diff --git a/http.c b/http.c index 7921a027..8bf27135 100644 --- a/http.c +++ b/http.c @@ -447,8 +447,11 @@ static void add_common_headers(struct openconnect_info *vpninfo, struct oc_text_ opt->value, opt->next ? "; " : "\r\n"); } buf_append(buf, "X-Transcend-Version: 1\r\n"); - buf_append(buf, "X-Aggregate-Auth: 1\r\n"); - buf_append(buf, "X-AnyConnect-Platform: %s\r\n", vpninfo->platname); + if (vpninfo->xmlpost) { + buf_append(buf, "X-Aggregate-Auth: 1\r\n"); + buf_append(buf, "X-AnyConnect-Platform: %s\r\n", + vpninfo->platname); + } } static int fetch_config(struct openconnect_info *vpninfo, char *fu, char *bu, @@ -1000,7 +1003,6 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo) const char *method = "POST"; char *orig_host = NULL, *orig_path = NULL; int orig_port = 0; - int xmlpost = 1; /* Step 1: Unlock software token (if applicable) */ if (vpninfo->token_mode == OC_TOKEN_MODE_STOKEN) { @@ -1009,7 +1011,7 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo) return result; } - if (vpninfo->noxmlpost) + if (!vpninfo->xmlpost) goto fail; /* @@ -1032,10 +1034,10 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo) for (tries = 0; ; tries++) { if (tries == 3) { fail: - if (xmlpost) { + if (vpninfo->xmlpost) { /* Try without XML POST this time... */ tries = 0; - xmlpost = 0; + vpninfo->xmlpost = 0; request_body_type = NULL; request_body[0] = 0; method = "GET"; @@ -1061,7 +1063,8 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo) return buflen; /* XML POST does not allow local redirects, but GET does. */ - if (xmlpost && vpninfo->redirect_type == REDIR_TYPE_LOCAL) + if (vpninfo->xmlpost && + vpninfo->redirect_type == REDIR_TYPE_LOCAL) goto fail; else if (vpninfo->redirect_type != REDIR_TYPE_NONE) continue; @@ -1076,7 +1079,7 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo) } break; } - if (xmlpost) + if (vpninfo->xmlpost) vpn_progress(vpninfo, PRG_INFO, _("XML POST enabled\n")); free (orig_host); @@ -1135,7 +1138,8 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo) free(vpninfo->urlpath); vpninfo->urlpath = form_path; - result = do_https_request(vpninfo, xmlpost ? "POST" : "GET", + result = do_https_request(vpninfo, + vpninfo->xmlpost ? "POST" : "GET", request_body_type, request_body, &form_buf, 1); if (result < 0) goto out; @@ -1149,7 +1153,7 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo) while (1) { request_body[0] = 0; result = handle_auth_form(vpninfo, form, request_body, sizeof(request_body), - &method, &request_body_type, xmlpost); + &method, &request_body_type, vpninfo->xmlpost); if (result < 0 || result == 1) goto out; if (result == 2) diff --git a/library.c b/library.c index c6f7a40a..66bf89b0 100644 --- a/library.c +++ b/library.c @@ -57,6 +57,7 @@ struct openconnect_info *openconnect_vpninfo_new(char *useragent, vpninfo->progress = progress; vpninfo->cbdata = privdata ? : vpninfo; vpninfo->cancel_fd = -1; + vpninfo->xmlpost = 1; openconnect_set_reported_os(vpninfo, NULL); #ifdef ENABLE_NLS diff --git a/main.c b/main.c index 73313665..5ddd9b8d 100644 --- a/main.c +++ b/main.c @@ -508,6 +508,7 @@ int main(int argc, char **argv) vpninfo->cert_expire_warning = 60 * 86400; vpninfo->vpnc_script = DEFAULT_VPNCSCRIPT; vpninfo->cancel_fd = -1; + vpninfo->xmlpost = 1; if (!uname(&utsbuf)) vpninfo->localname = utsbuf.nodename; @@ -568,7 +569,7 @@ int main(int argc, char **argv) vpninfo->nopasswd = 1; break; case OPT_NO_XMLPOST: - vpninfo->noxmlpost = 1; + vpninfo->xmlpost = 0; break; case OPT_NON_INTER: non_inter = 1; diff --git a/openconnect-internal.h b/openconnect-internal.h index 138b8caa..16f4b6dd 100644 --- a/openconnect-internal.h +++ b/openconnect-internal.h @@ -175,7 +175,7 @@ struct openconnect_info { char *password; char *authgroup; int nopasswd; - int noxmlpost; + int xmlpost; char *dtls_ciphers; uid_t uid_csd; char *csd_wrapper; diff --git a/www/changelog.xml b/www/changelog.xml index dc28f065..8d6f7653 100644 --- a/www/changelog.xml +++ b/www/changelog.xml @@ -17,6 +17,7 @@