From 8eaaefd568910be0a446c39498fd76f7664902b5 Mon Sep 17 00:00:00 2001
From: Daniel Lenski <dlenski@gmail.com>
Date: Tue, 13 Jun 2023 12:10:33 -0700
Subject: [PATCH] OpenConnect should report the client operating system to
 Pulse servers

We already know from a MITM capture on Windows how and where this is
reported by the official clients.

As seen with other protocols, some Pulse VPN servers may rely on the
presence of OS information in order to respond with a complete and correct
main configuration packet (see possible cases of this requirement in
https://gitlab.com/openconnect/openconnect/-/issues/459).

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
---
 pulse.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pulse.c b/pulse.c
index 7cb216d2..c4995360 100644
--- a/pulse.c
+++ b/pulse.c
@@ -1612,6 +1612,11 @@ static int pulse_authenticate(struct openconnect_info *vpninfo, int connecting)
 	buf_append_avp_string(reqbuf, 0xd6c, "\x02\xe9\xa7\x51\x92\x4e");
 	buf_append_avp_be32(reqbuf, 0xd84, 0);
 #else
+	/* XX: We don't actually know what string the Pulse clients send for OSes other than
+	 * Windows, but Windows/Linux/Mac (like GP clients use) seems likely.
+	 */
+	buf_append_avp_string(reqbuf, 0xd5e, gpst_os_name(vpninfo));
+
 	/* XX: "Only the Pulse client supports IPv6", both according to user reports and
 	 * https://help.ivanti.com/ps/help/en_US/PCS/9.1R14/ag/network_n_host_admin.htm#network_and_host_administration_1399867268_681155
 	 *
-- 
2.50.1