implement auth_expiration for Pulse protocol

We have many examples of this field (AVP 0x583/0xd5c) being multiples of 60 or 3600, strongly suggesting that it's the remaining auth lifetime: - https://gitlab.com/openconnect/openconnect/-/issues/98: `AVP 0x583/0xd5c: 00 01 fa 40` (0x1fa40 seconds = 36 hours) - private communication: `AVP 0x583/0xd5c: 00 00 a9 ec` (0xa9ec seconds = 12 hours) - private communication: `AVP 0x583/0xd5c: 00 00 0a 70` (0xa70 seconds = 44 minutes) Signed-off-by: Daniel Lenski <dlenski@gmail.com>
sailfishos-mirror · Dec 14, 2020 · e646bf0 · e646bf0
1 parent f152cf7
commit e646bf0
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/pulse.c b/pulse.c
@@ -1761,6 +1761,15 @@ static int pulse_authenticate(struct openconnect_info *vpninfo, int connecting)
 			realms_found++;
 		} else if (avp_vendor == VENDOR_JUNIPER2 && avp_code == 0xd4f) {
 			realm_entry++;
+		} else if (avp_vendor == VENDOR_JUNIPER2 && avp_code == 0xd5c) {
+			uint32_t val;
+
+			if (avp_len != 4)
+				goto auth_unknown;
+			val = load_be32(avp_p);
+
+			if (val)
+				vpninfo->auth_expiration = time(NULL) + val;
 		} else if (avp_vendor == VENDOR_JUNIPER2 && avp_code == 0xd53) {
 			free(vpninfo->cookie);
 			vpninfo->cookie = strndup(avp_p, avp_len);