Add --non-inter option

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

main.c

@@ -1,7 +1,7 @@
 /*
  * OpenConnect (SSL + DTLS) VPN client
  *
- * Copyright © 2008-2010 Intel Corporation.
+ * Copyright © 2008-2011 Intel Corporation.
  * Copyright © 2008 Nick Andrew <nick@nick-andrew.net>
  *
  * Author: David Woodhouse <dwmw2@infradead.org>
@@ -55,6 +55,7 @@ int verbose = PRG_INFO;
 int background;
 int do_passphrase_from_fsid;
 int nocertcheck;
+int non_inter;
 
 enum {
 	OPT_AUTHGROUP = 0x100,
@@ -78,6 +79,7 @@ enum {
 	OPT_RECONNECT_TIMEOUT,
 	OPT_SERVERCERT,
 	OPT_USERAGENT,
+	OPT_NON_INTER,
 };
 
 static struct option long_options[] = {
@@ -125,6 +127,7 @@ static struct option long_options[] = {
 	{"no-http-keepalive", 0, 0, OPT_NO_HTTP_KEEPALIVE},
 	{"no-cert-check", 0, 0, OPT_NO_CERT_CHECK},
 	{"force-dpd", 1, 0, OPT_FORCE_DPD},
+	{"non-inter", 0, 0, OPT_NON_INTER},
 	{NULL, 0, 0, 0},
 };
 
@@ -175,6 +178,7 @@ void usage(void)
 	printf("      --no-http-keepalive         Disable HTTP connection re-use\n");
 	printf("      --no-passwd                 Disable password/SecurID authentication\n");
 	printf("      --no-cert-check             Do not require server SSL cert to be valid\n");
+	printf("      --non-inter                 Do not expect user input; exit if it is required\n");
 	printf("      --passwd-on-stdin           Read password from standard input\n");
 	printf("      --reconnect-timeout         Connection retry timeout in seconds\n");
 	printf("      --servercert=FINGERPRINT    Server's certificate SHA1 fingerprint\n");
@@ -281,6 +285,10 @@ int main(int argc, char **argv)
 		case OPT_NO_PASSWD:
 			vpninfo->nopasswd = 1;
 			break;
+		case OPT_NON_INTER:
+			non_inter = 1;
+			vpninfo->nopasswd = 1;
+			break;
 		case OPT_RECONNECT_TIMEOUT:
 			vpninfo->reconnect_timeout = atoi(optarg);
 			break;
@@ -647,6 +655,9 @@ static int validate_peer_cert(struct openconnect_info *vpninfo, X509 *peer_cert,
 
 		fprintf(stderr, "\nCertificate from VPN server \"%s\" failed verification.\n"
 			"Reason: %s\n",	vpninfo->hostname, reason);
+		if (non_inter)
+			return -EINVAL;
+
 		fflush(stderr);
 
 		ui = UI_new();

openconnect.8

@@ -144,6 +144,9 @@ openconnect \- Connect to Cisco AnyConnect VPN
 .B --no-passwd
 ]
 [
+.B --non-inter
+]
+[
 .B --passwd-on-stdin
 ]
 [
@@ -344,7 +347,10 @@ this information to the
 mailing list.
 .TP
 .B --no-passwd
-Never attempt password (or SecurID) authentication
+Never attempt password (or SecurID) authentication.
+.TP
+.B --non-inter
+Do not expect user input; exit if it is required.
 .TP
 .B --passwd-on-stdin
 Read password from standard input

openconnect.html

@@ -182,7 +182,7 @@ <H2>Release Notes / Changelog</H2>
 <UL>
   <LI><B>OpenConnect HEAD</B><BR>
      <UL>
-       <LI><I>No changelog entries yet</I></LI>
+       <LI>Add <TT>--non-inter</TT> option to avoid all user input.</LI>
      </UL><BR>
   </LI>
   <LI><B><A HREF="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.02.tar.gz">OpenConnect v3.02</a></B> &mdash; 2011-04-19<BR>
@@ -475,6 +475,6 @@ <H3>FreeBSD</H3>
 <hr>
 <address>David Woodhouse &lt;<A HREF="mailto:dwmw2@infradead.org">dwmw2@infradead.org</A>&gt;</address>
 <!-- hhmts start -->
-Last modified: Tue Apr 19 21:26:49 BST 2011
+Last modified: Thu Apr 28 11:54:37 BST 2011
 <!-- hhmts end -->
 </body> </html>