[PATCH] Fix problems with auth groups selection

Dmitry Eremin-Solenikov dbaryshkov at gmail.com
Tue Jul 16 17:05:15 EDT 2013

After a recent update our VPN server, I noticed that openconnect is not
able anymore to connect to it. To login to our VPN server I have to
select non-default auth group. According to http traffic dumps OpenConnect
5.01 tried to select a group, but server failed to respond properly.
After analysing dumps from official client, I noticed that it passes a
group in the "init" XML request. I created a simple workaround, that
passes group to the "init" request, if it was selected via command line
prompt. Full solution should include reselecting a group, however it
looks like it requires auth traffic restart, which is too intrusive

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>

--- openconnect-5.01.orig/auth.c
+++ openconnect-5.01/auth.c
@@ -790,6 +790,11 @@ int xmlpost_initial_req(struct openconne
 	if (!node)
 		goto bad;
+	if (vpninfo->authgroup) {
+		node = xmlNewTextChild(root, NULL, XCAST("group-select"), XCAST(vpninfo->authgroup));
+		if (!node)
+			goto bad;
+	}
 	if (cert_fail) {
 		node = xmlNewTextChild(root, NULL, XCAST("client-cert-fail"), NULL);
 		if (!node)

More information about the openconnect-devel mailing list