David,
I refactored the libstoken support to use the standard
process_auth_form() callback to prompt the user for any necessary
information, then verified that it works in both console mode and with
network-manager-openconnect.
I also removed the "next tokencode" delay, and generate the next code
immediately. This logic could benefit from some additional testing.
The new prepare_stoken() code was written so that if
process_auth_form() returns 1 (user cancelled), the software token
would be bypassed and they could log in manually. This still needs
work; the CLI doesn't seem to return 1 under any circumstances, and
the GUI writes to cancel_fd if the user clicks "Cancel", causing the
SSL connection to abort.
The following changes since commit ddf81e8db8b8e5a4d67d73b9a50c6022d392ceb0:
Delete references to long-removed SecurID code (2012-09-30 08:14:17 +0100)
are available in the git repository at:
git://github.com/cernekee/openconnect.git stoken
for you to fetch changes up to 2f3bd11b417d81dc3e8a84a1131e81b3cdc60d23:
stoken: Update documentation, manpage with libstoken information
(2012-10-13 21:39:40 -0700)
----------------------------------------------------------------
Kevin Cernekee (12):
Fix a couple of minor typos
Update Debian package status
Link to OpenConnect SOCKS proxy (ocproxy) from documentation
Fix missing newline in the "No form handler" error message
Move strcasestr() implementation to compat.c
Allow optional arguments in the config file
stoken: Link with libstoken if available
stoken: Add openconnect_set_stoken_mode() to library API
stoken: Add --stoken option to CLI, and invoke library to set up
soft token
stoken: Implement new auth form to gather soft token information
stoken: Fill in "password" fields with a generated tokencode
stoken: Update documentation, manpage with libstoken information
Makefile.am | 8 +-
TODO | 1 -
auth.c | 201 ++++++++++++++++++++++++++++++++++++++++++++++--
compat.c | 22 ++++++
configure.ac | 6 ++
http.c | 30 ++------
libopenconnect.map.in | 3 +-
library.c | 52 +++++++++++++
main.c | 48 +++++++++++-
openconnect-internal.h | 17 ++++
openconnect.8.in | 9 ++-
openconnect.h | 11 ++-
openconnect.pc.in | 2 +-
po/ar.po | 2 +-
po/as.po | 2 +-
po/ast.po | 2 +-
po/bg.po | 2 +-
po/bg_BG.po | 2 +-
po/bn.po | 2 +-
po/bn_IN.po | 2 +-
po/bs.po | 2 +-
po/ca.po | 2 +-
po/ca at valencia.po | 2 +-
po/cs.po | 2 +-
po/da.po | 2 +-
po/de.po | 2 +-
po/el.po | 2 +-
po/en_GB.po | 4 +-
po/en_US.po | 2 +-
po/eo.po | 2 +-
po/es.po | 2 +-
po/es_CR.po | 2 +-
po/es_MX.po | 2 +-
po/et.po | 2 +-
po/eu.po | 2 +-
po/fa.po | 2 +-
po/fi.po | 2 +-
po/fr.po | 2 +-
po/gd.po | 2 +-
po/gl.po | 2 +-
po/gu.po | 2 +-
po/he.po | 2 +-
po/hi.po | 2 +-
po/hi_IN.po | 2 +-
po/hu.po | 2 +-
po/id.po | 4 +-
po/it.po | 2 +-
po/ja.po | 2 +-
po/km.po | 2 +-
po/kn.po | 2 +-
po/ko.po | 2 +-
po/ku.po | 2 +-
po/lo.po | 2 +-
po/lt.po | 2 +-
po/lv.po | 2 +-
po/ml.po | 2 +-
po/mr.po | 2 +-
po/ms.po | 2 +-
po/ms_MY.po | 2 +-
po/nb.po | 2 +-
po/nl.po | 2 +-
po/nn.po | 2 +-
po/no.po | 2 +-
po/or.po | 2 +-
po/pa.po | 2 +-
po/pl.po | 2 +-
po/pt.po | 2 +-
po/pt_BR.po | 2 +-
po/pt_PT.po | 2 +-
po/ro.po | 2 +-
po/ru.po | 2 +-
po/sk.po | 2 +-
po/sl.po | 4 +-
po/sq.po | 2 +-
po/sr.po | 2 +-
po/sr at latin.po | 2 +-
po/sv.po | 2 +-
po/ta.po | 2 +-
po/te.po | 2 +-
po/tg.po | 2 +-
po/tg_TJ.po | 2 +-
po/th.po | 2 +-
po/tl.po | 2 +-
po/tl_PH.po | 2 +-
po/tr.po | 2 +-
po/ug.po | 4 +-
po/uk.po | 2 +-
po/ur_PK.po | 2 +-
po/vi.po | 2 +-
po/vi_VN.po | 2 +-
po/wa.po | 2 +-
po/zh_CN.po | 2 +-
po/zh_HK.po | 2 +-
po/zh_TW.po | 2 +-
www/building.xml | 1 +
www/features.xml | 1 +
www/nonroot.xml | 3 +-
www/packages.xml | 6 +-
98 files changed, 462 insertions(+), 129 deletions(-)
