auth-juniper.c: ignore non-empty lines from TNCC after DSPREAUTH cookie

This skips over a seemingly harmless DSPREAUTH failure:

   Unexpected non-empty line from TNCC after DSPREAUTH cookie: '0'
   Failed to read response from TNCC
   Failed to obtain WebVPN cookie

After the unexpected '0', TNCC sends an empty line response and the
authentication sequence can proceed normally. In case other TNCC
variants send more chatter, the function ignores and logs up to 10
non-empty lines before giving up.

Signed-off-by: Marc St-Amand <pedalling.philosopher@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

diff --git a/auth-juniper.c b/auth-juniper.c
index a48df88adcda9dd76c5de708c6716675acc0b0da..70026768e89fd11a0a691059294918c0a074e437 100644 (file)
--- a/auth-juniper.c
+++ b/auth-juniper.c
@@ -346,7 +346,7 @@ static int tncc_preauth(struct openconnect_info *vpninfo)
        struct oc_vpn_option *cookie;
        const char *dspreauth = NULL, *dssignin = "null";
        char recvbuf[1024];
-       int len;
+       int len, count;
 
        for (cookie = vpninfo->cookies; cookie; cookie = cookie->next) {
                if (!strcmp(cookie->option, "DSPREAUTH"))
@@ -463,13 +463,23 @@ static int tncc_preauth(struct openconnect_info *vpninfo)
        http_add_cookie(vpninfo, "DSPREAUTH", recvbuf, 1);
        vpninfo->tncc_fd = sockfd[1];
 
-       len = cancellable_gets(vpninfo, sockfd[1], recvbuf, sizeof(recvbuf));
-       if (len < 0)
-               goto respfail;
+       count = 0;
+       do {
+               len = cancellable_gets(vpninfo, sockfd[1], recvbuf,
+                                      sizeof(recvbuf));
+               if (len < 0)
+                       goto respfail;
+               if (len > 0)
+                       vpn_progress(vpninfo, PRG_DEBUG,
+                                    _("Unexpected non-empty line from TNCC "
+                                      "after DSPREAUTH cookie: '%s'\n"),
+                                    recvbuf);
+       } while (len && (count++ < 10));
+
        if (len > 0) {
                vpn_progress(vpninfo, PRG_ERR,
-                            _("Unexpected non-empty line from TNCC after DSPREAUTH cookie: '%s'\n"),
-                            recvbuf);
+                            _("Too many non-empty lines from TNCC after "
+                              "DSPREAUTH cookie\n"));
                goto respfail;
        }