[PATCH 3/4] CSD: pass trojan URI to wrapper when use --csd-skip-download

[Antonio Borneo]

If wrapper needs the trojan binary, it can still use the URI
to download it.

Signed-off-by: Antonio Borneo <borneo.antonio at gmail.com>
---
 auth.c           | 12 +++++++-----
 library.c        |  1 +
 openconnect.8.in |  3 +++
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/auth.c b/auth.c
index a749474..7476ef0 100644
--- a/auth.c
+++ b/auth.c
@@ -422,9 +422,7 @@ static int parse_auth_node(struct openconnect_info *vpninfo, xmlNode *xml_node,
 		   the same and rely on the fact that xmlnode_get_prop() will not *clear*
 		   the variable if no such property is found. */
 		if (!vpninfo->csd_scriptname && xmlnode_is_named(xml_node, vpninfo->csd_xmltag)) {
-			/* ignore the CSD trojan binary on mobile platforms */
-			if (!vpninfo->csd_nostub)
-				xmlnode_get_prop(xml_node, "stuburl", &vpninfo->csd_stuburl);
+			xmlnode_get_prop(xml_node, "stuburl", &vpninfo->csd_stuburl);
 			xmlnode_get_prop(xml_node, "starturl", &vpninfo->csd_starturl);
 			xmlnode_get_prop(xml_node, "waiturl", &vpninfo->csd_waiturl);
 			vpninfo->csd_preurl = strdup(vpninfo->urlpath);
@@ -1096,7 +1094,11 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle
 			if (vpninfo->csd_wrapper)
 				csd_argv[i++] = openconnect_utf8_to_legacy(vpninfo,
 									   vpninfo->csd_wrapper);
-			csd_argv[i++] = fname;
+			if (!vpninfo->csd_nostub || !vpninfo->csd_stuburl)
+				csd_argv[i++] = fname;
+			else
+				if (asprintf(&csd_argv[i++], "\"https://%s%s\"", vpninfo->hostname, vpninfo->csd_stuburl) == -1)
+					goto out;
 			csd_argv[i++] = (char *)"-ticket";
 			if (asprintf(&csd_argv[i++], "\"%s\"", vpninfo->csd_ticket) == -1)
 				goto out;
@@ -1330,7 +1332,7 @@ newgroup:
 		}
 
 		/* fetch the CSD program, if available */
-		if (vpninfo->csd_stuburl) {
+		if (!vpninfo->csd_nostub && vpninfo->csd_stuburl) {
 			vpninfo->redirect_url = vpninfo->csd_stuburl;
 			vpninfo->csd_stuburl = NULL;
 			handle_redirect(vpninfo);
diff --git a/library.c b/library.c
index cc50eac..bd87cc5 100644
--- a/library.c
+++ b/library.c
@@ -190,6 +190,7 @@ int openconnect_set_reported_os(struct openconnect_info *vpninfo,
 		vpninfo->csd_xmltag = "csdLinux";
 	else if (!strcmp(os, "android") || !strcmp(os, "apple-ios")) {
 		vpninfo->csd_xmltag = "csdLinux";
+		/* ignore the CSD trojan binary on mobile platforms */
 		vpninfo->csd_nostub = 1;
 	} else if (!strcmp(os, "win"))
 		vpninfo->csd_xmltag = "csd";
diff --git a/openconnect.8.in b/openconnect.8.in
index 8f635dd..ce1653f 100644
--- a/openconnect.8.in
+++ b/openconnect.8.in
@@ -207,6 +207,9 @@ instead of the CSD (Cisco Secure Desktop) script.
 .TP
 .B \-\-csd\-skip\-download
 Do not download the CSD (Cisco Secure Desktop) script.
+If an alternative script is specified with
+.B \-\-csd\-wrapper
+then it will receive the URI of the CSD (Cisco Secure Desktop) script.
 .TP
 .B \-m,\-\-mtu=MTU
 Request
-- 
2.6.2