Drop X-Aggregate-Auth: header in fallback mode

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
sailfishos-mirror · May 30, 2013 · 80be3a6 · 80be3a6
1 parent 9241955
commit 80be3a6
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 12 deletions.
diff --git a/http.c b/http.c
@@ -447,8 +447,11 @@ static void add_common_headers(struct openconnect_info *vpninfo, struct oc_text_
 				      opt->value, opt->next ? "; " : "\r\n");
 	}
 	buf_append(buf, "X-Transcend-Version: 1\r\n");
-	buf_append(buf, "X-Aggregate-Auth: 1\r\n");
-	buf_append(buf, "X-AnyConnect-Platform: %s\r\n", vpninfo->platname);
+	if (vpninfo->xmlpost) {
+		buf_append(buf, "X-Aggregate-Auth: 1\r\n");
+		buf_append(buf, "X-AnyConnect-Platform: %s\r\n",
+			   vpninfo->platname);
+	}
 }
 
 static int fetch_config(struct openconnect_info *vpninfo, char *fu, char *bu,
@@ -1000,7 +1003,6 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo)
 	const char *method = "POST";
 	char *orig_host = NULL, *orig_path = NULL;
 	int orig_port = 0;
-	int xmlpost = 1;
 
 	/* Step 1: Unlock software token (if applicable) */
 	if (vpninfo->token_mode == OC_TOKEN_MODE_STOKEN) {
@@ -1009,7 +1011,7 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo)
 			return result;
 	}
 
-	if (vpninfo->noxmlpost)
+	if (!vpninfo->xmlpost)
 		goto fail;
 
 	/*
@@ -1032,10 +1034,10 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo)
 	for (tries = 0; ; tries++) {
 		if (tries == 3) {
 		fail:
-			if (xmlpost) {
+			if (vpninfo->xmlpost) {
 				/* Try without XML POST this time... */
 				tries = 0;
-				xmlpost = 0;
+				vpninfo->xmlpost = 0;
 				request_body_type = NULL;
 				request_body[0] = 0;
 				method = "GET";
@@ -1061,7 +1063,8 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo)
 			return buflen;
 
 		/* XML POST does not allow local redirects, but GET does. */
-		if (xmlpost && vpninfo->redirect_type == REDIR_TYPE_LOCAL)
+		if (vpninfo->xmlpost &&
+		    vpninfo->redirect_type == REDIR_TYPE_LOCAL)
 			goto fail;
 		else if (vpninfo->redirect_type != REDIR_TYPE_NONE)
 			continue;
@@ -1076,7 +1079,7 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo)
 		}
 		break;
 	}
-	if (xmlpost)
+	if (vpninfo->xmlpost)
 		vpn_progress(vpninfo, PRG_INFO, _("XML POST enabled\n"));
 
 	free (orig_host);
@@ -1135,7 +1138,8 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo)
 		free(vpninfo->urlpath);
 		vpninfo->urlpath = form_path;
 
-		result = do_https_request(vpninfo, xmlpost ? "POST" : "GET",
+		result = do_https_request(vpninfo,
+					  vpninfo->xmlpost ? "POST" : "GET",
 					  request_body_type, request_body, &form_buf, 1);
 		if (result < 0)
 			goto out;
@@ -1149,7 +1153,7 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo)
 	while (1) {
 		request_body[0] = 0;
 		result = handle_auth_form(vpninfo, form, request_body, sizeof(request_body),
-					  &method, &request_body_type, xmlpost);
+					  &method, &request_body_type, vpninfo->xmlpost);
 		if (result < 0 || result == 1)
 			goto out;
 		if (result == 2)

diff --git a/library.c b/library.c
@@ -57,6 +57,7 @@ struct openconnect_info *openconnect_vpninfo_new(char *useragent,
 	vpninfo->progress = progress;
 	vpninfo->cbdata = privdata ? : vpninfo;
 	vpninfo->cancel_fd = -1;
+	vpninfo->xmlpost = 1;
 	openconnect_set_reported_os(vpninfo, NULL);
 
 #ifdef ENABLE_NLS

diff --git a/main.c b/main.c
@@ -508,6 +508,7 @@ int main(int argc, char **argv)
 	vpninfo->cert_expire_warning = 60 * 86400;
 	vpninfo->vpnc_script = DEFAULT_VPNCSCRIPT;
 	vpninfo->cancel_fd = -1;
+	vpninfo->xmlpost = 1;
 
 	if (!uname(&utsbuf))
 		vpninfo->localname = utsbuf.nodename;
@@ -568,7 +569,7 @@ int main(int argc, char **argv)
 			vpninfo->nopasswd = 1;
 			break;
 		case OPT_NO_XMLPOST:
-			vpninfo->noxmlpost = 1;
+			vpninfo->xmlpost = 0;
 			break;
 		case OPT_NON_INTER:
 			non_inter = 1;

diff --git a/openconnect-internal.h b/openconnect-internal.h
@@ -175,7 +175,7 @@ struct openconnect_info {
 	char *password;
 	char *authgroup;
 	int nopasswd;
-	int noxmlpost;
+	int xmlpost;
 	char *dtls_ciphers;
 	uid_t uid_csd;
 	char *csd_wrapper;

diff --git a/www/changelog.xml b/www/changelog.xml
@@ -17,6 +17,7 @@
 <ul>
    <li><b>OpenConnect HEAD</b>
      <ul>
+       <li>Don't include <tt>X-Aggregate-Auth:</tt> header in fallback mode.</li>
        <li>Enable AES256 mode for DTLS with GnuTLS <a href="https://bugzilla.redhat.com/show_bug.cgi?id=955710"><i>(RH#955710)</i></a>.</li>
        <li>Add <tt>--dump-http-traffic</tt> option for debugging.</li>
        <li>Be more permissive in parsing XML forms.</li>