opt->form.label = (char *)xmlGetProp(xml_node, (unsigned char *)"label");
if (!opt->form.name) {
- vpninfo->progress(vpninfo, PRG_ERR, "Form choice has no name\n");
+ vpn_progress(vpninfo, PRG_ERR, "Form choice has no name\n");
free(opt);
return -EINVAL;
}
continue;
}
if (strcmp((char *)xml_node->name, "input")) {
- vpninfo->progress(vpninfo, PRG_TRACE, "name %s not input\n", xml_node->name);
+ vpn_progress(vpninfo, PRG_TRACE, "name %s not input\n", xml_node->name);
continue;
}
input_type = (char *)xmlGetProp(xml_node, (unsigned char *)"type");
if (!input_type) {
- vpninfo->progress(vpninfo, PRG_INFO, "No input type in form\n");
+ vpn_progress(vpninfo, PRG_INFO, "No input type in form\n");
continue;
}
input_name = (char *)xmlGetProp(xml_node, (unsigned char *)"name");
if (!input_name) {
- vpninfo->progress(vpninfo, PRG_INFO, "No input name in form\n");
+ vpn_progress(vpninfo, PRG_INFO, "No input name in form\n");
free(input_type);
continue;
}
else if (!strcmp(input_type, "password"))
opt->type = OC_FORM_OPT_PASSWORD;
else {
- vpninfo->progress(vpninfo, PRG_INFO,
+ vpn_progress(vpninfo, PRG_INFO,
"Unknown input type %s in form\n",
input_type);
free(input_type);
*p = opt;
}
- vpninfo->progress(vpninfo, PRG_TRACE, "Fixed options give %s\n", body);
+ vpn_progress(vpninfo, PRG_TRACE, "Fixed options give %s\n", body);
return 0;
}
xml_doc = xmlReadMemory(response, strlen(response), "noname.xml", NULL, 0);
if (!xml_doc) {
- vpninfo->progress(vpninfo, PRG_ERR, "Failed to parse server response\n");
- vpninfo->progress(vpninfo, PRG_TRACE, "Response was:%s\n", response);
+ vpn_progress(vpninfo, PRG_ERR, "Failed to parse server response\n");
+ vpn_progress(vpninfo, PRG_TRACE, "Response was:%s\n", response);
free(form);
return -EINVAL;
}
xml_node = xmlDocGetRootElement(xml_doc);
if (xml_node->type != XML_ELEMENT_NODE || strcmp((char *)xml_node->name, "auth")) {
- vpninfo->progress(vpninfo, PRG_ERR, "XML response has no \"auth\" root node\n");
+ vpn_progress(vpninfo, PRG_ERR, "XML response has no \"auth\" root node\n");
ret = -EINVAL;
goto out;
}
}
if (vpninfo->nopasswd) {
- vpninfo->progress(vpninfo, PRG_ERR, "Asked for password but '--no-passwd' set\n");
+ vpn_progress(vpninfo, PRG_ERR, "Asked for password but '--no-passwd' set\n");
ret = -EPERM;
goto out;
}
form->action = (char *)xmlGetProp(xml_node, (unsigned char *)"action");
if (!form->method || !form->action ||
strcasecmp(form->method, "POST") || !form->action[0]) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Cannot handle form method='%s', action='%s'\n",
form->method, form->action);
ret = -EINVAL;
}
if (!form->opts) {
if (form->message)
- vpninfo->progress(vpninfo, PRG_INFO, "%s\n", form->message);
+ vpn_progress(vpninfo, PRG_INFO, "%s\n", form->message);
if (form->error)
- vpninfo->progress(vpninfo, PRG_ERR, "%s\n", form->error);
+ vpn_progress(vpninfo, PRG_ERR, "%s\n", form->error);
ret = -EPERM;
goto out;
}
if (vpninfo->process_auth_form)
- ret = vpninfo->process_auth_form(vpninfo, form);
+ ret = vpninfo->process_auth_form(vpninfo->cbdata, form);
else
ret = process_auth_form(vpninfo, form);
if (ret)
choice_resp[0] = 0;
if (!ui) {
- vpninfo->progress(vpninfo, PRG_ERR, "Failed to create UI\n");
+ vpn_progress(vpninfo, PRG_ERR, "Failed to create UI\n");
return -EINVAL;
}
if (form->banner) {
}
}
if (!opt->value)
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Auth choice \"%s\" not available\n",
vpninfo->authgroup);
}
goto out_ui;
case -1:
/* error */
- vpninfo->progress(vpninfo, PRG_ERR, "Invalid inputs\n");
+ vpn_progress(vpninfo, PRG_ERR, "Invalid inputs\n");
ret = -EINVAL;
out_ui:
UI_free(ui);
}
}
if (!select_opt->form.value) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Auth choice \"%s\" not valid\n",
choice_resp);
return -EINVAL;
vpninfo->dtls_ciphers?:"AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA");
if (openconnect_SSL_gets(vpninfo->https_ssl, buf, 65536) < 0) {
- vpninfo->progress(vpninfo, PRG_ERR, "Error fetching HTTPS response\n");
+ vpn_progress(vpninfo, PRG_ERR, "Error fetching HTTPS response\n");
if (!retried) {
retried = 1;
openconnect_close_https(vpninfo);
if (openconnect_open_https(vpninfo)) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Failed to open HTTPS connection to %s\n",
vpninfo->hostname);
exit(1);
break;
}
}
- vpninfo->progress(vpninfo, PRG_ERR, "VPN service unavailable; reason: %s\n",
+ vpn_progress(vpninfo, PRG_ERR, "VPN service unavailable; reason: %s\n",
reason);
return -EINVAL;
}
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Got inappropriate HTTP CONNECT response: %s\n",
buf);
if (!strncmp(buf, "HTTP/1.1 401 ", 13))
return -EINVAL;
}
- vpninfo->progress(vpninfo, PRG_INFO,
+ vpn_progress(vpninfo, PRG_INFO,
"Got CONNECT response: %s\n", buf);
/* We may have advertised it, but we only do it if the server agrees */
new_option = malloc(sizeof(*new_option));
if (!new_option) {
- vpninfo->progress(vpninfo, PRG_ERR, "No memory for options\n");
+ vpn_progress(vpninfo, PRG_ERR, "No memory for options\n");
return -ENOMEM;
}
new_option->option = strdup(buf);
new_option->next = NULL;
if (!new_option->option || !new_option->value) {
- vpninfo->progress(vpninfo, PRG_ERR, "No memory for options\n");
+ vpn_progress(vpninfo, PRG_ERR, "No memory for options\n");
return -ENOMEM;
}
- vpninfo->progress(vpninfo, PRG_TRACE, "%s: %s\n", buf, colon);
+ vpn_progress(vpninfo, PRG_TRACE, "%s: %s\n", buf, colon);
if (!strncmp(buf, "X-DTLS-", 7)) {
*next_dtls_option = new_option;
if (!strcmp(buf + 7, "Session-ID")) {
if (strlen(colon) != 64) {
- vpninfo->progress(vpninfo, PRG_ERR, "X-DTLS-Session-ID not 64 characters\n");
- vpninfo->progress(vpninfo, PRG_ERR, "Is: %s\n", colon);
+ vpn_progress(vpninfo, PRG_ERR, "X-DTLS-Session-ID not 64 characters\n");
+ vpn_progress(vpninfo, PRG_ERR, "Is: %s\n", colon);
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
if (!strcmp(colon, "deflate"))
vpninfo->deflate = 1;
else {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Unknown CSTP-Content-Encoding %s\n",
colon);
return -EINVAL;
}
if (!vpninfo->vpn_addr && !vpninfo->vpn_addr6) {
- vpninfo->progress(vpninfo, PRG_ERR, "No IP address received. Aborting\n");
+ vpn_progress(vpninfo, PRG_ERR, "No IP address received. Aborting\n");
return -EINVAL;
}
if (old_addr) {
if (strcmp(old_addr, vpninfo->vpn_addr)) {
- vpninfo->progress(vpninfo, PRG_ERR, "Reconnect gave different Legacy IP address (%s != %s)\n",
+ vpn_progress(vpninfo, PRG_ERR, "Reconnect gave different Legacy IP address (%s != %s)\n",
vpninfo->vpn_addr, old_addr);
return -EINVAL;
}
}
if (old_netmask) {
if (strcmp(old_netmask, vpninfo->vpn_netmask)) {
- vpninfo->progress(vpninfo, PRG_ERR, "Reconnect gave different Legacy IP netmask (%s != %s)\n",
+ vpn_progress(vpninfo, PRG_ERR, "Reconnect gave different Legacy IP netmask (%s != %s)\n",
vpninfo->vpn_netmask, old_netmask);
return -EINVAL;
}
}
if (old_addr6) {
if (strcmp(old_addr6, vpninfo->vpn_addr6)) {
