[Openswan dev] XAUTH Code for "Domain"
Paul Wouters
paul at xelerance.com
Sat Jul 2 14:54:17 EDT 2011
On Fri, 1 Jul 2011, Michael H. Warfield wrote:
> Oooo... What am I getting myself into this time? I need some advise
> and I'm not sure who is most familiar with some of that XAUTH code and
> the whack prompting code.
>
> Ok... The attribute handling code isn't that difficult and I think I
> even figured out adding a {left|right}xauthdomain option and getting it
> added to that big pack of strings between pluto and whack. NOW I see
> the mess with prompting for a Domain (or a Pin or a couple of other
> things there in XAUTH). What I found was whack_prompt only has two
> cases switched on the echo parameter which prompts for either
> "username" (echo = 0) or "password" (echo = 1). It then calls whack_log
> with either RC_XAUTHPROMPT for the username or RC_ENTERSECRET for the
> password. That propagates back into the message handling loop in whack
> which then calls whack_get_value for the user name or whack_get_secret
> for the password and each of those has their own prompts for "username"
> and "password." Sigh...
>
> First temptation would be to add a prompt string into that whole mess
> and keep the level of added code to a minimum. Just one routine for
> prompt with response echo and one for prompt with no response echo.
> OTOH, that message handling loop is also switch on returning config
> values, so that's not going to work.
I would just limit it to keywords. The reason user and password are handled
this way (as well as being able to be set through config files!) is that
for OTP/token logins, either username or password can be different each login,
and requires prompting. But I doubt the DOMAIN changes per instance of the
xauth connection?
Paul
More information about the Dev
mailing list