add jun2pulse protocol for greater auth compatibility
This uses the older HTML-based based Juniper authentication to obtain the DSID
cookie, then attempts to initiate a *Pulse* tunnel with that authentication
cookie.
What shall we call this beautiful, beautiful hybrid protocol?
- jun2pulse ?
- nc2pulse ?
- mullet? “Juniper up front, Pulse in the back.”
Most VPNs appear to accept Juniper-style authentication even if they only
disable oNCP tunnel mode and only allow Pulse tunnel mode (see !48, aka
"error 0x08").
One limitation is that if you use an incorrect URL path or usergroup (e.g. https://juniper.server.com/not_valid), the Juniper auth mode will silently
redirect to the “default” usergroup, but Pulse will return `404 Not Found`
on the `GET /not_valid`, `Upgrade: IF-T/TLS 1.0` request.
Signed-off-by: Daniel Lenski <email address hidden>
- Remove section on patching for DTLS support (thankfully, long-obsolete)
- Clarify meaning of "certificate" as TLS/SSL client certificate; lots of
users appear to be confused by this
- Mention both -c and -k options
- Refer to manual for more automation of authentication
- Clarify when Jailbreak might be needed to extract certificates on
Windows (when the private key is marked as "non-exportable")
Signed-off-by: Daniel Lenski <email address hidden>
Accept IPv6 netmasks like /dead:beef::, in addition to /N
Some F5 server configurations appear to require an IPv6 netmask in this
form.
This adds a netmasklen6() function, analogous to the Legacy IP version in
netmasklen(). It also adds gcc-optimized forms, using __builtin_clz, for
both netmasklen functions.
[dwmw2: Detect __builtin_clz() with autoconf, wrap it once in cls()]
Signed-off-by: Daniel Lenski <email address hidden>
Signed-off-by: David Woodhouse <email address hidden>
Handle empty response buf in process_http_response()
If there is no body and the 'body' buf has never had any data in it, then
body->data can be NULL. So don't dereference it when trying to ensure a
NUL at the end.
Signed-off-by: David Woodhouse <email address hidden>