Include clientos=Windows in the prelogin request too

Per this comment (#116 (comment)), `clientos=Windows` (or `=Mac`) is required to get the servers to respond correctly when using SAML. This is similar to other cases where the official clients and servers sometimes respond with bizarre misleading errors if `clientos` doesn't have one of the magic acceptable values (see 7f7d739). The official clients also include `os-version` (free-form), `kerberos-support=yes`, and in newer versions `ipv6-support=yes` as well.
dlenski · Sep 28, 2018 · 11505da · 11505da
1 parent 0d7daf7
commit 11505da
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/auth-globalprotect.c b/auth-globalprotect.c
@@ -446,7 +446,7 @@ static int gpst_login(struct openconnect_info *vpninfo, int portal, struct login
 	for (;;) {
 		/* submit prelogin request to get form */
 		orig_path = vpninfo->urlpath;
-		vpninfo->urlpath = strdup(portal ? "global-protect/prelogin.esp" : "ssl-vpn/prelogin.esp");
+		vpninfo->urlpath = strdup(portal ? "global-protect/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Windows" : "ssl-vpn/prelogin.esp");
 		result = do_https_request(vpninfo, "POST", NULL, NULL, &xml_buf, 0);
 		free(vpninfo->urlpath);
 		vpninfo->urlpath = orig_path;