2 * OpenConnect (SSL + DTLS) VPN client
4 * Copyright © 2008-2011 Intel Corporation.
5 * Copyright © 2008 Nick Andrew <nick@nick-andrew.net>
7 * Author: David Woodhouse <dwmw2@infradead.org>
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * version 2.1, as published by the Free Software Foundation.
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to:
21 * Free Software Foundation, Inc.
22 * 51 Franklin Street, Fifth Floor,
23 * Boston, MA 02110-1301 USA
26 #ifndef __OPENCONNECT_INTERNAL_H__
27 #define __OPENCONNECT_INTERNAL_H__
29 #include "openconnect.h"
31 #include <openssl/ssl.h>
34 #include <sys/socket.h>
35 #include <sys/select.h>
37 #include <sys/types.h>
44 #define _(s) gettext(s)
50 /****************************************************************************/
62 struct vpn_option *next;
68 #define KA_KEEPALIVE 3
71 struct keepalive_info {
81 struct split_include {
83 struct split_include *next;
86 #define RECONNECT_INTERVAL_MIN 10
87 #define RECONNECT_INTERVAL_MAX 100
89 #define CERT_TYPE_UNKNOWN 0
90 #define CERT_TYPE_PEM 1
91 #define CERT_TYPE_PKCS12 2
92 #define CERT_TYPE_TPM 3
94 struct openconnect_info {
104 char *csd_scriptname;
107 pxProxyFactory *proxy_factory;
113 const char *localname;
123 const char *servercert;
124 const char *xmlconfig;
125 char xmlsha1[(SHA_DIGEST_LENGTH * 2) + 1];
134 int no_http_keepalive;
136 char *cookie; /* Pointer to within cookies list */
137 struct vpn_option *cookies;
138 struct vpn_option *cstp_options;
139 struct vpn_option *dtls_options;
143 struct keepalive_info ssl_times;
144 int owe_ssl_dpd_response;
145 struct pkt *deflate_pkt;
146 struct pkt *current_ssl_pkt;
148 z_stream inflate_strm;
149 uint32_t inflate_adler32;
150 z_stream deflate_strm;
151 uint32_t deflate_adler32;
154 int reconnect_timeout;
155 int reconnect_interval;
156 int dtls_attempt_period;
157 time_t new_dtls_started;
161 SSL_SESSION *dtls_session;
162 struct keepalive_info dtls_times;
163 unsigned char dtls_session_id[32];
164 unsigned char dtls_secret[48];
173 const char *vpn_addr;
174 const char *vpn_netmask;
175 const char *vpn_addr6;
176 const char *vpn_netmask6;
177 const char *vpn_dns[3];
178 const char *vpn_nbns[3];
179 const char *vpn_domain;
180 const char *vpn_proxy_pac;
181 struct split_include *split_includes;
182 struct split_include *split_excludes;
198 struct pkt *incoming_queue;
199 struct pkt *outgoing_queue;
203 socklen_t peer_addrlen;
204 struct sockaddr *peer_addr;
205 struct sockaddr *dtls_addr;
210 const char *quit_reason;
213 openconnect_validate_peer_cert_vfn validate_peer_cert;
214 openconnect_write_new_config_vfn write_new_config;
215 openconnect_process_auth_form_vfn process_auth_form;
216 openconnect_progress_vfn progress;
221 #define AC_PKT_DATA 0 /* Uncompressed data */
222 #define AC_PKT_DPD_OUT 3 /* Dead Peer Detection */
223 #define AC_PKT_DPD_RESP 4 /* DPD response */
224 #define AC_PKT_DISCONN 5 /* Client disconnection notice */
225 #define AC_PKT_KEEPALIVE 7 /* Keepalive */
226 #define AC_PKT_COMPRESSED 8 /* Compressed data */
227 #define AC_PKT_TERM_SERVER 9 /* Server kick */
230 #if OPENSSL_VERSION_NUMBER >= 0x00909000L
231 #define method_const const
236 #define vpn_progress(vpninfo, ...) (vpninfo)->progress ((vpninfo)->cbdata, __VA_ARGS__)
238 /****************************************************************************/
241 int setup_tun(struct openconnect_info *vpninfo);
242 int tun_mainloop(struct openconnect_info *vpninfo, int *timeout);
243 void shutdown_tun(struct openconnect_info *vpninfo);
244 void script_reconnect (struct openconnect_info *vpninfo);
247 unsigned char unhex(const char *data);
248 int setup_dtls(struct openconnect_info *vpninfo);
249 int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout);
250 int dtls_try_handshake(struct openconnect_info *vpninfo);
251 int connect_dtls_socket(struct openconnect_info *vpninfo);
254 int make_cstp_connection(struct openconnect_info *vpninfo);
255 int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout);
256 int cstp_bye(struct openconnect_info *vpninfo, const char *reason);
257 int cstp_reconnect(struct openconnect_info *vpninfo);
260 int __attribute__ ((format (printf, 2, 3)))
261 openconnect_SSL_printf(SSL *ssl, const char *fmt, ...);
262 int openconnect_SSL_gets(SSL *ssl, char *buf, size_t len);
263 int openconnect_open_https(struct openconnect_info *vpninfo);
264 void openconnect_close_https(struct openconnect_info *vpninfo);
265 int get_cert_md5_fingerprint(struct openconnect_info *vpninfo, X509 *cert,
267 void report_ssl_errors(struct openconnect_info *vpninfo);
270 int vpn_add_pollfd(struct openconnect_info *vpninfo, int fd, short events);
271 int vpn_mainloop(struct openconnect_info *vpninfo);
272 int queue_new_packet(struct pkt **q, void *buf, int len);
273 void queue_packet(struct pkt **q, struct pkt *new);
274 int keepalive_action(struct keepalive_info *ka, int *timeout);
275 int ka_stalled_dpd_time(struct keepalive_info *ka, int *timeout);
280 int config_lookup_host(struct openconnect_info *vpninfo, const char *host);
283 int parse_xml_response(struct openconnect_info *vpninfo, char *response,
284 char *request_body, int req_len, const char **method,
285 const char **request_body_type);
288 char *openconnect_create_useragent(const char *base);
289 int process_proxy(struct openconnect_info *vpninfo, int ssl_sock);
290 int internal_parse_url(char *url, char **res_proto, char **res_host,
291 int *res_port, char **res_path, int default_port);
294 int set_openssl_ui(void);
297 int generate_securid_tokencodes(struct openconnect_info *vpninfo);
298 int add_securid_pin(char *token, char *pin);
301 extern char openconnect_version[];
303 #endif /* __OPENCONNECT_INTERNAL_H__ */