From 73a3067a836400c9fcfc45ea53552062cbc0a228 Mon Sep 17 00:00:00 2001 From: "Cline, Wade" Date: Tue, 8 Oct 2024 22:01:16 -0700 Subject: [PATCH 1/2] Set hostname sent by OpenConnect This fixes an issue observed in GlobalProtect where multiple VPN connections to the same gateway clobber each other because the gateway sees the connections as being from the same device named 'localhost'. --- auth-dialog/main.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/auth-dialog/main.c b/auth-dialog/main.c index a333aeb..79c695a 100644 --- a/auth-dialog/main.c +++ b/auth-dialog/main.c @@ -1220,9 +1220,11 @@ static int get_config (auth_ui_data *ui_data, GHashTable *options, GHashTable *secrets) { struct openconnect_info *vpninfo = ui_data->vpninfo; + int ret = 0; char *proxy; char *xmlconfig; char *hostname; + char localname[HOST_NAME_MAX + 1]; char *csd; #if OPENCONNECT_CHECK_VER(5,8) char *mcakey, *mcacert, *mca_key_pass; @@ -1300,6 +1302,15 @@ static int get_config (auth_ui_data *ui_data, openconnect_setup_csd(vpninfo, getuid(), 1, OC3DUP (csd_wrapper)); } + /* GlobalProtect uniquely identifies connections based in part + on the hostname. Without this, multiple connections to the same + gateway will clobber each other. */ + ret = gethostname(localname, sizeof(localname)); + if (!ret) + openconnect_set_localname(vpninfo, localname); + else + fprintf(stderr, "Failed to get hostname: %s\n", strerror(errno)); + reported_os = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_REPORTED_OS); if (reported_os && reported_os[0]) openconnect_set_reported_os(vpninfo, reported_os); @@ -1338,7 +1349,7 @@ static int get_config (auth_ui_data *ui_data, if (!token_secret || !token_secret[0]) token_secret = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_TOKEN_SECRET); if (token_mode) { - int ret = 0; + ret = 0; if (!strcmp(token_mode, "manual") && token_secret) ret = __openconnect_set_token_mode(vpninfo, OC_TOKEN_MODE_STOKEN, token_secret); -- GitLab From de94b315055b205248508f4dfafaa0840594b916 Mon Sep 17 00:00:00 2001 From: "Cline, Wade" Date: Mon, 18 Nov 2024 13:54:23 -0800 Subject: [PATCH 2/2] Clean logic to set hostname based on MR feedback --- auth-dialog/main.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/auth-dialog/main.c b/auth-dialog/main.c index 79c695a..3eeb4c3 100644 --- a/auth-dialog/main.c +++ b/auth-dialog/main.c @@ -1220,7 +1220,6 @@ static int get_config (auth_ui_data *ui_data, GHashTable *options, GHashTable *secrets) { struct openconnect_info *vpninfo = ui_data->vpninfo; - int ret = 0; char *proxy; char *xmlconfig; char *hostname; @@ -1305,11 +1304,11 @@ static int get_config (auth_ui_data *ui_data, /* GlobalProtect uniquely identifies connections based in part on the hostname. Without this, multiple connections to the same gateway will clobber each other. */ - ret = gethostname(localname, sizeof(localname)); - if (!ret) + if (gethostname(localname, sizeof(localname)) == 0) { + localname[HOST_NAME_MAX] = '\0'; openconnect_set_localname(vpninfo, localname); - else - fprintf(stderr, "Failed to get hostname: %s\n", strerror(errno)); + } else + g_warning("Failed to get hostname: %s\n", strerror(errno)); reported_os = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_REPORTED_OS); if (reported_os && reported_os[0]) @@ -1349,7 +1348,7 @@ static int get_config (auth_ui_data *ui_data, if (!token_secret || !token_secret[0]) token_secret = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_TOKEN_SECRET); if (token_mode) { - ret = 0; + int ret = 0; if (!strcmp(token_mode, "manual") && token_secret) ret = __openconnect_set_token_mode(vpninfo, OC_TOKEN_MODE_STOKEN, token_secret); -- GitLab