1 files changed, 51 insertions, 0 deletions

diff --git a/net-vpn/openconnect/files/8.20-rsa-securid.patch b/net-vpn/openconnect/files/8.20-rsa-securid.patch
new file mode 100644
index 000000000000..57ab2d740707
--- /dev/null
+++ b/net-vpn/openconnect/files/8.20-rsa-securid.patch
@@ -0,0 +1,51 @@
+From 19417131895eb39aabf3641a9e4e0d7082b04f6d Mon Sep 17 00:00:00 2001
+From: Daniel Lenski <dlenski@gmail.com>
+Date: Mon, 7 Mar 2022 08:50:13 -0800
+Subject: [PATCH] Bugfix RSA SecurID token decryption and PIN entry forms
+
+As of
+https://gitlab.com/openconnect/openconnect/-/commit/386a6edb6d2d1d2cd3e9c9de8d85dc7bfda60d34,
+all auth forms are required to have a non-NULL `auth_id`.
+
+However, we forget to make stoken.c set the `auth_id` for the forms that it
+creates for RSA SecurID token decryption and PIN entry.  Let's name these:
+
+  - `_rsa_unlock`, for token decryption.
+  - `_rsa_pin`, for PIN entry.  Also, rename the numeric PIN field to `pin`
+    rather than `password`; there can't be any existing users relying on
+    `--form-entry` to set its value, because that wouldn't work without the
+    `auth_id`.
+
+Fixes #388.
+
+Signed-off-by: Daniel Lenski <dlenski@gmail.com>
+---
+ stoken.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/stoken.c b/stoken.c
+index 00a67625..45d849f5 100644
+--- a/stoken.c
++++ b/stoken.c
+@@ -100,6 +100,7 @@ static int decrypt_stoken(struct openconnect_info *vpninfo)
+ 
+ 	form.opts = opts;
+ 	form.message = _("Enter credentials to unlock software token.");
++	form.auth_id = "_rsa_unlock";
+ 
+ 	if (stoken_devid_required(vpninfo->stoken_ctx)) {
+ 		opt->type = OC_FORM_OPT_TEXT;
+@@ -206,9 +207,10 @@ static int request_stoken_pin(struct openconnect_info *vpninfo)
+ 
+ 	form.opts = opts;
+ 	form.message = _("Enter software token PIN.");
++	form.auth_id = "_rsa_pin";
+ 
+ 	opt->type = OC_FORM_OPT_PASSWORD;
+-	opt->name = (char *)"password";
++	opt->name = (char *)"pin";
+ 	opt->label = _("PIN:");
+ 	opt->flags = OC_FORM_OPT_NUMERIC;
+ 
+-- 
+GitLab