From 19417131895eb39aabf3641a9e4e0d7082b04f6d Mon Sep 17 00:00:00 2001 From: Daniel Lenski Date: Mon, 7 Mar 2022 08:50:13 -0800 Subject: [PATCH] Bugfix RSA SecurID token decryption and PIN entry forms As of https://gitlab.com/openconnect/openconnect/-/commit/386a6edb6d2d1d2cd3e9c9de8d85dc7bfda60d34, all auth forms are required to have a non-NULL `auth_id`. However, we forget to make stoken.c set the `auth_id` for the forms that it creates for RSA SecurID token decryption and PIN entry. Let's name these: - `_rsa_unlock`, for token decryption. - `_rsa_pin`, for PIN entry. Also, rename the numeric PIN field to `pin` rather than `password`; there can't be any existing users relying on `--form-entry` to set its value, because that wouldn't work without the `auth_id`. Fixes #388. Signed-off-by: Daniel Lenski --- stoken.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/stoken.c b/stoken.c index 00a67625..45d849f5 100644 --- a/stoken.c +++ b/stoken.c @@ -100,6 +100,7 @@ static int decrypt_stoken(struct openconnect_info *vpninfo) form.opts = opts; form.message = _("Enter credentials to unlock software token."); + form.auth_id = "_rsa_unlock"; if (stoken_devid_required(vpninfo->stoken_ctx)) { opt->type = OC_FORM_OPT_TEXT; @@ -206,9 +207,10 @@ static int request_stoken_pin(struct openconnect_info *vpninfo) form.opts = opts; form.message = _("Enter software token PIN."); + form.auth_id = "_rsa_pin"; opt->type = OC_FORM_OPT_PASSWORD; - opt->name = (char *)"password"; + opt->name = (char *)"pin"; opt->label = _("PIN:"); opt->flags = OC_FORM_OPT_NUMERIC; -- GitLab