Add CSD support for NetworkManager auth dialog

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

diff --git a/http.c b/http.c
index 5562d95..2c877d0 100644 (file)
--- a/http.c
+++ b/http.c
@@ -427,7 +427,11 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle
                                "CSD code with root privileges\n"
                                "\t Use command line option \"--csd-user\"\n");
                }
-
+               if (vpninfo->uid_csd_given == 2) {             
+                       /* The NM tool really needs not to get spurious output
+                          on stdout, which the CSD trojan spews. */
+                       dup2(2, 1);
+               }
                csd_argv[i++] = fname;
                csd_argv[i++] = "-ticket";
                if (asprintf(&csd_argv[i++], "\"%s\"", vpninfo->csd_ticket) == -1)

diff --git a/nm-auth-dialog.c b/nm-auth-dialog.c
index 5190c4d..0923667 100644 (file)
--- a/nm-auth-dialog.c
+++ b/nm-auth-dialog.c
@@ -888,6 +888,7 @@ static int get_config(char *vpn_uuid, struct openconnect_info *vpninfo)
        char *xmlconfig;
        char *hostname;
        char *group;
+       char *csd;
        char *pem_passphrase_fsid;
 
        gcl = gconf_client_get_default();
@@ -950,6 +951,13 @@ if (0) {
 
        vpninfo->cafile = get_gconf_setting(gcl, config_path, NM_OPENCONNECT_KEY_CACERT);
 
+       csd = get_gconf_setting(gcl, config_path, "enable_csd_trojan");
+       if (csd && !strcmp(csd, "yes")) {
+               /* We're not running as root; we can't setuid(). */
+               vpninfo->uid_csd = getuid();
+               vpninfo->uid_csd_given = 2;
+       }
+       g_free(csd);
 
        proxy = get_gconf_setting(gcl, config_path, "proxy");
        if (proxy && proxy[0] && set_http_proxy(vpninfo, proxy))