When falling back to non-xmlpost, revert to original URL

If the XML POST attempt ended up being redirected, we don't want to stay
at that location when we fall back to the old method. We want to start
again from scratch.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

diff --git a/http.c b/http.c
index 1437b8976adfcaf4397634e84b27e184c4de6026..292970ac537a6d3996352f4440e447281ae77445 100644 (file)
--- a/http.c
+++ b/http.c
@@ -967,6 +967,8 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo)
        char request_body[2048];
        const char *request_body_type = "application/x-www-form-urlencoded";
        const char *method = "POST";
+       char *orig_host = NULL, *orig_path = NULL;
+       int orig_port = 0;
        int xmlpost = 1;
 
        /* Step 1: Unlock software token (if applicable) */
@@ -992,6 +994,10 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo)
        if (result < 0)
                return result;
 
+       orig_host = strdup(vpninfo->hostname);
+       orig_path = vpninfo->urlpath ? strdup(vpninfo->urlpath) : NULL;
+       orig_port = vpninfo->port;
+
        for (tries = 0; ; tries++) {
                if (tries == 3) {
                fail:
@@ -1002,6 +1008,14 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo)
                                request_body_type = NULL;
                                request_body[0] = 0;
                                method = "GET";
+                               if (orig_host) {
+                                       openconnect_set_hostname(vpninfo, orig_host);
+                                       orig_host = NULL;
+                                       free(vpninfo->urlpath);
+                                       vpninfo->urlpath = orig_path;
+                                       orig_path = NULL;
+                                       vpninfo->port = orig_port;
+                               }
                                openconnect_close_https(vpninfo, 0);
                        } else {
                                return -EIO;
@@ -1034,6 +1048,9 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo)
        if (xmlpost)
                vpn_progress(vpninfo, PRG_INFO, _("XML POST enabled\n"));
 
+       free (orig_host);
+       free (orig_path);
+
        /* Step 4: Run the CSD trojan, if applicable */
        if (vpninfo->csd_starturl && vpninfo->csd_waiturl) {
                char *form_path = NULL;

diff --git a/www/changelog.xml b/www/changelog.xml
index ec848da90c0f717ae83e3a8b77153d3b9526ec49..4f4ad2eb5260f5e6fa824e9b5bb43eb48881ef4b 100644 (file)
--- a/www/changelog.xml
+++ b/www/changelog.xml
@@ -17,6 +17,7 @@
 <ul>
    <li><b>OpenConnect HEAD</b>
      <ul>
+       <li>Use original URL when falling back to non-XML POST mode.</li>
        <li>Add <tt>--no-xmlpost</tt> option to revert to older, compatible behaviour.</li>
        <li>Close connection before falling back to non-xmlpost mode <a href="https://bugzilla.redhat.com/show_bug.cgi?id=964650"><i>(RH#964650)</i></a>.</li>
        <li>Improve error handling when server closes connection <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708928"><i>(Debian #708928)</i></a>.</li>