On Thu, 2018-07-05 at 12:35 -0500, Brian J. Johnson wrote:
> On 07/04/2018 03:12 AM, David Woodhouse wrote:
> >
> >
> > On Tue, 2018-07-03 at 15:12 -0500, Brian J. Johnson wrote:
> > > Any updates on this issue? I'm running into it myself on Ubuntu
> > > 18.04. I'm unable to connect to my company's Pulse VPN, since I can't
> > > select the correct authgroup/realm. I'd be happy to try a test build
> > > against my environment.
> >
> > Did you try the suggestion I made? Which would look something like
> > this:
> >
> > --- a/auth-juniper.c
> > +++ b/auth-juniper.c
> > @@ -189,8 +189,6 @@ static int parse_select_node(struct openconnect_info *vpninfo, struct oc_auth_fo
> > xmlnode_get_prop(node, "name", &opt->form.name);
> > opt->form.label = strdup(opt->form.name);
> > opt->form.type = OC_FORM_OPT_SELECT;
> > - if (!strcmp(opt->form.name, "realm"))
> > - form->authgroup_opt = opt;
> >
> > for (child = node->children; child; child = child->next) {
> > struct oc_choice **new_choices;
> >
> >
> > Or if you're not able to build for yourself and you're not using HTTP
> > Digest auth to connect to anything (hint: you aren't), just:
> >
> > sudo s/realm/rXXXm/g -i /usr/lib/x86_64-linux-gnu/libopenconnect.so
> >
>
> David,
>
> I tried both (patching and building), and in both cases, the behavior
> was the same: the second realm in the list is selected by default
> (which is handy, since that's the one I happen to need), but I'm unable
> to select the first realm. If I select it, the menu immediately snaps
> back to the second entry, and the cursor jumps to the "password" field.
> So it behaves exactly the same as with the released build, except that
> the second realm is selected by default instead of the first.
>
> So sorry, this doesn't seem to be a fix.
Hm, try this one?
diff --git a/auth-juniper.c b/auth-juniper.c
index 30ceb3a..5606958 100644
--- a/auth-juniper.c
+++ b/auth-juniper.c
@@ -188,8 +188,11 @@ static int parse_select_node(struct openconnect_info *vpninfo, struct oc_auth_fo
xmlnode_get_prop(node, "name", &opt->form.name);
opt->form.label = strdup(opt->form.name);
opt->form.type = OC_FORM_OPT_SELECT;
- if (!strcmp(opt->form.name, "realm"))
+
+ if (!strcmp(opt->form.name, "realm")) {
form->authgroup_opt = opt;
+ form->authgroup_selection = -1;
+ }
for (child = node->children; child; child = child->next) {
struct oc_choice **new_choices;
@@ -209,6 +212,13 @@ static int parse_select_node(struct openconnect_info *vpninfo, struct oc_auth_fo
free(choice);
return -ENOMEM;
}
+ /* Juniper server doesn't explicitly tell us which authgroup is currently
+ * selected, and in fact doesn't really even need the NEWGROUP behaviour
+ * at all. But users like using the --authgroup option for the realm, so
+ * support it this way, by setting authgroup_selection accordingly. */
+ if (opt == form->authgroup_opt && vpninfo->authgroup && !strcmp(choice->name, vpninfo->authgroup))
+ form->authgroup_selection = opt->nr_choices;
+
opt->choices = new_choices;
opt->choices[opt->nr_choices++] = choice;
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5213 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20181213/1e30f671/attachment.bin>
