X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=openconnect-internal.h;h=4b4c4550b1704217f54d518dd15f349e37e3bf01;hb=HEAD;hp=a79b27d7770f189eea00ae2c8b31da42da624266;hpb=5865b7df165c8560f78d057eb7ef53ba7f813470;p=platform%2Fupstream%2Fopenconnect.git

diff --git a/openconnect-internal.h b/openconnect-internal.h
index a79b27d..4b4c455 100644
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -28,7 +28,27 @@
 
 #include "openconnect.h"
 
+#if defined (OPENCONNECT_OPENSSL) || defined(DTLS_OPENSSL)
 #include <openssl/ssl.h>
+#include <openssl/err.h>
+/* Ick */
+#if OPENSSL_VERSION_NUMBER >= 0x00909000L
+#define method_const const
+#else
+#define method_const
+#endif
+#endif /* OPENSSL */
+
+#if defined (OPENCONNECT_GNUTLS)
+#include <gnutls/gnutls.h>
+#include <gnutls/abstract.h>
+#include <gnutls/x509.h>
+#ifdef HAVE_TROUSERS
+#include <trousers/tss.h>
+#include <trousers/trousers.h>
+#endif
+#endif
+
 #include <zlib.h>
 #include <stdint.h>
 #include <sys/socket.h>
@@ -36,9 +56,15 @@
 #include <sys/time.h>
 #include <sys/types.h>
 #include <unistd.h>
+
 #ifdef LIBPROXY_HDR
 #include LIBPROXY_HDR
 #endif
+
+#ifdef LIBSTOKEN_HDR
+#include LIBSTOKEN_HDR
+#endif
+
 #ifdef ENABLE_NLS
 #include <locale.h>
 #include <libintl.h>
@@ -48,7 +74,10 @@
 #endif
 #define N_(s) s
 
+#include <libxml/tree.h>
+
 #define SHA1_SIZE 20
+#define MD5_SIZE 16
 
 /****************************************************************************/
 
@@ -86,6 +115,12 @@ struct split_include {
 	struct split_include *next;
 };
 
+struct pin_cache {
+	struct pin_cache *next;
+	char *token;
+	char *pin;
+};
+
 #define RECONNECT_INTERVAL_MIN	10
 #define RECONNECT_INTERVAL_MAX	100
 
@@ -94,9 +129,16 @@ struct split_include {
 #define CERT_TYPE_PKCS12	2
 #define CERT_TYPE_TPM		3
 
+#define REDIR_TYPE_NONE		0
+#define REDIR_TYPE_NEWHOST	1
+#define REDIR_TYPE_LOCAL	2
+
 struct openconnect_info {
 	char *redirect_url;
+	int redirect_type;
 
+	const char *csd_xmltag;
+	const char *platname;
 	char *csd_token;
 	char *csd_ticket;
 	char *csd_stuburl;
@@ -105,6 +147,7 @@ struct openconnect_info {
 	char *csd_preurl;
 
 	char *csd_scriptname;
+	xmlNode *opaque_srvdata;
 
 #ifdef LIBPROXY_HDR
 	pxProxyFactory *proxy_factory;
@@ -120,7 +163,6 @@ struct openconnect_info {
 	int cert_expire_warning;
 	const char *cert;
 	const char *sslkey;
-	X509 *cert_x509;
 	int cert_type;
 	char *cert_password;
 	const char *cafile;
@@ -137,15 +179,46 @@ struct openconnect_info {
 	int uid_csd_given;
 	int no_http_keepalive;
 
-	X509 *peer_cert;
+#ifdef LIBSTOKEN_HDR
+	struct stoken_ctx *stoken_ctx;
+#endif
+	int use_stoken;
+	int stoken_bypassed;
+	int stoken_tries;
+	time_t stoken_time;
+	char *stoken_pin;
+
+	OPENCONNECT_X509 *peer_cert;
 
 	char *cookie; /* Pointer to within cookies list */
 	struct vpn_option *cookies;
 	struct vpn_option *cstp_options;
 	struct vpn_option *dtls_options;
 