- vpninfo->progress(vpninfo, PRG_ERR, "Reconnect gave different IPv6 address (%s != %s)\n",
+ vpn_progress(vpninfo, PRG_ERR, "Reconnect gave different IPv6 address (%s != %s)\n",
vpninfo->vpn_addr6, old_addr6);
return -EINVAL;
}
}
if (old_netmask6) {
if (strcmp(old_netmask6, vpninfo->vpn_netmask6)) {
- vpninfo->progress(vpninfo, PRG_ERR, "Reconnect gave different IPv6 netmask (%s != %s)\n",
+ vpn_progress(vpninfo, PRG_ERR, "Reconnect gave different IPv6 netmask (%s != %s)\n",
vpninfo->vpn_netmask6, old_netmask6);
return -EINVAL;
}
free(tmp->option);
free(tmp);
}
- vpninfo->progress(vpninfo, PRG_INFO, "CSTP connected. DPD %d, Keepalive %d\n",
+ vpn_progress(vpninfo, PRG_INFO, "CSTP connected. DPD %d, Keepalive %d\n",
vpninfo->ssl_times.dpd, vpninfo->ssl_times.keepalive);
BIO_set_nbio(SSL_get_rbio(vpninfo->https_ssl), 1);
if (inflateInit2(&vpninfo->inflate_strm, -12) ||
deflateInit2(&vpninfo->deflate_strm, Z_DEFAULT_COMPRESSION,
Z_DEFLATED, -12, 9, Z_DEFAULT_STRATEGY)) {
- vpninfo->progress(vpninfo, PRG_ERR, "Compression setup failed\n");
+ vpn_progress(vpninfo, PRG_ERR, "Compression setup failed\n");
vpninfo->deflate = 0;
}
if (!vpninfo->deflate_pkt) {
vpninfo->deflate_pkt = malloc(sizeof(struct pkt) + 2048);
if (!vpninfo->deflate_pkt) {
- vpninfo->progress(vpninfo, PRG_ERR, "Allocation of deflate buffer failed\n");
+ vpn_progress(vpninfo, PRG_ERR, "Allocation of deflate buffer failed\n");
vpninfo->deflate = 0;
}
memset(vpninfo->deflate_pkt, 0, sizeof(struct pkt));
while ((ret = make_cstp_connection(vpninfo))) {
if (timeout <= 0)
return ret;
- vpninfo->progress(vpninfo, PRG_INFO,
+ vpn_progress(vpninfo, PRG_INFO,
"sleep %ds, remaining timeout %ds\n",
interval, timeout);
sleep(interval);
vpninfo->inflate_strm.total_out = 0;
if (inflate(&vpninfo->inflate_strm, Z_SYNC_FLUSH)) {
- vpninfo->progress(vpninfo, PRG_ERR, "inflate failed\n");
+ vpn_progress(vpninfo, PRG_ERR, "inflate failed\n");
free(new);
return -EINVAL;
}
vpninfo->quit_reason = "Compression (inflate) adler32 failure";
}
- vpninfo->progress(vpninfo, PRG_TRACE,
+ vpn_progress(vpninfo, PRG_TRACE,
"Received compressed data packet of %ld bytes\n",
vpninfo->inflate_strm.total_out);
payload_len = (buf[4] << 8) + buf[5];
if (len != 8 + payload_len) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Unexpected packet length. SSL_read returned %d but packet is\n",
len);
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"%02x %02x %02x %02x %02x %02x %02x %02x\n",
buf[0], buf[1], buf[2], buf[3],
buf[4], buf[5], buf[6], buf[7]);
vpninfo->ssl_times.last_rx = time(NULL);
switch(buf[6]) {
case AC_PKT_DPD_OUT:
- vpninfo->progress(vpninfo, PRG_TRACE,
+ vpn_progress(vpninfo, PRG_TRACE,
"Got CSTP DPD request\n");
vpninfo->owe_ssl_dpd_response = 1;
continue;
case AC_PKT_DPD_RESP:
- vpninfo->progress(vpninfo, PRG_TRACE,
+ vpn_progress(vpninfo, PRG_TRACE,
"Got CSTP DPD response\n");
continue;
case AC_PKT_KEEPALIVE:
- vpninfo->progress(vpninfo, PRG_TRACE,
+ vpn_progress(vpninfo, PRG_TRACE,
"Got CSTP Keepalive\n");
continue;
case AC_PKT_DATA:
- vpninfo->progress(vpninfo, PRG_TRACE,
+ vpn_progress(vpninfo, PRG_TRACE,
"Received uncompressed data packet of %d bytes\n",
payload_len);
queue_new_packet(&vpninfo->incoming_queue, buf + 8,
buf[payload_len + 8 + i] = '.';
}
buf[payload_len + 8] = 0;
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Received server disconnect: %02x '%s'\n", buf[8], buf + 9);
vpninfo->quit_reason = "Server request";
return 1;
}
case AC_PKT_COMPRESSED:
if (!vpninfo->deflate) {
- vpninfo->progress(vpninfo, PRG_ERR, "Compressed packet received in !deflate mode\n");
+ vpn_progress(vpninfo, PRG_ERR, "Compressed packet received in !deflate mode\n");
goto unknown_pkt;
}
inflate_and_queue_packet(vpninfo, buf + 8, payload_len);
continue;
case AC_PKT_TERM_SERVER:
- vpninfo->progress(vpninfo, PRG_ERR, "received server terminate packet\n");
+ vpn_progress(vpninfo, PRG_ERR, "received server terminate packet\n");
vpninfo->quit_reason = "Server request";
return 1;
}
unknown_pkt:
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Unknown packet %02x %02x %02x %02x %02x %02x %02x %02x\n",
buf[0], buf[1], buf[2], buf[3],
buf[4], buf[5], buf[6], buf[7]);
ret = SSL_get_error(vpninfo->https_ssl, len);
if (ret == SSL_ERROR_SYSCALL || ret == SSL_ERROR_ZERO_RETURN) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"SSL read error %d (server probably closed connection); reconnecting.\n",
ret);
goto do_reconnect;
goto peer_dead;
return work_done;
default:
- vpninfo->progress(vpninfo, PRG_ERR, "SSL_write failed: %d\n", ret);
+ vpn_progress(vpninfo, PRG_ERR, "SSL_write failed: %d\n", ret);
report_ssl_errors(vpninfo);
goto do_reconnect;
}
}
if (ret != vpninfo->current_ssl_pkt->len + 8) {
- vpninfo->progress(vpninfo, PRG_ERR, "SSL wrote too few bytes! Asked for %d, sent %d\n",
+ vpn_progress(vpninfo, PRG_ERR, "SSL wrote too few bytes! Asked for %d, sent %d\n",
vpninfo->current_ssl_pkt->len + 8, ret);
vpninfo->quit_reason = "Internal error";
return 1;
case KA_REKEY:
/* Not that this will ever happen; we don't even process
the setting when we're asked for it. */
- vpninfo->progress(vpninfo, PRG_INFO, "CSTP rekey due\n");
+ vpn_progress(vpninfo, PRG_INFO, "CSTP rekey due\n");
goto do_reconnect;
break;
case KA_DPD_DEAD:
peer_dead:
- vpninfo->progress(vpninfo, PRG_ERR, "CSTP Dead Peer Detection detected dead peer!\n");
+ vpn_progress(vpninfo, PRG_ERR, "CSTP Dead Peer Detection detected dead peer!\n");
do_reconnect:
if (cstp_reconnect(vpninfo)) {
- vpninfo->progress(vpninfo, PRG_ERR, "Reconnect failed\n");
+ vpn_progress(vpninfo, PRG_ERR, "Reconnect failed\n");
vpninfo->quit_reason = "CSTP reconnect failed";
return 1;
}
return 1;
case KA_DPD:
- vpninfo->progress(vpninfo, PRG_TRACE, "Send CSTP DPD\n");
+ vpn_progress(vpninfo, PRG_TRACE, "Send CSTP DPD\n");
vpninfo->current_ssl_pkt = &dpd_pkt;
goto handle_outgoing;
if (vpninfo->dtls_fd == -1 && vpninfo->outgoing_queue)
break;
- vpninfo->progress(vpninfo, PRG_TRACE, "Send CSTP Keepalive\n");
+ vpn_progress(vpninfo, PRG_TRACE, "Send CSTP Keepalive\n");
vpninfo->current_ssl_pkt = &keepalive_pkt;
goto handle_outgoing;
ret = deflate(&vpninfo->deflate_strm, Z_SYNC_FLUSH);
if (ret) {
- vpninfo->progress(vpninfo, PRG_ERR, "deflate failed %d\n", ret);
+ vpn_progress(vpninfo, PRG_ERR, "deflate failed %d\n", ret);
goto uncompr;
}
vpninfo->deflate_pkt->len = vpninfo->deflate_strm.total_out + 4;
- vpninfo->progress(vpninfo, PRG_TRACE,
+ vpn_progress(vpninfo, PRG_TRACE,
"Sending compressed data packet of %d bytes\n",
this->len);
this->hdr[4] = this->len >> 8;
this->hdr[5] = this->len & 0xff;
- vpninfo->progress(vpninfo, PRG_TRACE,
+ vpn_progress(vpninfo, PRG_TRACE,
"Sending uncompressed data packet of %d bytes\n",
this->len);
SSL_write(vpninfo->https_ssl, bye_pkt, reason_len + 9);
free(bye_pkt);
- vpninfo->progress(vpninfo, PRG_INFO,
+ vpn_progress(vpninfo, PRG_INFO,
"Send BYE packet: %s\n", reason);
return 0;
int dtls_fd;
if (!vpninfo->dtls_addr) {
