From: Jan-Michael Brummer Date: Wed, 6 Aug 2025 05:26:46 +0000 (+0200) Subject: Support js redirects from Fortinet 7.4.x X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=e16d82d65004887239d58d5e498fda1ecebafacb;p=users%2Fdwmw2%2Fopenconnect.git Support js redirects from Fortinet 7.4.x Signed-off-by: Jan-Michael Brummer --- diff --git a/fortinet.c b/fortinet.c index 20fc68ee..22b5982a 100644 --- a/fortinet.c +++ b/fortinet.c @@ -102,6 +102,7 @@ int fortinet_obtain_cookie(struct openconnect_info *vpninfo) struct oc_auth_form *form = NULL; struct oc_form_opt *opt, *opt2; char *resp_buf = NULL, *realm = NULL, *tokeninfo_fields = NULL, *ti; + char *js_top_location = NULL; req_buf = buf_alloc(); if (buf_error(req_buf)) { @@ -109,10 +110,35 @@ int fortinet_obtain_cookie(struct openconnect_info *vpninfo) goto out; } +again: ret = do_https_request(vpninfo, "GET", NULL, NULL, &resp_buf, NULL, HTTP_REDIRECT); if (ret < 0) goto out; + /* Starting with FortiOS 7.4 server returns a javascript redirect request, so let's + * check it here and set it manually: + * + * + */ + js_top_location = strstr(resp_buf, "top.location=\""); + if (js_top_location) { + int top_location_str_len = strlen("top.location=\""); + char *js_top_location_end = strchrnul(js_top_location + top_location_str_len, '"'); + char *location = strndup(js_top_location + top_location_str_len, js_top_location_end - js_top_location - top_location_str_len); + + /* Skip leading / if necessary */ + if (location && location[0] == '/') { + vpninfo->urlpath = strdup(location + 1); + free(location); + } else { + vpninfo->urlpath = location; + } + + goto again; + } + /* XX: Fortinet's initial 'GET /' normally redirects to /remote/login. * If a valid, non-default "realm" is specified (~= usergroup or authgroup), * it will appear as a query parameter of the resulting URL, and we need to