OpenConnect should report the client operating system to Pulse servers

We already know from a MITM capture on Windows how and where this is
reported by the official clients.

As seen with other protocols, some Pulse VPN servers may rely on the
presence of OS information in order to respond with a complete and correct
main configuration packet (see possible cases of this requirement in
https://gitlab.com/openconnect/openconnect/-/issues/459).

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/pulse.c b/pulse.c
index 7cb216d28caabdd4e7f0b1fa3a0fc71b8f81d6e7..c49953601ee7007bec9e37c6b5a521fa6b873795 100644 (file)
--- a/pulse.c
+++ b/pulse.c
@@ -1612,6 +1612,11 @@ static int pulse_authenticate(struct openconnect_info *vpninfo, int connecting)
        buf_append_avp_string(reqbuf, 0xd6c, "\x02\xe9\xa7\x51\x92\x4e");
        buf_append_avp_be32(reqbuf, 0xd84, 0);
 #else
+       /* XX: We don't actually know what string the Pulse clients send for OSes other than
+        * Windows, but Windows/Linux/Mac (like GP clients use) seems likely.
+        */
+       buf_append_avp_string(reqbuf, 0xd5e, gpst_os_name(vpninfo));
+
        /* XX: "Only the Pulse client supports IPv6", both according to user reports and
         * https://help.ivanti.com/ps/help/en_US/PCS/9.1R14/ag/network_n_host_admin.htm#network_and_host_administration_1399867268_681155
         *