From 13b641668bcdeeca5aed692596c42700cad6b357 Mon Sep 17 00:00:00 2001 From: Ralph Schmieder Date: Sat, 8 Sep 2018 14:57:29 +0200 Subject: [PATCH] chg: add --version-string I've included a patch that provides better compatibility with CSD on ASA head ends. E.g. it allows to specify the version string that is presented to the ASA. Previous to this patch, OC presents its own version e.g. 0.7.8 but that could cause rejection on the head end if it looks for a matching AC version string. [dwmw2: All the library ABI support for the new function] Signed-off-by: Ralph Schmieder Signed-off-by: David Woodhouse --- auth.c | 3 ++- cstp.c | 2 +- java/src/com/example/LibTest.java | 1 + java/src/org/infradead/libopenconnect/LibOpenConnect.java | 1 + jni.c | 8 ++++++++ libopenconnect.map.in | 1 + library.c | 8 ++++++++ main.c | 8 ++++++++ openconnect-internal.h | 1 + openconnect.8.in | 7 +++++++ openconnect.h | 3 +++ 11 files changed, 41 insertions(+), 2 deletions(-) diff --git a/auth.c b/auth.c index fe263168..ddbc68d4 100644 --- a/auth.c +++ b/auth.c @@ -728,7 +728,8 @@ static xmlDocPtr xmlpost_new_query(struct openconnect_info *vpninfo, const char goto bad; xmlDocSetRootElement(doc, root); - node = xmlNewTextChild(root, NULL, XCAST("version"), XCAST(openconnect_version_str)); + node = xmlNewTextChild(root, NULL, XCAST("version"), + XCAST(vpninfo->version_string ? : openconnect_version_str)); if (!node) goto bad; if (!xmlNewProp(node, XCAST("who"), XCAST("vpn"))) diff --git a/cstp.c b/cstp.c index 68c3d511..184c1c73 100644 --- a/cstp.c +++ b/cstp.c @@ -179,7 +179,7 @@ static void append_mobile_headers(struct openconnect_info *vpninfo, struct oc_te { if (vpninfo->mobile_platform_version) { buf_append(buf, "X-AnyConnect-Identifier-ClientVersion: %s\r\n", - openconnect_version_str); + vpninfo->version_string ? : openconnect_version_str); buf_append(buf, "X-AnyConnect-Identifier-Platform: %s\r\n", vpninfo->platname); buf_append(buf, "X-AnyConnect-Identifier-PlatformVersion: %s\r\n", diff --git a/java/src/com/example/LibTest.java b/java/src/com/example/LibTest.java index 1ef0371e..280ea1d2 100644 --- a/java/src/com/example/LibTest.java +++ b/java/src/com/example/LibTest.java @@ -250,6 +250,7 @@ public final class LibTest { lib.setReportedOS("win"); lib.setLogLevel(lib.PRG_DEBUG); + lib.setVersionString("2.2.0133"); //lib.setTokenMode(LibOpenConnect.OC_TOKEN_MODE_STOKEN, null); String csd_wrapper = "./csd-" + lib.getProtocol() + ".sh"; if (new File(csd_wrapper).exists()) { diff --git a/java/src/org/infradead/libopenconnect/LibOpenConnect.java b/java/src/org/infradead/libopenconnect/LibOpenConnect.java index a41e99b3..04b19b13 100644 --- a/java/src/org/infradead/libopenconnect/LibOpenConnect.java +++ b/java/src/org/infradead/libopenconnect/LibOpenConnect.java @@ -131,6 +131,7 @@ public abstract class LibOpenConnect { public synchronized native int setHTTPProxy(String proxy); public synchronized native void setXMLSHA1(String hash); public synchronized native void setHostname(String hostname); + public synchronized native void setVersionString(String version); public synchronized native void setUrlpath(String urlpath); public synchronized native void setLocalName(String localName); public synchronized native void setCAFile(String caFile); diff --git a/jni.c b/jni.c index 4d6685e4..5e160bfc 100644 --- a/jni.c +++ b/jni.c @@ -1297,6 +1297,14 @@ JNIEXPORT void JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_setHostn SET_STRING_END(); } +JNIEXPORT void JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_setVersionString( + JNIEnv *jenv, jobject jobj, jstring jarg) +{ + SET_STRING_START() + openconnect_set_version_string(ctx->vpninfo, arg); + SET_STRING_END(); +} + JNIEXPORT void JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_setUrlpath( JNIEnv *jenv, jobject jobj, jstring jarg) { diff --git a/libopenconnect.map.in b/libopenconnect.map.in index 38204b7a..58f04e76 100644 --- a/libopenconnect.map.in +++ b/libopenconnect.map.in @@ -100,6 +100,7 @@ OPENCONNECT_5_5 { openconnect_free_supported_protocols; openconnect_has_tss2_blob_support; openconnect_set_key_password; + openconnect_set_version_string; } OPENCONNECT_5_4; OPENCONNECT_PRIVATE { diff --git a/library.c b/library.c index 7516f1a9..e62c2fe0 100644 --- a/library.c +++ b/library.c @@ -285,6 +285,14 @@ int openconnect_set_mobile_info(struct openconnect_info *vpninfo, return 0; } +int openconnect_set_version_string(struct openconnect_info *vpninfo, + const char *version_string) +{ + STRDUP(vpninfo->version_string, version_string); + + return 0; +} + void free_optlist(struct oc_vpn_option *opt) { struct oc_vpn_option *next; diff --git a/main.c b/main.c index 510f1778..2e9e3059 100644 --- a/main.c +++ b/main.c @@ -188,6 +188,7 @@ enum { OPT_LOCAL_HOSTNAME, OPT_PROTOCOL, OPT_PASSTOS, + OPT_VERSION, }; #ifdef __sun__ @@ -253,6 +254,7 @@ static const struct option long_options[] = { OPTION("resolve", 1, OPT_RESOLVE), OPTION("key-password-from-fsid", 0, OPT_KEY_PASSWORD_FROM_FSID), OPTION("useragent", 1, OPT_USERAGENT), + OPTION("version-string", 1, OPT_VERSION), OPTION("local-hostname", 1, OPT_LOCAL_HOSTNAME), OPTION("disable-ipv6", 0, OPT_DISABLE_IPV6), OPTION("no-proxy", 0, OPT_NO_PROXY), @@ -879,6 +881,8 @@ static void usage(void) printf(" --useragent=STRING %s\n", _("HTTP header User-Agent: field")); printf(" --local-hostname=STRING %s\n", _("Local hostname to advertise to server")); printf(" --os=STRING %s\n", _("OS type (linux,linux-64,win,...) to report")); + printf(" --version-string=STRING %s\n", _("reported version string during authentication")); + printf(" (%s %s)\n", _("default:"), openconnect_version_str); #ifndef _WIN32 printf("\n%s:\n", _("Trojan binary (CSD) execution")); @@ -1420,6 +1424,10 @@ int main(int argc, char **argv) free(vpninfo->useragent); vpninfo->useragent = dup_config_arg(); break; + case OPT_VERSION: + free(vpninfo->version_string); + vpninfo->version_string = dup_config_arg(); + break; case OPT_LOCAL_HOSTNAME: openconnect_set_localname(vpninfo, config_arg); break; diff --git a/openconnect-internal.h b/openconnect-internal.h index 74ed6e07..8aa8fc89 100644 --- a/openconnect-internal.h +++ b/openconnect-internal.h @@ -630,6 +630,7 @@ struct openconnect_info { int is_dyndns; /* Attempt to redo DNS lookup on each CSTP reconnect */ char *useragent; + char *version_string; const char *quit_reason; diff --git a/openconnect.8.in b/openconnect.8.in index 1951183f..37a33d0c 100644 --- a/openconnect.8.in +++ b/openconnect.8.in @@ -64,6 +64,7 @@ openconnect \- Multi-protocol VPN client, for Cisco AnyConnect VPNs and others .OP \-\-resolve host:ip .OP \-\-servercert sha1 .OP \-\-useragent string +.OP \-\-version\-string string .OP \-\-local-hostname string .OP \-\-os string .B [https://]\fIserver\fB[:\fIport\fB][/\fIgroup\fB] @@ -504,6 +505,12 @@ Use as 'User\-Agent:' field value in HTTP header. (e.g. \-\-useragent 'Cisco AnyConnect VPN Agent for Windows 2.2.0133') .TP +.B \-\-version\-string=STRING +Use +.I STRING +as the software version reported to the head end. +(e.g. \-\-version\-string '2.2.0133') +.TP .B \-\-local-hostname=STRING Use .I STRING diff --git a/openconnect.h b/openconnect.h index 02c19930..a385f150 100644 --- a/openconnect.h +++ b/openconnect.h @@ -37,6 +37,7 @@ extern "C" { /* * API version 5.5: + * - add openconnect_set_version_string() * - add openconnect_set_key_password() * - Add openconnect_has_tss2_blob_support() * - Add openconnect_get_supported_protocols() @@ -508,6 +509,8 @@ void openconnect_set_xmlpost(struct openconnect_info *, int enable); trojan binary. */ int openconnect_set_reported_os(struct openconnect_info *, const char *os); +int openconnect_set_version_string(struct openconnect_info *vpninfo, + const char *version_string); int openconnect_set_mobile_info(struct openconnect_info *vpninfo, const char *mobile_platform_version, const char *mobile_device_type, -- 2.49.0