From 3e77943692b511719d9217d2ecc43588b7c6c08b Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 23 Apr 2021 10:40:44 +0100 Subject: [PATCH] Ignore errors fetching NC landing page if auth was successful Signed-off-by: David Woodhouse --- auth-juniper.c | 11 ++++++++--- www/changelog.xml | 1 + 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/auth-juniper.c b/auth-juniper.c index 8f30a3ba..d3eb1ff6 100644 --- a/auth-juniper.c +++ b/auth-juniper.c @@ -467,15 +467,20 @@ int oncp_obtain_cookie(struct openconnect_info *vpninfo) ret = do_https_request(vpninfo, "GET", NULL, NULL, &form_buf, 2); - if (ret < 0) - break; - + /* After login, the server will redirect the "browser" to a landing page. + * https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784 + * turned some of those landing pages into a 403 but we don't *care* + * about that as long as we have the cookie we wanted. So check for + * cookie success *before* checking 'ret'. */ if (!check_cookie_success(vpninfo)) { free(form_buf); ret = 0; break; } + if (ret < 0) + break; + url = internal_get_url(vpninfo); if (!url) { free(form_buf); diff --git a/www/changelog.xml b/www/changelog.xml index cde6422d..e66719ef 100644 --- a/www/changelog.xml +++ b/www/changelog.xml @@ -38,6 +38,7 @@
  • Add support for Wintun Layer 3 TUN driver under Windows.
  • Fix output redirection under Windows (#229)
  • More gracefully handle Pulse/NC idle timeouts and other Pulse fatal errors (!187)
  • +
  • Ignore failures to fetch the NC landing page if the authentication was successful.

  • OpenConnect v8.10 -- 2.50.1