implement `auth_expiration` for Pulse protocol

We have many examples of this field (AVP 0x583/0xd5c) being multiples of 60 or 3600,
strongly suggesting that it's the remaining auth lifetime:

- https://gitlab.com/openconnect/openconnect/-/issues/98: `AVP 0x583/0xd5c: 00 01 fa 40` (0x1fa40 seconds = 36 hours)
- private communication: `AVP 0x583/0xd5c: 00 00 a9 ec` (0xa9ec seconds = 12 hours)
- private communication: `AVP 0x583/0xd5c: 00 00 0a 70` (0xa70 seconds = 44 minutes)

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/pulse.c b/pulse.c
index 067edbd35bafe61176840f77151fe7acc44b8d57..fb8676d18134e8331e31fd697ba82a618ccc4fe3 100644 (file)
--- a/pulse.c
+++ b/pulse.c
@@ -1761,6 +1761,15 @@ static int pulse_authenticate(struct openconnect_info *vpninfo, int connecting)
                        realms_found++;
                } else if (avp_vendor == VENDOR_JUNIPER2 && avp_code == 0xd4f) {
                        realm_entry++;
+               } else if (avp_vendor == VENDOR_JUNIPER2 && avp_code == 0xd5c) {
+                       uint32_t val;
+
+                       if (avp_len != 4)
+                               goto auth_unknown;
+                       val = load_be32(avp_p);
+
+                       if (val)
+                               vpninfo->auth_expiration = time(NULL) + val;
                } else if (avp_vendor == VENDOR_JUNIPER2 && avp_code == 0xd53) {
                        free(vpninfo->cookie);
                        vpninfo->cookie = strndup(avp_p, avp_len);