From: David Woodhouse <dwmw2@infradead.org>
Date: Sat, 15 Jun 2019 20:17:04 +0000 (+0100)
Subject: Interpret Pulse auth failure AVP
X-Git-Tag: v8.04~17
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=270eda80a3fb108fe2859c92f1c83a941502d4e5;p=users%2Fdwmw2%2Fopenconnect.git

Interpret Pulse auth failure AVP

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
---

diff --git a/pulse.c b/pulse.c
index 9e22c7ff..9bb1a39a 100644
--- a/pulse.c
+++ b/pulse.c
@@ -1478,6 +1478,22 @@ static int pulse_authenticate(struct openconnect_info *vpninfo, int connecting)
 		}
 		if (avp_vendor == VENDOR_JUNIPER2 && avp_code == 0xd65) {
 			old_sessions++;
+		} else if (avp_vendor == VENDOR_JUNIPER2 && avp_code == 0xd60) {
+			uint32_t failcode;
+			if (avp_len != 4)
+				goto auth_unknown;
+
+			failcode = load_be32(avp_p);
+			if (failcode == 0x0d) {
+				vpn_progress(vpninfo, PRG_ERR,
+					     _("Authentication failure: Account locked out\n"));
+			} else {
+				vpn_progress(vpninfo, PRG_ERR,
+					     _("Authentication failure: Code 0x%02x\n"),
+					       failcode);
+			}
+			ret = -EPERM;
+			goto out;
 		} else if (avp_vendor == VENDOR_JUNIPER2 && avp_code == 0xd80) {
 			free(user_prompt);
 			user_prompt = strndup(avp_p, avp_len);