From e646bf0f65c4f9f1cc7d1b4e3f038cf57a932b12 Mon Sep 17 00:00:00 2001
From: Daniel Lenski <dlenski@gmail.com>
Date: Tue, 8 Dec 2020 19:24:00 -0800
Subject: [PATCH] implement `auth_expiration` for Pulse protocol

We have many examples of this field (AVP 0x583/0xd5c) being multiples of 60 or 3600,
strongly suggesting that it's the remaining auth lifetime:

- https://gitlab.com/openconnect/openconnect/-/issues/98: `AVP 0x583/0xd5c: 00 01 fa 40` (0x1fa40 seconds = 36 hours)
- private communication: `AVP 0x583/0xd5c: 00 00 a9 ec` (0xa9ec seconds = 12 hours)
- private communication: `AVP 0x583/0xd5c: 00 00 0a 70` (0xa70 seconds = 44 minutes)

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
---
 pulse.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/pulse.c b/pulse.c
index 067edbd3..fb8676d1 100644
--- a/pulse.c
+++ b/pulse.c
@@ -1761,6 +1761,15 @@ static int pulse_authenticate(struct openconnect_info *vpninfo, int connecting)
 			realms_found++;
 		} else if (avp_vendor == VENDOR_JUNIPER2 && avp_code == 0xd4f) {
 			realm_entry++;
+		} else if (avp_vendor == VENDOR_JUNIPER2 && avp_code == 0xd5c) {
+			uint32_t val;
+
+			if (avp_len != 4)
+				goto auth_unknown;
+			val = load_be32(avp_p);
+
+			if (val)
+				vpninfo->auth_expiration = time(NULL) + val;
 		} else if (avp_vendor == VENDOR_JUNIPER2 && avp_code == 0xd53) {
 			free(vpninfo->cookie);
 			vpninfo->cookie = strndup(avp_p, avp_len);