From 7224312999fb5601d4c7e76ea9afe7eb6b2ca761 Mon Sep 17 00:00:00 2001 From: Daniel Lenski Date: Mon, 8 Oct 2018 11:03:45 -0700 Subject: [PATCH] Fix GlobalProtect authgroup handling When connecting to a GlobalProtect server via the portal interface, then `vpninfo->authgroup` needs to be set to the URL of one of the allowed gateways. The problem here is that if the user actually wanted to select the _first_ gateway in the dropdown list, it was already pre-selected, and thus clicking "continue"/"login" on the form wouldn't trigger `OC_FORM_RESULT_NEWGROUP`. This would prevent `vpninfo->authgroup` from getting set correctly, and the gateway redirect would be skipped entirely. Thus it was effectively impossible to select the first option in the gateway dropdown. Signed-off-by: Daniel Lenski --- auth-globalprotect.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/auth-globalprotect.c b/auth-globalprotect.c index a745c062..f4c45742 100644 --- a/auth-globalprotect.c +++ b/auth-globalprotect.c @@ -401,6 +401,8 @@ static int parse_portal_xml(struct openconnect_info *vpninfo, xmlNode *xml_node, choice->label, choice->name); } } + if (!vpninfo->authgroup && opt->nr_choices) + vpninfo->authgroup = strdup(opt->choices[0]->name); if (vpninfo->write_new_config) { buf_append(buf, " \n\n"); @@ -412,7 +414,7 @@ static int parse_portal_xml(struct openconnect_info *vpninfo, xmlNode *xml_node, /* process auth form to select gateway */ result = process_auth_form(vpninfo, form); - if (result != OC_FORM_RESULT_NEWGROUP) + if (result == OC_FORM_RESULT_CANCELLED || result < 0) goto out; /* redirect to the gateway (no-op if it's the same host) */