From 9715b03aa0ead727ff8f069b90d9aad864555a8e Mon Sep 17 00:00:00 2001 From: Marc St-Amand Date: Tue, 5 Feb 2019 08:35:22 -0500 Subject: [PATCH] auth-juniper.c: ignore non-empty lines from TNCC after DSPREAUTH cookie This skips over a seemingly harmless DSPREAUTH failure: Unexpected non-empty line from TNCC after DSPREAUTH cookie: '0' Failed to read response from TNCC Failed to obtain WebVPN cookie After the unexpected '0', TNCC sends an empty line response and the authentication sequence can proceed normally. In case other TNCC variants send more chatter, the function ignores and logs up to 10 non-empty lines before giving up. Signed-off-by: Marc St-Amand Signed-off-by: David Woodhouse --- auth-juniper.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/auth-juniper.c b/auth-juniper.c index a48df88a..70026768 100644 --- a/auth-juniper.c +++ b/auth-juniper.c @@ -346,7 +346,7 @@ static int tncc_preauth(struct openconnect_info *vpninfo) struct oc_vpn_option *cookie; const char *dspreauth = NULL, *dssignin = "null"; char recvbuf[1024]; - int len; + int len, count; for (cookie = vpninfo->cookies; cookie; cookie = cookie->next) { if (!strcmp(cookie->option, "DSPREAUTH")) @@ -463,13 +463,23 @@ static int tncc_preauth(struct openconnect_info *vpninfo) http_add_cookie(vpninfo, "DSPREAUTH", recvbuf, 1); vpninfo->tncc_fd = sockfd[1]; - len = cancellable_gets(vpninfo, sockfd[1], recvbuf, sizeof(recvbuf)); - if (len < 0) - goto respfail; + count = 0; + do { + len = cancellable_gets(vpninfo, sockfd[1], recvbuf, + sizeof(recvbuf)); + if (len < 0) + goto respfail; + if (len > 0) + vpn_progress(vpninfo, PRG_DEBUG, + _("Unexpected non-empty line from TNCC " + "after DSPREAUTH cookie: '%s'\n"), + recvbuf); + } while (len && (count++ < 10)); + if (len > 0) { vpn_progress(vpninfo, PRG_ERR, - _("Unexpected non-empty line from TNCC after DSPREAUTH cookie: '%s'\n"), - recvbuf); + _("Too many non-empty lines from TNCC after " + "DSPREAUTH cookie\n")); goto respfail; } -- 2.50.1