[Openswan dev] XAUTH Code for "Domain"

Michael H. Warfield mhw at WittsEnd.com
Sat Jul 2 15:54:22 EDT 2011


On Sat, 2011-07-02 at 14:54 -0400, Paul Wouters wrote: 
> On Fri, 1 Jul 2011, Michael H. Warfield wrote:
> 
> > Oooo...  What am I getting myself into this time?  I need some advise
> > and I'm not sure who is most familiar with some of that XAUTH code and
> > the whack prompting code.
> >
> > Ok...  The attribute handling code isn't that difficult and I think I
> > even figured out adding a {left|right}xauthdomain option and getting it
> > added to that big pack of strings between pluto and whack.  NOW I see
> > the mess with prompting for a Domain (or a Pin or a couple of other
> > things there in XAUTH).  What I found was whack_prompt only has two
> > cases switched on the echo parameter which prompts for either
> > "username" (echo = 0) or "password" (echo = 1).  It then calls whack_log
> > with either RC_XAUTHPROMPT for the username or RC_ENTERSECRET for the
> > password.  That propagates back into the message handling loop in whack
> > which then calls whack_get_value for the user name or whack_get_secret
> > for the password and each of those has their own prompts for "username"
> > and "password."  Sigh...
> >
> > First temptation would be to add a prompt string into that whole mess
> > and keep the level of added code to a minimum.  Just one routine for
> > prompt with response echo and one for prompt with no response echo.
> > OTOH, that message handling loop is also switch on returning config
> > values, so that's not going to work.

> I would just limit it to keywords. The reason user and password are handled
> this way (as well as being able to be set through config files!) is that
> for OTP/token logins, either username or password can be different each login,
> and requires prompting. But I doubt the DOMAIN changes per instance of the
> xauth connection?

Correct.  There are others that will be "prompt only" that will not
support config variables but may need command line variables such as the
NetworkManager plugin.  I just sent you a private message with some of
my initial work.

> Paul

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/dev/attachments/20110702/4e0172d2/attachment.bin 


More information about the Dev mailing list