[NetworkManager-openconnect] service: include --csd-wrapper script in openconnect arguments

[David Woodhouse <dwmw2 src gnome org>]

commit e19552951357ffce9379e68ae00329550589c54e
Author: Daniel Lenski <dlenski gmail com>
Date:   Tue Dec 19 11:34:08 2017 -0800

    service: include --csd-wrapper script in openconnect arguments
    
    At least one protocol (GlobalProtect) requires the security checker ("CSD")
    script to be invoked during the tunnel/connection phase, rather than the
    authentication phase, because the access-enabling mechanism depends on
    knowing the IP address(es) of the client in the internal network.  See
    check_or_submit_hip_report() in cstp.c in OpenConnect.

 src/nm-openconnect-service.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)
---
diff --git a/src/nm-openconnect-service.c b/src/nm-openconnect-service.c
index 293f28f..c83a62f 100644
--- a/src/nm-openconnect-service.c
+++ b/src/nm-openconnect-service.c
@@ -394,6 +394,7 @@ nm_openconnect_start_openconnect_binary (NMOpenconnectPlugin *plugin,
        GSource *openconnect_watch;
        gint    stdin_fd;
        const char *props_vpn_gw, *props_cookie, *props_cacert, *props_mtu, *props_gwcert, *props_proxy;
+       const char *props_csd_enable, *props_csd_wrapper;
        const char *protocol;
 
        /* Find openconnect */
@@ -479,6 +480,18 @@ nm_openconnect_start_openconnect_binary (NMOpenconnectPlugin *plugin,
        g_ptr_array_add (openconnect_argv, (gpointer) "--script");
        g_ptr_array_add (openconnect_argv, (gpointer) NM_OPENCONNECT_HELPER_PATH);
 
+       props_csd_enable = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_CSD_ENABLE);
+       props_csd_wrapper = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_CSD_WRAPPER);
+       if (props_csd_enable && !strcmp (props_csd_enable, "yes") && props_csd_wrapper) {
+               /* Replicate the CSD parameters used in the authentication phase, for
+                  supported protocols which may need to invoke the security trojan ("CSD")
+                  in the tunnel/connection phase. */
+               g_ptr_array_add (openconnect_argv, (gpointer) "--csd-wrapper");
+               g_ptr_array_add (openconnect_argv, (gpointer) props_csd_wrapper);
+               g_ptr_array_add (openconnect_argv, (gpointer) "--csd-user");
+               g_ptr_array_add (openconnect_argv, (gpointer) g_strdup_printf ("%d", gl.tun_owner));
+       }
+
        priv->tun_name = create_persistent_tundev ();
        if (priv->tun_name) {
                g_ptr_array_add (openconnect_argv, (gpointer) "--interface");