library.c

   1 /*
   2  * OpenConnect (SSL + DTLS) VPN client
   3  *
   4  * Copyright © 2008-2011 Intel Corporation.
   5  *
   6  * Authors: David Woodhouse <dwmw2@infradead.org>
   7  *
   8  * This program is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU Lesser General Public License
  10  * version 2.1, as published by the Free Software Foundation.
  11  *
  12  * This program is distributed in the hope that it will be useful, but
  13  * WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  15  * Lesser General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU Lesser General Public
  18  * License along with this library; if not, write to:
  19  *
  20  *   Free Software Foundation, Inc.
  21  *   51 Franklin Street, Fifth Floor,
  22  *   Boston, MA 02110-1301 USA
  23  */
  24
  25 #include "openconnect-internal.h"
  26
  27 struct openconnect_info *openconnect_vpninfo_new_with_cbdata (char *useragent,
  28                                                   openconnect_validate_peer_cert_vfn validate_peer_cert,
  29                                                   openconnect_write_new_config_vfn write_new_config,
  30                                                   openconnect_process_auth_form_vfn process_auth_form,
  31                                                   openconnect_progress_vfn progress,
  32                                                   void *privdata)
  33 {
  34         struct openconnect_info *vpninfo = calloc (sizeof(*vpninfo), 1);
  35
  36         vpninfo->mtu = 1406;
  37         vpninfo->ssl_fd = -1;
  38         vpninfo->cert_expire_warning = 60 * 86400;
  39         vpninfo->useragent = openconnect_create_useragent (useragent);
  40         vpninfo->validate_peer_cert = validate_peer_cert;
  41         vpninfo->write_new_config = write_new_config;
  42         vpninfo->process_auth_form = process_auth_form;
  43         vpninfo->progress = progress;
  44         vpninfo->cbdata = privdata?:vpninfo;
  45
  46 #ifdef ENABLE_NLS
  47         bindtextdomain("openconnect", LOCALEDIR);
  48 #endif
  49
  50         return vpninfo;
  51 }
  52
  53 struct openconnect_info *openconnect_vpninfo_new (char *useragent,
  54                                                   openconnect_validate_peer_cert_fn validate_peer_cert,
  55                                                   openconnect_write_new_config_fn write_new_config,
  56                                                   openconnect_process_auth_form_fn process_auth_form,
  57                                                   openconnect_progress_fn progress)
  58 {
  59         return openconnect_vpninfo_new_with_cbdata (useragent,
  60                                                     (void *)validate_peer_cert,
  61                                                     (void *)write_new_config,
  62                                                     (void *)process_auth_form,
  63                                                     (void *)progress, NULL);
  64 }
  65
  66 static void free_optlist (struct vpn_option *opt)
  67 {
  68         struct vpn_option *next;
  69
  70         for (; opt; opt = next) {
  71                 next = opt->next;
  72                 free(opt->option);
  73                 free(opt->value);
  74                 free(opt);
  75         }
  76 }
  77
  78 void openconnect_vpninfo_free (struct openconnect_info *vpninfo)
  79 {
  80         openconnect_reset_ssl(vpninfo);
  81         free_optlist(vpninfo->cookies);
  82         free_optlist(vpninfo->cstp_options);
  83         free_optlist(vpninfo->dtls_options);
  84         free(vpninfo->hostname);
  85         free(vpninfo->urlpath);
  86         free(vpninfo->redirect_url);
  87         free(vpninfo->proxy_type);
  88         free(vpninfo->proxy);
  89         free(vpninfo->csd_scriptname);
