Cannot handle form method='post', action='webvpn.html'
David Woodhouse
dwmw2 at infradead.org
Mon Feb 22 08:23:42 EST 2010
On Wed, 2010-02-17 at 17:32 +0000, Eric Wettstein wrote:
> I've just started with openconnect this morning. (I'm trying to avoid
> installing anything from Cisco!)
> I'm running Ubuntu-karmic 64 bit machine and version 2.21 of
> openconnect I compiled myself to get past a redirect error. I started
> with the karmic distribution version.
> Unfortunately, I've come to another stop -- Cannot handle form
> method='post', action='webvpn.html'.
> ---- verbose output --- IP changed to protect the innocentopenconnect
> --script=/etc/vpnc/vpnc-script --usergroup=FFP --verbose IPAttempting
> to connect to IP:443SSL negotiation with IPConnected to HTTPS on IPGET
> https://IP/FFPGot HTTP response: HTTP/1.1 303 See OtherContent-Type:
> text/htmlContent-Length: 0Location:
> https://IP:443/webvpn.htmlSet-Cookie: webvpncontext=00 at FFP;
> path=/Connection: Keep-AliveHTTP body length: (0)GET
> https://IP/webvpn.htmlGot HTTP response: HTTP/1.1 200 OKCache-Control:
> max-age=0Content-Type: text/htmlSet-Cookie: webvpn=; expires=Thu, 01
> Jan 1970 22:00:00 GMT; path=/Set-Cookie: webvpncontext=00 at FFP;
> path=/X-Transcend-Version: 1Content-Length: 473Connection: closeHTTP
> body length: (473)Cannot handle form method='post',
> action='webvpn.html'Failed to obtain WebVPN cookie
> -- version verificationopenconnect --versionOpenConnect version v2.21
> Is this a problem in my build? Is there a setting in the Cisco side
> that would make this a get request?
Please don't post HTML!
It looks like your form uses a relative URL for the target, which we
don't support yet. Can you try this?
diff --git a/auth.c b/auth.c
index 21095f5..93e175f 100644
--- a/auth.c
+++ b/auth.c
@@ -359,7 +359,7 @@ int parse_xml_response(struct openconnect_info *vpninfo, char *response,
form->method = (char *)xmlGetProp(xml_node, (unsigned char *)"method");
form->action = (char *)xmlGetProp(xml_node, (unsigned char *)"action");
if (!form->method || !form->action ||
- strcasecmp(form->method, "POST") || form->action[0] != '/') {
+ strcasecmp(form->method, "POST") || !form->action[0]) {
vpninfo->progress(vpninfo, PRG_ERR,
"Cannot handle form method='%s', action='%s'\n",
form->method, form->action);
diff --git a/http.c b/http.c
index d653aff..ea687cc 100644
--- a/http.c
+++ b/http.c
@@ -651,9 +651,28 @@ int openconnect_obtain_cookie(struct openconnect_info *vpninfo)
vpninfo->redirect_url = NULL;
goto retry;
} else {
- vpninfo->progress(vpninfo, PRG_ERR, "Relative redirect (to '%s') not supported\n",
- vpninfo->redirect_url);
- return -EINVAL;
+ char *lastslash = strrchr(vpninfo->urlpath, '/');
+ if (!lastslash) {
+ free(vpninfo->urlpath);
+ vpninfo->urlpath = vpninfo->redirect_url;
+ vpninfo->redirect_url = NULL;
+ } else {
+ char *oldurl = vpninfo->urlpath;
+ *lastslash = 0;
+ vpninfo->urlpath = NULL;
+ if (asprintf(&vpninfo->urlpath, "%s/%s",
+ oldurl, vpninfo->redirect_url) == -1) {
+ int err = -errno;
+ vpninfo->progress(vpninfo, PRG_ERR,
+ "Allocating new path for relative redirect failed: %s\n",
+ strerror(-err));
+ return err;
+ }
+ free(oldurl);
+ free(vpninfo->redirect_url);
+ vpninfo->redirect_url = NULL;
+ }
+ goto retry;
}
}
--
David Woodhouse Open Source Technology Centre
David.Woodhouse at intel.com Intel Corporation
More information about the openconnect-devel
mailing list