- vpninfo->progress(vpninfo, PRG_ERR, "No DTLS address\n");
+ vpn_progress(vpninfo, PRG_ERR, "No DTLS address\n");
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
if (!vpninfo->dtls_cipher) {
/* We probably didn't offer it any ciphers it liked */
- vpninfo->progress(vpninfo, PRG_ERR, "Server offered no DTLS cipher option\n");
+ vpn_progress(vpninfo, PRG_ERR, "Server offered no DTLS cipher option\n");
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
if (vpninfo->proxy) {
/* XXX: Theoretically, SOCKS5 proxies can do UDP too */
- vpninfo->progress(vpninfo, PRG_ERR, "No DTLS when connected via proxy\n");
+ vpn_progress(vpninfo, PRG_ERR, "No DTLS when connected via proxy\n");
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
dtls_method = DTLSv1_client_method();
vpninfo->dtls_ctx = SSL_CTX_new(dtls_method);
if (!vpninfo->dtls_ctx) {
- vpninfo->progress(vpninfo, PRG_ERR, "Initialise DTLSv1 CTX failed\n");
+ vpn_progress(vpninfo, PRG_ERR, "Initialise DTLSv1 CTX failed\n");
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
SSL_CTX_set_read_ahead(vpninfo->dtls_ctx, 1);
if (!SSL_CTX_set_cipher_list(vpninfo->dtls_ctx, vpninfo->dtls_cipher)) {
- vpninfo->progress(vpninfo, PRG_ERR, "Set DTLS cipher list failed\n");
+ vpn_progress(vpninfo, PRG_ERR, "Set DTLS cipher list failed\n");
SSL_CTX_free(vpninfo->dtls_ctx);
vpninfo->dtls_ctx = NULL;
vpninfo->dtls_attempt_period = 0;
/* We're going to "resume" a session which never existed. Fake it... */
vpninfo->dtls_session = SSL_SESSION_new();
if (!vpninfo->dtls_session) {
- vpninfo->progress(vpninfo, PRG_ERR, "Initialise DTLSv1 session failed\n");
+ vpn_progress(vpninfo, PRG_ERR, "Initialise DTLSv1 session failed\n");
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
ciphers = SSL_get_ciphers(dtls_ssl);
if (sk_SSL_CIPHER_num(ciphers) != 1) {
- vpninfo->progress(vpninfo, PRG_ERR, "Not precisely one DTLS cipher\n");
+ vpn_progress(vpninfo, PRG_ERR, "Not precisely one DTLS cipher\n");
SSL_CTX_free(vpninfo->dtls_ctx);
SSL_free(dtls_ssl);
SSL_SESSION_free(vpninfo->dtls_session);
/* Add the generated session to the SSL */
if (!SSL_set_session(dtls_ssl, vpninfo->dtls_session)) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"SSL_set_session() failed with old protocol version 0x%x\n"
"Are you using a version of OpenSSL older than 0.9.8m?\n"
"See http://rt.openssl.org/Ticket/Display.html?id=1751\n"
int ret = SSL_do_handshake(vpninfo->new_dtls_ssl);
if (ret == 1) {
- vpninfo->progress(vpninfo, PRG_INFO, "Established DTLS connection\n");
+ vpn_progress(vpninfo, PRG_INFO, "Established DTLS connection\n");
if (vpninfo->dtls_ssl) {
/* We are replacing an old connection */
if (ret == SSL_ERROR_WANT_WRITE || ret == SSL_ERROR_WANT_READ) {
if (time(NULL) < vpninfo->new_dtls_started + 5)
return 0;
- vpninfo->progress(vpninfo, PRG_TRACE, "DTLS handshake timed out\n");
+ vpn_progress(vpninfo, PRG_TRACE, "DTLS handshake timed out\n");
}
- vpninfo->progress(vpninfo, PRG_ERR, "DTLS handshake failed: %d\n", ret);
+ vpn_progress(vpninfo, PRG_ERR, "DTLS handshake failed: %d\n", ret);
report_ssl_errors(vpninfo);
/* Kill the new (failed) connection... */
int dtls_port = 0;
while (dtls_opt) {
- vpninfo->progress(vpninfo, PRG_TRACE,
+ vpn_progress(vpninfo, PRG_TRACE,
"DTLS option %s : %s\n",
dtls_opt->option, dtls_opt->value);
struct sockaddr_in6 *sin = (void *)vpninfo->dtls_addr;
sin->sin6_port = htons(dtls_port);
} else {
- vpninfo->progress(vpninfo, PRG_ERR, "Unknown protocol family %d. Cannot do DTLS\n",
+ vpn_progress(vpninfo, PRG_ERR, "Unknown protocol family %d. Cannot do DTLS\n",
vpninfo->peer_addr->sa_family);
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
if (connect_dtls_socket(vpninfo))
return -EINVAL;
- vpninfo->progress(vpninfo, PRG_TRACE,
+ vpn_progress(vpninfo, PRG_TRACE,
"DTLS connected. DPD %d, Keepalive %d\n",
vpninfo->dtls_times.dpd, vpninfo->dtls_times.keepalive);
while ( (len = SSL_read(vpninfo->dtls_ssl, buf, sizeof(buf))) > 0 ) {
- vpninfo->progress(vpninfo, PRG_TRACE,
+ vpn_progress(vpninfo, PRG_TRACE,
"Received DTLS packet 0x%02x of %d bytes\n",
buf[0], len);
break;
case AC_PKT_DPD_OUT:
- vpninfo->progress(vpninfo, PRG_TRACE, "Got DTLS DPD request\n");
+ vpn_progress(vpninfo, PRG_TRACE, "Got DTLS DPD request\n");
/* FIXME: What if the packet doesn't get through? */
magic_pkt = AC_PKT_DPD_RESP;
if (SSL_write(vpninfo->dtls_ssl, &magic_pkt, 1) != 1)
- vpninfo->progress(vpninfo, PRG_ERR, "Failed to send DPD response. Expect disconnect\n");
+ vpn_progress(vpninfo, PRG_ERR, "Failed to send DPD response. Expect disconnect\n");
continue;
case AC_PKT_DPD_RESP:
- vpninfo->progress(vpninfo, PRG_TRACE, "Got DTLS DPD response\n");
+ vpn_progress(vpninfo, PRG_TRACE, "Got DTLS DPD response\n");
break;
case AC_PKT_KEEPALIVE:
- vpninfo->progress(vpninfo, PRG_TRACE, "Got DTLS Keepalive\n");
+ vpn_progress(vpninfo, PRG_TRACE, "Got DTLS Keepalive\n");
break;
default:
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Unknown DTLS packet type %02x, len %d\n", buf[0], len);
if (1) {
/* Some versions of OpenSSL have bugs with receiving out-of-order
switch (keepalive_action(&vpninfo->dtls_times, timeout)) {
case KA_REKEY:
- vpninfo->progress(vpninfo, PRG_INFO, "DTLS rekey due\n");
+ vpn_progress(vpninfo, PRG_INFO, "DTLS rekey due\n");
/* There ought to be a method of rekeying DTLS without tearing down
the CSTP session and restarting, but we don't (yet) know it */
if (cstp_reconnect(vpninfo)) {
- vpninfo->progress(vpninfo, PRG_ERR, "Reconnect failed\n");
+ vpn_progress(vpninfo, PRG_ERR, "Reconnect failed\n");
vpninfo->quit_reason = "CSTP reconnect failed";
return 1;
}
if (dtls_restart(vpninfo)) {
- vpninfo->progress(vpninfo, PRG_ERR, "DTLS rekey failed\n");
+ vpn_progress(vpninfo, PRG_ERR, "DTLS rekey failed\n");
return 1;
}
work_done = 1;
case KA_DPD_DEAD:
- vpninfo->progress(vpninfo, PRG_ERR, "DTLS Dead Peer Detection detected dead peer!\n");
+ vpn_progress(vpninfo, PRG_ERR, "DTLS Dead Peer Detection detected dead peer!\n");
/* Fall back to SSL, and start a new DTLS connection */
dtls_restart(vpninfo);
return 1;
case KA_DPD:
- vpninfo->progress(vpninfo, PRG_TRACE, "Send DTLS DPD\n");
+ vpn_progress(vpninfo, PRG_TRACE, "Send DTLS DPD\n");
magic_pkt = AC_PKT_DPD_OUT;
SSL_write(vpninfo->dtls_ssl, &magic_pkt, 1);
if (vpninfo->outgoing_queue)
break;
- vpninfo->progress(vpninfo, PRG_TRACE, "Send DTLS Keepalive\n");
+ vpn_progress(vpninfo, PRG_TRACE, "Send DTLS Keepalive\n");
magic_pkt = AC_PKT_KEEPALIVE;
SSL_write(vpninfo->dtls_ssl, &magic_pkt, 1);
/* If it's a real error, kill the DTLS connection and
requeue the packet to be sent over SSL */
if (ret != SSL_ERROR_WANT_READ && ret != SSL_ERROR_WANT_WRITE) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"DTLS got write error %d. Falling back to SSL\n", ret);
report_ssl_errors(vpninfo);
dtls_restart(vpninfo);
return 1;
}
time(&vpninfo->dtls_times.last_tx);
- vpninfo->progress(vpninfo, PRG_TRACE,
+ vpn_progress(vpninfo, PRG_TRACE,
