From 7083a0ac52a95e02b2c75180888bc29bcc9f3bae Mon Sep 17 00:00:00 2001 From: Daniel Lenski Date: Sun, 29 Nov 2020 22:41:12 -0800 Subject: [PATCH] more logging around Trojan script invocation (CSD/HIP/TNCC) See #203 for a recent example of where it wasn't clear that a problem was caused by a CSD script being invoked and never returning, due to the lack of logging. Signed-off-by: Daniel Lenski --- auth-juniper.c | 4 ++++ auth.c | 18 ++++++++++++------ gpst.c | 9 +++++++++ 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/auth-juniper.c b/auth-juniper.c index 492cef52..dc4f836b 100644 --- a/auth-juniper.c +++ b/auth-juniper.c @@ -404,6 +404,10 @@ static int tncc_preauth(struct openconnect_info *vpninfo) return -EINVAL; } + vpn_progress(vpninfo, PRG_INFO, + _("Trying to run TNCC/Host Checker Trojan script '%s'.\n"), + vpninfo->csd_wrapper); + #ifdef SOCK_CLOEXEC if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0, sockfd)) #endif diff --git a/auth.c b/auth.c index c07ed15b..9756018b 100644 --- a/auth.c +++ b/auth.c @@ -1069,11 +1069,6 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle return -EPERM; } -#ifndef __linux__ - vpn_progress(vpninfo, PRG_INFO, - _("Trying to run Linux CSD trojan script.\n")); -#endif - fname[0] = 0; if (buflen) { struct oc_vpn_option *opt; @@ -1123,6 +1118,10 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle close(fd); } + vpn_progress(vpninfo, PRG_INFO, + _("Trying to run CSD Trojan script '%s'.\n"), + vpninfo->csd_wrapper ?: fname); + child = fork(); if (child == -1) { goto out; @@ -1145,6 +1144,10 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle vpn_progress(vpninfo, PRG_ERR, _("Authentication may fail. If your script is not returning zero, fix it.\n" "Future versions of openconnect will abort on this error.\n")); + } else { + vpn_progress(vpninfo, PRG_INFO, + _("CSD script '%s' completed successfully.\n"), + vpninfo->csd_wrapper ?: fname); } free(vpninfo->urlpath); @@ -1424,7 +1427,10 @@ newgroup: result = -EINVAL; goto out; } - } + } else + vpn_progress(vpninfo, PRG_INFO, + _("Fetched CSD stub for %s platform (size is %d bytes).\n"), + vpninfo->platname, buflen); } /* This is the CSD stub script, which we now need to run */ diff --git a/gpst.c b/gpst.c index e6491a58..aedff46e 100644 --- a/gpst.c +++ b/gpst.c @@ -955,6 +955,11 @@ static int run_hip_script(struct openconnect_info *vpninfo) _("Error: Running the 'HIP Report' script on this platform is not yet implemented.\n")); return -EPERM; #else + + vpn_progress(vpninfo, PRG_INFO, + _("Trying to run HIP Trojan script '%s'.\n"), + vpninfo->csd_wrapper); + #ifdef __linux__ if (pipe2(pipefd, O_CLOEXEC)) #endif @@ -993,6 +998,10 @@ static int run_hip_script(struct openconnect_info *vpninfo) vpninfo->csd_wrapper, WEXITSTATUS(status)); ret = -EINVAL; } else { + vpn_progress(vpninfo, PRG_INFO, + _("HIP script '%s' completed successfully (report is %d bytes).\n"), + vpninfo->csd_wrapper, report_buf->pos); + ret = check_or_submit_hip_report(vpninfo, report_buf->data); if (ret < 0) vpn_progress(vpninfo, PRG_ERR, _("HIP report submission failed.\n")); -- 2.49.0