From: Daniel Lenski Date: Wed, 5 Sep 2018 19:44:25 +0000 (-0700) Subject: command-line client should fill in any password field with value supplied via --passw... X-Git-Tag: v8.00~84^2 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=b6dc821146840df0fd5685bc088943bbec84237d;p=users%2Fdwmw2%2Fopenconnect.git command-line client should fill in any password field with value supplied via --passwd-on-stdin I previously proposed adding form field hints to suggest which fields should be populated with username/password values. David Woodhouse was hesitant to accept this and we settled on matching the form field names by the first four characters ("user", "pass") as a temporary compromise: http://lists.infradead.org/pipermail/openconnect-devel/2017-August/004458.html There's at least one specific case where this interferes with the usage of the command-line client: some GlobalProtect users need to specify an "alternative secret field" instead of the default "passwd" field (using `--usergroup :field_name`). Because this field's name normally doesn't start with "pass", openconnect won't accept it via `--passwd-on-stdin`: script_to_do_fancy_GlobalProtect_SAML_login | openconnect --protocol=gp -u user --passwd-on-stdin --usergroup portal:portal_cookie_field_name globalprotect.company.com As far as I can tell, there's not actually any good reason why openconnect should *only* fill in a password-type field with the supplied password if its name starts with "pass", so we should get rid of that check. Signed-off-by: Daniel Lenski --- diff --git a/main.c b/main.c index 379cf5de..d2e21c07 100644 --- a/main.c +++ b/main.c @@ -1999,8 +1999,7 @@ static int process_auth_form_cb(void *_vpninfo, empty = 0; } else if (opt->type == OC_FORM_OPT_PASSWORD) { - if (password && - !strncmp(opt->name, "pass", 4)) { + if (password) { opt->_value = password; password = NULL; } else {