From: David Woodhouse Date: Fri, 23 Apr 2021 09:40:44 +0000 (+0100) Subject: Ignore errors fetching NC landing page if auth was successful X-Git-Tag: v8.20~260 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=3e77943692b511719d9217d2ecc43588b7c6c08b;p=users%2Fdwmw2%2Fopenconnect.git Ignore errors fetching NC landing page if auth was successful Signed-off-by: David Woodhouse --- diff --git a/auth-juniper.c b/auth-juniper.c index 8f30a3ba..d3eb1ff6 100644 --- a/auth-juniper.c +++ b/auth-juniper.c @@ -467,15 +467,20 @@ int oncp_obtain_cookie(struct openconnect_info *vpninfo) ret = do_https_request(vpninfo, "GET", NULL, NULL, &form_buf, 2); - if (ret < 0) - break; - + /* After login, the server will redirect the "browser" to a landing page. + * https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784 + * turned some of those landing pages into a 403 but we don't *care* + * about that as long as we have the cookie we wanted. So check for + * cookie success *before* checking 'ret'. */ if (!check_cookie_success(vpninfo)) { free(form_buf); ret = 0; break; } + if (ret < 0) + break; + url = internal_get_url(vpninfo); if (!url) { free(form_buf); diff --git a/www/changelog.xml b/www/changelog.xml index cde6422d..e66719ef 100644 --- a/www/changelog.xml +++ b/www/changelog.xml @@ -38,6 +38,7 @@
  • Add support for Wintun Layer 3 TUN driver under Windows.
  • Fix output redirection under Windows (#229)
  • More gracefully handle Pulse/NC idle timeouts and other Pulse fatal errors (!187)
    • +
  • Ignore failures to fetch the NC landing page if the authentication was successful.

  • OpenConnect v8.10