openconnect stoken support not working properly with our form

Kevin Cernekee cernekee at gmail.com
Mon Nov 13 21:57:24 PST 2017


On Mon, Nov 13, 2017 at 1:29 PM, Andy Wang <dopey at moonteeth.com> wrote:
> @@ -562,7 +563,7 @@ static struct oc_auth_form
> *parse_roles_form_node(xmlNodePtr node)
>
>  int oncp_obtain_cookie(struct openconnect_info *vpninfo)
>  {
> -       int ret;
> +       int ret, result;
>         struct oc_text_buf *resp_buf = NULL;
>         xmlDocPtr doc = NULL;
>         xmlNodePtr node;
> @@ -570,6 +571,15 @@ int oncp_obtain_cookie(struct openconnect_info
> *vpninfo)
>         char *form_id = NULL;
>         int try_tncc = !!vpninfo->csd_wrapper;
>
> +#ifdef HAVE_LIBSTOKEN
> +        /* Step 1: Unlock software token (if applicable) */

You can delete "Step 1" since oncp_obtain_cookie() isn't annotated the
same way as cstp_obtain_cookie().

> +        if (vpninfo->token_mode == OC_TOKEN_MODE_STOKEN) {
> +                result = prepare_stoken(vpninfo);
> +                if (result)
> +                        goto out;

This can probably reuse |ret| (otherwise |ret| will be left
uninitialized).  Be sure to test the case where the user hits Cancel
on the PIN form, and the case where libstoken returns an error (like
from a missing stokenrc file).

> +        }
> +#endif
> +
>         resp_buf = buf_alloc();
>         if (buf_error(resp_buf))
>                 return -ENOMEM;



More information about the openconnect-devel mailing list