Fix most arguments to csd script

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

diff --git a/auth.c b/auth.c
index 7dc467e..4e1bf2f 100644 (file)
--- a/auth.c
+++ b/auth.c
@@ -367,6 +367,7 @@ int parse_xml_response(struct openconnect_info *vpninfo, char *response,
                                                                   (unsigned char *)"starturl");
                        vpninfo->csd_waiturl = (char *)xmlGetProp(xml_node,
                                                                  (unsigned char *)"waiturl");
+                       vpninfo->csd_preurl = strdup(vpninfo->urlpath);
                }
        }
        if (vpninfo->csd_token && vpninfo->csd_ticket && vpninfo->csd_starturl && vpninfo->csd_waiturl) {

diff --git a/http.c b/http.c
index 22d75c1..45d9459 100644 (file)
--- a/http.c
+++ b/http.c
@@ -321,8 +321,40 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle
        close(fd);
 
        if (!fork()) {
-               /* FIXME: Add whatever arguments we need */
-               system(fname);
+               X509 *cert = SSL_get_peer_certificate(vpninfo->https_ssl);
+               char certbuf[EVP_MAX_MD_SIZE * 2 + 1];
+               char *csd_argv[32];
+               int i = 0;
+
+               csd_argv[i++] = fname;
+               csd_argv[i++] = "-ticket";
+               asprintf(&csd_argv[i++], "\"%s\"", vpninfo->csd_ticket);
+               csd_argv[i++] = "-stub";
+               csd_argv[i++] = "0";
+               csd_argv[i++] = "-group";
+               asprintf(&csd_argv[i++], "\"%s\"", vpninfo->authgroup?:"");
+
+               if (0) {
+                       /* FIXME: This probably isn't the hash they wanted */
+                       get_cert_fingerprint(cert, certbuf);
+                       csd_argv[i++] = "-certhash";
+                       asprintf(&csd_argv[i++], "\"%s\"", certbuf);
+               }
+
+               csd_argv[i++] = "-url";
+               asprintf(&csd_argv[i++], "\"https://%s%s\"", vpninfo->hostname, vpninfo->csd_starturl);
+               /* WTF would it want to know this for? */
+               csd_argv[i++] = "-vpnclient";
+               csd_argv[i++] = "\"/opt/cisco/vpn/bin/vpnui\"";
+               csd_argv[i++] = "-connect";
+               asprintf(&csd_argv[i++], "\"https://%s/%s\"", vpninfo->hostname, vpninfo->csd_preurl);
+               csd_argv[i++] = "-connectparam";
+               asprintf(&csd_argv[i++], "\"#csdtoken=%s\"", vpninfo->csd_token);
+               csd_argv[i++] = "-langselen";
+                       
+               csd_argv[i++] = NULL;
+
+               execv(fname, csd_argv);
                vpninfo->progress(vpninfo, PRG_ERR, "Failed to exec CSD script %s\n", fname);
                exit(1);
        }

diff --git a/openconnect.h b/openconnect.h
index c6ed4e4..335b7a1 100644 (file)
--- a/openconnect.h
+++ b/openconnect.h
@@ -135,6 +135,7 @@ struct openconnect_info {
        char *csd_stuburl;
        char *csd_starturl;
        char *csd_waiturl;
+       char *csd_preurl;
 
        char *csd_scriptname;