Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Set VERIFY_USER_REALM_INPUT default to false #178

Merged
merged 2 commits into from
Dec 30, 2019
Merged

Set VERIFY_USER_REALM_INPUT default to false #178

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6782474
set VERIFY_USER_REALM_INPUT default false
Dec 25, 2019
3e54801
add private certificate support
Dec 25, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions devices/linux/DeviceLinuxSh.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -222,6 +222,8 @@ private function writeConfigVars($file) {

if(!empty($this->attributes['internal:verify_userinput_suffix'][0]) && $this->attributes['internal:verify_userinput_suffix'][0] == 1) {
$configRaw['VERIFY_USER_REALM_INPUT'] = true;
} else {
$configRaw['VERIFY_USER_REALM_INPUT'] = false;
}

foreach ($config as $name => $value) {
Expand Down
131 changes: 129 additions & 2 deletions devices/linux/Files/eduroam_linux_institution.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ main() {


if [ -z "$USERNAME" -a -z "$PASSWORD" ] ; then
user_cred
get_user_credentials
fi
if nmcli_add_connection ; then
# nmcli --ask connection up eduroam
Expand Down Expand Up @@ -251,7 +251,16 @@ function prompt_nonempty_string {
echo "$out_s";
}

function user_cred {
function get_user_credentials {
if [ "$EAP_OUTER" = "PEAP" -o "$EAP_OUTER" = "TTLS" ] ; then
get_username_password
fi
if [ "$EAP_OUTER" = "TLS" ] ; then
get_p12_credentials
fi
}

function get_username_password {
PASSWORD="a"
PASSWORD1="b"

Expand Down Expand Up @@ -329,6 +338,119 @@ function validate_username {
return 1
}

function get_p12_credentials {
if [ "$EAP_INNER" = "SILVERBULLET" ] ; then
save_sb_pfx
else
if [ ! -z "$silent" ] ; then
if [ ! -z "PFX_FILE" ] ; then
alert "PFX is missning." # TODO
exit 1
fi
else
PFX_FILE_PATH=select_p12_file
if cp "$PFX_FILE_PATH" "$CAT_PATH/cat_installer/user.p12" ; then
log "File user.p12 is written."
else
log "Couldn't write p12 file."
exit 1
fi
fi
fi

if [ ! -z "$silent" ] ; then
if process_p12 ; then
exit 1
fi
else
while [ ! -z "$PASSWORD" -o ! -z "$USERNAME" ] ; do
if ! USERNAME=$(prompt_nonempty_string 0 "$USERNAME_PROMPT") ; then
alert "$ENTER_IMPORT_PASSWORD"
fi
if ! PASSWORD=$(prompt_nonempty_string 0 "$ENTER_PASSWORD") ; then
alert "$ENTER_IMPORT_PASSWORD"
fi
if process_p12 ; then
alert "$INCORRECT_PASSWORD"
fi
done
fi
}

function process_p12 {
if [ -z "$USE_OUTER_TLS_ID" ] ; then
exit 0
fi

if which libressl 1>/dev/null 2>&1 ; then
SSL_LIBRARY=libressl
elif which openssl 1>/dev/null 2>&1 ; then
SSL_LIBRARY=openssl
else
log "No ssl library found."
fi
log "Found $SSL_LIBRARY."
output="$($SSL_LIBRARY pkcs12 -in "$PFX_FILE" -passin pass:$PASSWORD -nokeys -clcerts)"
if [ "$?" != 0 ] ; then
log "SSL library command failed (Error code $?)."
exit 1
fi
certificate_property=()
readarray -t lines <<< "$output"
for line in "${lines[@]}" ; do
if [ "$line" =~ "subject=*" ] ; then
IFS="="
read -ra subject <<< "$line"
key=echo "${subject[0],,}"
value=echo "${subject[1],,}"
certificate_property["$key"]="$value"
fi
done

if [ -z "$certificate_property['cn']" -a "$certificate_property['cn']" =~ "*@*" ] ; then
USERNAME="$certificate_property['cn']"
log "Using cn: $certificate_property['cn']"
elif [ -z "$certificate_property['emailaddress']" -a "$certificate_property['emailaddress']" =~ "*@*" ] ; then
log "Using emailaddress: $certificate_property['emailaddress']"
USERNAME="$certificate_property['emailaddress']"
else
USERNAME=""
alert "Unable to extract username from the certificate." # TODO
fi
return 0
}

function select_p12_file {
if [ ! -z "$ZENITY" ] ; then
certificate_output="$($ZENITY --file-selection --file-filter=$P12_FILTER | *.p12 *.P12 *.pfx *.PFX --file-filter=$ALL_FILTER --title=$P12_TITLE)"
if [ "$?" != 0 ] ; then
log " Choose pfx file failed (Error code: $?)."
exit 1
fi
elif [ ! -z "$KDIALOG" ] ; then
certificate_output="$($KDIALOG --getopenfilename . *.p12 *.P12 *.pfx *.PFX | $P12_FILTER --title=$P12_TITLE)"
if [ "$?" != 0 ] ; then
log " Choose pfx file failed (Error code: $?)."
exit 1
fi
else
certificate_output="$(find . -type f \( -name '*.p12' -or -name '*.P12' -or -name '*.pfx' -or -name '*.PFX' \))"
if [ "$?" != 0 ] ; then
log " Choose pfx file failed (Error code: $?)."
exit 1
fi
PFX_FILE="$certificate_output"
# TODO
fi

return "$(echo $certificate_output | xargs | iconv -t utf8)"
}

function save_sb_fx {
CERTIFICATE_FILE="CAT_PATH/cat_installer/user.p12"
echo "$SB_USER_FILE" > "$CERTIFICATE_FILE"
}

function nmcli_add_connection {
interface=$(get_wlan_interface)
log "WLAN device $interface found."
Expand Down Expand Up @@ -395,6 +517,7 @@ password=
verbose=
USERNAME=""
PASSWORD=""
PFX_FILE=""
while (( "$#" )); do
case $1 in
-d | --debug ) debug=1
Expand All @@ -407,6 +530,9 @@ while (( "$#" )); do
-p | --password ) shift
PASSWORD=$1
;;
-f | --pfxfile ) shift
PFX_FILE=$1
;;
-v | --verbose ) verbose=1
;;
-h | --help ) usage
Expand Down Expand Up @@ -484,6 +610,7 @@ CONTINUE="Weiter"
WRONG_USERNAME_FORMAT="Error: Your username must be of the form 'xxx@institutionID' e.g. '[email protected]'!"
WRONG_REALM="Error: your username must be in the form of 'xxx@%s'. Please enter the username in the correct format."
WRONG_REALM_SUFFIX="Error: your username must be in the form of 'xxx@institutionID' and end with '%s'. Please enter the username in the correct format."
ENTER_IMPORT_PASSWORD="Enter your import password."

INIT_INFO_TMP="Dieses Installationsprogramm wurde für %s hergestellt.\n\nMehr Informationen und Kommentare:\n\nEMAIL: %s\nWWW: %s\n\nDas Installationsprogramm wurde mit Software vom GEANT Projekt erstellt."
INIT_CONFIRMATION_TMP="Dieses Installationsprogramm funktioniert nur für Anwender von %s."
Expand Down
137 changes: 128 additions & 9 deletions devices/linux/Files/eduroam_linux_main.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ main() {


if [ -z "$USERNAME" -a -z "$PASSWORD" ] ; then
user_cred
get_user_credentials
fi
if nmcli_add_connection ; then
# nmcli --ask connection up eduroam
Expand Down Expand Up @@ -251,7 +251,16 @@ function prompt_nonempty_string {
echo "$out_s";
}

function user_cred {
function get_user_credentials {
if [ "$EAP_OUTER" = "PEAP" -o "$EAP_OUTER" = "TTLS" ] ; then
get_username_password
fi
if [ "$EAP_OUTER" = "TLS" ] ; then
get_p12_credentials
fi
}

function get_username_password {
PASSWORD="a"
PASSWORD1="b"

Expand All @@ -278,13 +287,6 @@ function user_cred {
log "Password entered."
}

function validate_user_name {
log "\$USERNAME: $USERNAME"
if [[ "$USERNAME" =~ "@" ]] ; then
log "\$USERNAME contains one @"
fi
}

function validate_username {
log "validate username"
if [[ "$USERNAME" =~ "@" ]] ; then
Expand Down Expand Up @@ -336,6 +338,119 @@ function validate_username {
return 1
}

