On Fri, 2018-10-05 at 13:45 +0100, David Woodhouse wrote: > On Thu, 2018-10-04 at 14:50 -0400, Ray Lambert wrote: > > On 10/4/18 11:23 AM, David Woodhouse wrote: > > > Ah, I suspect the issue here is that the "form" at the end isn't > > > actually asking for anything. So we fail to parse it (or at least fail > > > to send any kind of response). > > > > > > We should send back the hostscan token even if there's no username or > > > password or anything else. > > > > David, > > > > Is the <authentication-complete> tag the key to this, by any chance? I'm > > just guessing (I don't know the protocol) but I don't see it being handled > > in > > the code. > > > > I tried adding some code to handle it but I'm not really sure what to do > > with > > it; my first attempt failed (i.e. exiting handle_auth_form() with > > OC_FORM_RESULT_OK if the tag has been seen). > > Yeah, that won't work because it won't post anything back. Try > something like this...
Or this slightly (but only slightly) nicer variant:
diff --git a/auth.c b/auth.c
index 799a031..fe26316 100644
--- a/auth.c
+++ b/auth.c
@@ -417,6 +417,12 @@ static int parse_auth_node(struct openconnect_info
*vpninfo, xmlNode *xml_node,
} else if (!vpninfo->csd_scriptname &&
xmlnode_is_named(xml_node, "csd")) {
xmlnode_get_prop(xml_node, "token",
&vpninfo->csd_token);
xmlnode_get_prop(xml_node, "ticket",
&vpninfo->csd_ticket);
+ } else if (xmlnode_is_named(xml_node,
"authentication-complete")) {
+ /* Ick. Since struct oc_auth_form is public there's no
+ * simple way to add a flag to it. So let's abuse the
+ * auth_id string instead. */
+ free(form->auth_id);
+ form->auth_id =
strdup("openconnect_authentication_complete");
}
/* For Windows, vpninfo->csd_xmltag will be "csd" and there are
*two* <csd>
nodes; one with token/ticket and one with the URLs. Process
them both
@@ -648,6 +654,8 @@ static int handle_auth_form(struct openconnect_info
*vpninfo, struct oc_auth_for
vpn_progress(vpninfo, PRG_INFO, "%s\n", form->message);
if (form->error)
vpn_progress(vpninfo, PRG_ERR, "%s\n", form->error);
+ if (!strcmp(form->auth_id,
"openconnect_authentication_complete"))
+ goto justpost;
return -EPERM;
}
@@ -662,7 +670,7 @@ static int handle_auth_form(struct openconnect_info
*vpninfo, struct oc_auth_for
vpninfo->token_bypassed = 1;
return ret;
}
-
+ justpost:
ret = vpninfo->xmlpost ?
xmlpost_append_form_opts(vpninfo, form, request_body) :
append_form_opts(vpninfo, form, request_body);
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
