• Kevin Cernekee's avatar
    http: Fix redirect handling in auth form loop · 8e1fda4f
    Kevin Cernekee authored
    The gateway may ask the user to fill out different forms that live at
    different URLs, e.g.
        GET /+webvpn+/index.html
        (returns <form method="post" action="/+webvpn+/index.html"> and
         username/password form elements)
        POST /+webvpn+/index.html
        (returns <form method="post" action="/+webvpn+/login/challenge.html">
         and challenge/response form elements)
        POST /+webvpn+/login/challenge.html
        (returns <auth> node with valid cookie)
    The refactored openconnect_obtain_cookie() loop tried to post the
    challenge/response data to index.html, preventing successful login.  This
    patch changes the logic so that it will honor the new "action" attribute
    if present.
    This probably does not affect XML POST mode, because XML POST <form> tags
    do not seem to use attributes.
    Reported-by: default avatarFabian Jäger <fabian.jaeger@chungwasoft.com>
    Signed-off-by: default avatarKevin Cernekee <cernekee@gmail.com>
    Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
http.c 36.2 KB