GP auth: give challenge/2FA forms a constant auth_id/name of "_challenge" (!90) · Merge requests · OpenConnect VPN projects / OpenConnect

Daniel Lenski requested to merge modify_GP_challenge_2FA_form_handling into master Apr 09, 2020

Until now, we've been using the inputStr value (hex token that has to accompany challenge form submission) as the auth_id for challenge forms, but it appears these values aren't fixed from run-to-run, which makes it impossible to use --form-entry to fill them out.

This patch makes all challenge forms have auth_id=_challenge, so they can be filled with --form-entry=_challenge:passwd=VALUE. The inputStr value will now be shoehorned into form->action.

Unless we find a GP VPN that uses multiple independent challenges (3FA?), this should work better.

ping #112

Signed-off-by: Daniel Lenski dlenski@gmail.com

GP auth: give challenge/2FA forms a constant auth_id/name of "_challenge"

Merge request reports