Can't connect to Juniper VPN when a 'Post Sign-In Message' is set

David Woodhouse dwmw2 at infradead.org
Mon Jul 4 03:10:06 PDT 2016 

On Tue, 2016-06-14 at 16:16 -0700, Katelyn Schiesser wrote:
> Okay, I got it working. I didn't add any sort of interactive-ness, as
> I felt that would break the flow of things - especially if someone
> used -b/--background. Openconnect just assumes you want to press
> 'Proceed'. I also made it print whatever the Post Sign-in Message is
> set to.
> 
>  Here is my patch - let me know if you want anything changed in it.

Hi Katelyn, thanks for working on this — and apologies for the delay in
responding.

The approach looks reasonable enough (given that this is a pile of
hacks on hacks to do special-case parsing of HTML, I'm not going to be
too picky!). It looks like you're generating a 'form' for the user to
full in, which doesn't actually have any queries in it. So in the
text-mode version, there's no user interaction, right? You just get
shown the contents of the textarea, and it proceeds directly to
connection?

In the GUI it'll be different — you still have to click a 'Login'
button to proceed with the "sn-postauth-proceed" action, which is
stored in a hidden (OC_FORM_OPT_HIDDEN) field in the user-interaction
request.

But in the GUI the progress message 'Post Sign-In Message:...' that
you've added won't be shown — you'll want to put that into form->banner 
instead, I think.

Finally... 

+            /* display the post sign-in message, if any */
+            char *fieldname = calloc(1, sizeof(char));
+            xmlnode_get_prop(child, "name", &fieldname);

I'd prefer just to set 'fieldname' to NULL there. Or even use
xmlGetProp() directly. And then if (fieldname && !strcasecmp...)

I originally thought that was buggy and a complete misunderstanding of
char pointers... then realised it actually wasn't broken... and
*finally* realised you probably meant it that way, and it was entirely
sane. But just not my preferred approach :)

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160704/bbe644bf/attachment.bin>

More information about the openconnect-devel mailing list