From: Daniel Lenski <dlenski@gmail.com>
Date: Thu, 15 Apr 2021 00:55:42 +0000 (-0700)
Subject: NC/Pulse idle timeout
X-Git-Tag: v8.20~266^2~3
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=dfcc430b257ae47b4bbcfbce4ef388b1a4dc44ae;p=users%2Fdwmw2%2Fopenconnect.git

NC/Pulse idle timeout

Per #234, it appears that:

- oNCP server termination reason 8 indicates idle timeout
- Pulse AVP 0x583/0xd75 indicates the idle timeout in seconds
- No sign of an idle timeout TLV for oNCP

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
---

diff --git a/oncp.c b/oncp.c
index 32798fa5..4b3b7c09 100644
--- a/oncp.c
+++ b/oncp.c
@@ -820,18 +820,23 @@ static int oncp_record_read(struct openconnect_info *vpninfo, void *buf, int len
 					vpn_progress(vpninfo, PRG_ERR,
 						     _("Server terminated connection (session expired)\n"));
 					vpninfo->quit_reason = "VPN session expired";
+				} else if (lenbuf[0] == 8) {
+					vpn_progress(vpninfo, PRG_ERR,
+						     _("Server terminated connection (idle timeout)\n"));
+					vpninfo->quit_reason = "Idle timeout";
 				} else {
 					vpn_progress(vpninfo, PRG_ERR,
 						     _("Server terminated connection (reason: %d)\n"),
 						     lenbuf[0]);
 					vpninfo->quit_reason = "Server terminated connection";
 				}
+				return -EPIPE;
 			} else {
 				vpn_progress(vpninfo, PRG_ERR,
 					     _("Server sent zero-length oNCP record\n"));
 				vpninfo->quit_reason = "Zero-length oNCP record";
+				return -EIO;
 			}
-			return -EIO;
 		}
 	}
 	if (len > vpninfo->oncp_rec_size)
diff --git a/pulse.c b/pulse.c
index c07b21b5..553f0c1c 100644
--- a/pulse.c
+++ b/pulse.c
@@ -1747,14 +1747,19 @@ static int pulse_authenticate(struct openconnect_info *vpninfo, int connecting)
 		} else if (avp_vendor == VENDOR_JUNIPER2 && avp_code == 0xd4f) {
 			realm_entry++;
 		} else if (avp_vendor == VENDOR_JUNIPER2 && avp_code == 0xd5c) {
-			uint32_t val;
-
 			if (avp_len != 4)
 				goto auth_unknown;
-			val = load_be32(avp_p);
+			uint32_t val = load_be32(avp_p);
 
 			if (val)
 				vpninfo->auth_expiration = time(NULL) + val;
+		} else if (avp_vendor == VENDOR_JUNIPER2 && avp_code == 0xd75) {
+			if (avp_len != 4)
+				goto auth_unknown;
+			uint32_t val = load_be32(avp_p);
+
+			if (val)
+				vpninfo->idle_timeout = val;
 		} else if (avp_vendor == VENDOR_JUNIPER2 && avp_code == 0xd53) {
 			free(vpninfo->cookie);
 			vpninfo->cookie = strndup(avp_p, avp_len);