From 190e1d79948a7c6d3fec2f295d8a17beefdaf7ec Mon Sep 17 00:00:00 2001 From: Kevin Cernekee Date: Sun, 7 Jul 2013 13:31:03 -0700 Subject: [PATCH] bypass AnyConnect client auto-update mechanism --- src/worker-extras.c | 17 +++++++++++------ src/worker-vpn.c | 8 ++++++-- src/worker.h | 2 +- 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/src/worker-extras.c b/src/worker-extras.c index dd50b23c..b5943a09 100644 --- a/src/worker-extras.c +++ b/src/worker-extras.c @@ -98,11 +98,18 @@ struct stat st; return 0; } -int get_cscot_handler(worker_st *ws, unsigned http_ver) +int get_string_handler(worker_st *ws, unsigned http_ver) { int ret; +const char *data; +int len; - oclog(ws, LOG_DEBUG, "requested CSCOT: %s", ws->req.url); + oclog(ws, LOG_DEBUG, "requested fixed string: %s", ws->req.url); + if (!strcmp(ws->req.url, "/2/binaries/update.txt")) + data = "0,0,0000\n"; + else + data = "\n\n\n"; + len = strlen(data); tls_cork(ws->session); ret = tls_printf(ws->session, "HTTP/1.%u 200 OK\r\n", http_ver); @@ -121,13 +128,11 @@ int ret; if (ret < 0) return -1; -#define MANIFEST "\n\n" \ - "\n" - ret = tls_printf(ws->session, "Content-Length: %u\r\n\r\n", (unsigned)sizeof(MANIFEST)-1); + ret = tls_printf(ws->session, "Content-Length: %d\r\n\r\n", len); if (ret < 0) return -1; - ret = tls_puts(ws->session, MANIFEST); + ret = tls_send(ws->session, data, len); if (ret < 0) return -1; diff --git a/src/worker-vpn.c b/src/worker-vpn.c index e5c90712..898f1371 100644 --- a/src/worker-vpn.c +++ b/src/worker-vpn.c @@ -97,9 +97,13 @@ const static struct known_urls_st known_urls[] = { LL("/", get_auth_handler, post_auth_handler), LL("/auth", get_auth_handler, post_auth_handler), #ifdef ANYCONNECT_CLIENT_COMPAT - LL("/1/index.html", get_auth_handler, post_auth_handler), + LL("/1/index.html", get_empty_handler, NULL), + LL("/2/index.html", get_empty_handler, NULL), + LL("/2/Linux", get_empty_handler, NULL), + LL("/2/VPNManifest.xml", get_string_handler, NULL), + LL("/2/binaries/update.txt", get_string_handler, NULL), LL("/profiles", get_config_handler, NULL), - LL("/+CSCOT+/translation-table", get_cscot_handler, NULL), + LL("/+CSCOT+/translation-table", get_string_handler, NULL), #endif {NULL, 0, 0, NULL, NULL} }; diff --git a/src/worker.h b/src/worker.h index 9ac0a0bf..7f122bdf 100644 --- a/src/worker.h +++ b/src/worker.h @@ -131,7 +131,7 @@ int post_auth_handler(worker_st *server, unsigned http_ver); int get_empty_handler(worker_st *server, unsigned http_ver); int get_config_handler(worker_st *ws, unsigned http_ver); -int get_cscot_handler(worker_st *ws, unsigned http_ver); +int get_string_handler(worker_st *ws, unsigned http_ver); void set_resume_db_funcs(gnutls_session_t);