From 3d32979250df5f9d7d75a5e45e4735ce161f72bf Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 1 Jun 2012 03:22:35 +0100 Subject: [PATCH] Add completely untested PIN callback for GnuTLS Signed-off-by: David Woodhouse --- main.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 57 insertions(+), 1 deletion(-) diff --git a/main.c b/main.c index 221b659..e12f48d 100644 --- a/main.c +++ b/main.c @@ -52,7 +52,9 @@ #ifdef LIBPROXY_HDR #include LIBPROXY_HDR #endif - +#ifdef OPENCONNECT_GNUTLS +#include +#endif #include #include "openconnect-internal.h" @@ -377,6 +379,55 @@ static void disable_openssl_ui() } #endif +#ifdef OPENCONNECT_GNUTLS +static int gtls_pin_func(void *user, int attempt, const char *token_url, + const char *token_label, unsigned int flags, char *pin, + size_t pin_max) +{ + char *password, *p; + struct termios t; + int len; + + printf ("PIN required for token '%s' with URL '%s'\n", token_label, + token_url); + if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY) + printf ("*** This is the final try before locking!\n"); + if (flags & GNUTLS_PKCS11_PIN_COUNT_LOW) + printf ("*** Only few tries left before locking!\n"); + if (flags & GNUTLS_PKCS11_PIN_WRONG) + printf ("*** Wrong PIN\n"); + + password = malloc(pin_max + 1); + if (!password) + return GNUTLS_E_MEMORY_ERROR; + + printf("Enter PIN: "); + tcgetattr(0, &t); + t.c_lflag &= ~ECHO; + tcsetattr(0, TCSANOW, &t); + + p = fgets(password, pin_max + 1, stdin); + + t.c_lflag |= ECHO; + tcsetattr(0, TCSANOW, &t); + printf("\n"); + + if (!p || !strlen(password)) { + free(password); + return -GNUTLS_E_INSUFFICIENT_CREDENTIALS; + } + + len = strlen(password); + if (len > pin_max) + len = pin_max; + + memcpy(pin, password, len); + free(password); + + return 0; +} +#endif + int main(int argc, char **argv) { struct openconnect_info *vpninfo; @@ -665,6 +716,11 @@ int main(int argc, char **argv) usage(); } +#ifdef OPENCONNECT_GNUTLS + if (!non_inter) + gnutls_pkcs11_set_pin_function(gtls_pin_func, vpninfo); +#endif + if (!vpninfo->sslkey) vpninfo->sslkey = vpninfo->cert; -- 2.7.4