openconnect: allow processing multiple passwords from stdin

Resolves #1419

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2 files changed, 128 insertions, 1 deletions

diff --git a/net/openconnect/files/openconnect.sh b/net/openconnect/files/openconnect.sh
index 0e22e1b60..9b1e652bd 100755
--- a/net/openconnect/files/openconnect.sh
+++ b/net/openconnect/files/openconnect.sh
@@ -10,6 +10,7 @@ proto_openconnect_init_config() {
 	proto_config_add_string "serverhash"
 	proto_config_add_string "authgroup"
 	proto_config_add_string "password"
+	proto_config_add_string "password2"
 	proto_config_add_string "token_mode"
 	proto_config_add_string "token_secret"
 	proto_config_add_string "interface"
@@ -22,7 +23,7 @@ proto_openconnect_init_config() {
 proto_openconnect_setup() {
 	local config="$1"
 
-	json_get_vars server port username serverhash authgroup password interface token_mode token_secret os csd_wrapper
+	json_get_vars server port username serverhash authgroup password password2 interface token_mode token_secret os csd_wrapper
 
 	grep -q tun /proc/modules || insmod tun
 
@@ -65,6 +66,7 @@ proto_openconnect_setup() {
 		mkdir -p /var/etc
 		pwfile="/var/etc/openconnect-$config.passwd"
 		echo "$password" > "$pwfile"
+		[ -n "$password2" ] && echo "$password2" >> "$pwfile"
 		append cmdline "--passwd-on-stdin"
 	}
 
diff --git a/net/openconnect/patches/001-Allow-processing-two-passwords-from-stdin-in-non-int.patch b/net/openconnect/patches/001-Allow-processing-two-passwords-from-stdin-in-non-int.patch
new file mode 100644
index 000000000..be652f8eb
--- /dev/null
+++ b/net/openconnect/patches/001-Allow-processing-two-passwords-from-stdin-in-non-int.patch
@@ -0,0 +1,125 @@
+From 5f2e24fdc9935d049a7e4a5b6e10461e9467597f Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Thu, 18 Jun 2015 22:38:05 +0200
+Subject: [PATCH] Allow processing two passwords from stdin in non-interactive
+ mode
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+---
+ main.c | 38 ++++++++++++++++++++++++++------------
+ 1 file changed, 26 insertions(+), 12 deletions(-)
+
+diff --git a/main.c b/main.c
+index 3b976d8..f853afe 100644
+--- a/main.c
++++ b/main.c
+@@ -85,6 +85,7 @@ static int do_passphrase_from_fsid;
+ static int nocertcheck;
+ static int non_inter;
+ static int cookieonly;
++static int allow_stdin_read;
+ 
+ static char *token_filename;
+ static char *server_cert = NULL;
+@@ -358,7 +359,7 @@ static char *convert_arg_to_utf8(char **argv, char *arg)
+ #define vfprintf vfprintf_utf8
+ #define is_arg_utf8(str) (0)
+ 
+-static void read_stdin(char **string, int hidden)
++static void read_stdin(char **string, int hidden, int allow_fail)
+ {
+ 	CONSOLE_READCONSOLE_CONTROL rcc = { sizeof(rcc), 0, 13, 0 };
+ 	HANDLE stdinh = GetStdHandle(STD_INPUT_HANDLE);
+@@ -375,6 +376,7 @@ static void read_stdin(char **string, int hidden)
+ 		char *errstr = openconnect__win32_strerror(GetLastError());
+ 		fprintf(stderr, _("ReadConsole() failed: %s\n"), errstr);
+ 		free(errstr);
++		*string = NULL;
+ 		goto out;
+ 	}
+ 
+@@ -622,7 +624,7 @@ static void print_build_opts(void)
+ 
+ #ifndef _WIN32
+ static const char default_vpncscript[] = DEFAULT_VPNCSCRIPT;
+-static void read_stdin(char **string, int hidden)
++static void read_stdin(char **string, int hidden, int allow_fail)
+ {
+ 	char *c, *buf = malloc(1025);
+ 	int fd = fileno(stdin);
+@@ -648,8 +650,14 @@ static void read_stdin(char **string, int hidden)
+ 	}
+ 
+ 	if (!buf) {
+-		perror(_("fgets (stdin)"));
+-		exit(1);
++		if (allow_fail) {
++			*string = NULL;
++			free(buf);
++			return;
++		} else {
++			perror(_("fgets (stdin)"));
++			exit(1);
++		}
+ 	}
+ 
+ 	c = strchr(buf, '\n');
+@@ -1160,13 +1168,14 @@ int main(int argc, char **argv)
+ 			cookieonly = 3;
+ 			break;
+ 		case OPT_COOKIE_ON_STDIN:
+-			read_stdin(&vpninfo->cookie, 0);
++			read_stdin(&vpninfo->cookie, 0, 0);
+ 			/* If the cookie is empty, ignore it */
+ 			if (!*vpninfo->cookie)
+ 				vpninfo->cookie = NULL;
+ 			break;
+ 		case OPT_PASSWORD_ON_STDIN:
+-			read_stdin(&password, 0);
++			read_stdin(&password, 0, 0);
++			allow_stdin_read = 1;
+ 			break;
+ 		case OPT_NO_PASSWD:
+ 			vpninfo->nopasswd = 1;
+@@ -1708,7 +1717,7 @@ static int validate_peer_cert(void *_vpninfo, const char *reason)
+ 		fprintf(stderr, _("Enter '%s' to accept, '%s' to abort; anything else to view: "),
+ 		       _("yes"), _("no"));
+ 
+-		read_stdin(&response, 0);
++		read_stdin(&response, 0, 0);
+ 		if (!response)
+ 			return -EINVAL;
+ 
+@@ -1779,19 +1788,24 @@ static char *prompt_for_input(const char *prompt,
+ 			      struct openconnect_info *vpninfo,
+ 			      int hidden)
+ {
+-	char *response;
++	char *response = NULL;
+ 
+ 	fprintf(stderr, "%s", prompt);
+ 	fflush(stderr);
+ 
+ 	if (non_inter) {
+-		fprintf(stderr, "***\n");
+-		vpn_progress(vpninfo, PRG_ERR,
++		if (allow_stdin_read) {
++			read_stdin(&response, hidden, 1);
++		}
++		if (response == NULL) {
++			fprintf(stderr, "***\n");
++			vpn_progress(vpninfo, PRG_ERR,
+ 			     _("User input required in non-interactive mode\n"));
+-		return NULL;
++		}
++		return response;
+ 	}
+ 
+-	read_stdin(&response, hidden);
++	read_stdin(&response, hidden, 0);
+ 	return response;
+ }
+ 
+-- 
+2.1.4
+