From 04a8f801d0f5d4659f72639bef7754ff7d710aa4 Mon Sep 17 00:00:00 2001 From: Daniel Lenski Date: Wed, 2 Dec 2020 11:23:54 -0800 Subject: [PATCH] send server's IP address, not DNS name, to TNCC script We alread fixed this for CSD in 9b4076679f367179f9a187855c6729e67f9c7ae6. Signed-off-by: Daniel Lenski --- auth-juniper.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/auth-juniper.c b/auth-juniper.c index 9eb05cec..c041f219 100644 --- a/auth-juniper.c +++ b/auth-juniper.c @@ -530,7 +530,11 @@ static int tncc_preauth(struct openconnect_info *vpninfo) goto out; } - execl(vpninfo->csd_wrapper, vpninfo->csd_wrapper, vpninfo->hostname, NULL); + /* XX: openconnect_get_hostname actually returns IP address. IP is needed here because + * because the tunnel will be blocked while the script waits for its reply, + * so DNS may not be available. + */ + execl(vpninfo->csd_wrapper, vpninfo->csd_wrapper, openconnect_get_hostname(vpninfo), NULL); out: fprintf(stderr, _("Failed to exec TNCC script %s: %s\n"), vpninfo->csd_wrapper, strerror(errno));