diff --git a/auth.c b/auth.c index f884b562..32ae7af9 100644 --- a/auth.c +++ b/auth.c @@ -699,81 +699,6 @@ int parse_xml_response(struct openconnect_info *vpninfo, char *response, struct return ret; } -void nuke_opt_values(struct oc_form_opt *opt) -{ - for (; opt; opt = opt->next) { - if (opt->type == OC_FORM_OPT_TEXT || - opt->type == OC_FORM_OPT_PASSWORD) { - free(opt->_value); - opt->_value = NULL; - } - } -} - -int process_auth_form(struct openconnect_info *vpninfo, struct oc_auth_form *form) -{ - int ret; - struct oc_form_opt_select *grp = form->authgroup_opt; - struct oc_choice *auth_choice; - struct oc_form_opt *opt; - - if (!vpninfo->process_auth_form) { - vpn_progress(vpninfo, PRG_ERR, _("No form handler; cannot authenticate.\n")); - return OC_FORM_RESULT_ERR; - } - -retry: - auth_choice = NULL; - if (grp && grp->nr_choices && !vpninfo->xmlpost) { - if (vpninfo->authgroup) { - /* For non-XML-POST, the server doesn't tell us which group is selected */ - int i; - for (i = 0; i < grp->nr_choices; i++) - if (!strcmp(grp->choices[i]->name, vpninfo->authgroup)) - form->authgroup_selection = i; - } - auth_choice = grp->choices[form->authgroup_selection]; - } - - for (opt = form->opts; opt; opt = opt->next) { - int second_auth = opt->flags & OC_FORM_OPT_SECOND_AUTH; - opt->flags &= ~OC_FORM_OPT_IGNORE; - - if (!auth_choice || - (opt->type != OC_FORM_OPT_TEXT && opt->type != OC_FORM_OPT_PASSWORD)) - continue; - - if (auth_choice->noaaa || - (!auth_choice->second_auth && second_auth)) - opt->flags |= OC_FORM_OPT_IGNORE; - else if (!strcmp(opt->name, "secondary_username") && second_auth) { - if (auth_choice->secondary_username) { - free(opt->_value); - opt->_value = strdup(auth_choice->secondary_username); - } - if (!auth_choice->secondary_username_editable) - opt->flags |= OC_FORM_OPT_IGNORE; - } - } - - ret = vpninfo->process_auth_form(vpninfo->cbdata, form); - - if (ret == OC_FORM_RESULT_NEWGROUP && - form->authgroup_opt && - form->authgroup_opt->form._value) { - free(vpninfo->authgroup); - vpninfo->authgroup = strdup(form->authgroup_opt->form._value); - - if (!vpninfo->xmlpost) - goto retry; - } - - if (ret == OC_FORM_RESULT_CANCELLED || ret < 0) - nuke_opt_values(form->opts); - - return ret; -} - /* Return value: * < 0, on error * = OC_FORM_RESULT_OK (0), when form parsed and POST required diff --git a/library.c b/library.c index 664439ca..34cc32a2 100644 --- a/library.c +++ b/library.c @@ -861,6 +861,7 @@ const char *openconnect_get_peer_cert_hash(struct openconnect_info *vpninfo) { return vpninfo->peer_cert_hash; } + int openconnect_set_compression_mode(struct openconnect_info *vpninfo, oc_compression_mode_t mode) { @@ -878,3 +879,79 @@ int openconnect_set_compression_mode(struct openconnect_info *vpninfo, return -EINVAL; } } + +void nuke_opt_values(struct oc_form_opt *opt) +{ + for (; opt; opt = opt->next) { + if (opt->type == OC_FORM_OPT_TEXT || + opt->type == OC_FORM_OPT_PASSWORD) { + free(opt->_value); + opt->_value = NULL; + } + } +} + +int process_auth_form(struct openconnect_info *vpninfo, struct oc_auth_form *form) +{ + int ret; + struct oc_form_opt_select *grp = form->authgroup_opt; + struct oc_choice *auth_choice; + struct oc_form_opt *opt; + + if (!vpninfo->process_auth_form) { + vpn_progress(vpninfo, PRG_ERR, _("No form handler; cannot authenticate.\n")); + return OC_FORM_RESULT_ERR; + } + +retry: + auth_choice = NULL; + if (grp && grp->nr_choices && !vpninfo->xmlpost) { + if (vpninfo->authgroup) { + /* For non-XML-POST, the server doesn't tell us which group is selected */ + int i; + for (i = 0; i < grp->nr_choices; i++) + if (!strcmp(grp->choices[i]->name, vpninfo->authgroup)) + form->authgroup_selection = i; + } + auth_choice = grp->choices[form->authgroup_selection]; + } + + for (opt = form->opts; opt; opt = opt->next) { + int second_auth = opt->flags & OC_FORM_OPT_SECOND_AUTH; + opt->flags &= ~OC_FORM_OPT_IGNORE; + + if (!auth_choice || + (opt->type != OC_FORM_OPT_TEXT && opt->type != OC_FORM_OPT_PASSWORD)) + continue; + + if (auth_choice->noaaa || + (!auth_choice->second_auth && second_auth)) + opt->flags |= OC_FORM_OPT_IGNORE; + else if (!strcmp(opt->name, "secondary_username") && second_auth) { + if (auth_choice->secondary_username) { + free(opt->_value); + opt->_value = strdup(auth_choice->secondary_username); + } + if (!auth_choice->secondary_username_editable) + opt->flags |= OC_FORM_OPT_IGNORE; + } + } + + ret = vpninfo->process_auth_form(vpninfo->cbdata, form); + + if (ret == OC_FORM_RESULT_NEWGROUP && + form->authgroup_opt && + form->authgroup_opt->form._value) { + free(vpninfo->authgroup); + vpninfo->authgroup = strdup(form->authgroup_opt->form._value); + + if (!vpninfo->xmlpost) + goto retry; + } + + if (ret == OC_FORM_RESULT_CANCELLED || ret < 0) + nuke_opt_values(form->opts); + + return ret; +} + diff --git a/openconnect-internal.h b/openconnect-internal.h index ce87e153..5beef072 100644 --- a/openconnect-internal.h +++ b/openconnect-internal.h @@ -781,11 +781,8 @@ int do_gen_yubikey_code(struct openconnect_info *vpninfo, struct oc_form_opt *opt); /* auth.c */ -void nuke_opt_values(struct oc_form_opt *opt); int parse_xml_response(struct openconnect_info *vpninfo, char *response, struct oc_auth_form **form, int *cert_rq); -int process_auth_form(struct openconnect_info *vpninfo, - struct oc_auth_form *form); int handle_auth_form(struct openconnect_info *vpninfo, struct oc_auth_form *form, struct oc_text_buf *request_body, const char **method, @@ -837,6 +834,10 @@ int socks_gssapi_auth(struct openconnect_info *vpninfo); /* digest.c */ int digest_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *buf); +/* library.c */ +void nuke_opt_values(struct oc_form_opt *opt); +int process_auth_form(struct openconnect_info *vpninfo, struct oc_auth_form *form); + /* version.c */ extern const char *openconnect_version_str;