command-line client should fill in any password-type field with value supplied via --passwd-on-stdin (!6) · Merge requests · OpenConnect VPN projects / OpenConnect

The source project of this merge request has been removed.

Daniel Lenski requested to merge (removed):fill_in_any_password_type_field into master Sep 05, 2018

I previously proposed adding form field hints to suggest which fields should be populated with username/password values. David Woodhouse was hesitant to accept this and we settled on matching the form field names by the first four characters ("user", "pass") as a temporary compromise:

http://lists.infradead.org/pipermail/openconnect-devel/2017-August/004458.html

There's at least one specific case where this interferes with the usage of the command-line client: some GlobalProtect users need to specify an "alternative secret field" instead of the default "passwd" field (using --usergroup :field_name).

Because this field's name normally doesn't start with "pass", openconnect won't accept it via --passwd-on-stdin:

script_to_do_fancy_GlobalProtect_SAML_login |
  openconnect --protocol=gp -u user --passwd-on-stdin --usergroup portal:portal_cookie_field_name globalprotect.company.com

As far as I can tell, there's not actually any good reason why openconnect should only fill in a password-type field with the supplied password if its name starts with "pass", so we should get rid of that check.

Signed-off-by: Daniel Lenski dlenski@gmail.com

Admin message

command-line client should fill in any password-type field with value supplied via --passwd-on-stdin

Merge request reports