[PATCH/RFC V3 00/13] Fix authgroup selection in XML POST mode

Kevin Cernekee cernekee at gmail.com
Sun Dec 15 01:42:51 EST 2013

This is my third attempt at addressing the various authgroup selection
issues involving XML POST[1] and second-auth[2].  The basic idea is that
whenever the user changes the selected authgroup (whose name is passed
to the UI via oc_auth_form->authgroup_field), the process_auth_form
callback returns back to libopenconnect with a special status code, and
allows the library to construct a new form.  In XML POST mode this
results in a new POST to the gateway (and probably a new <opaque> data
blob); in second-auth mode the form fields are manipulated locally.

The changes are intended to be mostly backward compatible.  The only
incompatible change is that opt->value is prepopulated if
secondary_username is marked editable, as the Cisco clients do allow
the server to specify the initial value for this field.  Library
users that do not know about this may overwrite the pointer (leaking
memory) and will probably ignore the prepopulated value.  Also, users
that do not know about the API change will still not be able to handle
authgroup changes properly.

This has been lightly tested with network-manager-openconnect and the
command-line client.

[1] https://bugs.launchpad.net/bugs/1229195
[2] http://lists.infradead.org/pipermail/openconnect-devel/2013-June/001088.html

Kevin Cernekee (13):
  main: Move username/password/authgroup vars into main.c
  auth: Add <group-access> node to XML POST initial request
  library: Use named constants for process_auth_form() return value
  library: Decouple internal and external oc_* auth form structs
  main: Rename process_auth_form() to avoid conflict with library
  Create a common process_auth_form() wrapper function
  Split user-visible oc_* fields from internal fields
  auth: Provide information on which auth choice is currently selected
  process_auth_form: Add code to support NEWGROUP return status from UI
  auth: Remove outdated comment for parse_auth_choice()
  auth: Parse second-auth-related properties from the auth form
  auth: Hide unused form fields based on the selected authgroup
  library: Bump API version to 2.3 and document changes

 auth.c                 |  421 +++++++++++++++++++++++++++++++-----------------
 gnutls.c               |   30 ++--
 http.c                 |   22 ++-
 library.c              |    1 +
 main.c                 |   54 ++++---
 openconnect-internal.h |   37 ++++-
 openconnect.h          |   13 +-
 openssl.c              |   28 ++--
 ssl.c                  |   21 ++-
 9 files changed, 400 insertions(+), 227 deletions(-)


More information about the openconnect-devel mailing list