[Openswan dev] XAUTH Code for "Domain"
Michael H. Warfield
mhw at WittsEnd.com
Sat Jul 2 15:54:22 EDT 2011
On Sat, 2011-07-02 at 14:54 -0400, Paul Wouters wrote:
> On Fri, 1 Jul 2011, Michael H. Warfield wrote:
>
> > Oooo... What am I getting myself into this time? I need some advise
> > and I'm not sure who is most familiar with some of that XAUTH code and
> > the whack prompting code.
> >
> > Ok... The attribute handling code isn't that difficult and I think I
> > even figured out adding a {left|right}xauthdomain option and getting it
> > added to that big pack of strings between pluto and whack. NOW I see
> > the mess with prompting for a Domain (or a Pin or a couple of other
> > things there in XAUTH). What I found was whack_prompt only has two
> > cases switched on the echo parameter which prompts for either
> > "username" (echo = 0) or "password" (echo = 1). It then calls whack_log
> > with either RC_XAUTHPROMPT for the username or RC_ENTERSECRET for the
> > password. That propagates back into the message handling loop in whack
> > which then calls whack_get_value for the user name or whack_get_secret
> > for the password and each of those has their own prompts for "username"
> > and "password." Sigh...
> >
> > First temptation would be to add a prompt string into that whole mess
> > and keep the level of added code to a minimum. Just one routine for
> > prompt with response echo and one for prompt with no response echo.
> > OTOH, that message handling loop is also switch on returning config
> > values, so that's not going to work.
> I would just limit it to keywords. The reason user and password are handled
> this way (as well as being able to be set through config files!) is that
> for OTP/token logins, either username or password can be different each login,
> and requires prompting. But I doubt the DOMAIN changes per instance of the
> xauth connection?
Correct. There are others that will be "prompt only" that will not
support config variables but may need command line variables such as the
NetworkManager plugin. I just sent you a private message with some of
my initial work.
> Paul
Regards,
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/dev/attachments/20110702/4e0172d2/attachment.bin
More information about the Dev
mailing list