2 * OpenConnect (SSL + DTLS) VPN client
4 * Copyright © 2008-2012 Intel Corporation.
5 * Copyright © 2008 Nick Andrew <nick@nick-andrew.net>
7 * Author: David Woodhouse <dwmw2@infradead.org>
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * version 2.1, as published by the Free Software Foundation.
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to:
21 * Free Software Foundation, Inc.
22 * 51 Franklin Street, Fifth Floor,
23 * Boston, MA 02110-1301 USA
26 #ifndef __OPENCONNECT_INTERNAL_H__
27 #define __OPENCONNECT_INTERNAL_H__
29 #include "openconnect.h"
31 #include <openssl/ssl.h>
34 #include <sys/socket.h>
35 #include <sys/select.h>
37 #include <sys/types.h>
45 #define _(s) dgettext("openconnect", s)
54 /****************************************************************************/
66 struct vpn_option *next;
72 #define KA_KEEPALIVE 3
75 struct keepalive_info {
85 struct split_include {
87 struct split_include *next;
90 #define RECONNECT_INTERVAL_MIN 10
91 #define RECONNECT_INTERVAL_MAX 100
93 #define CERT_TYPE_UNKNOWN 0
94 #define CERT_TYPE_PEM 1
95 #define CERT_TYPE_PKCS12 2
96 #define CERT_TYPE_TPM 3
98 struct openconnect_info {
108 char *csd_scriptname;
111 pxProxyFactory *proxy_factory;
117 const char *localname;
121 int cert_expire_warning;
128 const char *servercert;
129 const char *xmlconfig;
130 char xmlsha1[(SHA1_SIZE * 2) + 1];
139 int no_http_keepalive;
141 OPENCONNECT_X509 *peer_cert;
143 char *cookie; /* Pointer to within cookies list */
144 struct vpn_option *cookies;
145 struct vpn_option *cstp_options;
146 struct vpn_option *dtls_options;
150 struct keepalive_info ssl_times;
151 int owe_ssl_dpd_response;
152 struct pkt *deflate_pkt;
153 struct pkt *current_ssl_pkt;
154 struct pkt *pending_deflated_pkt;
156 z_stream inflate_strm;
157 uint32_t inflate_adler32;
158 z_stream deflate_strm;
159 uint32_t deflate_adler32;
162 int reconnect_timeout;
163 int reconnect_interval;
164 int dtls_attempt_period;
165 time_t new_dtls_started;
169 SSL_SESSION *dtls_session;
170 struct keepalive_info dtls_times;
171 unsigned char dtls_session_id[32];
172 unsigned char dtls_secret[48];
175 const char *vpnc_script;
181 const char *vpn_addr;
182 const char *vpn_netmask;
183 const char *vpn_addr6;
184 const char *vpn_netmask6;
185 const char *vpn_dns[3];
186 const char *vpn_nbns[3];
187 const char *vpn_domain;
188 const char *vpn_proxy_pac;
189 struct split_include *split_includes;
190 struct split_include *split_excludes;
207 struct pkt *incoming_queue;
208 struct pkt *outgoing_queue;
212 socklen_t peer_addrlen;
213 struct sockaddr *peer_addr;
214 struct sockaddr *dtls_addr;
219 const char *quit_reason;
222 openconnect_validate_peer_cert_vfn validate_peer_cert;
223 openconnect_write_new_config_vfn write_new_config;
224 openconnect_process_auth_form_vfn process_auth_form;
225 openconnect_progress_vfn progress;
230 #define AC_PKT_DATA 0 /* Uncompressed data */
231 #define AC_PKT_DPD_OUT 3 /* Dead Peer Detection */
232 #define AC_PKT_DPD_RESP 4 /* DPD response */
233 #define AC_PKT_DISCONN 5 /* Client disconnection notice */
234 #define AC_PKT_KEEPALIVE 7 /* Keepalive */
235 #define AC_PKT_COMPRESSED 8 /* Compressed data */
236 #define AC_PKT_TERM_SERVER 9 /* Server kick */
239 #if OPENSSL_VERSION_NUMBER >= 0x00909000L
240 #define method_const const
245 #define vpn_progress(vpninfo, ...) (vpninfo)->progress ((vpninfo)->cbdata, __VA_ARGS__)
247 /****************************************************************************/
