From 0738bb70a378f1a7d16e1918fa6be802ad041e10 Mon Sep 17 00:00:00 2001 From: Daniel Lenski Date: Tue, 2 Feb 2021 22:57:52 -0800 Subject: [PATCH] Fortinet: set HTTP user-agent to 'Mozilla/5.0 SV1' as openfortivpn does This appears to suppress the need for 'host check' (presumably a Trojan similar to those of other protocols) on some, if not all, Fortinet servers. Signed-off-by: Daniel Lenski --- fortinet.c | 13 ++++++++++++- library.c | 2 +- openconnect-internal.h | 1 + 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/fortinet.c b/fortinet.c index 2e980535..c014fe96 100644 --- a/fortinet.c +++ b/fortinet.c @@ -33,6 +33,17 @@ #define XCAST(x) ((const xmlChar *)(x)) +void fortinet_common_headers(struct openconnect_info *vpninfo, + struct oc_text_buf *buf) +{ + char *orig_ua = vpninfo->useragent; + + /* XX: This is what openfortivpn uses */ + vpninfo->useragent = (char *)"Mozilla/5.0 SV1"; + http_common_headers(vpninfo, buf); + vpninfo->useragent = orig_ua; +} + int fortinet_obtain_cookie(struct openconnect_info *vpninfo) { return -EINVAL; @@ -297,7 +308,7 @@ int fortinet_connect(struct openconnect_info *vpninfo) goto out; reqbuf = buf_alloc(); buf_append(reqbuf, "GET /remote/sslvpn-tunnel HTTP/1.1\r\n"); - http_common_headers(vpninfo, reqbuf); + fortinet_common_headers(vpninfo, reqbuf); buf_append(reqbuf, "\r\n"); if (buf_error(reqbuf)) { diff --git a/library.c b/library.c index f9f203a0..6558d6c0 100644 --- a/library.c +++ b/library.c @@ -216,7 +216,7 @@ static const struct vpn_proto openconnect_protos[] = { .vpn_close_session = fortinet_bye, .tcp_connect = fortinet_connect, .tcp_mainloop = ppp_mainloop, - .add_http_headers = http_common_headers, + .add_http_headers = fortinet_common_headers, .obtain_cookie = fortinet_obtain_cookie, .secure_cookie = "SVPNCOOKIE", .udp_protocol = "DTLS", diff --git a/openconnect-internal.h b/openconnect-internal.h index 544a4f4e..63a0eefe 100644 --- a/openconnect-internal.h +++ b/openconnect-internal.h @@ -991,6 +991,7 @@ int f5_connect(struct openconnect_info *vpninfo); int f5_bye(struct openconnect_info *vpninfo, const char *reason); /* fortinet.c */ +void fortinet_common_headers(struct openconnect_info *vpninfo, struct oc_text_buf *buf); int fortinet_obtain_cookie(struct openconnect_info *vpninfo); int fortinet_connect(struct openconnect_info *vpninfo); int fortinet_bye(struct openconnect_info *vpninfo, const char *reason); -- 2.49.0