www.infradead.org Git - users/dwmw2/openconnect.git/commit

author	Daniel Lenski <dlenski@gmail.com>
	Sat, 4 Aug 2018 03:01:26 +0000 (20:01 -0700)
committer	Daniel Lenski <dlenski@gmail.com>
	Sat, 4 Aug 2018 22:31:25 +0000 (15:31 -0700)
commit	2f270d251800a0a7a3beecc27990ca06d66a300f
tree	be5d466635bcd35983978bc3ed34f6e2448ade6c	tree
parent	62c60badd1397cb0a1d455a2783d7c897a6baba5	commit \| diff

include computer name in the GP cookie

The GlobalProtect "cookie" is an overstuffed monstrosity, due to the
requirement to retain a few random, non-secret values in order to logout
successfully (see gpst_bye):

    authcookie=d41d8cd98f00b204e9800998ecf8427e&portal=Gateway-X&user=user.name&domain=big-corp

Until now, I've avoided including the computer field in this cookie, on the assumption that it
can reproduced at any time using vpninfo->localname. However, it appears that this value can't always
be reproduced correctly when running under NetworkManager:

    https://github.com/dlenski/network-manager-openconnect/issues/7

In order to be more robust, this patch therefore also includes the local hostname in the cookie:

    authcookie=d41d8cd98f00b204e9800998ecf8427e&portal=Gateway-X&user=user.name&domain=big-corp&computer=hostname

auth-globalprotect.c		diff \| blob \| history
gpst.c		diff \| blob \| history
hipreport.sh		diff \| blob \| history