"Sent DTLS packet of %d bytes; SSL_write() returned %d\n",
this->len, ret);
free(this);
#else /* No DTLS support in OpenSSL */
int setup_dtls(struct openconnect_info *vpninfo)
{
- vpninfo->progress(vpninfo, PRG_ERR, "Built against OpenSSL with no DTLS support\n");
+ vpn_progress(vpninfo, PRG_ERR, "Built against OpenSSL with no DTLS support\n");
return -EINVAL;
}
#endif
if (*value) {
new = malloc(sizeof(*new));
if (!new) {
- vpninfo->progress(vpninfo, PRG_ERR, "No memory for allocating cookies\n");
+ vpn_progress(vpninfo, PRG_ERR, "No memory for allocating cookies\n");
return -ENOMEM;
}
new->next = NULL;
cont:
if (openconnect_SSL_gets(vpninfo->https_ssl, buf, sizeof(buf)) < 0) {
- vpninfo->progress(vpninfo, PRG_ERR, "Error fetching HTTPS response\n");
+ vpn_progress(vpninfo, PRG_ERR, "Error fetching HTTPS response\n");
return -EINVAL;
}
closeconn = 1;
if ((!closeconn && strncmp(buf, "HTTP/1.1 ", 9)) || !(*result = atoi(buf+9))) {
- vpninfo->progress(vpninfo, PRG_ERR, "Failed to parse HTTP response '%s'\n", buf);
+ vpn_progress(vpninfo, PRG_ERR, "Failed to parse HTTP response '%s'\n", buf);
return -EINVAL;
}
- vpninfo->progress(vpninfo, (*result==200)?PRG_TRACE:PRG_INFO,
+ vpn_progress(vpninfo, (*result==200)?PRG_TRACE:PRG_INFO,
"Got HTTP response: %s\n", buf);
/* Eat headers... */
char *colon;
if (i < 0) {
- vpninfo->progress(vpninfo, PRG_ERR, "Error processing HTTP response\n");
+ vpn_progress(vpninfo, PRG_ERR, "Error processing HTTP response\n");
return -EINVAL;
}
colon = strchr(buf, ':');
if (!colon) {
- vpninfo->progress(vpninfo, PRG_ERR, "Ignoring unknown HTTP response line '%s'\n", buf);
+ vpn_progress(vpninfo, PRG_ERR, "Ignoring unknown HTTP response line '%s'\n", buf);
continue;
}
*(colon++) = 0;
*semicolon = 0;
if (!equals) {
- vpninfo->progress(vpninfo, PRG_ERR, "Invalid cookie offered: %s\n", buf);
+ vpn_progress(vpninfo, PRG_ERR, "Invalid cookie offered: %s\n", buf);
return -EINVAL;
}
*(equals++) = 0;
want people posting it in public with debugging output */
if (!strcmp(colon, "webvpn") && *equals)
print_equals = "<elided>";
- vpninfo->progress(vpninfo, PRG_TRACE, "%s: %s=%s%s%s\n",
+ vpn_progress(vpninfo, PRG_TRACE, "%s: %s=%s%s%s\n",
buf, colon, print_equals, semicolon?";":"",
semicolon?(semicolon+1):"");
if (ret)
return ret;
} else {
- vpninfo->progress(vpninfo, PRG_TRACE, "%s: %s\n", buf, colon);
+ vpn_progress(vpninfo, PRG_TRACE, "%s: %s\n", buf, colon);
}
if (!strcasecmp(buf, "Connection")) {
if (!strcasecmp(buf, "Content-Length")) {
bodylen = atoi(colon);
if (bodylen < 0) {
- vpninfo->progress(vpninfo, PRG_ERR, "Response body has negative size (%d)\n",
+ vpn_progress(vpninfo, PRG_ERR, "Response body has negative size (%d)\n",
bodylen);
return -EINVAL;
}
if (!strcasecmp(colon, "chunked"))
bodylen = BODY_CHUNKED;
else {
- vpninfo->progress(vpninfo, PRG_ERR, "Unknown Transfer-Encoding: %s\n", colon);
+ vpn_progress(vpninfo, PRG_ERR, "Unknown Transfer-Encoding: %s\n", colon);
return -EINVAL;
}
}
goto cont;
/* Now the body, if there is one */
- vpninfo->progress(vpninfo, PRG_TRACE, "HTTP body %s (%d)\n",
+ vpn_progress(vpninfo, PRG_TRACE, "HTTP body %s (%d)\n",
bodylen==BODY_HTTP10?"http 1.0" :
bodylen==BODY_CHUNKED?"chunked" : "length: ",
bodylen);
while (done < bodylen) {
i = SSL_read(vpninfo->https_ssl, body + done, bodylen - done);
if (i < 0) {
- vpninfo->progress(vpninfo, PRG_ERR, "Error reading HTTP response body\n");
+ vpn_progress(vpninfo, PRG_ERR, "Error reading HTTP response body\n");
free(body);
return -EINVAL;
}
int chunklen, lastchunk = 0;
if (i < 0) {
- vpninfo->progress(vpninfo, PRG_ERR, "Error fetching chunk header\n");
+ vpn_progress(vpninfo, PRG_ERR, "Error fetching chunk header\n");
exit(1);
}
chunklen = strtol(buf, NULL, 16);
while (chunklen) {
i = SSL_read(vpninfo->https_ssl, body + done, chunklen);
if (i < 0) {
- vpninfo->progress(vpninfo, PRG_ERR, "Error reading HTTP response body\n");
+ vpn_progress(vpninfo, PRG_ERR, "Error reading HTTP response body\n");
free(body);
return -EINVAL;
}
skip:
if ((i = openconnect_SSL_gets(vpninfo->https_ssl, buf, sizeof(buf)))) {
if (i < 0) {
- vpninfo->progress(vpninfo, PRG_ERR, "Error fetching HTTP response body\n");
+ vpn_progress(vpninfo, PRG_ERR, "Error fetching HTTP response body\n");
} else {
- vpninfo->progress(vpninfo, PRG_ERR, "Error in chunked decoding. Expected '', got: '%s'",
+ vpn_progress(vpninfo, PRG_ERR, "Error in chunked decoding. Expected '', got: '%s'",
buf);
}
free(body);
}
} else if (bodylen == BODY_HTTP10) {
if (!closeconn) {
- vpninfo->progress(vpninfo, PRG_ERR, "Cannot receive HTTP 1.0 body without closing connection\n");
+ vpn_progress(vpninfo, PRG_ERR, "Cannot receive HTTP 1.0 body without closing connection\n");
return -EINVAL;
}
sprintf(&local_sha1_ascii[i*2], "%02x", local_sha1_bin[i]);
if (strcasecmp(server_sha1, local_sha1_ascii)) {
- vpninfo->progress(vpninfo, PRG_ERR, "Downloaded config file did not match intended SHA1\n");
+ vpn_progress(vpninfo, PRG_ERR, "Downloaded config file did not match intended SHA1\n");
free(config_buf);
return -EINVAL;
}
- result = vpninfo->write_new_config(vpninfo, config_buf, buflen);
+ result = vpninfo->write_new_config(vpninfo->cbdata, config_buf, buflen);
free(config_buf);
return result;
}
int fd, ret;
if (!vpninfo->uid_csd_given && !vpninfo->csd_wrapper) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Error: Server asked us to download and run a 'Cisco Secure Desktop' trojan.\n"
"This facility is disabled by default for security reasons, so you may wish to enable it.");
return -EPERM;
}
#ifndef __linux__
- vpninfo->progress(vpninfo, PRG_INFO,
+ vpn_progress(vpninfo, PRG_INFO,
"Trying to run Linux CSD trojan script.");
#endif
fd = mkstemp(fname);
if (fd < 0) {
int err = -errno;
- vpninfo->progress(vpninfo, PRG_ERR, "Failed to open temporary CSD script file: %s\n",
+ vpn_progress(vpninfo, PRG_ERR, "Failed to open temporary CSD script file: %s\n",
strerror(errno));
return err;
}
ret = proxy_write(fd, (void *)buf, buflen);
if (ret) {
- vpninfo->progress(vpninfo, PRG_ERR, "Failed to write temporary CSD script file: %s\n",
+ vpn_progress(vpninfo, PRG_ERR, "Failed to write temporary CSD script file: %s\n",
strerror(ret));
return ret;
}
csd_argv[i++] = NULL;
execv(csd_argv[0], csd_argv);
- vpninfo->progress(vpninfo, PRG_ERR, "Failed to exec CSD script %s\n", csd_argv[0]);
+ vpn_progress(vpninfo, PRG_ERR, "Failed to exec CSD script %s\n", csd_argv[0]);
exit(1);
}
form_buf = NULL;
}
if (!vpninfo->https_ssl && openconnect_open_https(vpninfo)) {
- vpninfo->progress(vpninfo, PRG_ERR, "Failed to open HTTPS connection to %s\n",
+ vpn_progress(vpninfo, PRG_ERR, "Failed to open HTTPS connection to %s\n",
vpninfo->hostname);
return -EINVAL;
}
sprintf(buf + strlen(buf), "%s", request_body);
if (vpninfo->port == 443)
- vpninfo->progress(vpninfo, PRG_INFO, "%s https://%s/%s\n",
+ vpn_progress(vpninfo, PRG_INFO, "%s https://%s/%s\n",
method, vpninfo->hostname,
vpninfo->urlpath ?: "");
else
