From abd387c0d119190e62a4a8bf0570a5b88e926e42 Mon Sep 17 00:00:00 2001 From: Daniel Lenski Date: Fri, 6 Mar 2020 13:52:18 -0800 Subject: [PATCH] add secure_cookie protocol field to suppress other protocols' cookies from --dump-http-traffic as well Signed-off-by: Daniel Lenski --- http.c | 2 +- library.c | 4 ++++ openconnect-internal.h | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/http.c b/http.c index 55d6d938..a09d5d79 100644 --- a/http.c +++ b/http.c @@ -545,7 +545,7 @@ int process_http_response(struct openconnect_info *vpninfo, int connect, print_equals = equals; /* Don't print the webvpn cookie unless it's empty; we don't want people posting it in public with debugging output */ - if (!strcmp(colon, "webvpn") && *equals) + if (vpninfo->proto->secure_cookie && !strcmp(colon, vpninfo->proto->secure_cookie) && *equals) print_equals = _(""); vpn_progress(vpninfo, PRG_DEBUG, "%s: %s=%s%s%s\n", hdrline, colon, print_equals, semicolon ? ";" : "", diff --git a/library.c b/library.c index e771cd52..b988ad4c 100644 --- a/library.c +++ b/library.c @@ -121,6 +121,7 @@ static const struct vpn_proto openconnect_protos[] = { .tcp_mainloop = cstp_mainloop, .add_http_headers = cstp_common_headers, .obtain_cookie = cstp_obtain_cookie, + .secure_cookie = "webvpn", .udp_protocol = "DTLS", #ifdef HAVE_DTLS .udp_setup = dtls_setup, @@ -138,6 +139,7 @@ static const struct vpn_proto openconnect_protos[] = { .tcp_mainloop = oncp_mainloop, .add_http_headers = oncp_common_headers, .obtain_cookie = oncp_obtain_cookie, + .secure_cookie = "DSID", .udp_protocol = "ESP", #ifdef HAVE_ESP .udp_setup = esp_setup, @@ -205,6 +207,7 @@ static const struct vpn_proto openconnect_protos[] = { .tcp_mainloop = ppp_mainloop, .add_http_headers = http_common_headers, .obtain_cookie = f5_obtain_cookie, + .secure_cookie = "MRHSession", .udp_protocol = "DTLS", #ifdef HAVE_DTLSx /* Not yet... */ .udp_setup = esp_setup, @@ -224,6 +227,7 @@ static const struct vpn_proto openconnect_protos[] = { .tcp_mainloop = ppp_mainloop, .add_http_headers = http_common_headers, .obtain_cookie = fortinet_obtain_cookie, + .secure_cookie = "SVPNCOOKIE", .udp_protocol = "DTLS", #ifdef HAVE_DTLSx /* Not yet... */ .udp_setup = esp_setup, diff --git a/openconnect-internal.h b/openconnect-internal.h index 35bf7c1b..dbf57b59 100644 --- a/openconnect-internal.h +++ b/openconnect-internal.h @@ -278,6 +278,7 @@ struct vpn_proto { const char *name; const char *pretty_name; const char *description; + const char *secure_cookie; const char *udp_protocol; unsigned int flags; int (*vpn_close_session)(struct openconnect_info *vpninfo, const char *reason); -- 2.49.0