Commit 9b407667 authored by David Woodhouse's avatar David Woodhouse

Provide unique hostname to CSD script

We see failures when DNS gives us a different IP address and the CSD
trojan ends up talking to a different host to the one we're actually
trying to authenticate to. Since we use pinned certificate hashes, it
shouldn't matter that we lose the hostname and can't validate the cert
against it.
Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
parent 9fecbed0
...@@ -1144,7 +1144,7 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle ...@@ -1144,7 +1144,7 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle
csd_argv[i++] = (char *)"-url"; csd_argv[i++] = (char *)"-url";
if (asprintf(&csd_argv[i++], "\"https://%s%s\"", vpninfo->hostname, vpninfo->csd_starturl) == -1) if (asprintf(&csd_argv[i++], "\"https://%s%s\"", openconnect_get_hostname(vpninfo), vpninfo->csd_starturl) == -1)
goto out; goto out;
csd_argv[i++] = (char *)"-langselen"; csd_argv[i++] = (char *)"-langselen";
...@@ -1154,7 +1154,7 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle ...@@ -1154,7 +1154,7 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle
goto out; goto out;
if (setenv("CSD_TOKEN", vpninfo->csd_token, 1)) if (setenv("CSD_TOKEN", vpninfo->csd_token, 1))
goto out; goto out;
if (setenv("CSD_HOSTNAME", vpninfo->hostname, 1)) if (setenv("CSD_HOSTNAME", openconnect_get_hostname(vpninfo), 1))
goto out; goto out;
apply_script_env(vpninfo->csd_env); apply_script_env(vpninfo->csd_env);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment