Allow GUI to distinguish between PIN/passphrase callbacks

The UI may cache user input by form->auth_id, opt->name. But those were
always the same (and auth_id was even NULL for OpenSSL UI callbacks from
the TPM engine), so it wasn't very helpful. Fix it.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

diff --git a/gnutls.c b/gnutls.c
index f27a230..8de0403 100644 (file)
--- a/gnutls.c
+++ b/gnutls.c
@@ -329,7 +329,7 @@ static int load_pkcs12_certificate(struct openconnect_info *vpninfo,
                                     _("Failed to decrypt PKCS#12 certificate file\n"));
                free(pass);
                vpninfo->cert_password = NULL;
-               err = request_passphrase(vpninfo, &pass,
+               err = request_passphrase(vpninfo, "openconnect_pkcs12", &pass,
                                         _("Enter PKCS#12 pass phrase:"));
                if (err) {
                        gnutls_pkcs12_deinit(p12);
@@ -586,7 +586,8 @@ static int load_tpm_key(struct openconnect_info *vpninfo, gnutls_datum_t *fdata,
                if (err != TPM_E_AUTHFAIL)
                        goto out_srkpol;
 
-               err = request_passphrase(vpninfo, &pass, _("Enter TPM SRK PIN:"));
+               err = request_passphrase(vpninfo, "openconnect_tpm_srk",
+                                        &pass, _("Enter TPM SRK PIN:"));
                if (err)
                        goto out_srkpol;
        }
@@ -620,7 +621,8 @@ static int load_tpm_key(struct openconnect_info *vpninfo, gnutls_datum_t *fdata,
                                goto out_key_policy;
                        }
                }
-               err = request_passphrase(vpninfo, &pass, _("Enter TPM key PIN:"));
+               err = request_passphrase(vpninfo, "openconnect_tpm_key",
+                                        &pass, _("Enter TPM key PIN:"));
                if (err)
                        goto out_key_policy;
 
@@ -965,8 +967,8 @@ static int load_certificate(struct openconnect_info *vpninfo)
                                             _("Failed to decrypt PKCS#8 certificate file\n"));
                                free(pass);
                        }
-                       err = request_passphrase(vpninfo, &pass,
-                                                _("Enter PEM pass phrase:"));
+                       err = request_passphrase(vpninfo, "openconnect_pem",
+                                                &pass, _("Enter PEM pass phrase:"));
                        if (err) {
                                ret = -EINVAL;
                                goto out;

diff --git a/openconnect-internal.h b/openconnect-internal.h
index ca7d002..37c6400 100644 (file)
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -333,7 +333,7 @@ int cstp_reconnect(struct openconnect_info *vpninfo);
 
 /* ssl.c */
 int connect_https_socket(struct openconnect_info *vpninfo);
-int request_passphrase(struct openconnect_info *vpninfo,
+int request_passphrase(struct openconnect_info *vpninfo, const char *label,
                       char **response, const char *fmt, ...);
 int  __attribute__ ((format (printf, 2, 3)))
     openconnect_SSL_printf(struct openconnect_info *vpninfo, const char *fmt, ...);

diff --git a/openssl.c b/openssl.c
index e3e5c48..47ed9cc 100644 (file)
--- a/openssl.c
+++ b/openssl.c
@@ -257,6 +257,7 @@ static int ui_open(UI *ui)
        memset(ui_data, 0, sizeof(*ui_data));
        ui_data->last_opt = &ui_data->form.opts;
        ui_data->vpninfo = vpninfo;
+       ui_data->form.auth_id = (char *)"openssl_ui";
        UI_add_user_data(ui, ui_data);
 
        return 1;
@@ -389,8 +390,8 @@ static int pem_pw_cb(char *buf, int len, int w, void *v)
        if (vpninfo->cert_password) {
                pass = vpninfo->cert_password;
                vpninfo->cert_password = NULL;
-       } else if (request_passphrase(vpninfo, &pass,
-                                     _("Enter PEM pass phrase:")))
+       } else if (request_passphrase(vpninfo, "openconnect_pem",
+                                     &pass, _("Enter PEM pass phrase:")))
                return -1;
 
        plen = strlen(pass);
@@ -424,7 +425,7 @@ static int load_pkcs12_certificate(struct openconnect_info *vpninfo, PKCS12 *p12
           when PKCS12_parse() returns an error, but *ca is left pointing
           to the freed memory. */
        ca = NULL;
-       if (!pass && request_passphrase(vpninfo, &pass,
+       if (!pass && request_passphrase(vpninfo, "openconnect_pkcs12", &pass,
                                        _("Enter PKCS#12 pass phrase:")) < 0) {
                PKCS12_free(p12);
                return -EINVAL;

diff --git a/ssl.c b/ssl.c
index 895bfe5..de16ec4 100644 (file)
--- a/ssl.c
+++ b/ssl.c
@@ -282,7 +282,7 @@ int  __attribute__ ((format (printf, 2, 3)))
 
 }
 
-int request_passphrase(struct openconnect_info *vpninfo,
+int request_passphrase(struct openconnect_info *vpninfo, const char *label,
                       char **response, const char *fmt, ...)
 {
        struct oc_auth_form f;
@@ -300,12 +300,12 @@ int request_passphrase(struct openconnect_info *vpninfo,
        vsnprintf(buf, 1023, fmt, args);
        va_end(args);
 
-       f.auth_id = (char *)"ssl_certificate";
+       f.auth_id = (char *)label;
        f.opts = &o;
 
        o.next = NULL;
        o.type = OC_FORM_OPT_PASSWORD;
-       o.name = (char *)"passphrase";
+       o.name = (char *)label;
        o.label = buf;
        o.value = NULL;