From 4ff991c46e6b202cabd623eeffa5ae1af1ba5c8e Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 23 Apr 2021 10:40:44 +0100 Subject: [PATCH 1/2] Ignore errors fetching NC landing page if auth was successful Signed-off-by: David Woodhouse (cherry picked from commit 3e77943692b511719d9217d2ecc43588b7c6c08b) --- auth-juniper.c | 18 +++++++++++------- www/changelog.xml | 2 +- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/auth-juniper.c b/auth-juniper.c index 19d43978..63af3bfc 100644 --- a/auth-juniper.c +++ b/auth-juniper.c @@ -663,6 +663,17 @@ int oncp_obtain_cookie(struct openconnect_info *vpninfo) ret = do_https_request(vpninfo, "GET", NULL, NULL, &form_buf, 2); + /* After login, the server will redirect the "browser" to a landing page. + * https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784 + * turned some of those landing pages into a 403 but we don't *care* + * about that as long as we have the cookie we wanted. So check for + * cookie success *before* checking 'ret'. */ + if (!check_cookie_success(vpninfo)) { + free(form_buf); + ret = 0; + break; + } + if (ret < 0) break; @@ -680,13 +691,6 @@ int oncp_obtain_cookie(struct openconnect_info *vpninfo) break; } - if (!check_cookie_success(vpninfo)) { - buf_free(url); - free(form_buf); - ret = 0; - break; - } - doc = htmlReadMemory(form_buf, ret, url->data, NULL, HTML_PARSE_RECOVER|HTML_PARSE_NOERROR|HTML_PARSE_NOWARNING|HTML_PARSE_NONET); buf_free(url); diff --git a/www/changelog.xml b/www/changelog.xml index bca5c8e2..1a05eda7 100644 --- a/www/changelog.xml +++ b/www/changelog.xml @@ -15,7 +15,7 @@