Implicitly enable basic auth for SOCKS if creds are provided.

Forcing the user to add --proxy-auth=basic on the command line as well as
providing the creds in the proxy URL is horrid. It took me a long time to
work out why it wasn't working.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

diff --git a/http.c b/http.c
index b58713600f67fb836e88b10831bcf834c16252cf..36995e128e934625b8ae5279cb1cf87034a02666 100644 (file)
--- a/http.c
+++ b/http.c
@@ -1119,7 +1119,14 @@ static int process_socks_proxy(struct openconnect_info *vpninfo)
            !vpninfo->proxy_user && !vpninfo->proxy_pass)
                buf[2 + nr_auth_methods++] = SOCKS_AUTH_GSSAPI;
 #endif
-       if (vpninfo->proxy_auth[AUTH_TYPE_BASIC].state > AUTH_FAILED &&
+       /*
+        * Basic auth is disabled by default. But for SOCKS, if the user has
+        * actually provided a password then that should implicitly allow
+        * basic auth since that's all that SOCKS can do. We shouldn't force
+        * the user to also add --proxy-auth=basic on the command line.
+        */
+       if ((vpninfo->proxy_auth[AUTH_TYPE_BASIC].state > AUTH_FAILED ||
+            vpninfo->proxy_auth[AUTH_TYPE_BASIC].state == AUTH_DEFAULT_DISABLED) &&
            vpninfo->proxy_user && vpninfo->proxy_pass)
                buf[2 + nr_auth_methods++] = SOCKS_AUTH_PASSWORD;