From b6dc821146840df0fd5685bc088943bbec84237d Mon Sep 17 00:00:00 2001 From: Daniel Lenski Date: Wed, 5 Sep 2018 12:44:25 -0700 Subject: [PATCH] command-line client should fill in any password field with value supplied via --passwd-on-stdin I previously proposed adding form field hints to suggest which fields should be populated with username/password values. David Woodhouse was hesitant to accept this and we settled on matching the form field names by the first four characters ("user", "pass") as a temporary compromise: http://lists.infradead.org/pipermail/openconnect-devel/2017-August/004458.html There's at least one specific case where this interferes with the usage of the command-line client: some GlobalProtect users need to specify an "alternative secret field" instead of the default "passwd" field (using `--usergroup :field_name`). Because this field's name normally doesn't start with "pass", openconnect won't accept it via `--passwd-on-stdin`: script_to_do_fancy_GlobalProtect_SAML_login | openconnect --protocol=gp -u user --passwd-on-stdin --usergroup portal:portal_cookie_field_name globalprotect.company.com As far as I can tell, there's not actually any good reason why openconnect should *only* fill in a password-type field with the supplied password if its name starts with "pass", so we should get rid of that check. Signed-off-by: Daniel Lenski --- main.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/main.c b/main.c index 379cf5de..d2e21c07 100644 --- a/main.c +++ b/main.c @@ -1999,8 +1999,7 @@ static int process_auth_form_cb(void *_vpninfo, empty = 0; } else if (opt->type == OC_FORM_OPT_PASSWORD) { - if (password && - !strncmp(opt->name, "pass", 4)) { + if (password) { opt->_value = password; password = NULL; } else {