Add copyright and license notice, and update TNCC docs

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
sailfishos-mirror · Apr 8, 2020 · 9e44786 · 9e44786
1 parent 50ea783
commit 9e44786
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 19 deletions.
diff --git a/trojans/tncc-emulate.py b/trojans/tncc-emulate.py
@@ -1,6 +1,21 @@
 #!/usr/bin/python
 # -*- coding: utf-8 -*-
 
+# Juniper/Pulse TNCC emulator
+#
+# Copyright © 2015-2018 Russ Dill
+#
+# Author: Russ Dill <russdill@gmail.com>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# version 2.1, as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+
 import sys
 import os
 import logging

diff --git a/www/changelog.xml b/www/changelog.xml
@@ -17,7 +17,7 @@
      <ul>
        <li>Don't abort Pulse connection when server-provided certificate MD5 doesn't match.</li>
        <li>Fix off-by-one in check for bad GnuTLS versions, and add build and run time checks.</li>
-       <li>Convert <tt>tncc-wrapper.py</tt> to Python 3.</li>
+       <li>Convert <tt>tncc-wrapper.py</tt> to Python 3, and include <tt>tncc-emulate.py</tt> as well.</li>
      </ul><br/>
   </li>
   <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.06.tar.gz">OpenConnect v8.06</a></b>

diff --git a/www/tncc.xml b/www/tncc.xml
@@ -14,7 +14,8 @@
 href="juniper.html">Juniper</a> VPNs, in the same vein as <a
 href="csd.html">Cisco's CSD</a> and <a href="hip.html">GlobalProtect's
 HIP</a>. It is also used by the <a href="pulse.html">Pulse Secure</a>
-protocol but support it in Pulse is not included in OpenConnect yet.</p>
+protocol but support for running it with the Pulse protocol is not included
+in OpenConnect yet.</p>
 
 <h3>Background</h3>
 
@@ -31,26 +32,35 @@ trojan.</p>
 
 <h2>TNCC support in OpenConnect</h2>
 
-<p>OpenConnect supports running the tncc.jar binary with a little assistance. A Python wrapper
-script, <tt>tncc-wrapper.py</tt>, is provided in the <tt>trojans/</tt> subdirectory of the
-OpenConnect distribution. It can be used
-along with the <tt>tncc-preload.so</tt> from
-<a href="https://github.com/russdill/ncsvc-socks-wrapper">this repository</a>.
-It may also be necessary to pass a Mozilla-compatible user agent string:
+<p>OpenConnect supports running the Java binary, or emulating its
+behaviour, by passing the <tt>--csd-wrapper=SCRIPT</tt> argument
+with a shell script.</p>
+
+<p>The OpenConnect distribution includes <i>two</i> alternative
+scripts to support the execution or emulation of Host Checker, in
+the <tt>trojans/</tt> subdirectory:</p>
+
+<ul>
+  <li><tt>tncc-wrapper.py</tt>: This Python 3.x wrapper script runs the actual <tt>tncc.jar</tt> binary,
+  with a little assistance. Running this wrapper requires you to build <tt>tncc-preload.so</tt> from
+  <a href="https://github.com/russdill/ncsvc-socks-wrapper">russdill/ncsvs-socks-wrapper on GitHub</a>.
+  Because of the security dangers of executing a server-provided trojan binary, this script should ideally be executed
+  with the permissions of a low-privilege user (e.g. <tt>--csd-user=nobody</tt>).</li>
+
+  <li><p><tt>tncc-emulate.py</tt>: This Python 3.x script does <b>not</b> actually run the <tt>tncc.jar</tt> binary.
+  Instead, it <i>emulates</i> the behaviour of the <tt>tncc.jar</tt> binary, rather than actually
+  executing it. Because this script does not actually execute a server-provided binary, security concerns are greatly
+  alleviated. However, it may require customization to work with VPNs that have modified
+  the behaviour of their Host Checker binaries in some way; consult its source code for details.</p>
+
+  <p>This script is based entirely on <a href="https://github.com/russdill/juniper-vpn-py"><tt>tncc.py</tt>
+  from russdill/juniper-vpn-py on GitHub</a>.)</p></li>
+</ul>
+
+<p>With either of these sripts, it may also be necessary to pass a Mozilla-compatible user agent string:</p>
 <pre>
   ./openconnect --protocol=nc --useragent 'Mozilla/5.0 (Linux) Firefox' --csd-wrapper=trojans/tncc-wrapper.py vpn.example.com
 </pre>
-Because of the security dangers of executing a server-provided trojan binary, this script should ideally be executed
-with the permissions of a low-privilege user (e.g. <tt>--csd-user=nobody</tt>).
-</p>
-
-<p>Alternatively, the <a href="https://github.com/russdill/juniper-vpn-py">juniper-vpn-py</a> project provides a
-<tt>tncc.py</tt> which <i>emulates</i> the behaviour of the <tt>tncc.jar</tt> binary, rather than actually
-executing it. Because this script does not actually execute a server-provided binary, security concerns are greatly
-alleviated. However, this alternative script may require customization to work with VPNs that have modified
-the behaviour of their Host Checker binaries in some way.
-</p>
-
 
 <INCLUDE file="inc/footer.tmpl" />
 </PAGE>