+#if defined(OPENCONNECT_OPENSSL)
+	X509 *cert_x509;
 	SSL_CTX *https_ctx;
 	SSL *https_ssl;
+#elif defined(OPENCONNECT_GNUTLS)
+	gnutls_session_t https_sess;
+	gnutls_certificate_credentials_t https_cred;
+	struct pin_cache *pin_cache;
+#ifdef HAVE_TROUSERS
+	TSS_HCONTEXT tpm_context;
+	TSS_HKEY srk;
+	TSS_HPOLICY srk_policy;
+	TSS_HKEY tpm_key;
+	TSS_HPOLICY tpm_key_policy;
+#endif
+#ifndef HAVE_GNUTLS_CERTIFICATE_SET_KEY
+#ifdef HAVE_P11KIT
+	gnutls_pkcs11_privkey_t my_p11key;
+#endif
+	gnutls_privkey_t my_pkey;
+	gnutls_x509_crt_t *my_certs;
+	unsigned int nr_my_certs;
+#endif
+#endif /* OPENCONNECT_GNUTLS */
 	struct keepalive_info ssl_times;
 	int owe_ssl_dpd_response;
 	struct pkt *deflate_pkt;
@@ -162,10 +235,20 @@ struct openconnect_info {
 	int reconnect_interval;
 	int dtls_attempt_period;
 	time_t new_dtls_started;
+#if defined(DTLS_OPENSSL)
 	SSL_CTX *dtls_ctx;
 	SSL *dtls_ssl;
 	SSL *new_dtls_ssl;
 	SSL_SESSION *dtls_session;
+#elif defined(DTLS_GNUTLS)
+	/* Call these *_ssl rather than *_sess because they're just
+	   pointers, and generic code (in mainloop.c for example)
+	   wants to check if they're NULL or not. No point in being
+	   differently named to the OpenSSL variant, and forcing us to
+	   have ifdefs or accessor macros for them. */
+	gnutls_session_t dtls_ssl;
+	gnutls_session_t new_dtls_ssl;
+#endif
 	struct keepalive_info dtls_times;
 	unsigned char dtls_session_id[32];
 	unsigned char dtls_secret[48];
@@ -175,7 +258,8 @@ struct openconnect_info {
 	int script_tun;
 	char *ifname;
 
-	int mtu;
+	int actual_mtu;
+	int reqmtu, basemtu;
 	const char *banner;
 	const char *vpn_addr;
 	const char *vpn_netmask;
@@ -185,6 +269,7 @@ struct openconnect_info {
 	const char *vpn_nbns[3];
 	const char *vpn_domain;
 	const char *vpn_proxy_pac;
+	struct split_include *split_dns;
 	struct split_include *split_includes;
 	struct split_include *split_excludes;
 
@@ -212,6 +297,8 @@ struct openconnect_info {
 	struct sockaddr *peer_addr;
 	struct sockaddr *dtls_addr;
 
+	int dtls_local_port;
+
 	int deflate;
 	char *useragent;
 
@@ -224,6 +311,11 @@ struct openconnect_info {
 	openconnect_progress_vfn progress;
 };
 
+#if (defined (DTLS_OPENSSL) && defined (SSL_OP_CISCO_ANYCONNECT)) || \
+    (defined (DTLS_GNUTLS) && defined (HAVE_GNUTLS_SESSION_SET_PREMASTER))
+#define HAVE_DTLS 1
+#endif
+
 /* Packet types */
 
 #define AC_PKT_DATA		0	/* Uncompressed data */
@@ -234,13 +326,6 @@ struct openconnect_info {
 #define AC_PKT_COMPRESSED	8	/* Compressed data */
 #define AC_PKT_TERM_SERVER	9	/* Server kick */
 
-/* Ick */
-#if OPENSSL_VERSION_NUMBER >= 0x00909000L
-#define method_const const
-#else
-#define method_const
-#endif
-
 #define vpn_progress(vpninfo, ...) (vpninfo)->progress ((vpninfo)->cbdata, __VA_ARGS__)
 
 /****************************************************************************/
@@ -257,6 +342,10 @@ int openconnect__asprintf(char **strp, const char *fmt, ...);
 #define getline openconnect__getline
 ssize_t openconnect__getline(char **lineptr, size_t *n, FILE *stream);
 #endif
+#ifndef HAVE_STRCASESTR
+#define strcasestr openconnect__strcasestr
+char *openconnect__strcasestr(const char *haystack, const char *needle);
+#endif
 
