• Daniel Lenski's avatar
    Fix issue causing front-ends/GUIs to be insensitive to changes in the Juniper realm dropdown · 669c7d3e
    Daniel Lenski authored
    This has been a persistent, puzzling issue
    (http://lists.infradead.org/pipermail/openconnect-devel/2018-July/004926.html,
    http://lists.infradead.org/pipermail/openconnect-devel/2017-November/004558.html,
    etc.).  When connecting to a Juniper VPN from a front-end (e.g.
    NM-OpenConnect, OpenConnect-GUI for Windows, OpenConnect for Android),
    changing the selected realm/`authgroup` in the drop-down box causes the form
    to immediately reload *without* saving the change.
    
    This turned out to be a rather subtle issue…
    
    The meaning and usage of `vpninfo->authgroup` differs across the different
    protocols, which made this hard to isolate.
    
    * With AnyConnect, changing the authgroup value in the form is supposed to
      trigger an immediate reload of the form, since the form contents can
      differ from one authgroup to another.  Hence a `process_auth_form`
      callback should immediately return `OC_FORM_RESULT_NEWGROUP` when the form
      value changes.
    * With Juniper, the authgroup dropdown don't *actually* need to trigger a reloading
      of the form, since the form won't change if the authgroup field changes.
      (At least not on any Juniper VPN I have access to.) However, it doesn't
      hurt anything either, and setting the dropdown as `form->authgroup_opt`
      allows CLI users to specify the desired setting with `--authgroup`, which
      is very convenient.
    * With GlobalProtect, the authgroup has been repurposed to represent the desired
      *gateway* to connect to, in the cases where the user is connecting via the
      *portal* interface.  The authgroup selection always appears in a form by
      itself, currently.  This similarly allows CLI users to pick the desired
      gateway with `--authgroup`.
    
    Long story short, the problem here was that `form->authgroup_selection`
    needed to be set to a specific index (within `form->authgroup_opt->choices[]`)
     of the currently selected value, in order
    for the GUI to show the right value as selected.  If this wasn't set, then
    every time the selection was changed (causing the form handler to return
    `OC_FORM_RESULT_NEWGROUP`), the selected index would revert to `0` on the
    next iteration of the form.
    
    For AnyConnect, the `form->authgroup_selection` was already set correctly;
    for Juniper and GlobalProtect, it wasn't.  It seems to me that the most
    robust fix here is to ensure that `process_auth_form` itself always sets
    `form->authgroup_selection` to the index of the value matching
    `vpninfo->authgroup` _before_ handing the form off `process_auth_form_cb`.
    
    Tested that this change makes Juniper realm dropdowns work correctly in the
    NM-OpenConnect and Android front-ends.
    Signed-off-by: default avatarDaniel Lenski <dlenski@gmail.com>
    669c7d3e
Name
Last commit
Last update
android Loading commit data...
java Loading commit data...
m4 Loading commit data...
po Loading commit data...
tests Loading commit data...
www Loading commit data...
.gitignore Loading commit data...
.gitlab-ci.yml Loading commit data...
AUTHORS Loading commit data...
COPYING.LGPL Loading commit data...
Makefile.am Loading commit data...
README.DTLS Loading commit data...
README.TESTS Loading commit data...
TODO Loading commit data...
acinclude.m4 Loading commit data...
auth-common.c Loading commit data...
auth-globalprotect.c Loading commit data...
auth-juniper.c Loading commit data...
auth.c Loading commit data...
autogen.sh Loading commit data...
compat.c Loading commit data...
config.rpath Loading commit data...
configure.ac Loading commit data...
csd-post.sh Loading commit data...
csd-wrapper.sh Loading commit data...
cstp.c Loading commit data...
digest.c Loading commit data...
dtls.c Loading commit data...
esp-seqno.c Loading commit data...
esp.c Loading commit data...
gnutls-dtls.c Loading commit data...
gnutls-esp.c Loading commit data...
gnutls.c Loading commit data...
gnutls.h Loading commit data...
gnutls_tpm.c Loading commit data...
gnutls_tpm2.c Loading commit data...
gpst.c Loading commit data...
gssapi.c Loading commit data...
hipreport.sh Loading commit data...
http-auth.c Loading commit data...
http.c Loading commit data...
iconv.c Loading commit data...
jni.c Loading commit data...
libopenconnect.map.in Loading commit data...
library.c Loading commit data...
lzo.c Loading commit data...
lzo.h Loading commit data...
lzs.c Loading commit data...
main.c Loading commit data...
mainloop.c Loading commit data...
ntlm.c Loading commit data...
oath.c Loading commit data...
oncp.c Loading commit data...
openconnect-internal.h Loading commit data...
openconnect.8.in Loading commit data...
openconnect.h Loading commit data...
openconnect.ico Loading commit data...
openconnect.pc.in Loading commit data...
openconnect.rc Loading commit data...
openssl-dtls.c Loading commit data...
openssl-esp.c Loading commit data...
openssl-pkcs11.c Loading commit data...
openssl.c Loading commit data...
script.c Loading commit data...
ssl.c Loading commit data...
sspi.c Loading commit data...
stoken.c Loading commit data...
tncc-wrapper.py Loading commit data...
tun-win32.c Loading commit data...
tun.c Loading commit data...
version.sh Loading commit data...
win32-ipicmp.h Loading commit data...
xml.c Loading commit data...
yubikey.c Loading commit data...