openconnect-internal.h

   1 /*
   2  * OpenConnect (SSL + DTLS) VPN client
   3  *
   4  * Copyright © 2008-2012 Intel Corporation.
   5  * Copyright © 2008 Nick Andrew <nick@nick-andrew.net>
   6  *
   7  * Author: David Woodhouse <dwmw2@infradead.org>
   8  *
   9  * This program is free software; you can redistribute it and/or
  10  * modify it under the terms of the GNU Lesser General Public License
  11  * version 2.1, as published by the Free Software Foundation.
  12  *
  13  * This program is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * Lesser General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU Lesser General Public
  19  * License along with this library; if not, write to:
  20  *
  21  *   Free Software Foundation, Inc.
  22  *   51 Franklin Street, Fifth Floor,
  23  *   Boston, MA 02110-1301 USA
  24  */
  25
  26 #ifndef __OPENCONNECT_INTERNAL_H__
  27 #define __OPENCONNECT_INTERNAL_H__
  28
  29 #include "openconnect.h"
  30
  31 #include <openssl/ssl.h>
  32 #include <zlib.h>
  33 #include <stdint.h>
  34 #include <sys/socket.h>
  35 #include <sys/select.h>
  36 #include <sys/time.h>
  37 #include <sys/types.h>
  38 #include <unistd.h>
  39 #ifdef LIBPROXY_HDR
  40 #include LIBPROXY_HDR
  41 #endif
  42 #ifdef ENABLE_NLS
  43 #include <locale.h>
  44 #include <libintl.h>
  45 #define _(s) dgettext("openconnect", s)
  46 #else
  47 #define _(s) s
  48 #endif
  49 #define N_(s) s
  50
  51 #define SHA1_SIZE 20
  52 #define MD5_SIZE 16
  53
  54 /****************************************************************************/
  55
  56 struct pkt {
  57         int len;
  58         struct pkt *next;
  59         unsigned char hdr[8];
  60         unsigned char data[];
  61 };
  62
  63 struct vpn_option {
  64         char *option;
  65         char *value;
  66         struct vpn_option *next;
  67 };
  68
  69 #define KA_NONE         0
  70 #define KA_DPD          1
  71 #define KA_DPD_DEAD     2
  72 #define KA_KEEPALIVE    3
  73 #define KA_REKEY        4
  74
  75 struct keepalive_info {
  76         int dpd;
  77         int keepalive;
  78         int rekey;
  79         time_t last_rekey;
  80         time_t last_tx;
  81         time_t last_rx;
  82         time_t last_dpd;
  83 };
  84
  85 struct split_include {
  86         char *route;
  87         struct split_include *next;
  88 };
  89
  90 #define RECONNECT_INTERVAL_MIN  10
  91 #define RECONNECT_INTERVAL_MAX  100
  92
  93 #define CERT_TYPE_UNKNOWN       0
  94 #define CERT_TYPE_PEM           1
  95 #define CERT_TYPE_PKCS12        2
  96 #define CERT_TYPE_TPM           3
  97
  98 struct openconnect_info {
  99         char *redirect_url;
 100
 101         char *csd_token;
 102         char *csd_ticket;
 103         char *csd_stuburl;
 104         char *csd_starturl;
 105         char *csd_waiturl;
 106         char *csd_preurl;
 107
 108         char *csd_scriptname;
 109
 110 #ifdef LIBPROXY_HDR
 111         pxProxyFactory *proxy_factory;
 112 #endif
 113         char *proxy_type;
 114         char *proxy;
 115         int proxy_port;
 116
 117         const char *localname;
 118         char *hostname;
 119         int port;
 120         char *urlpath;
 121         int cert_expire_warning;
 122         const char *cert;
 123         const char *sslkey;
 124         X509 *cert_x509;
 125         int cert_type;
 126         char *cert_password;
 127         const char *cafile;
 128         const char *servercert;
 129         const char *xmlconfig;
 130         char xmlsha1[(SHA1_SIZE * 2) + 1];
 131         char *username;
 132         char *password;
 133         char *authgroup;
 134         int nopasswd;
 135         char *dtls_ciphers;
 136         uid_t uid_csd;
 137         char *csd_wrapper;
 138         int uid_csd_given;
 139         int no_http_keepalive;
