www.infradead.org Git - users/dwmw2/openconnect.git/commit

author	Daniel Lenski <dlenski@gmail.com>
	Tue, 9 Jan 2018 08:01:18 +0000 (00:01 -0800)
committer	David Woodhouse <dwmw2@infradead.org>
	Tue, 27 Feb 2018 15:28:32 +0000 (16:28 +0100)
commit	4225f050002aaf4a3307908b84ecdfefe0b085d4
tree	a1709d788d25999ac2f01bbb465c578929ddc70e	tree
parent	625165cf0b1669ed2135bdd010f7dbe973d6f815	commit \| diff

Add support for checking and submitting HIP reports

Unlike CSD, the HIP security checker runs during the connection phase, not
during the authentication phase.

Therefore we need to build the CSD token (an MD5 digest identifying the
client) without relying on the authentication phase having run in the same
process.

We build it from the cookie containing authentication information,
but exclude the volatile field (which changes from session to session)
and the preferred-ip field (which may not be present in all cases, or may
change from session to session).

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

gpst.c		diff \| blob \| history
hipreport.sh	[new file with mode: 0755]	blob
www/Makefile.am		diff \| blob \| history
www/features.xml		diff \| blob \| history
www/globalprotect.xml		diff \| blob \| history
www/hip.xml	[new file with mode: 0644]	blob