- vpninfo->progress(vpninfo, PRG_INFO, "%s https://%s:%d/%s\n",
+ vpn_progress(vpninfo, PRG_INFO, "%s https://%s:%d/%s\n",
method, vpninfo->hostname, vpninfo->port,
vpninfo->urlpath ?: "");
ret = internal_parse_url(vpninfo->redirect_url, NULL, &host, &port, &vpninfo->urlpath, 0);
if (ret) {
- vpninfo->progress(vpninfo, PRG_ERR, "Failed to parse redirected URL '%s': %s\n",
+ vpn_progress(vpninfo, PRG_ERR, "Failed to parse redirected URL '%s': %s\n",
vpninfo->redirect_url, strerror(-ret));
free(vpninfo->redirect_url);
free(form_buf);
if (asprintf(&vpninfo->urlpath, "%s/%s",
oldurl, vpninfo->redirect_url) == -1) {
int err = -errno;
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Allocating new path for relative redirect failed: %s\n",
strerror(-err));
return err;
}
}
if (!form_buf || result != 200) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Unexpected %d result from server\n",
result);
free(form_buf);
if (strncmp(form_buf, "<?xml", 5)) {
/* Not XML? Perhaps it's HTML with a refresh... */
if (strcasestr(form_buf, "http-equiv=\"refresh\"")) {
- vpninfo->progress(vpninfo, PRG_INFO, "Refreshing %s after 1 second...\n",
+ vpn_progress(vpninfo, PRG_INFO, "Refreshing %s after 1 second...\n",
vpninfo->urlpath);
sleep(1);
goto retry;
}
- vpninfo->progress(vpninfo, PRG_ERR, "Unknown response from server\n");
+ vpn_progress(vpninfo, PRG_ERR, "Unknown response from server\n");
free(form_buf);
return -EINVAL;
}
buf[2] = 0; /* No auth supported */
if ((i = proxy_write(ssl_sock, buf, 3))) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Error writing auth request to SOCKS proxy: %s\n",
strerror(-i));
return i;
}
if ((i = proxy_read(ssl_sock, buf, 2))) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Error reading auth response from SOCKS proxy: %s\n",
strerror(-i));
return i;
}
if (buf[0] != 5) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Unexpected auth response from SOCKS proxy: %02x %02x\n",
buf[0], buf[1]);
return -EIO;
if (buf[1]) {
socks_err:
if (buf[1] < sizeof(socks_errors) / sizeof(socks_errors[0]))
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"SOCKS proxy error %02x: %s\n",
buf[1], socks_errors[buf[1]]);
else
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"SOCKS proxy error %02x\n",
buf[1]);
return -EIO;
}
- vpninfo->progress(vpninfo, PRG_INFO, "Requesting SOCKS proxy connection to %s:%d\n",
+ vpn_progress(vpninfo, PRG_INFO, "Requesting SOCKS proxy connection to %s:%d\n",
vpninfo->hostname, vpninfo->port);
buf[0] = 5; /* SOCKS version */
buf[i++] = vpninfo->port & 0xff;
if ((i = proxy_write(ssl_sock, buf, i))) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Error writing connect request to SOCKS proxy: %s\n",
strerror(-i));
return i;
/* Read 5 bytes -- up to and including the first byte of the returned
address (which might be the length byte of a domain name) */
if ((i = proxy_read(ssl_sock, buf, 5))) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Error reading connect response from SOCKS proxy: %s\n",
strerror(-i));
return i;
}
if (buf[0] != 5) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Unexpected connect response from SOCKS proxy: %02x %02x...\n",
buf[0], buf[1]);
return -EIO;
i = 17;
break;
default:
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Unexpected address type %02x in SOCKS connect response\n",
buf[3]);
return -EIO;
}
if ((i = proxy_read(ssl_sock, buf, i))) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Error reading connect response from SOCKS proxy: %s\n",
strerror(-i));
return i;
sprintf(buf + strlen(buf), "Accept-Encoding: identity\r\n");
sprintf(buf + strlen(buf), "\r\n");
- vpninfo->progress(vpninfo, PRG_INFO, "Requesting HTTP proxy connection to %s:%d\n",
+ vpn_progress(vpninfo, PRG_INFO, "Requesting HTTP proxy connection to %s:%d\n",
vpninfo->hostname, vpninfo->port);
if (proxy_write(ssl_sock, (unsigned char *)buf, strlen(buf))) {
result = -errno;
- vpninfo->progress(vpninfo, PRG_ERR, "Sending proxy request failed: %s\n",
+ vpn_progress(vpninfo, PRG_ERR, "Sending proxy request failed: %s\n",
strerror(errno));
return result;
}
if (proxy_gets(ssl_sock, buf, sizeof(buf)) < 0) {
- vpninfo->progress(vpninfo, PRG_ERR, "Error fetching proxy response\n");
+ vpn_progress(vpninfo, PRG_ERR, "Error fetching proxy response\n");
return -EIO;
}
if (strncmp(buf, "HTTP/1.", 7) || (buf[7] != '0' && buf[7] != '1') ||
buf[8] != ' ' || !(result = atoi(buf+9))) {
- vpninfo->progress(vpninfo, PRG_ERR, "Failed to parse proxy response '%s'\n",
+ vpn_progress(vpninfo, PRG_ERR, "Failed to parse proxy response '%s'\n",
buf);
return -EINVAL;
}
if (result != 200) {
- vpninfo->progress(vpninfo, PRG_ERR, "Proxy CONNECT request failed: %s\n",
+ vpn_progress(vpninfo, PRG_ERR, "Proxy CONNECT request failed: %s\n",
buf);
return -EIO;
}
while ((buflen = proxy_gets(ssl_sock, buf, sizeof(buf)))) {
if (buflen < 0) {
- vpninfo->progress(vpninfo, PRG_ERR, "Failed to read proxy response\n");
+ vpn_progress(vpninfo, PRG_ERR, "Failed to read proxy response\n");
return -EIO;
}
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Unexpected continuation line after CONNECT response: '%s'\n",
buf);
}
!strcmp(vpninfo->proxy_type, "socks5"))
return process_socks_proxy(vpninfo, ssl_sock);
- vpninfo->progress(vpninfo, PRG_ERR, "Unknown proxy type '%s'\n",
+ vpn_progress(vpninfo, PRG_ERR, "Unknown proxy type '%s'\n",
vpninfo->proxy_type);
return -EIO;
}
strcmp(vpninfo->proxy_type, "http") &&
strcmp(vpninfo->proxy_type, "socks") &&
strcmp(vpninfo->proxy_type, "socks5")) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Only http or socks(5) proxies supported\n");
free(vpninfo->proxy_type);
vpninfo->proxy_type = NULL;
#include "openconnect-internal.h"
-struct openconnect_info *openconnect_vpninfo_new (char *useragent,
- openconnect_validate_peer_cert_fn validate_peer_cert,
- openconnect_write_new_config_fn write_new_config,
- openconnect_process_auth_form_fn process_auth_form,
- openconnect_progress_fn progress)
+struct openconnect_info *openconnect_vpninfo_new_with_cbdata (char *useragent,
+ openconnect_validate_peer_cert_vfn validate_peer_cert,
+ openconnect_write_new_config_vfn write_new_config,
+ openconnect_process_auth_form_vfn process_auth_form,
+ openconnect_progress_vfn progress,
+ void *privdata)
{
struct openconnect_info *vpninfo = calloc (sizeof(*vpninfo), 1);
vpninfo->write_new_config = write_new_config;
vpninfo->process_auth_form = process_auth_form;
vpninfo->progress = progress;
+ vpninfo->cbdata = privdata?:vpninfo;
return vpninfo;
}
+struct openconnect_info *openconnect_vpninfo_new (char *useragent,
+ openconnect_validate_peer_cert_fn validate_peer_cert,
+ openconnect_write_new_config_fn write_new_config,
+ openconnect_process_auth_form_fn process_auth_form,
+ openconnect_progress_fn progress)
+{
+ return openconnect_vpninfo_new_with_cbdata (useragent,
+ (void *)validate_peer_cert,
+ (void *)write_new_config,
+ (void *)process_auth_form,
+ (void *)progress, NULL);
+}
+
