From: Daniel Lenski <dlenski@gmail.com>
Date: Thu, 2 Apr 2020 05:05:54 +0000 (-0700)
Subject: pass TNCC_SHA256 and TNCC_HOSTNAME environment variables to wrapper script (just... 
X-Git-Tag: v8.09~14^2~8
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=f9124506c63d42f1c8a624ff3e60a58ca7fd5e53;p=users%2Fdwmw2%2Fopenconnect.git

pass TNCC_SHA256 and TNCC_HOSTNAME environment variables to wrapper script (just like for CSD)

TNCC_SHA256 will allow a future version to validate the server certificate
fingerprint (like csd-post.sh already does).

TNCC_HOSTNAME passes along the *local* hostname override from OpenConnect
(set with `--local-hostname` or `openconnect_set_localname`) to the TNCC
wrapper script.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
---

diff --git a/auth-juniper.c b/auth-juniper.c
index 8a81317e..69a87081 100644
--- a/auth-juniper.c
+++ b/auth-juniper.c
@@ -400,7 +400,13 @@ static int tncc_preauth(struct openconnect_info *vpninfo)
 		for (i = 3; i < 1024 ; i++)
 			close(i);
 
+		if (setenv("TNCC_SHA256", openconnect_get_peer_cert_hash(vpninfo)+11, 1))  /* remove initial 'pin-sha256:' */
+			goto out;
+		if (setenv("TNCC_HOSTNAME", vpninfo->localname, 1))
+			goto out;
+
 		execl(vpninfo->csd_wrapper, vpninfo->csd_wrapper, vpninfo->hostname, NULL);
+	out:
 		fprintf(stderr, _("Failed to exec TNCC script %s: %s\n"),
 			vpninfo->csd_wrapper, strerror(errno));
 		exit(1);