[PATCH 2/4] CSD: add commandline flag to prevent downloading the trojan
Antonio Borneo
borneo.antonio at gmail.com
Sun Dec 6 00:21:14 PST 2015
Some misconfigured server provide the URI of the trojan but miss
the binary.
The new commandline flag "--csd-skip-download" is used to ignore
the broken URI.
Signed-off-by: Antonio Borneo <borneo.antonio at gmail.com>
---
main.c | 5 +++++
openconnect.8.in | 4 ++++
2 files changed, 9 insertions(+)
diff --git a/main.c b/main.c
index 40a0261..5b80b83 100644
--- a/main.c
+++ b/main.c
@@ -155,6 +155,7 @@ enum {
OPT_COOKIE_ON_STDIN,
OPT_CSD_USER,
OPT_CSD_WRAPPER,
+ OPT_CSD_NOSTUB,
OPT_DISABLE_IPV6,
OPT_DTLS_CIPHERS,
OPT_DUMP_HTTP,
@@ -207,6 +208,7 @@ static const struct option long_options[] = {
OPTION("syslog", 0, 'l'),
OPTION("csd-user", 1, OPT_CSD_USER),
OPTION("csd-wrapper", 1, OPT_CSD_WRAPPER),
+ OPTION("csd-skip-download", 0, OPT_CSD_NOSTUB),
#endif
OPTION("pfs", 0, OPT_PFS),
OPTION("certificate", 1, 'c'),
@@ -1087,6 +1089,9 @@ int main(int argc, char **argv)
case OPT_CSD_WRAPPER:
vpninfo->csd_wrapper = keep_config_arg();
break;
+ case OPT_CSD_NOSTUB:
+ vpninfo->csd_nostub = 1;
+ break;
#endif /* !_WIN32 */
case OPT_JUNIPER:
fprintf(stderr, "WARNING: Juniper Network Connect support is experimental.\n");
diff --git a/openconnect.8.in b/openconnect.8.in
index eee716f..8f635dd 100644
--- a/openconnect.8.in
+++ b/openconnect.8.in
@@ -23,6 +23,7 @@ openconnect \- Connect to Cisco AnyConnect VPN
.OP \-\-timestamp
.OP \-U,\-\-setuid user
.OP \-\-csd\-user user
+.OP \-\-csd\-skip\-download
.OP \-m,\-\-mtu mtu
.OP \-\-basemtu mtu
.OP \-p,\-\-key\-password pass
@@ -204,6 +205,9 @@ Run
.I SCRIPT
instead of the CSD (Cisco Secure Desktop) script.
.TP
+.B \-\-csd\-skip\-download
+Do not download the CSD (Cisco Secure Desktop) script.
+.TP
.B \-m,\-\-mtu=MTU
Request
.I MTU
--
2.6.2
More information about the openconnect-devel
mailing list