On Wed, 2010-02-17 at 17:32 +0000, Eric Wettstein wrote: > I've just started with openconnect this morning. (I'm trying to avoid > installing anything from Cisco!) > I'm running Ubuntu-karmic 64 bit machine and version 2.21 of > openconnect I compiled myself to get past a redirect error. I started > with the karmic distribution version. > Unfortunately, I've come to another stop -- Cannot handle form > method='post', action='webvpn.html'. > ---- verbose output --- IP changed to protect the innocentopenconnect > --script=/etc/vpnc/vpnc-script --usergroup=FFP --verbose IPAttempting > to connect to IP:443SSL negotiation with IPConnected to HTTPS on IPGET > https://IP/FFPGot HTTP response: HTTP/1.1 303 See OtherContent-Type: > text/htmlContent-Length: 0Location: > https://IP:443/webvpn.htmlSet-Cookie: webvpncontext=00 at FFP; > path=/Connection: Keep-AliveHTTP body length: (0)GET > https://IP/webvpn.htmlGot HTTP response: HTTP/1.1 200 OKCache-Control: > max-age=0Content-Type: text/htmlSet-Cookie: webvpn=; expires=Thu, 01 > Jan 1970 22:00:00 GMT; path=/Set-Cookie: webvpncontext=00 at FFP; > path=/X-Transcend-Version: 1Content-Length: 473Connection: closeHTTP > body length: (473)Cannot handle form method='post', > action='webvpn.html'Failed to obtain WebVPN cookie > -- version verificationopenconnect --versionOpenConnect version v2.21 > Is this a problem in my build? Is there a setting in the Cisco side > that would make this a get request? Please don't post HTML! It looks like your form uses a relative URL for the target, which we don't support yet. Can you try this? diff --git a/auth.c b/auth.c index 21095f5..93e175f 100644 --- a/auth.c +++ b/auth.c @@ -359,7 +359,7 @@ int parse_xml_response(struct openconnect_info *vpninfo, char *response, form->method = (char *)xmlGetProp(xml_node, (unsigned char *)"method"); form->action = (char *)xmlGetProp(xml_node, (unsigned char *)"action"); if (!form->method || !form->action || - strcasecmp(form->method, "POST") || form->action[0] != '/') { + strcasecmp(form->method, "POST") || !form->action[0]) { vpninfo->progress(vpninfo, PRG_ERR, "Cannot handle form method='%s', action='%s'\n", form->method, form->action); diff --git a/http.c b/http.c index d653aff..ea687cc 100644 --- a/http.c +++ b/http.c @@ -651,9 +651,28 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo) vpninfo->redirect_url = NULL; goto retry; } else { - vpninfo->progress(vpninfo, PRG_ERR, "Relative redirect (to '%s') not supported\n", - vpninfo->redirect_url); - return -EINVAL; + char *lastslash = strrchr(vpninfo->urlpath, '/'); + if (!lastslash) { + free(vpninfo->urlpath); + vpninfo->urlpath = vpninfo->redirect_url; + vpninfo->redirect_url = NULL; + } else { + char *oldurl = vpninfo->urlpath; + *lastslash = 0; + vpninfo->urlpath = NULL; + if (asprintf(&vpninfo->urlpath, "%s/%s", + oldurl, vpninfo->redirect_url) == -1) { + int err = -errno; + vpninfo->progress(vpninfo, PRG_ERR, + "Allocating new path for relative redirect failed: %s\n", + strerror(-err)); + return err; + } + free(oldurl); + free(vpninfo->redirect_url); + vpninfo->redirect_url = NULL; + } + goto retry; } } -- David Woodhouse Open Source Technology Centre David.Woodhouse at intel.com Intel Corporation
