GlobalProtect: always set clientos=Windows in relevant requests, rega…

…rdless of actual OS I've tried, whenever possible not to lie to the server about the client configuration. However, there are now multiple cases where a GlobalProtect server responds with a misleading error when the `ssl-vpn/login.esp` request doesn't contain the exact, magic value of `clientos=Windows`. * dlenski/openconnect#86 ("Assign private IP address failed" unless `clientos=Windows` in `ssl-vpn/login.esp` request) * dlenski/openconnect#116 ("Invalid username or password" unless `clientos=Windows` in `ssl-vpn/login.esp` request) These cases are very difficult to debug because they seem to be suggesting totally unrelated errors. For reliability, this patch makes openconnect always specify `clientos=Windows` in relevant requests, regardless of the actual `vpninfo->platname`. (The `vpninfo->platname` value can still be sent in the "free-form" `os-version` field, as far as I can tell.) Signed-off-by: Daniel Lenski <dlenski@gmail.com>
sailfishos-mirror · Sep 21, 2018 · 6cb2da2 · 6cb2da2
1 parent 7eda652
commit 6cb2da2
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 10 deletions.
diff --git a/auth-globalprotect.c b/auth-globalprotect.c
@@ -362,11 +362,8 @@ static int gpst_login(struct openconnect_info *vpninfo, int portal, char *pw_or_
 
 		/* submit gateway login (ssl-vpn/login.esp) or portal config (global-protect/getconfig.esp) request */
 		buf_truncate(request_body);
-		buf_append(request_body, "jnlpReady=jnlpReady&ok=Login&direct=yes&clientVer=4100&prot=https:");
-		if (!strcmp(vpninfo->platname, "win"))
-			append_opt(request_body, "clientos", "Windows");
-		else
-			append_opt(request_body, "clientos", vpninfo->platname);
+		buf_append(request_body, "jnlpReady=jnlpReady&ok=Login&direct=yes&clientVer=4100&prot=https:&clientos=Windows");
+		append_opt(request_body, "os-version", vpninfo->platname);
 		append_opt(request_body, "server", vpninfo->hostname);
 		append_opt(request_body, "computer", vpninfo->localname);
 		if (vpninfo->ip_info.addr)

diff --git a/gpst.c b/gpst.c
@@ -590,12 +590,8 @@ static int gpst_get_config(struct openconnect_info *vpninfo)
 	char *xml_buf=NULL;
 
 	/* submit getconfig request */
-	buf_append(request_body, "client-type=1&protocol-version=p1&app-version=3.0.1-10");
+	buf_append(request_body, "client-type=1&protocol-version=p1&app-version=3.0.1-10&clientos=Windows");
 	append_opt(request_body, "os-version", vpninfo->platname);
-	if (!strcmp(vpninfo->platname, "win"))
-		append_opt(request_body, "clientos", "Windows");
-	else
-		append_opt(request_body, "clientos", vpninfo->platname);
 	append_opt(request_body, "hmac-algo", "sha1,md5");
 	append_opt(request_body, "enc-algo", "aes-128-cbc,aes-256-cbc");
 	if (old_addr) {