 /****************************************************************************/
 
@@ -280,19 +369,33 @@ int cstp_bye(struct openconnect_info *vpninfo, const char *reason);
 int cstp_reconnect(struct openconnect_info *vpninfo);
 
 /* ssl.c */
+int connect_https_socket(struct openconnect_info *vpninfo);
+int request_passphrase(struct openconnect_info *vpninfo, const char *label,
+		       char **response, const char *fmt, ...);
 int  __attribute__ ((format (printf, 2, 3)))
     openconnect_SSL_printf(struct openconnect_info *vpninfo, const char *fmt, ...);
+int openconnect_print_err_cb(const char *str, size_t len, void *ptr);
+#define openconnect_report_ssl_errors(v) ERR_print_errors_cb(openconnect_print_err_cb, (v))
+#ifdef FAKE_ANDROID_KEYSTORE
+#define ANDROID_KEYSTORE
+#endif
+#ifdef ANDROID_KEYSTORE
+char *keystore_strerror(int err);
+int keystore_fetch(const char *key, unsigned char **result);
+#endif
+
+/* ${SSL_LIBRARY}.c */
 int openconnect_SSL_gets(struct openconnect_info *vpninfo, char *buf, size_t len);
 int openconnect_SSL_write(struct openconnect_info *vpninfo, char *buf, size_t len);
 int openconnect_SSL_read(struct openconnect_info *vpninfo, char *buf, size_t len);
 int openconnect_open_https(struct openconnect_info *vpninfo);
-void openconnect_close_https(struct openconnect_info *vpninfo);
-int get_cert_md5_fingerprint(struct openconnect_info *vpninfo, X509 *cert,
+void openconnect_close_https(struct openconnect_info *vpninfo, int final);
+int get_cert_md5_fingerprint(struct openconnect_info *vpninfo, OPENCONNECT_X509 *cert,
 			     char *buf);
-void openconnect_report_ssl_errors(struct openconnect_info *vpninfo);
-
-/* ${SSL_LIBRARY}.c */
 int openconnect_sha1(unsigned char *result, void *data, int len);
+int openconnect_random(void *bytes, int len);
+int openconnect_local_cert_md5(struct openconnect_info *vpninfo,
+			       char *buf);
 
 /* mainloop.c */
 int vpn_add_pollfd(struct openconnect_info *vpninfo, int fd, short events);
@@ -300,7 +403,7 @@ int vpn_mainloop(struct openconnect_info *vpninfo);
 int queue_new_packet(struct pkt **q, void *buf, int len);
 void queue_packet(struct pkt **q, struct pkt *new);
 int keepalive_action(struct keepalive_info *ka, int *timeout);
-int ka_stalled_dpd_time(struct keepalive_info *ka, int *timeout);
+int ka_stalled_action(struct keepalive_info *ka, int *timeout);
 
 extern int killed;
 
@@ -308,9 +411,13 @@ extern int killed;
 int config_lookup_host(struct openconnect_info *vpninfo, const char *host);
 
 /* auth.c */
-int parse_xml_response(struct openconnect_info *vpninfo, char *response,
-		       char *request_body, int req_len, const char **method,
-		       const char **request_body_type);
+int parse_xml_response(struct openconnect_info *vpninfo, char *response, struct oc_auth_form **form);
+int handle_auth_form(struct openconnect_info *vpninfo, struct oc_auth_form *form,
+		     char *request_body, int req_len, const char **method,
+		     const char **request_body_type, int xmlpost);
+void free_auth_form(struct oc_auth_form *form);
+int xmlpost_initial_req(struct openconnect_info *vpninfo, char *request_body, int req_len);
+int prepare_stoken(struct openconnect_info *vpninfo);
 
 /* http.c */
 char *openconnect_create_useragent(const char *base);
@@ -321,10 +428,6 @@ int internal_parse_url(char *url, char **res_proto, char **res_host,
 /* ssl_ui.c */
 int set_openssl_ui(void);
 
-/* securid.c */
-int generate_securid_tokencodes(struct openconnect_info *vpninfo);
-int add_securid_pin(char *token, char *pin);
-
 /* version.c */
 extern const char *openconnect_version_str;