Merge branch 'small_PPP_fixes' into 'master'

small PPP fixes See merge request openconnect/openconnect!216
sailfishos-mirror · Jun 29, 2021 · 5f1c470 · 5f1c470
2 parents ac917fd + 5cb9914
commit 5f1c470
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 13 deletions.
diff --git a/fortinet.c b/fortinet.c
@@ -665,6 +665,7 @@ int fortinet_connect(struct openconnect_info *vpninfo)
 	 *
 	 * Don't blame me. I didn't design this.
 	 */
+	vpninfo->ppp->check_http_response = 1;
 
 	/* Trigger the first PPP negotiations and ensure the PPP state
 	 * is PPPS_ESTABLISH so that ppp_tcp_mainloop() knows we've started. */

diff --git a/ppp.c b/ppp.c
@@ -258,27 +258,20 @@ int ppp_reset(struct openconnect_info *vpninfo)
 	ppp->ppp_state = PPPS_DEAD;
 	ppp->out_asyncmap = 0;
 	ppp->out_lcp_opts = BIT_MRU | BIT_MAGIC | BIT_PFCOMP | BIT_ACCOMP | BIT_MRU_COAX;
+	ppp->check_http_response = 0;
 
 	switch (ppp->encap) {
 	case PPP_ENCAP_F5:
-		/* XX: F5 server cancels our IP address allocation if we PPP-terminate */
-		ppp->no_terminate_on_pause = 1;
 		ppp->encap_len = 4;
 		break;
 
 	case PPP_ENCAP_FORTINET:
 		/* XX: Fortinet server rejects asyncmap and header compression. Don't blame me. */
-		ppp->no_terminate_on_pause = 1;
 		ppp->out_lcp_opts &= ~(BIT_PFCOMP | BIT_ACCOMP);
 		ppp->encap_len = 6;
-		ppp->check_http_response = 1;
 		break;
 
 	case PPP_ENCAP_F5_HDLC:
-		/* XX: F5 server cancels our IP address allocation if we PPP-terminate */
-		ppp->no_terminate_on_pause = 1;
-		/* fall through */
-
 	case PPP_ENCAP_RFC1662_HDLC:
 		ppp->encap_len = 0;
 		ppp->hdlc = 1;
@@ -974,11 +967,11 @@ static int handle_state_transition(struct openconnect_info *vpninfo, int dtls,
 		/* XX: When we pause and reconnect, we expect the auth cookie/session (external to the
 		 * PPP layer) to remain valid, and to negotiate the same IP addresses on reconnection.
 		 *
-		 * However, some servers cancel our session or cancel our IP address allocation if we
+		 * However, most servers cancel our session or cancel our IP address allocation if we
 		 * TERMINATE at the PPP layer, so we shouldn't do it when pausing.
 		 */
 		if (vpninfo->got_cancel_cmd ||
-		    (vpninfo->got_pause_cmd && !ppp->no_terminate_on_pause))
+		    (vpninfo->got_pause_cmd && ppp->terminate_on_pause))
 			ppp->ppp_state = PPPS_TERMINATE;
 		else
 			break;

diff --git a/ppp.h b/ppp.h
@@ -106,7 +106,7 @@ struct oc_ppp {
 	int want_ipv4;
 	int want_ipv6;
 	int check_http_response;
-	int no_terminate_on_pause;
+	int terminate_on_pause;
 
 	int ppp_state;
 	struct oc_ncp lcp;

diff --git a/tests/fortinet-auth-and-config b/tests/fortinet-auth-and-config
@@ -51,7 +51,7 @@ echo -n "Authenticating with username/password/token and DEFAULT path... "
 ( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --protocol=fortinet -q $ADDRESS:443/?want_2fa=1 -u test --token-mode=totp --token-secret=FAKE $FINGERPRINT --cookieonly >/dev/null 2>&1) ||
     fail $PID "Could not receive cookie from fake Fortinet server"
 
-ok
+echo ok
 
 echo -n "Authenticating with username/password/(2 round of token) and DEFAULT path... "
 ( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --protocol=fortinet -q $ADDRESS:443/?want_2fa=2 -u test --token-mode=totp --token-secret=FAKE $FINGERPRINT --cookieonly >/dev/null 2>&1) ||
@@ -60,7 +60,7 @@ echo -n "Authenticating with username/password/(2 round of token) and DEFAULT pa
 echo ok
 
 echo -n "Authenticating with username/password/token and NON-DEFAULT path... "
-( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --protocol=fortinet -q $ADDRESS:443/fake+Realm?want_2fa=1 -u test --token-mode=totp --token-secret=FAKE $FINGERPRINT --pfs --cookieonly --dump) ||
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT --protocol=fortinet -q $ADDRESS:443/fake+Realm?want_2fa=1 -u test --token-mode=totp --token-secret=FAKE $FINGERPRINT --pfs --cookieonly >/dev/null 2>&1) ||
     fail $PID "Could not receive cookie from fake Fortinet server"
 
 echo ok