 140
 141         OPENCONNECT_X509 *peer_cert;
 142
 143         char *cookie; /* Pointer to within cookies list */
 144         struct vpn_option *cookies;
 145         struct vpn_option *cstp_options;
 146         struct vpn_option *dtls_options;
 147
 148         SSL_CTX *https_ctx;
 149         SSL *https_ssl;
 150         struct keepalive_info ssl_times;
 151         int owe_ssl_dpd_response;
 152         struct pkt *deflate_pkt;
 153         struct pkt *current_ssl_pkt;
 154         struct pkt *pending_deflated_pkt;
 155
 156         z_stream inflate_strm;
 157         uint32_t inflate_adler32;
 158         z_stream deflate_strm;
 159         uint32_t deflate_adler32;
 160
 161         int disable_ipv6;
 162         int reconnect_timeout;
 163         int reconnect_interval;
 164         int dtls_attempt_period;
 165         time_t new_dtls_started;
 166         SSL_CTX *dtls_ctx;
 167         SSL *dtls_ssl;
 168         SSL *new_dtls_ssl;
 169         SSL_SESSION *dtls_session;
 170         struct keepalive_info dtls_times;
 171         unsigned char dtls_session_id[32];
 172         unsigned char dtls_secret[48];
 173
 174         char *dtls_cipher;
 175         const char *vpnc_script;
 176         int script_tun;
 177         char *ifname;
 178
 179         int mtu;
 180         const char *banner;
 181         const char *vpn_addr;
 182         const char *vpn_netmask;
 183         const char *vpn_addr6;
 184         const char *vpn_netmask6;
 185         const char *vpn_dns[3];
 186         const char *vpn_nbns[3];
 187         const char *vpn_domain;
 188         const char *vpn_proxy_pac;
 189         struct split_include *split_includes;
 190         struct split_include *split_excludes;
 191
 192         int select_nfds;
 193         fd_set select_rfds;
 194         fd_set select_wfds;
 195         fd_set select_efds;
 196
 197 #ifdef __sun__
 198         int ip_fd;
 199         int ip6_fd;
 200 #endif
 201         int tun_fd;
 202         int ssl_fd;
 203         int dtls_fd;
 204         int new_dtls_fd;
 205         int cancel_fd;
 206
 207         struct pkt *incoming_queue;
 208         struct pkt *outgoing_queue;
 209         int outgoing_qlen;
 210         int max_qlen;
 211
 212         socklen_t peer_addrlen;
 213         struct sockaddr *peer_addr;
 214         struct sockaddr *dtls_addr;
 215
 216         int deflate;
 217         char *useragent;
 218
 219         const char *quit_reason;
 220
 221         void *cbdata;
 222         openconnect_validate_peer_cert_vfn validate_peer_cert;
 223         openconnect_write_new_config_vfn write_new_config;
 224         openconnect_process_auth_form_vfn process_auth_form;
 225         openconnect_progress_vfn progress;
 226 };
 227
 228 /* Packet types */
 229
 230 #define AC_PKT_DATA             0       /* Uncompressed data */
 231 #define AC_PKT_DPD_OUT          3       /* Dead Peer Detection */
 232 #define AC_PKT_DPD_RESP         4       /* DPD response */
 233 #define AC_PKT_DISCONN          5       /* Client disconnection notice */
 234 #define AC_PKT_KEEPALIVE        7       /* Keepalive */
 235 #define AC_PKT_COMPRESSED       8       /* Compressed data */
 236 #define AC_PKT_TERM_SERVER      9       /* Server kick */
 237
 238 /* Ick */
 239 #if OPENSSL_VERSION_NUMBER >= 0x00909000L
 240 #define method_const const
 241 #else
 242 #define method_const
 243 #endif
 244
 245 #define vpn_progress(vpninfo, ...) (vpninfo)->progress ((vpninfo)->cbdata, __VA_ARGS__)
 246
 247 /****************************************************************************/
 248 /* Oh Solaris how we hate thee! */
 249 #ifdef __sun__
 250 #define time(x) openconnect__time(x)
 251 time_t openconnect__time(time_t *t);
 252 #endif
 253 #ifndef HAVE_ASPRINTF
 254 #define asprintf openconnect__asprintf
