chg: add --version-string

I've included a patch that provides better compatibility with CSD on
ASA head ends. E.g. it allows to specify the version string that is
presented to the ASA. Previous to this patch, OC presents its own
version e.g. 0.7.8 but that could cause rejection on the head end if
it looks for a matching AC version string.

[dwmw2: All the library ABI support for the new function]

Signed-off-by: Ralph Schmieder <ralph.schmieder@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

diff --git a/auth.c b/auth.c
index fe263168d82c64a776f584ba4f4f8dca0e979eaa..ddbc68d4119fd252c654c01cd92d461ac33cff1d 100644 (file)
--- a/auth.c
+++ b/auth.c
@@ -728,7 +728,8 @@ static xmlDocPtr xmlpost_new_query(struct openconnect_info *vpninfo, const char
                goto bad;
        xmlDocSetRootElement(doc, root);
 
-       node = xmlNewTextChild(root, NULL, XCAST("version"), XCAST(openconnect_version_str));
+       node = xmlNewTextChild(root, NULL, XCAST("version"),
+                              XCAST(vpninfo->version_string ? : openconnect_version_str));
        if (!node)
                goto bad;
        if (!xmlNewProp(node, XCAST("who"), XCAST("vpn")))

diff --git a/cstp.c b/cstp.c
index 68c3d51119abd421ff9ef716edea28b7ca39d9ad..184c1c73aeb097c5802426bd489fa74705ba0e5f 100644 (file)
--- a/cstp.c
+++ b/cstp.c
@@ -179,7 +179,7 @@ static void append_mobile_headers(struct openconnect_info *vpninfo, struct oc_te
 {
        if (vpninfo->mobile_platform_version) {
                buf_append(buf, "X-AnyConnect-Identifier-ClientVersion: %s\r\n",
-                          openconnect_version_str);
+                          vpninfo->version_string ? : openconnect_version_str);
                buf_append(buf, "X-AnyConnect-Identifier-Platform: %s\r\n",
                           vpninfo->platname);
                buf_append(buf, "X-AnyConnect-Identifier-PlatformVersion: %s\r\n",

diff --git a/java/src/com/example/LibTest.java b/java/src/com/example/LibTest.java
index 1ef0371e1b902ea3e4558c71f1a1bf7106004bd3..280ea1d2803f3f252b0a5a89c375ecc8fe024561 100644 (file)
--- a/java/src/com/example/LibTest.java
+++ b/java/src/com/example/LibTest.java
@@ -250,6 +250,7 @@ public final class LibTest {
 
                lib.setReportedOS("win");
                lib.setLogLevel(lib.PRG_DEBUG);
+               lib.setVersionString("2.2.0133");
                //lib.setTokenMode(LibOpenConnect.OC_TOKEN_MODE_STOKEN, null);
                String csd_wrapper = "./csd-" + lib.getProtocol() + ".sh";
                if (new File(csd_wrapper).exists()) {

diff --git a/java/src/org/infradead/libopenconnect/LibOpenConnect.java b/java/src/org/infradead/libopenconnect/LibOpenConnect.java
index a41e99b36a11486a1e65b124dfef6cb237f13071..04b19b13fbf10dd3189461ed2f5edc96b615b87c 100644 (file)
--- a/java/src/org/infradead/libopenconnect/LibOpenConnect.java
+++ b/java/src/org/infradead/libopenconnect/LibOpenConnect.java
@@ -131,6 +131,7 @@ public abstract class LibOpenConnect {
        public synchronized native int setHTTPProxy(String proxy);
        public synchronized native void setXMLSHA1(String hash);
        public synchronized native void setHostname(String hostname);
+       public synchronized native void setVersionString(String version);
        public synchronized native void setUrlpath(String urlpath);
        public synchronized native void setLocalName(String localName);
        public synchronized native void setCAFile(String caFile);

diff --git a/jni.c b/jni.c
index 4d6685e48efb9cb999e55fe44aed5a3d734c29ba..5e160bfcd151ce2f99d7f971714bff910053605b 100644 (file)
--- a/jni.c
+++ b/jni.c
@@ -1297,6 +1297,14 @@ JNIEXPORT void JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_setHostn
        SET_STRING_END();
 }
 
+JNIEXPORT void JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_setVersionString(
+       JNIEnv *jenv, jobject jobj, jstring jarg)
+{
+       SET_STRING_START()
+       openconnect_set_version_string(ctx->vpninfo, arg);
+       SET_STRING_END();
+}
+
 JNIEXPORT void JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_setUrlpath(
        JNIEnv *jenv, jobject jobj, jstring jarg)
 {

diff --git a/libopenconnect.map.in b/libopenconnect.map.in
index 38204b7aa5c32c7ad23eb5ddca4cd5b560293b1a..58f04e7635448bfa43a0caeb7e9a163d249eb9e4 100644 (file)
--- a/libopenconnect.map.in
+++ b/libopenconnect.map.in
@@ -100,6 +100,7 @@ OPENCONNECT_5_5 {
        openconnect_free_supported_protocols;
        openconnect_has_tss2_blob_support;
        openconnect_set_key_password;
+       openconnect_set_version_string;
 } OPENCONNECT_5_4;
 
 OPENCONNECT_PRIVATE {

diff --git a/library.c b/library.c
index 7516f1a9e61f98de9c0dcfe45153233235274ec2..e62c2fe09d818c94acc83e0e61ded315f4e8e5a0 100644 (file)
--- a/library.c
+++ b/library.c
@@ -285,6 +285,14 @@ int openconnect_set_mobile_info(struct openconnect_info *vpninfo,
        return 0;
 }
 
+int openconnect_set_version_string(struct openconnect_info *vpninfo,
+                                  const char *version_string)
+{
+       STRDUP(vpninfo->version_string, version_string);
+
+       return 0;
+}
+
 void free_optlist(struct oc_vpn_option *opt)
 {
        struct oc_vpn_option *next;

diff --git a/main.c b/main.c
index 510f17783cdddb829aab076f2a6024ccddd135e4..2e9e30598074a5a7cb6846ffedd66b0a259a1a3e 100644 (file)
--- a/main.c
+++ b/main.c
@@ -188,6 +188,7 @@ enum {
        OPT_LOCAL_HOSTNAME,
        OPT_PROTOCOL,
        OPT_PASSTOS,
+       OPT_VERSION,
 };
 
 #ifdef __sun__
@@ -253,6 +254,7 @@ static const struct option long_options[] = {
        OPTION("resolve", 1, OPT_RESOLVE),
        OPTION("key-password-from-fsid", 0, OPT_KEY_PASSWORD_FROM_FSID),
        OPTION("useragent", 1, OPT_USERAGENT),
+       OPTION("version-string", 1, OPT_VERSION),
        OPTION("local-hostname", 1, OPT_LOCAL_HOSTNAME),
        OPTION("disable-ipv6", 0, OPT_DISABLE_IPV6),
        OPTION("no-proxy", 0, OPT_NO_PROXY),
@@ -879,6 +881,8 @@ static void usage(void)
        printf("      --useragent=STRING          %s\n", _("HTTP header User-Agent: field"));
        printf("      --local-hostname=STRING     %s\n", _("Local hostname to advertise to server"));
        printf("      --os=STRING                 %s\n", _("OS type (linux,linux-64,win,...) to report"));
+       printf("      --version-string=STRING     %s\n", _("reported version string during authentication"));
+       printf("                                  (%s %s)\n", _("default:"), openconnect_version_str);
 
 #ifndef _WIN32
        printf("\n%s:\n", _("Trojan binary (CSD) execution"));
@@ -1420,6 +1424,10 @@ int main(int argc, char **argv)
                        free(vpninfo->useragent);
                        vpninfo->useragent = dup_config_arg();
                        break;
+               case OPT_VERSION:
+                       free(vpninfo->version_string);
+                       vpninfo->version_string = dup_config_arg();
+                       break;
                case OPT_LOCAL_HOSTNAME:
                        openconnect_set_localname(vpninfo, config_arg);
                        break;

diff --git a/openconnect-internal.h b/openconnect-internal.h
index 74ed6e079f4bd56d7bd1e062eecab1a0221cf877..8aa8fc89907d39eb7d59e53112fc5056d844533f 100644 (file)
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -630,6 +630,7 @@ struct openconnect_info {
 
        int is_dyndns; /* Attempt to redo DNS lookup on each CSTP reconnect */
        char *useragent;
+       char *version_string;
 
        const char *quit_reason;
 

diff --git a/openconnect.8.in b/openconnect.8.in
index 1951183f180af60934e37125f005ccca54265e87..37a33d0c6033c94a305a1b95abd98ade977f4205 100644 (file)
--- a/openconnect.8.in
+++ b/openconnect.8.in
@@ -64,6 +64,7 @@ openconnect \- Multi-protocol VPN client, for Cisco AnyConnect VPNs and others
 .OP \-\-resolve host:ip
 .OP \-\-servercert sha1
 .OP \-\-useragent string
+.OP \-\-version\-string string
 .OP \-\-local-hostname string
 .OP \-\-os string
 .B [https://]\fIserver\fB[:\fIport\fB][/\fIgroup\fB]
@@ -504,6 +505,12 @@ Use
 as 'User\-Agent:' field value in HTTP header.
 (e.g. \-\-useragent 'Cisco AnyConnect VPN Agent for Windows 2.2.0133')
 .TP
+.B \-\-version\-string=STRING
+Use
+.I STRING
+as the software version reported to the head end.
+(e.g. \-\-version\-string '2.2.0133')
+.TP
 .B \-\-local-hostname=STRING
 Use
 .I STRING

diff --git a/openconnect.h b/openconnect.h
index 02c199306f0ebe0c23f89b5c9d3e3843cab92e3d..a385f150f6105d26c2e5e6ee7bc75dbd0df2b060 100644 (file)
--- a/openconnect.h
+++ b/openconnect.h
@@ -37,6 +37,7 @@ extern "C" {
 
 /*
  * API version 5.5:
+ *  - add openconnect_set_version_string()
  *  - add openconnect_set_key_password()
  *  - Add openconnect_has_tss2_blob_support()
  *  - Add openconnect_get_supported_protocols()
@@ -508,6 +509,8 @@ void openconnect_set_xmlpost(struct openconnect_info *, int enable);
    trojan binary. */
 int openconnect_set_reported_os(struct openconnect_info *, const char *os);
 
+int openconnect_set_version_string(struct openconnect_info *vpninfo,
+                                  const char *version_string);
 int openconnect_set_mobile_info(struct openconnect_info *vpninfo,
                                const char *mobile_platform_version,
                                const char *mobile_device_type,