On Thu, 2018-10-04 at 14:50 -0400, Ray Lambert wrote: > On 10/4/18 11:23 AM, David Woodhouse wrote: > > Ah, I suspect the issue here is that the "form" at the end isn't > > actually asking for anything. So we fail to parse it (or at least fail > > to send any kind of response). > > > > We should send back the hostscan token even if there's no username or > > password or anything else. > > David, > > Is the <authentication-complete> tag the key to this, by any chance? I'm > just guessing (I don't know the protocol) but I don't see it being handled in > the code. > > I tried adding some code to handle it but I'm not really sure what to do with > it; my first attempt failed (i.e. exiting handle_auth_form() with > OC_FORM_RESULT_OK if the tag has been seen). Yeah, that won't work because it won't post anything back. Try something like this... diff --git a/auth.c b/auth.c index 799a031..2c76b4d 100644 --- a/auth.c +++ b/auth.c @@ -648,6 +648,8 @@ static int handle_auth_form(struct openconnect_info *vpninfo, struct oc_auth_for vpn_progress(vpninfo, PRG_INFO, "%s\n", form->message); if (form->error) vpn_progress(vpninfo, PRG_ERR, "%s\n", form->error); + if (vpninfo->csd_token && vpninfo->csd_ticket) + goto justpost; return -EPERM; } @@ -662,7 +664,7 @@ static int handle_auth_form(struct openconnect_info *vpninfo, struct oc_auth_for vpninfo->token_bypassed = 1; return ret; } - + justpost: ret = vpninfo->xmlpost ? xmlpost_append_form_opts(vpninfo, form, request_body) : append_form_opts(vpninfo, form, request_body); -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5213 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20181005/326f015b/attachment.bin>