function get_p12_credentials {
if [ "$EAP_INNER" = "SILVERBULLET" ] ; then
save_sb_pfx
else
if [ ! -z "$silent" ] ; then
if [ ! -z "PFX_FILE" ] ; then
alert "PFX is missning." # TODO
exit 1
fi
else
PFX_FILE_PATH=select_p12_file
if cp "$PFX_FILE_PATH" "$CAT_PATH/cat_installer/user.p12" ; then
log "File user.p12 is written."
else
log "Couldn't write p12 file."
exit 1
fi
fi
fi

if [ ! -z "$silent" ] ; then
if process_p12 ; then
exit 1
fi
else
while [ ! -z "$PASSWORD" -o ! -z "$USERNAME" ] ; do
if ! USERNAME=$(prompt_nonempty_string 0 "$USERNAME_PROMPT") ; then
alert "$ENTER_IMPORT_PASSWORD"
fi
if ! PASSWORD=$(prompt_nonempty_string 0 "$ENTER_PASSWORD") ; then
alert "$ENTER_IMPORT_PASSWORD"
fi
if process_p12 ; then
alert "$INCORRECT_PASSWORD"
fi
done
fi
}

function process_p12 {
if [ -z "$USE_OUTER_TLS_ID" ] ; then
exit 0
fi

if which libressl 1>/dev/null 2>&1 ; then
SSL_LIBRARY=libressl
elif which openssl 1>/dev/null 2>&1 ; then
SSL_LIBRARY=openssl
else
log "No ssl library found."
fi
log "Found $SSL_LIBRARY."
output="$($SSL_LIBRARY pkcs12 -in "$PFX_FILE" -passin pass:$PASSWORD -nokeys -clcerts)"
if [ "$?" != 0 ] ; then
log "SSL library command failed (Error code $?)."
exit 1
fi
certificate_property=()
readarray -t lines <<< "$output"
for line in "${lines[@]}" ; do
if [ "$line" =~ "subject=*" ] ; then
IFS="="
read -ra subject <<< "$line"
key=echo "${subject[0],,}"
value=echo "${subject[1],,}"
certificate_property["$key"]="$value"
fi
done

if [ -z "$certificate_property['cn']" -a "$certificate_property['cn']" =~ "*@*" ] ; then
USERNAME="$certificate_property['cn']"
log "Using cn: $certificate_property['cn']"
elif [ -z "$certificate_property['emailaddress']" -a "$certificate_property['emailaddress']" =~ "*@*" ] ; then
log "Using emailaddress: $certificate_property['emailaddress']"
USERNAME="$certificate_property['emailaddress']"
else
USERNAME=""
alert "Unable to extract username from the certificate." # TODO
fi
return 0
}

function select_p12_file {
if [ ! -z "$ZENITY" ] ; then
certificate_output="$($ZENITY --file-selection --file-filter=$P12_FILTER | *.p12 *.P12 *.pfx *.PFX --file-filter=$ALL_FILTER --title=$P12_TITLE)"
if [ "$?" != 0 ] ; then
log " Choose pfx file failed (Error code: $?)."
exit 1
fi
elif [ ! -z "$KDIALOG" ] ; then
certificate_output="$($KDIALOG --getopenfilename . *.p12 *.P12 *.pfx *.PFX | $P12_FILTER --title=$P12_TITLE)"
if [ "$?" != 0 ] ; then
log " Choose pfx file failed (Error code: $?)."
exit 1
fi
else
certificate_output="$(find . -type f \( -name '*.p12' -or -name '*.P12' -or -name '*.pfx' -or -name '*.PFX' \))"
if [ "$?" != 0 ] ; then
log " Choose pfx file failed (Error code: $?)."
exit 1
fi
PFX_FILE="$certificate_output"
# TODO
fi

return "$(echo $certificate_output | xargs | iconv -t utf8)"
}

function save_sb_fx {
CERTIFICATE_FILE="CAT_PATH/cat_installer/user.p12"
echo "$SB_USER_FILE" > "$CERTIFICATE_FILE"
}

function nmcli_add_connection {
interface=$(get_wlan_interface)
log "WLAN device $interface found."
Expand Down Expand Up @@ -402,6 +517,7 @@ password=
verbose=
USERNAME=""
PASSWORD=""
PFX_FILE=""
while (( "$#" )); do
case $1 in
-d | --debug ) debug=1
Expand All @@ -414,6 +530,9 @@ while (( "$#" )); do
-p | --password ) shift
PASSWORD=$1
;;
-f | --pfxfile ) shift
PFX_FILE=$1
;;
-v | --verbose ) verbose=1
;;
-h | --help ) usage
Expand Down