blob: 57ab2d740707ada360b568a5ed6db82118660a8f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
From 19417131895eb39aabf3641a9e4e0d7082b04f6d Mon Sep 17 00:00:00 2001
From: Daniel Lenski <dlenski@gmail.com>
Date: Mon, 7 Mar 2022 08:50:13 -0800
Subject: [PATCH] Bugfix RSA SecurID token decryption and PIN entry forms
As of
https://gitlab.com/openconnect/openconnect/-/commit/386a6edb6d2d1d2cd3e9c9de8d85dc7bfda60d34,
all auth forms are required to have a non-NULL `auth_id`.
However, we forget to make stoken.c set the `auth_id` for the forms that it
creates for RSA SecurID token decryption and PIN entry. Let's name these:
- `_rsa_unlock`, for token decryption.
- `_rsa_pin`, for PIN entry. Also, rename the numeric PIN field to `pin`
rather than `password`; there can't be any existing users relying on
`--form-entry` to set its value, because that wouldn't work without the
`auth_id`.
Fixes #388.
Signed-off-by: Daniel Lenski <dlenski@gmail.com>
---
stoken.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/stoken.c b/stoken.c
index 00a67625..45d849f5 100644
--- a/stoken.c
+++ b/stoken.c
@@ -100,6 +100,7 @@ static int decrypt_stoken(struct openconnect_info *vpninfo)
form.opts = opts;
form.message = _("Enter credentials to unlock software token.");
+ form.auth_id = "_rsa_unlock";
if (stoken_devid_required(vpninfo->stoken_ctx)) {
opt->type = OC_FORM_OPT_TEXT;
@@ -206,9 +207,10 @@ static int request_stoken_pin(struct openconnect_info *vpninfo)
form.opts = opts;
form.message = _("Enter software token PIN.");
+ form.auth_id = "_rsa_pin";
opt->type = OC_FORM_OPT_PASSWORD;
- opt->name = (char *)"password";
+ opt->name = (char *)"pin";
opt->label = _("PIN:");
opt->flags = OC_FORM_OPT_NUMERIC;
--
GitLab
|