auth: Implement special handling of password fields on XML POST

The Cisco AnyConnect client exhibits some quirky behavior on fields
with certain names:

For "answer", "whichpin", and "new_password", the field is renamed to
"password" in the submission.

For "verify_pin" and "verify_password", the field is omitted entirely.
One might expect the client to perform a comparison to see if the first
password/PIN field matches the verify_* field, but in my testing, I didn't
actually see it doing so.

Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

diff --git a/auth.c b/auth.c
index a4f95d6818a8fc8ff7f3fafc41c76a00610b4c37..59587f13648e3b13baf45d7906adbae6a7b069d8 100644 (file)
--- a/auth.c
+++ b/auth.c
@@ -803,6 +803,21 @@ static int xmlpost_append_form_opts(struct openconnect_info *vpninfo,
                        continue;
                }
 
+               /* answer,whichpin,new_password: rename to "password" */
+               if (!strcmp(opt->name, "answer") ||
+                   !strcmp(opt->name, "whichpin") ||
+                   !strcmp(opt->name, "new_password")) {
+                       if (!xmlNewTextChild(node, NULL, XCAST("password"), XCAST(opt->value)))
+                               goto bad;
+                       continue;
+               }
+
+               /* verify_pin,verify_password: ignore */
+               if (!strcmp(opt->name, "verify_pin") ||
+                   !strcmp(opt->name, "verify_password")) {
+                       continue;
+               }
+
                /* everything else: create <foo>user_input</foo> under <auth> */
                if (!xmlNewTextChild(node, NULL, XCAST(opt->name), XCAST(opt->value)))
                        goto bad;