]> www.infradead.org Git - users/dwmw2/openconnect.git/commitdiff
Fortinet: don't keep retrying if cookie is invalid on reconnect
authorDaniel Lenski <dlenski@gmail.com>
Wed, 14 Apr 2021 19:40:37 +0000 (12:40 -0700)
committerDavid Woodhouse <dwmw2@infradead.org>
Wed, 21 Apr 2021 15:23:42 +0000 (16:23 +0100)
The fortinet_configure() requests return 302 redirects to '/remote/login'
if the auth session/cookie is no longer valid. We should detect this and
return -EPERM rather than -EINVAL, so that ssl_reconnect() doesn't keep
trying to reconnect.

NB: Detecting this redirect is perhaps a bit harder than it should be,
because do_https_request() returns 0, rather than the real HTTP status
code (e.g.  302), in the case of an successful-but-unfetched redirect.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
fortinet.c

index e6ad038ac2e0d8d2a846814751cc67d9f009fd44..f9958c5755ad81fc31f4818072fa5bfe02103dc1 100644 (file)
@@ -451,6 +451,17 @@ static int fortinet_configure(struct openconnect_info *vpninfo)
        ret = do_https_request(vpninfo, "GET", NULL, NULL, &res_buf, 0);
        if (ret < 0)
                goto out;
+       else if (ret == 0) {
+               /* This is normally a redirect to /remote/login, which
+                * indicates that the auth session/cookie is no longer valid.
+                *
+                * XX: See do_https_request() for why ret==0 can only happen
+                * if there was a successful-but-unfetched redirect.
+                */
+       invalid_cookie:
+               ret = -EPERM;
+               goto out;
+       }
        /* We don't care what it returned as long as it was successful */
        free(res_buf);
        res_buf = NULL;
@@ -464,7 +475,8 @@ static int fortinet_configure(struct openconnect_info *vpninfo)
                        vpn_progress(vpninfo, PRG_ERR,
                                     _("Server doesn't support XML config format. Ancient HTML format is not currently implemented.\n"));
                goto out;
-       }
+       } else if (ret == 0)
+               goto invalid_cookie;
 
        ret = parse_fortinet_xml_config(vpninfo, res_buf, ret, &ipv4, &ipv6);
        if (ret)