lp:~vcs-imports/vpnc/trunk
- Get this branch:
- bzr branch lp:~vcs-imports/vpnc/trunk
Branch merges
Branch information
Import details
This branch is an import of the Subversion branch from http://svn.unix-ag.uni-kl.de/vpnc/trunk.
Last successful import was .
Recent revisions
- 434. By Antonio Borneo
-
getpass: build prompt string and pass it
Instead of printing the prompt before getpass(),
build prompt string in a buffer and pass it.
In this way, password helper gets the prompt.Signed-off-by: Antonio Borneo <email address hidden>
- 433. By Antonio Borneo
-
support password helper
Allows to integrate UI, similar to ssh-askpass, program prompt user
for password and echo result to stdout.Settings:
---
Password Helper /home/alonbl/vpnc/vpnc- getpass
Xauth interactive
---vpn-getpass script for KDE:
---
prompt="$1"
exec kdialog --title "vpnc" --password "$prompt";
---vpn-getpass script for KDE with SecurID:
---
prompt="$1"
pass="$(kdialog --title "vpnc" --password "$prompt")" || exit 1
otp="$(RSA_SecurID_ getpasswd) " || exit 1
echo "${pass}${otp}"
exit 0
---Based on original patch from Alon Bar-Lev
http://lists.unix- ag.uni- kl.de/pipermail /vpnc-devel/ 2013-December/ 004039. html
rebased on current HEAD.Author: Alon Bar-Lev <email address hidden>
Signed-off-by: Antonio Borneo <email address hidden> - 432. By Antonio Borneo
-
Replace obsolete getpass()
Function getpass(3) is reported as obsolete.
Replace it with new vpnc_getpass().
Differences with original implementation:
- output prompt on stdout, instead of /dev/tty;
- input from stdin, instead of /dev/tty;
- password length limited by vpnc_getline() to 200 chars.Functions tcgetattr(
)/tcsetattr( ) return error if stdin
is not a terminal but, e.g., a pipe or a file. I simply
ignore the error, since no need to disable ECHO on them.Signed-off-by: Antonio Borneo <email address hidden>
- 431. By Antonio Borneo
-
terminate config reading on EOT/Ctl-D instead of just on pipe close
based on original patch from Dan Williams <email address hidden>
http://lists.unix- ag.uni- kl.de/pipermail /vpnc-devel/ 2013-December/ 004043. html vpnc's config file processing logic uses EOF to determine when to stop
processing the config input, but if stdin is actually a pipe from a
controlling process, EOF only happens if the pipe is closed. Which
means the controlling process can't respond to any interactive requests
for information. So we need to add some other mechanism to indicate
that config processing is done that does not rely on closing stdin to
indicate this.Also, getline() only returns on EOF (which has the problems described
above) or when it encounters sufficient newline characters;
unfortunately this precludes using getline() to handle single bytes.
Switch to fgetc() and build up the line ourselves so that we can
recognize a custom CEOT character (0x04/Ctl-D) which also terminates
reading configuration without requiring the pipe to be closed.Modification wrt Dan's proposal:
- use same prototype as getline();
- remove trailing newline. Avoids code duplication;
- allocate buffer only if required (as getline());
- pass error through errno since feof() is not valid on CEOT;
- remove getline() from sysdep.[ch].Signed-off-by: Antonio Borneo <email address hidden>
- 430. By Antonio Borneo
-
Bug fix: don't call exit handler when daemonize
Bug introduced in commit r528, "Always run vpnc-script at exit".
When vpnc goes background, the foreground task have to exit
without calling the handler registerd with atexit(), otherwise
vpnc-script would modify routing tables.Bug found by Alon Bar-Lev <email address hidden>
Signed-off-by: Antonio Borneo <email address hidden>
- 429. By Antonio Borneo
-
Test: add documentation and rebuild files
One certificate in test folder is already expired, other
will follow.
The original private keys to rebuild the certificates are
not available, so no way to re-sign the same certificates.Document why and how the test is performed.
Put in a Makefile the whole set of commands to rebuild
the certificates and encrypt the binary test.
Replace all the certificates and the encrypted binary
with new versions.New certificates will expire in 2033.
OpenSSL is required only to re-build the certificates.
No need for OpenSSL to compile VPNC or to run the test.Signed-off-by: Antonio Borneo <email address hidden>
- 428. By Antonio Borneo
-
test-crypto: move crypted data out of code
The test program embeds encrypted binary data, but the
encryption key is not made available from the original
developer.
Move the binary data out of the code, so later we can
replace it with data encrypted under our control.Signed-off-by: Antonio Borneo <email address hidden>
- 427. By Antonio Borneo
-
cert0.pem expired
Remove temporarily cert0.pem from the certificate chain.
"make test" is now working.Signed-off-by: Antonio Borneo <email address hidden>
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)