command-line client should fill in any password-type field with value supplied via --passwd-on-stdin
I previously proposed adding form field hints to suggest which fields should be populated with username/password values. David Woodhouse was hesitant to accept this and we settled on matching the form field names by the first four characters ("user", "pass") as a temporary compromise:
http://lists.infradead.org/pipermail/openconnect-devel/2017-August/004458.html
There's at least one specific case where this interferes with the
usage of the command-line client: some GlobalProtect users need to
specify an "alternative secret field" instead of the default "passwd"
field (using --usergroup :field_name
).
Because this field's name normally doesn't start with "pass", openconnect
won't accept it via --passwd-on-stdin
:
script_to_do_fancy_GlobalProtect_SAML_login |
openconnect --protocol=gp -u user --passwd-on-stdin --usergroup portal:portal_cookie_field_name globalprotect.company.com
As far as I can tell, there's not actually any good reason why openconnect should only fill in a password-type field with the supplied password if its name starts with "pass", so we should get rid of that check.
Signed-off-by: Daniel Lenski dlenski@gmail.com