Commit fd556742 authored by Daniel Lenski's avatar Daniel Lenski

Merge branch 'tncc_override_user_agent' into 'master'

tncc-emulate.py: add TNCC_USER_AGENT override variable

See merge request openconnect/openconnect!157
parents 14a1c56a 9404ac3e
......@@ -33,9 +33,14 @@
# https://github.com/russdill/juniper-vpn-py/blame/master/README.host_checker):
#
# TNCC_DEVICE_ID: May need to be overriden to match a known value from a computer
# running the official Windows client software (obtained from the registry key
# running the official client software (on Windows, obtained from the registry key
# \HKEY_CURRENT_USER\Software\Juniper Networks\Device Id)
#
# TNCC_USER_AGENT: May need to be overriden to match a known value from a computer
# running the official Windows client software. For historical reasons, the default
# value is 'Neoteris NC Http'; the value 'DSClient; PulseLinux' is known to be sent
# by the official Pulse Linux client.
#
# TNCC_FUNK: Set TNCC_FUNK=1 to force the use of client machine identification
# (known as "funk" to Juniper). This identification will include host platform,
# a list of network hardware/MAC addresses, and client certificates requested
......@@ -270,7 +275,7 @@ class x509cert(object):
self.subject = self.decode_names(tbs['subject'])
class tncc(object):
def __init__(self, vpn_host, device_id=None, funk=None, platform=None, hostname=None, mac_addrs=[], certs=[], interval=None):
def __init__(self, vpn_host, device_id=None, funk=None, platform=None, hostname=None, mac_addrs=[], certs=[], interval=None, user_agent=None):
self.vpn_host = vpn_host
self.path = '/dana-na/'
......@@ -304,7 +309,7 @@ class tncc(object):
self.br.set_debug_redirects(True)
self.br.set_debug_responses(True)
self.user_agent = 'Neoteris HC Http'
self.user_agent = user_agent
self.br.addheaders = [('User-agent', self.user_agent)]
def find_cookie(self, name):
......@@ -636,6 +641,8 @@ if __name__ == "__main__":
platform = os.environ.get('TNCC_PLATFORM', platform.system() + ' ' + platform.release())
user_agent = os.environ.get('TNCC_USER_AGENT', 'Neoteris HC Http')
if 'TNCC_HWADDR' in os.environ:
mac_addrs = [n.strip() for n in os.environ['TNCC_HWADDR'].split(',')]
else:
......@@ -685,7 +692,7 @@ if __name__ == "__main__":
# \HKEY_CURRENT_USER\Software\Juniper Networks\Device Id
device_id = os.environ.get('TNCC_DEVICE_ID')
t = tncc(vpn_host, device_id, funk, platform, hostname, mac_addrs, certs, interval)
t = tncc(vpn_host, device_id, funk, platform, hostname, mac_addrs, certs, interval, user_agent)
sock = socket.fromfd(0, socket.AF_UNIX, socket.SOCK_SEQPACKET)
server = tncc_server(sock, t)
while True:
......
......@@ -50,8 +50,11 @@ the <tt>trojans/</tt> subdirectory:</p>
<li><p><tt>tncc-emulate.py</tt>: This Python 3.x script does <b>not</b> actually run the <tt>tncc.jar</tt> binary.
Instead, it <i>emulates</i> the behaviour of the <tt>tncc.jar</tt> binary, rather than actually
executing it. Because this script does not actually execute a server-provided binary, security concerns are greatly
alleviated. However, it may require customization to work with VPNs that have modified
the behaviour of their Host Checker binaries in some way; consult its source code for details.</p>
alleviated.</p>
<p>It may require configuration or customization to work with VPNs that have modified
the behaviour of their Host Checker binaries in some way; consult its source code for details, starting with the
list of environment variables that may be set to overriden some of the data that it sends to the server.</p>
<p>This script is based entirely on <a href="https://github.com/russdill/juniper-vpn-py"><tt>tncc.py</tt>
from russdill/juniper-vpn-py on GitHub</a>.)</p></li>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment