enriquem created this revision. enriquem added a reviewer: jgrulich. enriquem added a project: Plasma (Plasma 5.14). Herald edited projects, added Plasma; removed Plasma (Plasma 5.14). Herald added a subscriber: plasma-devel. enriquem requested review of this revision.
REVISION SUMMARY BUG: 395157 Current implementation of openconnect fails for Juniper VPNs because it endlessly reconnects to the server. It reloads the form right when an index in an AUTHGROUP is changed to any value other than the default, and that condition repeats itself unless the user connects to the first entry in the AUTHGROUP. From vpn/openconnect/README: The auth-dialog handles the arbitrary forms as the server presents them, and spits out the cookie after a successful authentication. It's just a really simple web-browser, effectively. This is why reconnections are needed: the auth-dialog fills in the forms with the stored information, reconnects the server and receives the next form. The the process is repeated until there is no more information available, so that the user can fill in the rest if the connection is still not successful. So the key to solve this issue in a more general way is to check the form and block the reconnection if the form has not changed. This patch creates and stores a hash from the server forms, and reconnects only if the form has changed, which means that new information has been fed to the server. If the form has not changed, no new reconnection is needed. TEST PLAN The patch shuld be tested for all servers openconnect is used for, in particular for Cisco AnyConnect servers. Limited testing has been done for a self-configured server, but should be tested against real-life complex servers with different AUTHGROUP options. REPOSITORY R116 Plasma Network Management Applet REVISION DETAIL https://phabricator.kde.org/D17487 AFFECTED FILES vpn/openconnect/openconnectauth.cpp To: enriquem, jgrulich Cc: plasma-devel, ragreen, Pitel, ZrenBot, lesliezhai, ali-mohamed, jensreuterberg, abetts, sebas, apol, mart