  90         free(vpninfo->csd_stuburl);
  91         /* These are const in openconnect itself, but for consistency of
  92            the library API we do take ownership of the strings we're given,
  93            and thus we have to free them too. */
  94         free((void *)vpninfo->cafile);
  95         if (vpninfo->cert != vpninfo->sslkey)
  96                 free((void *)vpninfo->sslkey);
  97         free((void *)vpninfo->cert);
  98         /* No need to free deflate streams; they weren't initialised */
  99         free(vpninfo);
 100 }
 101
 102 char *openconnect_get_hostname (struct openconnect_info *vpninfo)
 103 {
 104         return vpninfo->hostname;
 105 }
 106
 107 void openconnect_set_hostname (struct openconnect_info *vpninfo, char *hostname)
 108 {
 109         vpninfo->hostname = hostname;
 110 }
 111
 112 char *openconnect_get_urlpath (struct openconnect_info *vpninfo)
 113 {
 114         return vpninfo->urlpath;
 115 }
 116
 117 void openconnect_set_urlpath (struct openconnect_info *vpninfo, char *urlpath)
 118 {
 119         vpninfo->urlpath = urlpath;
 120 }
 121
 122 void openconnect_set_xmlsha1 (struct openconnect_info *vpninfo, char *xmlsha1, int size)
 123 {
 124         if (size != sizeof (vpninfo->xmlsha1))
 125                 return;
 126
 127         memcpy (&vpninfo->xmlsha1, xmlsha1, size);
 128 }
 129
 130 void openconnect_set_cafile (struct openconnect_info *vpninfo, char *cafile)
 131 {
 132         vpninfo->cafile = cafile;
 133 }
 134
 135 void openconnect_setup_csd (struct openconnect_info *vpninfo, uid_t uid, int silent, char *wrapper)
 136 {
 137         vpninfo->uid_csd = uid;
 138         vpninfo->uid_csd_given = silent?2:1;
 139         vpninfo->csd_wrapper = wrapper;
 140 }
 141
 142 void openconnect_set_client_cert (struct openconnect_info *vpninfo, char *cert, char *sslkey)
 143 {
 144         vpninfo->cert = cert;
 145         if (sslkey)
 146                 vpninfo->sslkey = sslkey;
 147         else
 148                 vpninfo->sslkey = cert;
 149 }
 150
 151 struct x509_st *openconnect_get_peer_cert (struct openconnect_info *vpninfo)
 152 {
 153         return SSL_get_peer_certificate(vpninfo->https_ssl);
 154 }
 155
 156 int openconnect_get_port (struct openconnect_info *vpninfo)
 157 {
 158         return vpninfo->port;
 159 }
 160
 161 char *openconnect_get_cookie (struct openconnect_info *vpninfo)
 162 {
 163         return vpninfo->cookie;
 164 }
 165
 166 void openconnect_clear_cookie (struct openconnect_info *vpninfo)
 167 {
 168         if (vpninfo->cookie)
 169                 memset(vpninfo->cookie, 0, strlen(vpninfo->cookie));
 170 }
 171
 172 void openconnect_reset_ssl (struct openconnect_info *vpninfo)
 173 {
 174         if (vpninfo->https_ssl) {
 175                 openconnect_close_https(vpninfo);
 176         }
 177         if (vpninfo->peer_addr) {
 178                 free(vpninfo->peer_addr);
 179                 vpninfo->peer_addr = NULL;
 180         }
 181         if (vpninfo->https_ctx) {
 182                 SSL_CTX_free(vpninfo->https_ctx);
 183                 vpninfo->https_ctx = NULL;
 184         }
 185 }
 186
 187 int openconnect_parse_url (struct openconnect_info *vpninfo, char *url)
 188 {
 189         if (vpninfo->peer_addr) {
 190                 free(vpninfo->peer_addr);
 191                 vpninfo->peer_addr = NULL;
 192         }
 193
 194         return internal_parse_url (url, NULL, &vpninfo->hostname,
 195                                    &vpninfo->port, &vpninfo->urlpath, 443);
 196 }
 197
 198 void openconnect_set_cert_expiry_warning (struct openconnect_info *vpninfo,
 199                                           int seconds)
 200 {
 201         vpninfo->cert_expire_warning = seconds;
 202 }
 203
 204 const char *openconnect_get_version (void)
 205 {
 206         return openconnect_version;
 207 }