Supported protocols and servers are extremely inconsistent in how they send
us multiple search domains. Some provide domains via repeating fields which
we glom into a single space-separated string, some provide domains in single
fields which contain ',' or ';' as separators.
Since neither ',' nor ';' is a legal character in a domain name, and since
all known routing configuration scripts support space-separated domains. we
can safely replace these characters with spaces, and thus support all known
combinations.
The name '--usergroup' exists purely for historical/Cisco-specific reasons.
Its function is simply to override the *path* of the URL for the initial
HTTPS request to the server.
Thus 'openconnect --usergroup loginRealm vpn.server.com'
and 'openconnect https://vpn.server.com/loginRealm' are entirely equivalent;
with most front-ends, specifying the URL directly is the only way to set the
path.
Signed-off-by: Daniel Lenski <email address hidden>
The `--authgroup=GROUP` option is specifically designed for this purpose: it can enter
a value into "the right" dropdown/list field on multiple protocols:
- Cisco AnyConnect/ocserv: "authgroup" selection form field
- Juniper: "realm" OR "frmSelectRoles" selection form field
- Pulse: "realm" selection form field
- Fortinet: "realm" selection form field
- F5: "domain" selection form field
- GlobalProtect: "gateway" selection form field (found on the "portal" interface;
this one actually controls the choice of gateway server)
The functionality of the `--authgroup` option is not as obvious as
it could/should be because the name "authgroup" is Cisco-specific.
This patch improves the `--help` output and openconnect(8) man page to
show that it works with other protocols as well, and mention the names
of the relevant fields for those protocols.
Signed-off-by: Daniel Lenski <email address hidden>
6246bbd...
by
Dimitri Papadopoulos Orfanos <email address hidden>
Merge branch 'const' into 'master'
Fix constness again in HKDF/HPKE-related functions
