(unsigned char *)"starturl");
vpninfo->csd_waiturl = (char *)xmlGetProp(xml_node,
(unsigned char *)"waiturl");
+ vpninfo->csd_preurl = strdup(vpninfo->urlpath);
}
}
if (vpninfo->csd_token && vpninfo->csd_ticket && vpninfo->csd_starturl && vpninfo->csd_waiturl) {
close(fd);
if (!fork()) {
- /* FIXME: Add whatever arguments we need */
- system(fname);
+ X509 *cert = SSL_get_peer_certificate(vpninfo->https_ssl);
+ char certbuf[EVP_MAX_MD_SIZE * 2 + 1];
+ char *csd_argv[32];
+ int i = 0;
+
+ csd_argv[i++] = fname;
+ csd_argv[i++] = "-ticket";
+ asprintf(&csd_argv[i++], "\"%s\"", vpninfo->csd_ticket);
+ csd_argv[i++] = "-stub";
+ csd_argv[i++] = "0";
+ csd_argv[i++] = "-group";
+ asprintf(&csd_argv[i++], "\"%s\"", vpninfo->authgroup?:"");
+
+ if (0) {
+ /* FIXME: This probably isn't the hash they wanted */
+ get_cert_fingerprint(cert, certbuf);
+ csd_argv[i++] = "-certhash";
+ asprintf(&csd_argv[i++], "\"%s\"", certbuf);
+ }
+
+ csd_argv[i++] = "-url";
+ asprintf(&csd_argv[i++], "\"https://%s%s\"", vpninfo->hostname, vpninfo->csd_starturl);
+ /* WTF would it want to know this for? */
+ csd_argv[i++] = "-vpnclient";
+ csd_argv[i++] = "\"/opt/cisco/vpn/bin/vpnui\"";
+ csd_argv[i++] = "-connect";
+ asprintf(&csd_argv[i++], "\"https://%s/%s\"", vpninfo->hostname, vpninfo->csd_preurl);
+ csd_argv[i++] = "-connectparam";
+ asprintf(&csd_argv[i++], "\"#csdtoken=%s\"", vpninfo->csd_token);
+ csd_argv[i++] = "-langselen";
+
+ csd_argv[i++] = NULL;
+
+ execv(fname, csd_argv);
vpninfo->progress(vpninfo, PRG_ERR, "Failed to exec CSD script %s\n", fname);
exit(1);
}