[PATCH 2/4] CSD: add commandline flag to prevent downloading the trojan

Antonio Borneo borneo.antonio at gmail.com
Sun Dec 6 00:21:14 PST 2015


Some misconfigured server provide the URI of the trojan but miss
the binary.
The new commandline flag "--csd-skip-download" is used to ignore
the broken URI.

Signed-off-by: Antonio Borneo <borneo.antonio at gmail.com>
---
 main.c           | 5 +++++
 openconnect.8.in | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/main.c b/main.c
index 40a0261..5b80b83 100644
--- a/main.c
+++ b/main.c
@@ -155,6 +155,7 @@ enum {
 	OPT_COOKIE_ON_STDIN,
 	OPT_CSD_USER,
 	OPT_CSD_WRAPPER,
+	OPT_CSD_NOSTUB,
 	OPT_DISABLE_IPV6,
 	OPT_DTLS_CIPHERS,
 	OPT_DUMP_HTTP,
@@ -207,6 +208,7 @@ static const struct option long_options[] = {
 	OPTION("syslog", 0, 'l'),
 	OPTION("csd-user", 1, OPT_CSD_USER),
 	OPTION("csd-wrapper", 1, OPT_CSD_WRAPPER),
+	OPTION("csd-skip-download", 0, OPT_CSD_NOSTUB),
 #endif
 	OPTION("pfs", 0, OPT_PFS),
 	OPTION("certificate", 1, 'c'),
@@ -1087,6 +1089,9 @@ int main(int argc, char **argv)
 		case OPT_CSD_WRAPPER:
 			vpninfo->csd_wrapper = keep_config_arg();
 			break;
+		case OPT_CSD_NOSTUB:
+			vpninfo->csd_nostub = 1;
+			break;
 #endif /* !_WIN32 */
 		case OPT_JUNIPER:
 			fprintf(stderr, "WARNING: Juniper Network Connect support is experimental.\n");
diff --git a/openconnect.8.in b/openconnect.8.in
index eee716f..8f635dd 100644
--- a/openconnect.8.in
+++ b/openconnect.8.in
@@ -23,6 +23,7 @@ openconnect \- Connect to Cisco AnyConnect VPN
 .OP \-\-timestamp
 .OP \-U,\-\-setuid user
 .OP \-\-csd\-user user
+.OP \-\-csd\-skip\-download
 .OP \-m,\-\-mtu mtu
 .OP \-\-basemtu mtu
 .OP \-p,\-\-key\-password pass
@@ -204,6 +205,9 @@ Run
 .I SCRIPT
 instead of the CSD (Cisco Secure Desktop) script.
 .TP
+.B \-\-csd\-skip\-download
+Do not download the CSD (Cisco Secure Desktop) script.
+.TP
 .B \-m,\-\-mtu=MTU
 Request
 .I MTU
-- 
2.6.2




More information about the openconnect-devel mailing list