openconnect.h

   1 /*
   2  * OpenConnect (SSL + DTLS) VPN client
   3  *
   4  * Copyright © 2008-2010 Intel Corporation.
   5  * Copyright © 2008 Nick Andrew <nick@nick-andrew.net>
   6  *
   7  * Author: David Woodhouse <dwmw2@infradead.org>
   8  *
   9  * This program is free software; you can redistribute it and/or
  10  * modify it under the terms of the GNU Lesser General Public License
  11  * version 2.1, as published by the Free Software Foundation.
  12  *
  13  * This program is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * Lesser General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU Lesser General Public
  19  * License along with this library; if not, write to:
  20  *
  21  *   Free Software Foundation, Inc.
  22  *   51 Franklin Street, Fifth Floor,
  23  *   Boston, MA 02110-1301 USA
  24  */
  25
  26 #ifndef __OPENCONNECT_ANYCONNECT_H
  27 #define __OPENCONNECT_ANYCONNECT_H
  28
  29 #include <openssl/ssl.h>
  30 #include <zlib.h>
  31 #include <stdint.h>
  32 #include <sys/socket.h>
  33 #include <sys/select.h>
  34 #include <sys/time.h>
  35 #include <sys/types.h>
  36 #include <unistd.h>
  37 #ifdef OPENCONNECT_LIBPROXY
  38 #include <libproxy/proxy.h>
  39 #endif
  40
  41
  42 /****************************************************************************/
  43
  44 /* Authentication form processing */
  45
  46 #define OC_FORM_OPT_TEXT        1
  47 #define OC_FORM_OPT_PASSWORD    2
  48 #define OC_FORM_OPT_SELECT      3
  49 #define OC_FORM_OPT_HIDDEN      4
  50
  51 /* char * fields are static (owned by XML parser) and don't need to be
  52    freed by the form handling code -- except for value, which for TEXT
  53    and PASSWORD options is allocated by process_form() when
  54    interacting with the user and must be freed. */
  55 struct oc_form_opt {
  56         struct oc_form_opt *next;
  57         int type;
  58         char *name;
  59         char *label;
  60         char *value;
  61 };
  62
  63 /* All fields are static, owned by the XML parser */
  64 struct oc_choice {
  65         char *name;
  66         char *label;
  67         char *auth_type;
  68         char *override_name;
  69         char *override_label;
  70 };
  71
  72 struct oc_form_opt_select {
  73         struct oc_form_opt form;
  74         int nr_choices;
  75         struct oc_choice choices[0];
  76 };
  77
  78 /* All char * fields are static, owned by the XML parser */
  79 struct oc_auth_form {
  80         char *banner;
  81         char *message;
  82         char *error;
  83         char *auth_id;
  84         char *method;
  85         char *action;
  86         struct oc_form_opt *opts;
  87 };
  88
  89 /****************************************************************************/
  90
  91 struct pkt {
  92         int len;
  93         struct pkt *next;
  94         unsigned char hdr[8];
  95         unsigned char data[];
  96 };
  97
  98 struct vpn_option {
  99         char *option;
 100         char *value;
 101         struct vpn_option *next;
 102 };
 103
 104 #define KA_NONE         0
 105 #define KA_DPD          1
 106 #define KA_DPD_DEAD     2
 107 #define KA_KEEPALIVE    3
 108 #define KA_REKEY        4
 109
 110 struct keepalive_info {
 111         int dpd;
 112         int keepalive;
 113         int rekey;
 114         time_t last_rekey;
 115         time_t last_tx;
 116         time_t last_rx;
 117         time_t last_dpd;
 118 };
 119
 120 struct split_include {
 121         char *route;
 122         struct split_include *next;
 123 };
 124
 125 #define RECONNECT_INTERVAL_MIN  10
 126 #define RECONNECT_INTERVAL_MAX  100
 127
 128 #define CERT_TYPE_UNKNOWN       0
 129 #define CERT_TYPE_PEM           1
 130 #define CERT_TYPE_PKCS12        2
 131 #define CERT_TYPE_TPM           3
 132
 133 struct openconnect_info {
 134         char *redirect_url;
 135
 136         char *csd_token;
 137         char *csd_ticket;
 138         char *csd_stuburl;
 139         char *csd_starturl;
 140         char *csd_waiturl;
 141         char *csd_preurl;
 142
 143         char *csd_scriptname;
 144
 145         char *vpn_name;
 146
 147         char sid_tokencode[9];
 148         char sid_nexttokencode[9];
 149
 150 #ifdef OPENCONNECT_LIBPROXY
 151         pxProxyFactory *proxy_factory;
 152 #endif
 153         char *proxy_type;
 154         char *proxy;
 155         int proxy_port;
 156
 157         const char *localname;
 158         char *hostname;
 159         int port;
 160         char *urlpath;
 161         const char *cert;
 162         const char *sslkey;
 163         int cert_type;
 164         char *cert_password;
 165         const char *cafile;
 166         const char *servercert;
 167         const char *xmlconfig;
 168         char xmlsha1[(SHA_DIGEST_LENGTH * 2) + 1];
 169         char *username;
 170         char *password;
 171         char *authgroup;
 172         int nopasswd;
 173         char *dtls_ciphers;
 174         uid_t uid_csd;
 175         int uid_csd_given;
 176         int no_http_keepalive;
 177
 178         char *cookie;
 179         struct vpn_option *cookies;
 180         struct vpn_option *cstp_options;
 181         struct vpn_option *dtls_options;
 182
 183         SSL_CTX *https_ctx;
 184         SSL *https_ssl;
 185         struct keepalive_info ssl_times;
 186         int owe_ssl_dpd_response;
 187         struct pkt *deflate_pkt;
 188         struct pkt *current_ssl_pkt;
 189
 190         z_stream inflate_strm;
 191         uint32_t inflate_adler32;
 192         z_stream deflate_strm;
 193         uint32_t deflate_adler32;
 194
 195         int disable_ipv6;
 196         int reconnect_timeout;
 197         int reconnect_interval;
 198         int dtls_attempt_period;
 199         time_t new_dtls_started;
 200         SSL_CTX *dtls_ctx;
 201         SSL *dtls_ssl;
 202         SSL *new_dtls_ssl;
 203         SSL_SESSION *dtls_session;
 204         struct keepalive_info dtls_times;
 205         unsigned char dtls_session_id[32];
 206         unsigned char dtls_secret[48];
 207
 208         char *dtls_cipher;
 209         char *vpnc_script;
 210         int script_tun;
 211         char *ifname;
 212
 213         int mtu;
 214         const char *banner;
 215         const char *vpn_addr;
 216         const char *vpn_netmask;
 217         const char *vpn_addr6;
 218         const char *vpn_netmask6;
 219         const char *vpn_dns[3];
 220         const char *vpn_nbns[3];
 221         const char *vpn_domain;
 222         const char *vpn_proxy_pac;
 223         struct split_include *split_includes;
 224         struct split_include *split_excludes;
 225
 226         int select_nfds;
 227         fd_set select_rfds;
 228         fd_set select_wfds;
 229         fd_set select_efds;
 230
 231 #ifdef __sun__
 232         int ip_fd;
 233         int tun_muxid;
 234 #endif
 235         int tun_fd;
 236         int ssl_fd;
 237         int dtls_fd;
 238         int new_dtls_fd;
 239
 240         struct pkt *incoming_queue;
 241         struct pkt *outgoing_queue;
 242         int outgoing_qlen;
 243         int max_qlen;
 244
 245         socklen_t peer_addrlen;
 246         struct sockaddr *peer_addr;
 247         struct sockaddr *dtls_addr;
 248
 249         int deflate;
 250         char *useragent;
 251
 252         char *quit_reason;
 253
 254         int (*validate_peer_cert) (struct openconnect_info *vpninfo, X509 *cert);
 255         int (*write_new_config) (struct openconnect_info *vpninfo, char *buf, int buflen);
 256         int (*process_auth_form) (struct openconnect_info *vpninfo, struct oc_auth_form *form);
 257
 258         void __attribute__ ((format(printf, 3, 4)))
 259         (*progress) (struct openconnect_info *vpninfo, int level, const char *fmt, ...);
 260 };
 261
 262 #define PRG_ERR         0
 263 #define PRG_INFO        1
 264 #define PRG_DEBUG       2
 265 #define PRG_TRACE       3
 266
 267 /* Packet types */
 268
 269 #define AC_PKT_DATA             0       /* Uncompressed data */
 270 #define AC_PKT_DPD_OUT          3       /* Dead Peer Detection */
 271 #define AC_PKT_DPD_RESP         4       /* DPD response */
 272 #define AC_PKT_DISCONN          5       /* Client disconnection notice */
 273 #define AC_PKT_KEEPALIVE        7       /* Keepalive */
 274 #define AC_PKT_COMPRESSED       8       /* Compressed data */
 275 #define AC_PKT_TERM_SERVER      9       /* Server kick */
 276
 277 /* Ick */
 278 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
 279 #define method_const const
 280 #else
 281 #define method_const
 282 #endif
 283
 284 /****************************************************************************/
 285
 286 /* tun.c */
 287 int setup_tun(struct openconnect_info *vpninfo);
 288 int tun_mainloop(struct openconnect_info *vpninfo, int *timeout);
 289 void shutdown_tun(struct openconnect_info *vpninfo);
 290
 291 /* dtls.c */
 292 unsigned char unhex(const char *data);
 293 int setup_dtls(struct openconnect_info *vpninfo);
 294 int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout);
 295 int dtls_try_handshake(struct openconnect_info *vpninfo);
 296 int connect_dtls_socket(struct openconnect_info *vpninfo);
 297
 298 /* cstp.c */
 299 int make_cstp_connection(struct openconnect_info *vpninfo);
 300 int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout);
 301 int cstp_bye(struct openconnect_info *vpninfo, char *reason);
 302
 303 /* ssl.c */
 304 void openconnect_init_openssl(void);
 305 int  __attribute__ ((format (printf, 2, 3)))
 306                 openconnect_SSL_printf(SSL *ssl, const char *fmt, ...);
 307 int openconnect_SSL_gets(SSL *ssl, char *buf, size_t len);
 308 int openconnect_open_https(struct openconnect_info *vpninfo);
 309 void openconnect_close_https(struct openconnect_info *vpninfo);
 310 int get_cert_md5_fingerprint(struct openconnect_info *vpninfo, X509 *cert,
 311                              char *buf);
 312 int get_cert_sha1_fingerprint(struct openconnect_info *vpninfo, X509 *cert,
 313                               char *buf);
 314 void report_ssl_errors(struct openconnect_info *vpninfo);
 315 int passphrase_from_fsid(struct openconnect_info *vpninfo);
 316
 317 /* mainloop.c */
 318 int vpn_add_pollfd(struct openconnect_info *vpninfo, int fd, short events);
 319 int vpn_mainloop(struct openconnect_info *vpninfo);
 320 int queue_new_packet(struct pkt **q, void *buf, int len);
 321 void queue_packet(struct pkt **q, struct pkt *new);
 322 int keepalive_action(struct keepalive_info *ka, int *timeout);
 323 int ka_stalled_dpd_time(struct keepalive_info *ka, int *timeout);
 324
 325 extern int killed;
 326
 327 /* xml.c */
 328 int config_lookup_host(struct openconnect_info *vpninfo, const char *host);
 329
 330 /* auth.c */
 331 int parse_xml_response(struct openconnect_info *vpninfo, char *response,
 332                        char *request_body, int req_len, char **method,
 333                        char **request_body_type);
 334
 335 /* http.c */
 336 int openconnect_obtain_cookie(struct openconnect_info *vpninfo);
 337 char *openconnect_create_useragent(char *base);
 338 int process_proxy(struct openconnect_info *vpninfo, int ssl_sock);
 339 int parse_url(char *url, char **res_proto, char **res_host, int *res_port,
 340               char **res_path, int default_port);
 341 int set_http_proxy(struct openconnect_info *vpninfo, char *proxy);
 342
 343 /* ssl_ui.c */
 344 int set_openssl_ui(void);
 345
 346 /* securid.c */
 347 int generate_securid_tokencodes(struct openconnect_info *vpninfo);
 348 int add_securid_pin(char *token, char *pin);
 349
 350 /* version.c */
 351 extern char openconnect_version[];
 352
 353 #endif /* __OPENCONNECT_ANYCONNECT_H */