static void free_optlist (struct vpn_option *opt)
{
struct vpn_option *next;
#include "openconnect-internal.h"
-static int write_new_config(struct openconnect_info *vpninfo, char *buf, int buflen);
-static void write_progress(struct openconnect_info *info, int level, const char *fmt, ...);
-static void syslog_progress(struct openconnect_info *info, int level, const char *fmt, ...);
-static int validate_peer_cert(struct openconnect_info *info, X509 *peer_cert, const char *reason);
+static int write_new_config(void *_vpninfo,
+ char *buf, int buflen);
+static void write_progress(void *_vpninfo,
+ int level, const char *fmt, ...);
+static void syslog_progress(void *_vpninfo,
+ int level, const char *fmt, ...);
+static int validate_peer_cert(void *_vpninfo,
+ X509 *peer_cert, const char *reason);
int verbose = PRG_INFO;
int background;
vpninfo->uid_csd = 0;
vpninfo->uid_csd_given = 0;
vpninfo->validate_peer_cert = validate_peer_cert;
+ vpninfo->cbdata = vpninfo;
if (!uname(&utsbuf))
vpninfo->localname = utsbuf.nodename;
if (vpninfo->dtls_attempt_period && setup_dtls(vpninfo))
fprintf(stderr, "Set up DTLS failed; using SSL instead\n");
- vpninfo->progress(vpninfo, PRG_INFO,
+ vpn_progress(vpninfo, PRG_INFO,
"Connected %s as %s%s%s, using %s\n", vpninfo->ifname,
vpninfo->vpn_addr?:"",
(vpninfo->vpn_addr6 && vpninfo->vpn_addr)?" + ":"",
: "DTLS");
if (!vpninfo->vpnc_script)
- vpninfo->progress(vpninfo, PRG_INFO,
+ vpn_progress(vpninfo, PRG_INFO,
"No --script argument provided; DNS and routing are not configured\n");
if (background) {
int pid;
if ((pid = fork())) {
- vpninfo->progress(vpninfo, PRG_INFO,
+ vpn_progress(vpninfo, PRG_INFO,
"Continuing in background; pid %d\n",
pid);
exit(0);
exit(1);
}
-static int write_new_config(struct openconnect_info *vpninfo, char *buf, int buflen)
+static int write_new_config(void *_vpninfo, char *buf, int buflen)
{
+ struct openconnect_info *vpninfo = _vpninfo;
int config_fd;
int err;
return 0;
}
-void write_progress(struct openconnect_info *info, int level, const char *fmt, ...)
+void write_progress(void *_vpninfo, int level, const char *fmt, ...)
{
FILE *outf = level ? stdout : stderr;
va_list args;
}
}
-void syslog_progress(struct openconnect_info *info, int level,
- const char *fmt, ...)
+void syslog_progress(void *_vpninfo, int level, const char *fmt, ...)
{
int priority = level ? LOG_INFO : LOG_NOTICE;
va_list args;
char host[0];
} *accepted_certs;
-static int validate_peer_cert(struct openconnect_info *vpninfo, X509 *peer_cert,
+static int validate_peer_cert(void *_vpninfo, X509 *peer_cert,
const char *reason)
{
+ struct openconnect_info *vpninfo = _vpninfo;
char fingerprint[EVP_MAX_MD_SIZE * 2 + 1];
struct accepted_cert *this;
int ret;
if (vpninfo->dtls_attempt_period && !vpninfo->dtls_ssl && !vpninfo->new_dtls_ssl &&
vpninfo->new_dtls_started + vpninfo->dtls_attempt_period < time(NULL)) {
- vpninfo->progress(vpninfo, PRG_TRACE, "Attempt new DTLS connection\n");
+ vpn_progress(vpninfo, PRG_TRACE, "Attempt new DTLS connection\n");
connect_dtls_socket(vpninfo);
}
if (vpninfo->dtls_ssl)
if (did_work)
continue;
- vpninfo->progress(vpninfo, PRG_TRACE,
+ vpn_progress(vpninfo, PRG_TRACE,
"No work to do; sleeping for %d ms...\n", timeout);
memcpy(&rfds, &vpninfo->select_rfds, sizeof(rfds));
memcpy(&wfds, &vpninfo->select_wfds, sizeof(wfds));
char *quit_reason;
- int (*validate_peer_cert) (struct openconnect_info *vpninfo, X509 *cert, const char *reason);
- int (*write_new_config) (struct openconnect_info *vpninfo, char *buf, int buflen);
- int (*process_auth_form) (struct openconnect_info *vpninfo, struct oc_auth_form *form);
-
- void __attribute__ ((format(printf, 3, 4)))
- (*progress) (struct openconnect_info *vpninfo, int level, const char *fmt, ...);
+ void *cbdata;
+ openconnect_validate_peer_cert_vfn validate_peer_cert;
+ openconnect_write_new_config_vfn write_new_config;
+ openconnect_process_auth_form_vfn process_auth_form;
+ openconnect_progress_vfn progress;
};
/* Packet types */
#define method_const
#endif
+#define vpn_progress(vpninfo, ...) (vpninfo)->progress ((vpninfo)->cbdata, __VA_ARGS__)
+
/****************************************************************************/
/* tun.c */
#include <unistd.h>
#define OPENCONNECT_API_VERSION_MAJOR 1
-#define OPENCONNECT_API_VERSION_MINOR 1
+#define OPENCONNECT_API_VERSION_MINOR 2
/*
+ * API version 1.2:
+ * - Add openconnect_vpninfo_new_with_cbdata()
+ *
* API version 1.1:
* - Add openconnect_vpninfo_free()
*
int openconnect_parse_url (struct openconnect_info *vpninfo, char *url);
const char *openconnect_get_version(void);
-typedef int (*openconnect_validate_peer_cert_fn) (struct openconnect_info *vpninfo,
- struct x509_st *cert, const char *reason);
-typedef int (*openconnect_write_new_config_fn) (struct openconnect_info *vpninfo, char *buf,
+/* The first (privdata) argument to each of these functions is either
+ the privdata argument provided to openconnect_vpninfo_new(), or
+ if that argument was NULL then it'll be the vpninfo itself. */
+typedef int (*openconnect_validate_peer_cert_vfn) (void *privdata,
+ struct x509_st *cert,
+ const char *reason);
+typedef int (*openconnect_write_new_config_vfn) (void *privdata, char *buf,
+ int buflen);
+typedef int (*openconnect_process_auth_form_vfn) (void *privdata,
+ struct oc_auth_form *form);
+typedef void __attribute__ ((format(printf, 3, 4)))
+ (*openconnect_progress_vfn) (void *privdata, int level,
+ const char *fmt, ...);
+
+typedef int (*openconnect_validate_peer_cert_fn) (struct openconnect_info *,
+ struct x509_st *cert,
+ const char *reason);
+typedef int (*openconnect_write_new_config_fn) (struct openconnect_info *, char *buf,
int buflen);
-typedef int (*openconnect_process_auth_form_fn) (struct openconnect_info *vpninfo,
+typedef int (*openconnect_process_auth_form_fn) (struct openconnect_info *,
struct oc_auth_form *form);
typedef void __attribute__ ((format(printf, 3, 4)))
- (*openconnect_progress_fn) (struct openconnect_info *vpninfo, int level,
- const char *fmt, ...);
+ (*openconnect_progress_fn) (struct openconnect_info *, int level,
+ const char *fmt, ...);
struct openconnect_info *openconnect_vpninfo_new (char *useragent,
openconnect_validate_peer_cert_fn,
openconnect_write_new_config_fn,
openconnect_process_auth_form_fn,
openconnect_progress_fn);
+struct openconnect_info *openconnect_vpninfo_new_with_cbdata (char *useragent,
+ openconnect_validate_peer_cert_vfn,
+ openconnect_write_new_config_vfn,
+ openconnect_process_auth_form_vfn,
+ openconnect_progress_vfn,
+ void *privdata);
void openconnect_vpninfo_free (struct openconnect_info *vpninfo);
#endif /* __OPENCONNECT_H__ */
{
struct openconnect_info *vpninfo = ptr;
- vpninfo->progress(vpninfo, PRG_ERR, "%s", str);
+ vpn_progress(vpninfo, PRG_ERR, "%s", str);
return 0;
}
SSL_CTX_set_default_passwd_cb_userdata(vpninfo->https_ctx, NULL);
if (len <= strlen(vpninfo->cert_password)) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"PEM password too long (%zd >= %d)\n",
