If wrapper needs the trojan binary, it can still use the URI
to download it.
Signed-off-by: Antonio Borneo <borneo.antonio at gmail.com>
---
auth.c | 12 +++++++-----
library.c | 1 +
openconnect.8.in | 3 +++
3 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/auth.c b/auth.c
index a749474..7476ef0 100644
--- a/auth.c
+++ b/auth.c
@@ -422,9 +422,7 @@ static int parse_auth_node(struct openconnect_info *vpninfo, xmlNode *xml_node,
the same and rely on the fact that xmlnode_get_prop() will not *clear*
the variable if no such property is found. */
if (!vpninfo->csd_scriptname && xmlnode_is_named(xml_node, vpninfo->csd_xmltag)) {
- /* ignore the CSD trojan binary on mobile platforms */
- if (!vpninfo->csd_nostub)
- xmlnode_get_prop(xml_node, "stuburl", &vpninfo->csd_stuburl);
+ xmlnode_get_prop(xml_node, "stuburl", &vpninfo->csd_stuburl);
xmlnode_get_prop(xml_node, "starturl", &vpninfo->csd_starturl);
xmlnode_get_prop(xml_node, "waiturl", &vpninfo->csd_waiturl);
vpninfo->csd_preurl = strdup(vpninfo->urlpath);
@@ -1096,7 +1094,11 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle
if (vpninfo->csd_wrapper)
csd_argv[i++] = openconnect_utf8_to_legacy(vpninfo,
vpninfo->csd_wrapper);
- csd_argv[i++] = fname;
+ if (!vpninfo->csd_nostub || !vpninfo->csd_stuburl)
+ csd_argv[i++] = fname;
+ else
+ if (asprintf(&csd_argv[i++], "\"https://%s%s\"";, vpninfo->hostname, vpninfo->csd_stuburl) == -1)
+ goto out;
csd_argv[i++] = (char *)"-ticket";
if (asprintf(&csd_argv[i++], "\"%s\"", vpninfo->csd_ticket) == -1)
goto out;
@@ -1330,7 +1332,7 @@ newgroup:
}
/* fetch the CSD program, if available */
- if (vpninfo->csd_stuburl) {
+ if (!vpninfo->csd_nostub && vpninfo->csd_stuburl) {
vpninfo->redirect_url = vpninfo->csd_stuburl;
vpninfo->csd_stuburl = NULL;
handle_redirect(vpninfo);
diff --git a/library.c b/library.c
index cc50eac..bd87cc5 100644
--- a/library.c
+++ b/library.c
@@ -190,6 +190,7 @@ int openconnect_set_reported_os(struct openconnect_info *vpninfo,
vpninfo->csd_xmltag = "csdLinux";
else if (!strcmp(os, "android") || !strcmp(os, "apple-ios")) {
vpninfo->csd_xmltag = "csdLinux";
+ /* ignore the CSD trojan binary on mobile platforms */
vpninfo->csd_nostub = 1;
} else if (!strcmp(os, "win"))
vpninfo->csd_xmltag = "csd";
diff --git a/openconnect.8.in b/openconnect.8.in
index 8f635dd..ce1653f 100644
--- a/openconnect.8.in
+++ b/openconnect.8.in
@@ -207,6 +207,9 @@ instead of the CSD (Cisco Secure Desktop) script.
.TP
.B \-\-csd\-skip\-download
Do not download the CSD (Cisco Secure Desktop) script.
+If an alternative script is specified with
+.B \-\-csd\-wrapper
+then it will receive the URI of the CSD (Cisco Secure Desktop) script.
.TP
.B \-m,\-\-mtu=MTU
Request
--
2.6.2
