++ b/plasma-nm-5.10.5/vpn/openconnect/openconnectauth.cpp
@@ -83,6 +83,8 @@
int cancelPipes[2];
QList<QPair<QString, int> > serverLog;
int passwordFormIndex;
+ bool isPinProvided;
+ bool isPrivKeyPkcs11;
enum LogLevels {Error = 0, Info, Debug, Trace};
};
@@ -97,6 +99,8 @@
d->ui.setupUi(this);
d->userQuit = false;
d->formGroupChanged = false;
+ d->isPrivKeyPkcs11 = false;
+ d->isPinProvided = false;
if (pipe2(d->cancelPipes, O_NONBLOCK|O_CLOEXEC)) {
// Should never happen. Just don't do real cancellation if it does
@@ -155,6 +159,15 @@
const NMStringMap dataMap = d->setting->data();
+ if (!dataMap[NM_OPENCONNECT_KEY_PIN].isEmpty()) {
+ d->isPinProvided = true;
+ }
+ if (!dataMap[NM_OPENCONNECT_KEY_PRIVKEY].isEmpty()) {
+ QString pk = dataMap[NM_OPENCONNECT_KEY_PRIVKEY];
+ if (pk.startsWith("pkcs11:")) {
+ d->isPrivKeyPkcs11 = true;
+ }
+ }
if (!dataMap[NM_OPENCONNECT_KEY_GATEWAY].isEmpty()) {
const QString gw = dataMap[NM_OPENCONNECT_KEY_GATEWAY];
VPNHost host;
@@ -186,7 +199,13 @@
}
if (!dataMap[NM_OPENCONNECT_KEY_USERCERT].isEmpty()) {
const QByteArray crt = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_USERCERT]);
- const QByteArray key = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_PRIVKEY]);
+ QString rawkey = dataMap[NM_OPENCONNECT_KEY_PRIVKEY];
+ if (d->isPinProvided && d->isPrivKeyPkcs11) {
+ QString pin = dataMap[NM_OPENCONNECT_KEY_PIN];
+ rawkey = QString("%1;pin-value=%2").arg(rawkey).arg(pin);
+ }
+ const QByteArray key = QFile::encodeName(rawkey);
+
openconnect_set_client_cert (d->vpninfo, OC3DUP(crt.data()), OC3DUP(key.data()));
if (!crt.isEmpty() && dataMap[NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID] == "yes") {
@@ -375,6 +394,10 @@
pair.second = OpenconnectAuthWidgetPrivate::Trace;
break;
}
+ if (pair.second >= OpenconnectAuthWidgetPrivate::Debug && d->isPinProvided && d->isPrivKeyPkcs11) {
+ // mask pin in log
+ pair.first = pair.first.replace(QRegExp("pin-value=[0-9]+$"),"pin-value=XXXXXXXX");
+ }
if (pair.second <= d->ui.cmbLogLevel->currentIndex()) {
d->ui.serverLog->append(pair.first);
}
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
802190
Default Alt Text
D7795.diff (3 KB)
Attached To
Mode
T13023: Non-standard patches lead to exceptions being generated
Attached
Detach File
Event Timeline
Log In to Comment