www.infradead.org Git - users/dwmw2/openconnect.git/commit

author	Daniel Lenski <dlenski@gmail.com>
	Sun, 4 Mar 2018 09:32:00 +0000 (11:32 +0200)
committer	David Woodhouse <dwmw2@infradead.org>
	Thu, 31 May 2018 10:42:54 +0000 (11:42 +0100)
commit	4e35d505314ec0bb940fcadde25f540da38a2e11
tree	dbf7eb70ecac66fc7129de0e0c5b58621ef3accf	tree
parent	1ad22fc31afbe43a891ed8abb1c0ef3c9200f17a	commit \| diff

Add support for checking and submitting HIP reports

Unlike CSD, the HIP security checker runs during the connection phase, not
during the authentication phase.

Therefore we need to build the CSD token (an MD5 digest identifying the
client) without relying on the authentication phase having run in the same
process.

We build it from the cookie containing authentication information,
but exclude the volatile field (which changes from session to session)
and the preferred-ip field (which may not be present in all cases, or may
change from session to session).

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

gpst.c		diff \| blob \| history
hipreport.sh	[new file with mode: 0755]	blob
www/Makefile.am		diff \| blob \| history
www/features.xml		diff \| blob \| history
www/globalprotect.xml		diff \| blob \| history
www/hip.xml	[new file with mode: 0644]	blob