make --authgroup fill EITHER the role and/or the realm for Juniper

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/auth-juniper.c b/auth-juniper.c
index d298dc65f6d161972a6ac8cce38a4e0a1bdaebc1..dbff5ea150ece4e63971a64a859ff585e66ca5df 100644 (file)
--- a/auth-juniper.c
+++ b/auth-juniper.c
@@ -355,6 +355,7 @@ static struct oc_auth_form *parse_roles_table_node(xmlNodePtr node)
        opt->form.label = strdup("frmSelectRoles");
        opt->form.name = strdup("frmSelectRoles");
        opt->form.type = OC_FORM_OPT_SELECT;
+       form->authgroup_opt = opt; /* XX: --authgroup also sets realm field (see parse_select_node in auth-html.c) */
 
        for (table_itr = node->children; table_itr; table_itr = table_itr->next) {
                if (!table_itr->name || strcasecmp((const char *)table_itr->name, "tr"))

diff --git a/tests/juniper-auth b/tests/juniper-auth
index f985df2a89df7242d2569117da68d360b822bf85..7355f165213ae33e124957715293de553e60a614 100755 (executable)
--- a/tests/juniper-auth
+++ b/tests/juniper-auth
@@ -72,10 +72,9 @@ echo -n "frmLogin with username/password → frmNextToken"
 
 ok
 
-# only one role because we don't have a way to auto-fill this
-# (TODO: make --authgroup fill in the role instead, if there's no realm?)
+# --authgroup will now fill in EITHER the role and/or the realm
 echo -n "frmLogin with username/password → frmConfirmation → frmSelectRoles"
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --protocol=nc -q "$ADDRESS:443/?confirm=1&roles=only_one_role" -u test $FINGERPRINT --cookieonly >/dev/null 2>&1) ||
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --protocol=nc -q "$ADDRESS:443/?confirm=1&roles=foo,bar,baz" --authgroup=bar -u test $FINGERPRINT --cookieonly >/dev/null 2>&1) ||
     fail $PID "Could not receive cookie from fake Juniper server"
 
 echo ok