Bugfix RSA SecurID token decryption and PIN entry forms (!344) · Merge requests · OpenConnect VPN projects / OpenConnect

Daniel Lenski requested to merge fix_388 into master Mar 07, 2022

As of 386a6edb, all auth forms are required to have a non-NULL auth_id.

However, we forget to make stoken.c set the auth_id for the forms that it creates for RSA SecurID token decryption and PIN entry. Let's name these:

_rsa_unlock, for token decryption.
_rsa_pin, for PIN entry. Also, rename the numeric PIN field to pin rather than password; there can't be any existing users relying on --form-entry to set its value, because that wouldn't work without the auth_id.

Admin message