[PATCH 5/6] cstp: Add X-AnyConnnect-* mobile headers on CONNECT request

Sun Feb 8 14:20:40 PST 2015

The AnyConnect mobile clients send these headers, and as it so happens,
ocserv uses them to detect whether to apply "mobile-idle-timeout" or
"idle-timeout" to the connection.  Currently ocserv applies "idle-timeout"
to all mobile and non-mobile openconnect clients because we aren't sending
the necessary headers.  This commit fixes that.

This only has an effect when "--os android" or "--os apple-ios" is used,
or if openconnect_set_mobile_info() is called.  The headers will not be
sent for traditional Linux/OSX/... clients.

Signed-off-by: Kevin Cernekee <cernekee at gmail.com>
---
 cstp.c | 31 +++++++++++++++++++------------
 1 file changed, 19 insertions(+), 12 deletions(-)

diff --git a/cstp.c b/cstp.c
index 9004370d813e..eed45f6fe4e6 100644
--- a/cstp.c
+++ b/cstp.c
@@ -157,6 +157,22 @@ static void append_compr_types(struct oc_text_buf *buf, const char *proto, int a
 	}
 }
 
+static void append_mobile_headers(struct openconnect_info *vpninfo, struct oc_text_buf *buf)
+{
+	if (vpninfo->mobile_platform_version) {
+		buf_append(buf, "X-AnyConnect-Identifier-ClientVersion: %s\r\n",
+			   openconnect_version_str);
+		buf_append(buf, "X-AnyConnect-Identifier-Platform: %s\r\n",
+			   vpninfo->platname);
+		buf_append(buf, "X-AnyConnect-Identifier-PlatformVersion: %s\r\n",
+			   vpninfo->mobile_platform_version);
+		buf_append(buf, "X-AnyConnect-Identifier-DeviceType: %s\r\n",
+			   vpninfo->mobile_device_type);
+		buf_append(buf, "X-AnyConnect-Identifier-Device-UniqueID: %s\r\n",
+			   vpninfo->mobile_device_uniqueid);
+	}
+}
+
 static int start_cstp_connection(struct openconnect_info *vpninfo)
 {
 	struct oc_text_buf *reqbuf;
@@ -196,6 +212,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
 	buf_append(reqbuf, "X-CSTP-Version: 1\r\n");
 	buf_append(reqbuf, "X-CSTP-Hostname: %s\r\n", vpninfo->localname);
 
+	append_mobile_headers(vpninfo, reqbuf);
 	append_compr_types(reqbuf, "CSTP", vpninfo->req_compr);
 
 	if (base_mtu)
@@ -1120,16 +1137,6 @@ void cstp_common_headers(struct openconnect_info *vpninfo, struct oc_text_buf *b
 		buf_append(buf, "X-AnyConnect-Platform: %s\r\n",
 			   vpninfo->platname);
 	}
-	if (vpninfo->mobile_platform_version) {
-		buf_append(buf, "X-AnyConnect-Identifier-ClientVersion: %s\r\n",
-			   openconnect_version_str);
-		buf_append(buf, "X-AnyConnect-Identifier-Platform: %s\r\n",
-			   vpninfo->platname);
-		buf_append(buf, "X-AnyConnect-Identifier-PlatformVersion: %s\r\n",
-			   vpninfo->mobile_platform_version);
-		buf_append(buf, "X-AnyConnect-Identifier-DeviceType: %s\r\n",
-			   vpninfo->mobile_device_type);
-		buf_append(buf, "X-AnyConnect-Identifier-Device-UniqueID: %s\r\n",
-			   vpninfo->mobile_device_uniqueid);
-	}
+
+	append_mobile_headers(vpninfo, buf);
 }
-- 
2.2.2


