NetworkManager-vpnc has been using vpnc with --non-inter for a long time,
but this precludes handling requests for new passwords if the originally
given one is wrong. Now that we'd like to do that, controlling vpnc in
interactive mode brings up a few problems.
There are two issues controlling vpnc as a child process:
1) vpnc's config file processing logic uses EOF to determine when to stop
processing the config input, but if stdin is actually a pipe from a controlling
process, EOF only happens if the pipe is closed. Which means the controlling
process can't respond to any interactive requests for information. So we need
to add some other mechanism to indicate that config processing is done that
does not rely on closing stdin to indicate this.
getline() only returns on EOF (which has the problems described above) or
when it encounters sufficient newline characters; unfortunately this precludes
using getline() to handle single bytes. Switch to fgetc() and build up the
line ourselves so that we can recognize a custom EOF character, 0x1A (Ctl-Z).
2) getpass() tries to use /dev/tty by default, which requests input directly
from the user, which prevents a controlling process from writing the input
to stdin. Add a config option to always listen for input on stdin and
implement a replacement for getpass() that always reads from stdin.
One thing that would be nice is some indication of whether vpnc has this
patch included or not, so that NM-vpnc could alter its behavior automatically.
Any thoughts on that?
Dan
but this precludes handling requests for new passwords if the originally
given one is wrong. Now that we'd like to do that, controlling vpnc in
interactive mode brings up a few problems.
There are two issues controlling vpnc as a child process:
1) vpnc's config file processing logic uses EOF to determine when to stop
processing the config input, but if stdin is actually a pipe from a controlling
process, EOF only happens if the pipe is closed. Which means the controlling
process can't respond to any interactive requests for information. So we need
to add some other mechanism to indicate that config processing is done that
does not rely on closing stdin to indicate this.
getline() only returns on EOF (which has the problems described above) or
when it encounters sufficient newline characters; unfortunately this precludes
using getline() to handle single bytes. Switch to fgetc() and build up the
line ourselves so that we can recognize a custom EOF character, 0x1A (Ctl-Z).
2) getpass() tries to use /dev/tty by default, which requests input directly
from the user, which prevents a controlling process from writing the input
to stdin. Add a config option to always listen for input on stdin and
implement a replacement for getpass() that always reads from stdin.
One thing that would be nice is some indication of whether vpnc has this
patch included or not, so that NM-vpnc could alter its behavior automatically.
Any thoughts on that?
Dan