Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
more logging around Trojan script invocation (CSD/HIP/TNCC)
See #203 for a recent example of where it wasn't clear that a problem was
caused by a CSD script being invoked and never returning, due to the lack of
logging.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
  • Loading branch information
dlenski committed Dec 1, 2020
1 parent 2f0f0f0 commit 7083a0a
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 6 deletions.
4 changes: 4 additions & 0 deletions auth-juniper.c
Expand Up @@ -404,6 +404,10 @@ static int tncc_preauth(struct openconnect_info *vpninfo)
return -EINVAL;
}

vpn_progress(vpninfo, PRG_INFO,
_("Trying to run TNCC/Host Checker Trojan script '%s'.\n"),
vpninfo->csd_wrapper);

#ifdef SOCK_CLOEXEC
if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0, sockfd))
#endif
Expand Down
18 changes: 12 additions & 6 deletions auth.c
Expand Up @@ -1069,11 +1069,6 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle
return -EPERM;
}

#ifndef __linux__
vpn_progress(vpninfo, PRG_INFO,
_("Trying to run Linux CSD trojan script.\n"));
#endif

fname[0] = 0;
if (buflen) {
struct oc_vpn_option *opt;
Expand Down Expand Up @@ -1123,6 +1118,10 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle
close(fd);
}

vpn_progress(vpninfo, PRG_INFO,
_("Trying to run CSD Trojan script '%s'.\n"),
vpninfo->csd_wrapper ?: fname);

child = fork();
if (child == -1) {
goto out;
Expand All @@ -1145,6 +1144,10 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle
vpn_progress(vpninfo, PRG_ERR,
_("Authentication may fail. If your script is not returning zero, fix it.\n"
"Future versions of openconnect will abort on this error.\n"));
} else {
vpn_progress(vpninfo, PRG_INFO,
_("CSD script '%s' completed successfully.\n"),
vpninfo->csd_wrapper ?: fname);
}

free(vpninfo->urlpath);
Expand Down Expand Up @@ -1424,7 +1427,10 @@ int cstp_obtain_cookie(struct openconnect_info *vpninfo)
result = -EINVAL;
goto out;
}
}
} else
vpn_progress(vpninfo, PRG_INFO,
_("Fetched CSD stub for %s platform (size is %d bytes).\n"),
vpninfo->platname, buflen);
}

/* This is the CSD stub script, which we now need to run */
Expand Down
9 changes: 9 additions & 0 deletions gpst.c
Expand Up @@ -955,6 +955,11 @@ static int run_hip_script(struct openconnect_info *vpninfo)
_("Error: Running the 'HIP Report' script on this platform is not yet implemented.\n"));
return -EPERM;
#else

vpn_progress(vpninfo, PRG_INFO,
_("Trying to run HIP Trojan script '%s'.\n"),
vpninfo->csd_wrapper);

#ifdef __linux__
if (pipe2(pipefd, O_CLOEXEC))
#endif
Expand Down Expand Up @@ -993,6 +998,10 @@ static int run_hip_script(struct openconnect_info *vpninfo)
vpninfo->csd_wrapper, WEXITSTATUS(status));
ret = -EINVAL;
} else {
vpn_progress(vpninfo, PRG_INFO,
_("HIP script '%s' completed successfully (report is %d bytes).\n"),
vpninfo->csd_wrapper, report_buf->pos);

ret = check_or_submit_hip_report(vpninfo, report_buf->data);
if (ret < 0)
vpn_progress(vpninfo, PRG_ERR, _("HIP report submission failed.\n"));
Expand Down

0 comments on commit 7083a0a

Please sign in to comment.