[PATCH 3/4] http: Fix redirect handling in auth form loop

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The gateway may ask the user to fill out different forms that live at
different URLs, e.g.

    GET /+webvpn+/index.html
    (returns <form method="post" action="/+webvpn+/index.html"> and
     username/password form elements)
    POST /+webvpn+/index.html
    (returns <form method="post" action="/+webvpn+/login/challenge.html">
     and challenge/response form elements)
    POST /+webvpn+/login/challenge.html
    (returns <auth> node with valid cookie)

The refactored openconnect_obtain_cookie() loop tried to post the
challenge/response data to index.html, preventing successful login.  This
patch changes the logic so that it will honor the new "action" attribute
if present.

This probably does not affect XML POST mode, because XML POST <form> tags
do not seem to use attributes.

Reported-by: Fabian J?ger <fabian.jaeger at chungwasoft.com>
Signed-off-by: Kevin Cernekee <cernekee at gmail.com>
---
 http.c |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/http.c b/http.c
index bcc4e98..d6a3636 100644
--- a/http.c
+++ b/http.c
@@ -1072,6 +1072,10 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo)
 		result = parse_xml_response(vpninfo, form_buf, &form);
 		if (result < 0)
 			goto out;
+		if (form->action) {
+			vpninfo->redirect_url = strdup(form->action);
+			handle_redirect(vpninfo);
+		}
 	}
 
 	/* A return value of 2 means the XML form indicated
-- 
1.7.10.4




[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux