From: Daniel Lenski <dlenski@gmail.com>
Date: Mon, 7 Mar 2022 16:50:13 +0000 (-0800)
Subject: Bugfix RSA SecurID token decryption and PIN entry forms
X-Git-Tag: v9.00~78^2~1
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=19417131895eb39aabf3641a9e4e0d7082b04f6d;p=users%2Fdwmw2%2Fopenconnect.git

Bugfix RSA SecurID token decryption and PIN entry forms

As of
https://gitlab.com/openconnect/openconnect/-/commit/386a6edb6d2d1d2cd3e9c9de8d85dc7bfda60d34,
all auth forms are required to have a non-NULL `auth_id`.

However, we forget to make stoken.c set the `auth_id` for the forms that it
creates for RSA SecurID token decryption and PIN entry.  Let's name these:

  - `_rsa_unlock`, for token decryption.
  - `_rsa_pin`, for PIN entry.  Also, rename the numeric PIN field to `pin`
    rather than `password`; there can't be any existing users relying on
    `--form-entry` to set its value, because that wouldn't work without the
    `auth_id`.

Fixes #388.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
---

diff --git a/stoken.c b/stoken.c
index 00a67625..45d849f5 100644
--- a/stoken.c
+++ b/stoken.c
@@ -100,6 +100,7 @@ static int decrypt_stoken(struct openconnect_info *vpninfo)
 
 	form.opts = opts;
 	form.message = _("Enter credentials to unlock software token.");
+	form.auth_id = "_rsa_unlock";
 
 	if (stoken_devid_required(vpninfo->stoken_ctx)) {
 		opt->type = OC_FORM_OPT_TEXT;
@@ -206,9 +207,10 @@ static int request_stoken_pin(struct openconnect_info *vpninfo)
 
 	form.opts = opts;
 	form.message = _("Enter software token PIN.");
+	form.auth_id = "_rsa_pin";
 
 	opt->type = OC_FORM_OPT_PASSWORD;
-	opt->name = (char *)"password";
+	opt->name = (char *)"pin";
 	opt->label = _("PIN:");
 	opt->flags = OC_FORM_OPT_NUMERIC;