Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
send server's IP address, not DNS name, to TNCC script
We alread fixed this for CSD in 9b40766.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
  • Loading branch information
dlenski committed Dec 2, 2020
1 parent 1f64056 commit 04a8f80
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion auth-juniper.c
Expand Up @@ -530,7 +530,11 @@ static int tncc_preauth(struct openconnect_info *vpninfo)
goto out;
}

execl(vpninfo->csd_wrapper, vpninfo->csd_wrapper, vpninfo->hostname, NULL);
/* XX: openconnect_get_hostname actually returns IP address. IP is needed here because
* because the tunnel will be blocked while the script waits for its reply,
* so DNS may not be available.
*/
execl(vpninfo->csd_wrapper, vpninfo->csd_wrapper, openconnect_get_hostname(vpninfo), NULL);
out:
fprintf(stderr, _("Failed to exec TNCC script %s: %s\n"),
vpninfo->csd_wrapper, strerror(errno));
Expand Down

0 comments on commit 04a8f80

Please sign in to comment.