diff --git a/auth-globalprotect.c b/auth-globalprotect.c index 9ce8d43c..b70d6a6c 100644 --- a/auth-globalprotect.c +++ b/auth-globalprotect.c @@ -173,6 +173,7 @@ static int parse_login_xml(struct openconnect_info *vpninfo, xmlNode *xml_node) free(value); value = NULL; } + append_opt(cookie, "computer", vpninfo->localname); if (!buf_error(cookie)) { vpninfo->cookie = cookie->data; @@ -475,8 +476,7 @@ int gpst_bye(struct openconnect_info *vpninfo, const char *reason) * * Don't blame me. I didn't design this. */ - append_opt(request_body, "computer", vpninfo->localname); - buf_append(request_body, "&%s", vpninfo->cookie); + buf_append(request_body, "%s", vpninfo->cookie); if ((result = buf_error(request_body))) goto out; diff --git a/gpst.c b/gpst.c index bccfc6d9..d09df69f 100644 --- a/gpst.c +++ b/gpst.c @@ -789,9 +789,8 @@ static int build_csd_token(struct openconnect_info *vpninfo) if (!vpninfo->csd_token) return -ENOMEM; - /* use localname and cookie (excluding volatile authcookie and preferred-ip) to build md5sum */ + /* use cookie (excluding volatile authcookie and preferred-ip) to build md5sum */ buf = buf_alloc(); - append_opt(buf, "computer", vpninfo->localname); filter_opts(buf, vpninfo->cookie, "authcookie,preferred-ip", 0); if (buf_error(buf)) goto out; @@ -815,9 +814,8 @@ static int check_or_submit_hip_report(struct openconnect_info *vpninfo, const ch const char *method = "POST"; char *xml_buf=NULL, *orig_path; - /* cookie gives us these fields: authcookie, portal, user, domain, and (maybe the unnecessary) preferred-ip */ + /* cookie gives us these fields: authcookie, portal, user, domain, computer, and (maybe the unnecessary) preferred-ip */ buf_append(request_body, "client-role=global-protect-full&%s", vpninfo->cookie); - append_opt(request_body, "computer", vpninfo->localname); append_opt(request_body, "client-ip", vpninfo->ip_info.addr); if (report) { /* XML report contains many characters requiring URL-encoding (%xx) */ @@ -912,8 +910,6 @@ static int run_hip_script(struct openconnect_info *vpninfo) hip_argv[i++] = openconnect_utf8_to_legacy(vpninfo, vpninfo->csd_wrapper); hip_argv[i++] = (char *)"--cookie"; hip_argv[i++] = vpninfo->cookie; - hip_argv[i++] = (char *)"--computer"; - hip_argv[i++] = vpninfo->localname; hip_argv[i++] = (char *)"--client-ip"; hip_argv[i++] = (char *)vpninfo->ip_info.addr; hip_argv[i++] = (char *)"--md5"; diff --git a/hipreport.sh b/hipreport.sh index a25cf139..832aabc8 100755 --- a/hipreport.sh +++ b/hipreport.sh @@ -6,10 +6,7 @@ # # --cookie: a URL-encoded string, as output by openconnect # --authenticate --protocol=gp, which includes parameters -# --from the /ssl-vpn/login.esp response -# -# --computer: local hostname, which can be overriden with -# --openconnect local-hostname=HOSTNAME +# from the /ssl-vpn/login.esp response # # --client-ip: IPv4 address allocated by the GlobalProtect VPN for # this client (included in /ssl-vpn/getconfig.esp @@ -22,26 +19,25 @@ # Read command line arguments into variables COOKIE= -COMPUTER= IP= MD5= while [ "$1" ]; do if [ "$1" = "--cookie" ]; then shift; COOKIE="$1"; fi - if [ "$1" = "--computer" ]; then shift; COMPUTER="$1"; fi if [ "$1" = "--client-ip" ]; then shift; IP="$1"; fi if [ "$1" = "--md5" ]; then shift; MD5="$1"; fi shift done -if [ -z "$COOKIE" -o -z "$COMPUTER" -o -z "$IP" -o -z "$MD5" ]; then +if [ -z "$COOKIE" -o -z "$IP" -o -z "$MD5" ]; then echo "Parameters --cookie, --computer, --client-ip, and --md5 are required" >&2 exit 1; fi -# Extract username and domain from cookie +# Extract username and domain and computer from cookie USER=$(echo "$COOKIE" | sed -rn 's/(.+&|^)user=([^&]+)(&.+|$)/\2/p') DOMAIN=$(echo "$COOKIE" | sed -rn 's/(.+&|^)domain=([^&]+)(&.+|$)/\2/p') +COMPUTER=$(echo "$COOKIE" | sed -rn 's/(.+&|^)computer=([^&]+)(&.+|$)/\2/p') # Timestamp in the format expected by GlobalProtect server NOW=$(date +'%m/%d/%Y %H:%M:%S')