248 /* Oh Solaris how we hate thee! */
250 #define time(x) openconnect__time(x)
251 time_t openconnect__time(time_t *t);
253 #ifndef HAVE_ASPRINTF
254 #define asprintf openconnect__asprintf
255 int openconnect__asprintf(char **strp, const char *fmt, ...);
258 #define getline openconnect__getline
259 ssize_t openconnect__getline(char **lineptr, size_t *n, FILE *stream);
262 /****************************************************************************/
265 int setup_tun(struct openconnect_info *vpninfo);
266 int tun_mainloop(struct openconnect_info *vpninfo, int *timeout);
267 void shutdown_tun(struct openconnect_info *vpninfo);
268 int script_config_tun (struct openconnect_info *vpninfo, const char *reason);
271 unsigned char unhex(const char *data);
272 int setup_dtls(struct openconnect_info *vpninfo);
273 int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout);
274 int dtls_try_handshake(struct openconnect_info *vpninfo);
275 int connect_dtls_socket(struct openconnect_info *vpninfo);
278 int make_cstp_connection(struct openconnect_info *vpninfo);
279 int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout);
280 int cstp_bye(struct openconnect_info *vpninfo, const char *reason);
281 int cstp_reconnect(struct openconnect_info *vpninfo);
284 int connect_https_socket(struct openconnect_info *vpninfo);
286 /* ${SSL_LIBRARY}.c */
287 int __attribute__ ((format (printf, 2, 3)))
288 openconnect_SSL_printf(struct openconnect_info *vpninfo, const char *fmt, ...);
289 int openconnect_SSL_gets(struct openconnect_info *vpninfo, char *buf, size_t len);
290 int openconnect_SSL_write(struct openconnect_info *vpninfo, char *buf, size_t len);
291 int openconnect_SSL_read(struct openconnect_info *vpninfo, char *buf, size_t len);
292 int openconnect_open_https(struct openconnect_info *vpninfo);
293 void openconnect_close_https(struct openconnect_info *vpninfo);
294 int get_cert_md5_fingerprint(struct openconnect_info *vpninfo, OPENCONNECT_X509 *cert,
296 /* This one is actually OpenSSL-specific */
297 void openconnect_report_ssl_errors(struct openconnect_info *vpninfo);
298 int openconnect_sha1(unsigned char *result, void *data, int len);
299 int openconnect_random(void *bytes, int len);
300 int openconnect_local_cert_md5(struct openconnect_info *vpninfo,
304 int vpn_add_pollfd(struct openconnect_info *vpninfo, int fd, short events);
305 int vpn_mainloop(struct openconnect_info *vpninfo);
306 int queue_new_packet(struct pkt **q, void *buf, int len);
307 void queue_packet(struct pkt **q, struct pkt *new);
308 int keepalive_action(struct keepalive_info *ka, int *timeout);
309 int ka_stalled_dpd_time(struct keepalive_info *ka, int *timeout);
314 int config_lookup_host(struct openconnect_info *vpninfo, const char *host);
317 int parse_xml_response(struct openconnect_info *vpninfo, char *response,
318 char *request_body, int req_len, const char **method,
319 const char **request_body_type);
322 char *openconnect_create_useragent(const char *base);
323 int process_proxy(struct openconnect_info *vpninfo, int ssl_sock);
324 int internal_parse_url(char *url, char **res_proto, char **res_host,
325 int *res_port, char **res_path, int default_port);
328 int set_openssl_ui(void);
331 int generate_securid_tokencodes(struct openconnect_info *vpninfo);
332 int add_securid_pin(char *token, char *pin);
335 extern const char *openconnect_version_str;
337 #endif /* __OPENCONNECT_INTERNAL_H__ */