Detect redirection command in failed authentication response

In some situations server may command user agent to redirect to a
specific page as a result of a failed authentication attempt.

Examples of such responses:
1. ret=0,redir=/remote/login?&err=sslvpn_login_permission_denied&lang=en
2. ret=0,redir=/remote/login?&err=sslvpn_login_password_expired&lang=en

When using a real web browser it results in JavaScript redirecting user
to the URL from "redir" key.

Those redirection URLs may contain a meaningful error code (see examples
above). Check them and log a relevant error message with "err" parameter
value if present.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>

Author: Rafał Miłecki

src/http.c

@@ -718,10 +718,29 @@ int auth_log_in(struct tunnel *tunnel)
 	ret = get_value_from_response(res, "ret=", auth_ret_text, 8);
 	if (ret == 1) {
 		int auth_ret = strtol(auth_ret_text, NULL, 10);
+		char redir[128];
 
 		switch (auth_ret) {
 		case 0:
 			log_error("Authentication failed\n");
+
+			ret = get_value_from_response(res, "redir=", redir, 128);
+			if (ret == 1) {
+				const char *err_start;
+
+				log_debug("Received redirection: \"%s\"\n", redir);
+
+				/* Check for error value in the redirection URL */
+				err_start = strstr(redir, "err=");
+				if (err_start) {
+					const char *err_end = strstr(err_start, "&");
+
+					log_error("Authentication ended up in redirection with error value: \"%.*s\"\n",
+							err_end ? err_end - err_start - 4 : -1,
+							err_start + 4);
+				}
+			}
+
 			ret = ERR_HTTP_PERMISSION;
 			goto end;
 		case 1: