[Openswan dev] XAUTH Code for "Domain"

Paul Wouters paul at xelerance.com
Sat Jul 2 14:54:17 EDT 2011

On Fri, 1 Jul 2011, Michael H. Warfield wrote:

> Oooo...  What am I getting myself into this time?  I need some advise
> and I'm not sure who is most familiar with some of that XAUTH code and
> the whack prompting code.
> Ok...  The attribute handling code isn't that difficult and I think I
> even figured out adding a {left|right}xauthdomain option and getting it
> added to that big pack of strings between pluto and whack.  NOW I see
> the mess with prompting for a Domain (or a Pin or a couple of other
> things there in XAUTH).  What I found was whack_prompt only has two
> cases switched on the echo parameter which prompts for either
> "username" (echo = 0) or "password" (echo = 1).  It then calls whack_log
> with either RC_XAUTHPROMPT for the username or RC_ENTERSECRET for the
> password.  That propagates back into the message handling loop in whack
> which then calls whack_get_value for the user name or whack_get_secret
> for the password and each of those has their own prompts for "username"
> and "password."  Sigh...
> First temptation would be to add a prompt string into that whole mess
> and keep the level of added code to a minimum.  Just one routine for
> prompt with response echo and one for prompt with no response echo.
> OTOH, that message handling loop is also switch on returning config
> values, so that's not going to work.

I would just limit it to keywords. The reason user and password are handled
this way (as well as being able to be set through config files!) is that
for OTP/token logins, either username or password can be different each login,
and requires prompting. But I doubt the DOMAIN changes per instance of the
xauth connection?


More information about the Dev mailing list