On Fri, 2018-10-05 at 13:45 +0100, David Woodhouse wrote:
> On Thu, 2018-10-04 at 14:50 -0400, Ray Lambert wrote:
> > On 10/4/18 11:23 AM, David Woodhouse wrote:
> > > Ah, I suspect the issue here is that the "form" at the end isn't
> > > actually asking for anything. So we fail to parse it (or at least fail
> > > to send any kind of response).
> > >
> > > We should send back the hostscan token even if there's no username or
> > > password or anything else.
> >
> > David,
> >
> > Is the <authentication-complete> tag the key to this, by any chance? I'm
> > just guessing (I don't know the protocol) but I don't see it being handled in
> > the code.
> >
> > I tried adding some code to handle it but I'm not really sure what to do with
> > it; my first attempt failed (i.e. exiting handle_auth_form() with
> > OC_FORM_RESULT_OK if the tag has been seen).
>
> Yeah, that won't work because it won't post anything back. Try
> something like this...
Or this slightly (but only slightly) nicer variant:
diff --git a/auth.c b/auth.c
index 799a031..fe26316 100644
--- a/auth.c
+++ b/auth.c
@@ -417,6 +417,12 @@ static int parse_auth_node(struct openconnect_info *vpninfo, xmlNode *xml_node,
} else if (!vpninfo->csd_scriptname && xmlnode_is_named(xml_node, "csd")) {
xmlnode_get_prop(xml_node, "token", &vpninfo->csd_token);
xmlnode_get_prop(xml_node, "ticket", &vpninfo->csd_ticket);
+ } else if (xmlnode_is_named(xml_node, "authentication-complete")) {
+ /* Ick. Since struct oc_auth_form is public there's no
+ * simple way to add a flag to it. So let's abuse the
+ * auth_id string instead. */
+ free(form->auth_id);
+ form->auth_id = strdup("openconnect_authentication_complete");
}
/* For Windows, vpninfo->csd_xmltag will be "csd" and there are *two* <csd>
nodes; one with token/ticket and one with the URLs. Process them both
@@ -648,6 +654,8 @@ static int handle_auth_form(struct openconnect_info *vpninfo, struct oc_auth_for
vpn_progress(vpninfo, PRG_INFO, "%s\n", form->message);
if (form->error)
vpn_progress(vpninfo, PRG_ERR, "%s\n", form->error);
+ if (!strcmp(form->auth_id, "openconnect_authentication_complete"))
+ goto justpost;
return -EPERM;
}
@@ -662,7 +670,7 @@ static int handle_auth_form(struct openconnect_info *vpninfo, struct oc_auth_for
vpninfo->token_bypassed = 1;
return ret;
}
-
+ justpost:
ret = vpninfo->xmlpost ?
xmlpost_append_form_opts(vpninfo, form, request_body) :
append_form_opts(vpninfo, form, request_body);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5213 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20181005/eb46b683/attachment.bin>
