another GP error string that tells the client to stop trying to reconnect

As shown in https://gitlab.com/openconnect/openconnect/issues/78, the
message "Allow Automatic Restoration of SSL VPN is disabled" in a
GlobalProtect error response indicates that the server will not accept the
previously-valid auth cookie, so the client should give up retrying.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/gpst.c b/gpst.c
index 3d55dd2022543062bcb602926a8b14ba4ec54332..91b57cba394aed2398a6ed32eeec152cf4bc7357 100644 (file)
--- a/gpst.c
+++ b/gpst.c
@@ -297,8 +297,10 @@ out:
                    || !strcmp(err, "GlobalProtect portal does not exist")) {
                        vpn_progress(vpninfo, PRG_DEBUG, "%s\n", err);
                        result = -EEXIST;
-               } else if (!strcmp(err, "Invalid authentication cookie")
-                          || !strcmp(err, "Valid client certificate is required")) {
+               } else if (!strcmp(err, "Invalid authentication cookie")           /* equivalent to custom HTTP status 512 */
+                          || !strcmp(err, "Valid client certificate is required") /* equivalent to custom HTTP status 513 */
+                          || !strcmp(err, "Allow Automatic Restoration of SSL VPN is disabled")) {
+                       /* Any of these errors indicates that retrying won't help us reconnect (EPERM signals this to mainloop.) */
                        vpn_progress(vpninfo, PRG_ERR, "%s\n", err);
                        result = -EPERM;
                } else {