strlen(vpninfo->cert_password), len);
return -1;
if (ERR_GET_LIB(err) == ERR_LIB_PKCS12 &&
ERR_GET_FUNC(err) == PKCS12_F_PKCS12_PARSE &&
ERR_GET_REASON(err) == PKCS12_R_MAC_VERIFY_FAILURE) {
- vpninfo->progress(vpninfo, PRG_ERR, "Parse PKCS#12 failed (wrong passphrase?)\n");
+ vpn_progress(vpninfo, PRG_ERR, "Parse PKCS#12 failed (wrong passphrase?)\n");
vpninfo->cert_password = NULL;
goto retrypass;
}
- vpninfo->progress(vpninfo, PRG_ERR, "Parse PKCS#12 failed (see above errors)\n");
+ vpn_progress(vpninfo, PRG_ERR, "Parse PKCS#12 failed (see above errors)\n");
PKCS12_free(p12);
return -EINVAL;
}
vpninfo->cert_x509 = cert;
SSL_CTX_use_certificate(vpninfo->https_ctx, cert);
} else {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"PKCS#12 contained no certificate!");
ret = -EINVAL;
}
SSL_CTX_use_PrivateKey(vpninfo->https_ctx, pkey);
EVP_PKEY_free(pkey);
} else {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"PKCS#12 contained no private key!");
ret = -EINVAL;
}
X509_NAME_oneline(X509_get_subject_name(cert2),
buf, sizeof(buf));
- vpninfo->progress(vpninfo, PRG_DEBUG,
+ vpn_progress(vpninfo, PRG_DEBUG,
"Extra cert from PKCS#12: '%s'\n", buf);
CRYPTO_add(&cert2->references, 1, CRYPTO_LOCK_X509);
SSL_CTX_add_extra_chain_cert(vpninfo->https_ctx, cert2);
e = ENGINE_by_id("tpm");
if (!e) {
- vpninfo->progress(vpninfo, PRG_ERR, "Can't load TPM engine.\n");
+ vpn_progress(vpninfo, PRG_ERR, "Can't load TPM engine.\n");
report_ssl_errors(vpninfo);
return -EINVAL;
}
if (!ENGINE_init(e) || !ENGINE_set_default_RSA(e) ||
!ENGINE_set_default_RAND(e)) {
- vpninfo->progress(vpninfo, PRG_ERR, "Failed to init TPM engine\n");
+ vpn_progress(vpninfo, PRG_ERR, "Failed to init TPM engine\n");
report_ssl_errors(vpninfo);
ENGINE_free(e);
return -EINVAL;
if (vpninfo->cert_password) {
if (!ENGINE_ctrl_cmd(e, "PIN", strlen(vpninfo->cert_password),
vpninfo->cert_password, NULL, 0)) {
- vpninfo->progress(vpninfo, PRG_ERR, "Failed to set TPM SRK password\n");
+ vpn_progress(vpninfo, PRG_ERR, "Failed to set TPM SRK password\n");
report_ssl_errors(vpninfo);
}
}
key = ENGINE_load_private_key(e, vpninfo->sslkey, NULL, NULL);
if (!key) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Failed to load TPM private key\n");
report_ssl_errors(vpninfo);
ENGINE_free(e);
return -EINVAL;
}
if (!SSL_CTX_use_PrivateKey(vpninfo->https_ctx, key)) {
- vpninfo->progress(vpninfo, PRG_ERR, "Add key from TPM failed\n");
+ vpn_progress(vpninfo, PRG_ERR, "Add key from TPM failed\n");
report_ssl_errors(vpninfo);
ENGINE_free(e);
ENGINE_finish(e);
if (BIO_read_filename(b, vpninfo->cert) <= 0) {
err:
BIO_free(b);
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Failed to reload X509 cert for expiry check\n");
report_ssl_errors(vpninfo);
return -EIO;
static int load_certificate(struct openconnect_info *vpninfo)
{
- vpninfo->progress(vpninfo, PRG_TRACE,
+ vpn_progress(vpninfo, PRG_TRACE,
"Using certificate file %s\n", vpninfo->cert);
if (vpninfo->cert_type == CERT_TYPE_PKCS12 ||
f = fopen(vpninfo->cert, "r");
if (!f) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Failed to open certificate file %s: %s\n",
vpninfo->cert, strerror(errno));
return -ENOENT;
/* Not PKCS#12 */
if (vpninfo->cert_type == CERT_TYPE_PKCS12) {
- vpninfo->progress(vpninfo, PRG_ERR, "Read PKCS#12 failed\n");
+ vpn_progress(vpninfo, PRG_ERR, "Read PKCS#12 failed\n");
report_ssl_errors(vpninfo);
return -EINVAL;
}
/* It's PEM or TPM now, and either way we need to load the plain cert: */
if (!SSL_CTX_use_certificate_chain_file(vpninfo->https_ctx,
vpninfo->cert)) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Loading certificate failed\n");
report_ssl_errors(vpninfo);
return -EINVAL;
char buf[256];
if (!f) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Failed to open private key file %s: %s\n",
vpninfo->cert, strerror(errno));
return -ENOENT;
}
fclose(f);
if (vpninfo->cert_type == CERT_TYPE_UNKNOWN) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Failed to identify private key type in '%s'\n",
vpninfo->sslkey);
return -EINVAL;
if (ERR_GET_LIB(err) == ERR_LIB_EVP &&
ERR_GET_FUNC(err) == EVP_F_EVP_DECRYPTFINAL_EX &&
ERR_GET_REASON(err) == EVP_R_BAD_DECRYPT) {
- vpninfo->progress(vpninfo, PRG_ERR, "Loading private key failed (wrong passphrase?)\n");
+ vpn_progress(vpninfo, PRG_ERR, "Loading private key failed (wrong passphrase?)\n");
goto again;
}
- vpninfo->progress(vpninfo, PRG_ERR, "Loading private key failed (see above errors)\n");
+ vpn_progress(vpninfo, PRG_ERR, "Loading private key failed (see above errors)\n");
return -EINVAL;
}
return 0;
return ret;
if (strcasecmp(vpninfo->servercert, fingerprint)) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Server SSL certificate didn't match: %s\n", fingerprint);
return -EINVAL;
}
continue;
if (!match_hostname(vpninfo->hostname, str)) {
- vpninfo->progress(vpninfo, PRG_TRACE,
+ vpn_progress(vpninfo, PRG_TRACE,
"Matched DNS altname '%s'\n",
str);
GENERAL_NAMES_free(altnames);
OPENSSL_free(str);
return 0;
} else {
- vpninfo->progress(vpninfo, PRG_TRACE,
+ vpn_progress(vpninfo, PRG_TRACE,
"No match for altname '%s'\n",
str);
}
} else if (this->d.ip->length == 16) {
family = AF_INET6;
} else {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Certificate has GEN_IPADD altname with bogus length %d\n",
this->d.ip->length);
continue;
if (this->d.ip->length == addrlen &&
!memcmp(addrbuf, this->d.ip->data, addrlen)) {
- vpninfo->progress(vpninfo, PRG_TRACE,
+ vpn_progress(vpninfo, PRG_TRACE,
"Matched IP%s address '%s'\n",
(family == AF_INET6)?"v6":"",
host);
GENERAL_NAMES_free(altnames);
return 0;
} else {
- vpninfo->progress(vpninfo, PRG_TRACE,
+ vpn_progress(vpninfo, PRG_TRACE,
"No match for IP%s address '%s'\n",
(family == AF_INET6)?"v6":"",
host);
goto no_uri_match;
if (url_path) {
- vpninfo->progress(vpninfo, PRG_TRACE, "URI '%s' has non-empty path; ignoring\n",
+ vpn_progress(vpninfo, PRG_TRACE, "URI '%s' has non-empty path; ignoring\n",
str);
goto no_uri_match_silent;
}
- vpninfo->progress(vpninfo, PRG_TRACE,
+ vpn_progress(vpninfo, PRG_TRACE,
"Matched URI '%s'\n",
str);
free(url_proto);
return 0;
no_uri_match:
- vpninfo->progress(vpninfo, PRG_TRACE,
+ vpn_progress(vpninfo, PRG_TRACE,
"No match for URI '%s'\n",
str);
no_uri_match_silent:
/* According to RFC2818, we don't use the legacy subject name if
there was an altname with DNS type. */
if (altdns) {
- vpninfo->progress(vpninfo, PRG_ERR, "No altname in peer cert matched '%s'\n",
+ vpn_progress(vpninfo, PRG_ERR, "No altname in peer cert matched '%s'\n",
vpninfo->hostname);
return -EINVAL;
}
subjname = X509_get_subject_name(peer_cert);
if (!subjname) {
- vpninfo->progress(vpninfo, PRG_ERR, "No subject name in peer cert!\n");
+ vpn_progress(vpninfo, PRG_ERR, "No subject name in peer cert!\n");
return -EINVAL;
}
i = ASN1_STRING_to_UTF8((void *)&subjstr, subjasn1);
