[PATCH 3/4] http: Fix redirect handling in auth form loop

Kevin Cernekee cernekee at gmail.com
Sun Feb 17 17:28:55 EST 2013


On Sun, Feb 17, 2013 at 2:03 PM, Woodhouse, David
<david.woodhouse at intel.com> wrote:
> On Sat, 2013-02-16 at 16:18 -0800, Kevin Cernekee wrote:
>> The refactored openconnect_obtain_cookie() loop tried to post the
>> challenge/response data to index.html, preventing successful login.
>> This patch changes the logic so that it will honor the new "action"
>> attribute if present.
>
> Point of order: the 'action' attribute isn't new; it's been there for
> years. Since commit 7ba752f8 in April 2009, to be precise, when the
> struct auth_form was first introduced.

Clarification: by "new" I meant that "action" did not contain the same
value as what had showed up in the previous form.  e.g. the old value
is "index.html" but the new value is "challenge.html"

Fabian is rerunning his tests against 91462d2e + my 4 commits now.

I prototyped the safe_realloc() change, if you're interested.

> We now have two callers of parse_xml_response() which do, and two which
> don't. I'm suspect that's a bad thing, and we should put it *into*
> parse_xml_response() rather than leaving it to the caller...

For the XML POST case, I would expect no "action" attribute;
everything always seems to get posted to the root URL.

For the CSD case, the server probably shouldn't be changing the post
URL just because we refreshed the login form post-CSD.  If it does
anyway, we might as well follow it.

So this sounds like it would work OK.



More information about the openconnect-devel mailing list