Commit e646bf0f authored by Daniel Lenski's avatar Daniel Lenski

implement `auth_expiration` for Pulse protocol

We have many examples of this field (AVP 0x583/0xd5c) being multiples of 60 or 3600,
strongly suggesting that it's the remaining auth lifetime:

- https://gitlab.com/openconnect/openconnect/-/issues/98: `AVP 0x583/0xd5c: 00 01 fa 40` (0x1fa40 seconds = 36 hours)
- private communication: `AVP 0x583/0xd5c: 00 00 a9 ec` (0xa9ec seconds = 12 hours)
- private communication: `AVP 0x583/0xd5c: 00 00 0a 70` (0xa70 seconds = 44 minutes)
Signed-off-by: default avatarDaniel Lenski <dlenski@gmail.com>
parent f152cf7d
......@@ -1761,6 +1761,15 @@ static int pulse_authenticate(struct openconnect_info *vpninfo, int connecting)
realms_found++;
} else if (avp_vendor == VENDOR_JUNIPER2 && avp_code == 0xd4f) {
realm_entry++;
} else if (avp_vendor == VENDOR_JUNIPER2 && avp_code == 0xd5c) {
uint32_t val;
if (avp_len != 4)
goto auth_unknown;
val = load_be32(avp_p);
if (val)
vpninfo->auth_expiration = time(NULL) + val;
} else if (avp_vendor == VENDOR_JUNIPER2 && avp_code == 0xd53) {
free(vpninfo->cookie);
vpninfo->cookie = strndup(avp_p, avp_len);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment