openconnect.h

   1 /*
   2  * OpenConnect (SSL + DTLS) VPN client
   3  *
   4  * Copyright © 2008 Intel Corporation.
   5  * Copyright © 2008 Nick Andrew <nick@nick-andrew.net>
   6  *
   7  * Author: David Woodhouse <dwmw2@infradead.org>
   8  *
   9  * This program is free software; you can redistribute it and/or
  10  * modify it under the terms of the GNU Lesser General Public License
  11  * version 2.1, as published by the Free Software Foundation.
  12  *
  13  * This program is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * Lesser General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU Lesser General Public
  19  * License along with this library; if not, write to:
  20  *
  21  *   Free Software Foundation, Inc.
  22  *   51 Franklin Street, Fifth Floor,
  23  *   Boston, MA 02110-1301 USA
  24  */
  25
  26 #ifndef __OPENCONNECT_ANYCONNECT_H
  27 #define __OPENCONNECT_ANYCONNECT_H
  28
  29 #include <openssl/ssl.h>
  30 #include <zlib.h>
  31 #include <stdint.h>
  32 #include <sys/socket.h>
  33 #include <sys/select.h>
  34 #include <sys/time.h>
  35 #include <sys/types.h>
  36 #include <unistd.h>
  37
  38 struct pkt {
  39         int type;
  40         int len;
  41         struct pkt *next;
  42         unsigned char hdr[8];
  43         unsigned char data[];
  44 };
  45
  46 struct vpn_option {
  47         char *option;
  48         char *value;
  49         struct vpn_option *next;
  50 };
  51
  52 #define KA_NONE         0
  53 #define KA_DPD          1
  54 #define KA_DPD_DEAD     2
  55 #define KA_KEEPALIVE    3
  56 #define KA_REKEY        4
  57
  58 struct keepalive_info {
  59         int dpd;
  60         int keepalive;
  61         int rekey;
  62         time_t last_rekey;
  63         time_t last_tx;
  64         time_t last_rx;
  65         time_t last_dpd;
  66 };
  67
  68 struct split_include {
  69         char *route;
  70         struct split_include *next;
  71 };
  72
  73 #define RECONNECT_INTERVAL_MIN  10
  74 #define RECONNECT_INTERVAL_MAX  100
  75
  76 struct openconnect_info {
  77         char *redirect_url;
  78
  79         char *vpn_name;
  80
  81         char sid_tokencode[9];
  82         char sid_nexttokencode[9];
  83
  84         const char *localname;
  85         char *hostname;
  86         char *urlpath;
  87         const char *cert;
  88         const char *sslkey;
  89         int tpm;
  90         char *tpmpass;
  91         const char *cafile;
  92         const char *xmlconfig;
  93         char xmlsha1[(SHA_DIGEST_LENGTH * 2) + 1];
  94         char *username;
  95         char *password;
  96         int nopasswd;
  97
  98         char *cookie;
  99         struct vpn_option *cookies;
 100         struct vpn_option *cstp_options;
 101         struct vpn_option *dtls_options;
 102
 103         SSL_CTX *https_ctx;
 104         SSL *https_ssl;
 105         struct keepalive_info ssl_times;
 106         int owe_ssl_dpd_response;
 107         struct pkt *deflate_pkt;
 108         struct pkt *current_ssl_pkt;
 109
 110         z_stream inflate_strm;
 111         uint32_t inflate_adler32;
 112         z_stream deflate_strm;
 113         uint32_t deflate_adler32;
 114
 115         int reconnect_timeout;
 116         int reconnect_interval;
 117         int dtls_attempt_period;
 118         time_t new_dtls_started;
 119         SSL_CTX *dtls_ctx;
 120         SSL *dtls_ssl;
 121         SSL *new_dtls_ssl;
 122         SSL_SESSION *dtls_session;
 123         struct keepalive_info dtls_times;
 124         unsigned char dtls_session_id[32];
 125         unsigned char dtls_secret[48];
 126
 127         char *vpnc_script;
 128         int script_tun;
 129         char *ifname;
 130
 131         int mtu;
 132         const char *vpn_addr;
 133         const char *vpn_netmask;
 134         const char *vpn_dns[3];
 135         const char *vpn_nbns[3];
 136         const char *vpn_domain;
 137         struct split_include *split_includes;
 138
 139         int select_nfds;
 140         fd_set select_rfds;
 141         fd_set select_wfds;
 142         fd_set select_efds;
 143
 144         int tun_fd;
 145         int ssl_fd;
 146         int dtls_fd;
 147         int new_dtls_fd;
 148
 149         struct pkt *incoming_queue;
 150         struct pkt *outgoing_queue;
 151         int outgoing_qlen;
 152         int max_qlen;
 153
 154         socklen_t peer_addrlen;
 155         struct sockaddr *peer_addr;
 156
 157         int deflate;
 158         const char *useragent;
 159
 160         char *quit_reason;
 161
 162         int (*validate_peer_cert) (struct openconnect_info *vpninfo, X509 *cert);
 163         int (*write_new_config) (struct openconnect_info *vpninfo, char *buf, int buflen);
 164
 165         void __attribute__ ((format(printf, 3, 4)))
 166         (*progress) (struct openconnect_info *vpninfo, int level, const char *fmt, ...);
 167 };
 168
 169 #define PRG_ERR         0
 170 #define PRG_INFO        1
 171 #define PRG_DEBUG       2
 172 #define PRG_TRACE       3
 173
 174 /* Packet types */
 175
 176 #define AC_PKT_DATA             0       /* Uncompressed data */
 177 #define AC_PKT_DPD_OUT          3       /* Dead Peer Detection */
 178 #define AC_PKT_DPD_RESP         4       /* DPD response */
 179 #define AC_PKT_DISCONN          5       /* Client disconnection notice */
 180 #define AC_PKT_KEEPALIVE        7       /* Keepalive */
 181 #define AC_PKT_COMPRESSED       8       /* Compressed data */
 182 #define AC_PKT_TERM_SERVER      9       /* Server kick */
 183
 184
 185 /* tun.c */
 186 int setup_tun(struct openconnect_info *vpninfo);
 187 int tun_mainloop(struct openconnect_info *vpninfo, int *timeout);
 188
 189 /* dtls.c */
 190 int setup_dtls(struct openconnect_info *vpninfo);
 191 int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout);
 192 int dtls_try_handshake(struct openconnect_info *vpninfo);
 193 int connect_dtls_socket(struct openconnect_info *vpninfo);
 194
 195 /* cstp.c */
 196 int make_cstp_connection(struct openconnect_info *vpninfo);
 197 int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout);
 198 int cstp_bye(struct openconnect_info *vpninfo, char *reason);
 199
 200 /* ssl.c */
 201 void openconnect_init_openssl(void);
 202 int  __attribute__ ((format (printf, 2, 3)))
 203                 openconnect_SSL_printf(SSL *ssl, const char *fmt, ...);
 204 int openconnect_SSL_gets(SSL *ssl, char *buf, size_t len);
 205 int openconnect_open_https(struct openconnect_info *vpninfo);
 206 void openconnect_close_https(struct openconnect_info *vpninfo);
 207
 208 /* main.c */
 209 extern int verbose;
 210
 211 /* mainloop.c */
 212 int vpn_add_pollfd(struct openconnect_info *vpninfo, int fd, short events);
 213 int vpn_mainloop(struct openconnect_info *vpninfo);
 214 int queue_new_packet(struct pkt **q, int type, void *buf, int len);
 215 void queue_packet(struct pkt **q, struct pkt *new);
 216 int keepalive_action(struct keepalive_info *ka, int *timeout);
 217 int ka_stalled_dpd_time(struct keepalive_info *ka, int *timeout);
 218
 219 extern int killed;
 220
 221 /* xml.c */
 222 int config_lookup_host(struct openconnect_info *vpninfo, const char *host);
 223
 224 /* http.c */
 225 int openconnect_obtain_cookie(struct openconnect_info *vpninfo);
 226 char *openconnect_create_useragent(char *base);
 227
 228 /* ssl_ui.c */
 229 int set_openssl_ui(void);
 230
 231 /* securid.c */
 232 int generate_securid_tokencodes(struct openconnect_info *vpninfo);
 233 int add_securid_pin(char *token, char *pin);
 234
 235 /* version.c */
 236 extern char openconnect_version[];
 237
 238 #endif /* __OPENCONNECT_ANYCONNECT_H */