From ee0a7efcd256ebc797af2fe82595fddd3f7b1650 Mon Sep 17 00:00:00 2001
From: Daniel Lenski <dlenski@gmail.com>
Date: Mon, 8 Feb 2021 13:28:28 -0800
Subject: [PATCH] F5: one of the GET requests in login flow appears unnecessary

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
---
 f5.c             | 22 +++++-----------------
 test-f5-login.py |  4 ++--
 2 files changed, 7 insertions(+), 19 deletions(-)

diff --git a/f5.c b/f5.c
index cf12ffcb..ed7ce824 100644
--- a/f5.c
+++ b/f5.c
@@ -45,8 +45,8 @@ int f5_obtain_cookie(struct openconnect_info *vpninfo)
 	if ((ret = buf_error(resp_buf)))
 		goto out;
 
-	/* XX: Is this initial GET / (to populate LastMRH_Session and MRHSession
-	 * cookies) actually necessary?
+	/* XX: This initial 'GET /' seems to be necessary to populate LastMRH_Session and
+	 * MRHSession cookies, without which the subsequent 'POST' will fail.
 	 */
 	ret = do_https_request(vpninfo, "GET", NULL, NULL, &form_buf, 1);
 	free(form_buf);
@@ -54,25 +54,13 @@ int f5_obtain_cookie(struct openconnect_info *vpninfo)
 	if (ret < 0)
 		return ret;
 
-	/* XX: Is this second GET /my.policy (to update MRHSession cookie)
-	 * also necessary?
-	 */
-	free(vpninfo->urlpath);
-	if (!(vpninfo->urlpath = strdup("my.policy"))) {
+	/* XX: build static form (username and password) */
+	form = calloc(1, sizeof(*form));
+	if (!form) {
 	nomem:
 		ret = -ENOMEM;
 		goto out;
 	}
-	ret = do_https_request(vpninfo, "GET", NULL, NULL, &form_buf, 1);
-	free(form_buf);
-	form_buf = NULL;
-	if (ret < 0)
-		return ret;
-
-	/* XX: build static form (username and password) */
-	form = calloc(1, sizeof(*form));
-	if (!form)
-		goto nomem;
 	opt = form->opts = calloc(1, sizeof(*opt));
 	if (!opt)
 		goto nomem;
diff --git a/test-f5-login.py b/test-f5-login.py
index aec2701e..e6980183 100755
--- a/test-f5-login.py
+++ b/test-f5-login.py
@@ -52,8 +52,8 @@ s.verify = args.verify
 print("Initial GET / to populate LastMRH_Session and MRHSession cookies...", file=stderr)
 res = s.get(endpoint.geturl(), allow_redirects=False)
 assert any(c.value for c in s.cookies if c.name=='MRHSession') and any(c.value for c in s.cookies if c.name=='LastMRH_Session')
-print("GET /my.policy to update MRHSession cookie...", file=stderr)
-res = s.get(endpoint._replace(path='/my.policy').geturl(), allow_redirects=False, headers={'Referer': res.url})
+#print("GET /my.policy to update MRHSession cookie...", file=stderr)
+#res = s.get(endpoint._replace(path='/my.policy').geturl(), allow_redirects=False, headers={'Referer': res.url})
 #print("GET /vdesk/timeoutagent-i.php to update TIN cookie (probably unnecessary).")
 #res = s.get(endpoint._replace(path='/vdesk/timeoutagent-i.php').geturl(), allow_redirects=False)
 
-- 
2.50.1