 255 int openconnect__asprintf(char **strp, const char *fmt, ...);
 256 #endif
 257 #ifndef HAVE_GETLINE
 258 #define getline openconnect__getline
 259 ssize_t openconnect__getline(char **lineptr, size_t *n, FILE *stream);
 260 #endif
 261
 262 /****************************************************************************/
 263
 264 /* tun.c */
 265 int setup_tun(struct openconnect_info *vpninfo);
 266 int tun_mainloop(struct openconnect_info *vpninfo, int *timeout);
 267 void shutdown_tun(struct openconnect_info *vpninfo);
 268 int script_config_tun (struct openconnect_info *vpninfo, const char *reason);
 269
 270 /* dtls.c */
 271 unsigned char unhex(const char *data);
 272 int setup_dtls(struct openconnect_info *vpninfo);
 273 int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout);
 274 int dtls_try_handshake(struct openconnect_info *vpninfo);
 275 int connect_dtls_socket(struct openconnect_info *vpninfo);
 276
 277 /* cstp.c */
 278 int make_cstp_connection(struct openconnect_info *vpninfo);
 279 int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout);
 280 int cstp_bye(struct openconnect_info *vpninfo, const char *reason);
 281 int cstp_reconnect(struct openconnect_info *vpninfo);
 282
 283 /* ssl.c */
 284 int connect_https_socket(struct openconnect_info *vpninfo);
 285
 286 /* ${SSL_LIBRARY}.c */
 287 int  __attribute__ ((format (printf, 2, 3)))
 288     openconnect_SSL_printf(struct openconnect_info *vpninfo, const char *fmt, ...);
 289 int openconnect_SSL_gets(struct openconnect_info *vpninfo, char *buf, size_t len);
 290 int openconnect_SSL_write(struct openconnect_info *vpninfo, char *buf, size_t len);
 291 int openconnect_SSL_read(struct openconnect_info *vpninfo, char *buf, size_t len);
 292 int openconnect_open_https(struct openconnect_info *vpninfo);
 293 void openconnect_close_https(struct openconnect_info *vpninfo);
 294 int get_cert_md5_fingerprint(struct openconnect_info *vpninfo, OPENCONNECT_X509 *cert,
 295                              char *buf);
 296 /* This one is actually OpenSSL-specific */
 297 void openconnect_report_ssl_errors(struct openconnect_info *vpninfo);
 298 int openconnect_sha1(unsigned char *result, void *data, int len);
 299 int openconnect_random(void *bytes, int len);
 300 int openconnect_local_cert_md5(struct openconnect_info *vpninfo,
 301                                char *buf);
 302
 303 /* mainloop.c */
 304 int vpn_add_pollfd(struct openconnect_info *vpninfo, int fd, short events);
 305 int vpn_mainloop(struct openconnect_info *vpninfo);
 306 int queue_new_packet(struct pkt **q, void *buf, int len);
 307 void queue_packet(struct pkt **q, struct pkt *new);
 308 int keepalive_action(struct keepalive_info *ka, int *timeout);
 309 int ka_stalled_dpd_time(struct keepalive_info *ka, int *timeout);
 310
 311 extern int killed;
 312
 313 /* xml.c */
 314 int config_lookup_host(struct openconnect_info *vpninfo, const char *host);
 315
 316 /* auth.c */
 317 int parse_xml_response(struct openconnect_info *vpninfo, char *response,
 318                        char *request_body, int req_len, const char **method,
 319                        const char **request_body_type);
 320
 321 /* http.c */
 322 char *openconnect_create_useragent(const char *base);
 323 int process_proxy(struct openconnect_info *vpninfo, int ssl_sock);
 324 int internal_parse_url(char *url, char **res_proto, char **res_host,
 325                        int *res_port, char **res_path, int default_port);
 326
 327 /* ssl_ui.c */
 328 int set_openssl_ui(void);
 329
 330 /* securid.c */
 331 int generate_securid_tokencodes(struct openconnect_info *vpninfo);
 332 int add_securid_pin(char *token, char *pin);
 333
 334 /* version.c */
 335 extern const char *openconnect_version_str;
 336
 337 #endif /* __OPENCONNECT_INTERNAL_H__ */