Refuse to handle forms without ->auth_id (but do it in the right place, and noisily)

In 0b47ea1882346fdedfcd8a315f51aeb39e13459e ("Refuse to handle forms without
->auth_id"), the process_auth_form_cb for the OpenConnect CLI was modified
to silently reject forms with auth_id unset.

Issues with this:

1. If a form doesn't have its auth_id set, it'll fail *silently*, which
   makes it confusingly difficult to identify the root cause. (See #351.)
2. As that commit message says, GUIs/front-ends need the auth_id to be set,
   but it didn't do anything to enforce it other than for the CLI.

The solution is to reject forms with auth_id unset in process_auth_form()
itself, rather than expecting the front-ends’ callback functions to check
this, and to do so with an error message explaining that this is a bug in
OpenConnect.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/library.c b/library.c
index 4448118de1f964f114f6be93516cfc96b1ab3c12..37b7f9bc80b38cbc768ed7e22fb61d80183d0190 100644 (file)
--- a/library.c
+++ b/library.c
@@ -1532,6 +1532,10 @@ int process_auth_form(struct openconnect_info *vpninfo, struct oc_auth_form *for
                vpn_progress(vpninfo, PRG_ERR, _("No form handler; cannot authenticate.\n"));
                return OC_FORM_RESULT_ERR;
        }
+       if (!form->auth_id) {
+               vpn_progress(vpninfo, PRG_ERR, _("No form ID. This is a bug in OpenConnect's authentication code.\n"));
+               return OC_FORM_RESULT_ERR;
+       }
 
 retry:
        auth_choice = NULL;