if (!subjstr || strlen(subjstr) != i) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Failed to parse subject name in peer cert\n");
return -EINVAL;
}
ret = 0;
if (match_hostname(vpninfo->hostname, subjstr)) {
- vpninfo->progress(vpninfo, PRG_ERR, "Peer cert subject mismatch ('%s' != '%s')\n",
+ vpn_progress(vpninfo, PRG_ERR, "Peer cert subject mismatch ('%s' != '%s')\n",
subjstr, vpninfo->hostname);
ret = -EINVAL;
} else {
- vpninfo->progress(vpninfo, PRG_TRACE,
+ vpn_progress(vpninfo, PRG_TRACE,
"Matched peer certificate subject name '%s'\n",
subjstr);
}
err_string = "certificate does not match hostname";
if (err_string) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Server certificate verify failed: %s\n",
err_string);
if (vpninfo->validate_peer_cert)
- ret = vpninfo->validate_peer_cert(vpninfo, peer_cert,
+ ret = vpninfo->validate_peer_cert(vpninfo->cbdata,
+ peer_cert,
err_string);
else
ret = -EINVAL;
cert = cert2;
X509_NAME_oneline(X509_get_subject_name(cert),
buf, sizeof(buf));
- vpninfo->progress(vpninfo, PRG_DEBUG,
+ vpn_progress(vpninfo, PRG_DEBUG,
"Extra cert from cafile: '%s'\n", buf);
SSL_CTX_add_extra_chain_cert(vpninfo->https_ctx, cert);
}
notAfter = X509_get_notAfter(vpninfo->cert_x509);
i = X509_cmp_time(notAfter, &t);
if (!i) {
- vpninfo->progress(vpninfo, PRG_ERR, "Error in client cert notAfter field\n");
+ vpn_progress(vpninfo, PRG_ERR, "Error in client cert notAfter field\n");
return -EINVAL;
} else if (i < 0) {
reason = "has expired";
BIO_get_mem_ptr(bp, &bm);
expiry = bm->data;
}
- vpninfo->progress(vpninfo, PRG_ERR, "Client certificate %s at: %s\n",
+ vpn_progress(vpninfo, PRG_ERR, "Client certificate %s at: %s\n",
reason, expiry);
if (bp)
BIO_free(bp);
ssl_sock = socket(vpninfo->peer_addr->sa_family, SOCK_STREAM, IPPROTO_IP);
if (ssl_sock < 0) {
reconn_err:
- vpninfo->progress(vpninfo, PRG_ERR, "Failed to reconnect to %s %s\n",
+ vpn_progress(vpninfo, PRG_ERR, "Failed to reconnect to %s %s\n",
vpninfo->proxy?"proxy":"host",
vpninfo->proxy?:vpninfo->hostname);
return -EINVAL;
free(url);
free(proxies);
if (vpninfo->proxy)
- vpninfo->progress(vpninfo, PRG_TRACE, "Proxy from libproxy: %s://%s:%d/\n",
+ vpn_progress(vpninfo, PRG_TRACE, "Proxy from libproxy: %s://%s:%d/\n",
vpninfo->proxy_type, vpninfo->proxy, vpninfo->port);
}
#endif
free(hostname);
if (err) {
- vpninfo->progress(vpninfo, PRG_ERR, "getaddrinfo failed for host '%s': %s\n",
+ vpn_progress(vpninfo, PRG_ERR, "getaddrinfo failed for host '%s': %s\n",
hostname, gai_strerror(err));
return -EINVAL;
}
if (!getnameinfo(rp->ai_addr, rp->ai_addrlen, host,
sizeof(host), NULL, 0, NI_NUMERICHOST))
- vpninfo->progress(vpninfo, PRG_INFO,
+ vpn_progress(vpninfo, PRG_INFO,
"Attempting to connect to %s%s%s:%s\n",
rp->ai_family == AF_INET6?"[":"",
host,
use it again later */
vpninfo->peer_addr = malloc(rp->ai_addrlen);
if (!vpninfo->peer_addr) {
- vpninfo->progress(vpninfo, PRG_ERR, "Failed to allocate sockaddr storage\n");
+ vpn_progress(vpninfo, PRG_ERR, "Failed to allocate sockaddr storage\n");
close(ssl_sock);
return -ENOMEM;
}
freeaddrinfo(result);
if (ssl_sock < 0) {
- vpninfo->progress(vpninfo, PRG_ERR, "Failed to connect to host %s\n",
+ vpn_progress(vpninfo, PRG_ERR, "Failed to connect to host %s\n",
vpninfo->proxy?:vpninfo->hostname);
return -EINVAL;
}
if (vpninfo->cert) {
err = load_certificate(vpninfo);
if (err) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Loading certificate failed. Aborting.\n");
return err;
}
if (vpninfo->cafile) {
if (!SSL_CTX_load_verify_locations(vpninfo->https_ctx, vpninfo->cafile, NULL)) {
- vpninfo->progress(vpninfo, PRG_ERR, "Failed to open CA file '%s'\n",
+ vpn_progress(vpninfo, PRG_ERR, "Failed to open CA file '%s'\n",
vpninfo->cafile);
report_ssl_errors(vpninfo);
close(ssl_sock);
https_bio = BIO_new_socket(ssl_sock, BIO_NOCLOSE);
SSL_set_bio(https_ssl, https_bio, https_bio);
- vpninfo->progress(vpninfo, PRG_INFO,
+ vpn_progress(vpninfo, PRG_INFO,
"SSL negotiation with %s\n", vpninfo->hostname);
if (SSL_connect(https_ssl) <= 0) {
- vpninfo->progress(vpninfo, PRG_ERR, "SSL connection failure\n");
+ vpn_progress(vpninfo, PRG_ERR, "SSL connection failure\n");
report_ssl_errors(vpninfo);
SSL_free(https_ssl);
close(ssl_sock);
vpninfo->ssl_fd = ssl_sock;
vpninfo->https_ssl = https_ssl;
- vpninfo->progress(vpninfo, PRG_INFO,
+ vpn_progress(vpninfo, PRG_INFO,
"Connected to HTTPS on %s\n", vpninfo->hostname);
return 0;
if (statvfs(vpninfo->sslkey, &buf)) {
int err = errno;
- vpninfo->progress(vpninfo, PRG_ERR, "statvfs: %s\n", strerror(errno));
+ vpn_progress(vpninfo, PRG_ERR, "statvfs: %s\n", strerror(errno));
return -err;
}
if (asprintf(&vpninfo->cert_password, "%lx", buf.f_fsid))
if (statfs(vpninfo->sslkey, &buf)) {
int err = errno;
- vpninfo->progress(vpninfo, PRG_ERR, "statfs: %s\n", strerror(errno));
+ vpn_progress(vpninfo, PRG_ERR, "statfs: %s\n", strerror(errno));
return -err;
}
fsid64 = ((unsigned long long)fsid[0] << 32) | fsid[1];
static int local_config_tun(struct openconnect_info *vpninfo, int mtu_only)
{
if (!mtu_only)
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"No vpnc-script configured. Need Solaris IP-setting code\n");
return 0;
}
slash = strchr(route, '/');
if (!slash) {
badinc:
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Discard bad split %sclude: \"%s\"\n",
in_ex, route);
return -EINVAL;
{
if (system(vpninfo->vpnc_script)) {
int e = errno;
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Failed to spawn script '%s': %s\n",
vpninfo->vpnc_script, strerror(e));
return -e;
if (errno != -ENOENT)
tunerr = errno;
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Failed to open tun device: %s\n",
strerror(tunerr));
exit(1);
strncpy(ifr.ifr_name, vpninfo->ifname,
sizeof(ifr.ifr_name) - 1);
if (ioctl(tun_fd, TUNSETIFF, (void *) &ifr) < 0) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"TUNSETIFF failed: %s\n",
strerror(errno));
exit(1);
return -EIO;
}
/* Solaris tunctl needs this in order to tear it down */
- vpninfo->progress(vpninfo, PRG_DEBUG, "mux id is %d\n", mux_id);
+ vpn_progress(vpninfo, PRG_DEBUG, "mux id is %d\n", mux_id);
vpninfo->tun_muxid = mux_id;
vpninfo->ip_fd = ip_fd;
static int complained = 0;
if (!complained) {
complained = 1;
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Unknown packet (len %d) received: %02x %02x %02x %02x...\n",
len, data[0], data[1], data[2], data[3]);
}
if (vpninfo->vpnc_script) {
setenv("reason", "disconnect", 1);
if (system(vpninfo->vpnc_script) == -1) {
- vpninfo->progress(vpninfo, PRG_ERR,
+ vpn_progress(vpninfo, PRG_ERR,
"Failed to spawn script '%s': %s\n",
vpninfo->vpnc_script,
strerror(errno));
for (i = 0; i < SHA_DIGEST_LENGTH; i++)
sprintf(&vpninfo->xmlsha1[i*2], "%02x", sha1[i]);
- vpninfo->progress(vpninfo, PRG_TRACE, "XML config file SHA1: %s\n", vpninfo->xmlsha1);
+ vpn_progress(vpninfo, PRG_TRACE, "XML config file SHA1: %s\n", vpninfo->xmlsha1);
xml_doc = xmlReadMemory(xmlfile, st.st_size, "noname.xml", NULL, 0);
munmap(xmlfile, st.st_size);