Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
http: Fix redirect handling in auth form loop
The gateway may ask the user to fill out different forms that live at
different URLs, e.g.

    GET /+webvpn+/index.html
    (returns <form method="post" action="/+webvpn+/index.html"> and
     username/password form elements)
    POST /+webvpn+/index.html
    (returns <form method="post" action="/+webvpn+/login/challenge.html">
     and challenge/response form elements)
    POST /+webvpn+/login/challenge.html
    (returns <auth> node with valid cookie)

The refactored openconnect_obtain_cookie() loop tried to post the
challenge/response data to index.html, preventing successful login.  This
patch changes the logic so that it will honor the new "action" attribute
if present.

This probably does not affect XML POST mode, because XML POST <form> tags
do not seem to use attributes.

Reported-by: Fabian Jäger <fabian.jaeger@chungwasoft.com>
Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
cernekee authored and David Woodhouse committed Feb 17, 2013
1 parent e8a0cec commit 8e1fda4
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions http.c
Expand Up @@ -1072,6 +1072,10 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo)
result = parse_xml_response(vpninfo, form_buf, &form);
if (result < 0)
goto out;
if (form->action) {
vpninfo->redirect_url = strdup(form->action);
handle_redirect(vpninfo);
}
}

/* A return value of 2 means the XML form indicated
Expand Down

0 comments on commit 8e1fda4

Please sign in to comment.