openconnect-internal.h

   1 /*
   2  * OpenConnect (SSL + DTLS) VPN client
   3  *
   4  * Copyright © 2008-2011 Intel Corporation.
   5  * Copyright © 2008 Nick Andrew <nick@nick-andrew.net>
   6  *
   7  * Author: David Woodhouse <dwmw2@infradead.org>
   8  *
   9  * This program is free software; you can redistribute it and/or
  10  * modify it under the terms of the GNU Lesser General Public License
  11  * version 2.1, as published by the Free Software Foundation.
  12  *
  13  * This program is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * Lesser General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU Lesser General Public
  19  * License along with this library; if not, write to:
  20  *
  21  *   Free Software Foundation, Inc.
  22  *   51 Franklin Street, Fifth Floor,
  23  *   Boston, MA 02110-1301 USA
  24  */
  25
  26 #ifndef __OPENCONNECT_INTERNAL_H__
  27 #define __OPENCONNECT_INTERNAL_H__
  28
  29 #include "openconnect.h"
  30
  31 #include <openssl/ssl.h>
  32 #include <zlib.h>
  33 #include <stdint.h>
  34 #include <sys/socket.h>
  35 #include <sys/select.h>
  36 #include <sys/time.h>
  37 #include <sys/types.h>
  38 #include <unistd.h>
  39 #ifdef OPENCONNECT_LIBPROXY
  40 #include LIBPROXY_HDR
  41 #endif
  42
  43
  44 /****************************************************************************/
  45
  46 struct pkt {
  47         int len;
  48         struct pkt *next;
  49         unsigned char hdr[8];
  50         unsigned char data[];
  51 };
  52
  53 struct vpn_option {
  54         char *option;
  55         char *value;
  56         struct vpn_option *next;
  57 };
  58
  59 #define KA_NONE         0
  60 #define KA_DPD          1
  61 #define KA_DPD_DEAD     2
  62 #define KA_KEEPALIVE    3
  63 #define KA_REKEY        4
  64
  65 struct keepalive_info {
  66         int dpd;
  67         int keepalive;
  68         int rekey;
  69         time_t last_rekey;
  70         time_t last_tx;
  71         time_t last_rx;
  72         time_t last_dpd;
  73 };
  74
  75 struct split_include {
  76         char *route;
  77         struct split_include *next;
  78 };
  79
  80 #define RECONNECT_INTERVAL_MIN  10
  81 #define RECONNECT_INTERVAL_MAX  100
  82
  83 #define CERT_TYPE_UNKNOWN       0
  84 #define CERT_TYPE_PEM           1
  85 #define CERT_TYPE_PKCS12        2
  86 #define CERT_TYPE_TPM           3
  87
  88 struct openconnect_info {
  89         char *redirect_url;
  90
  91         char *csd_token;
  92         char *csd_ticket;
  93         char *csd_stuburl;
  94         char *csd_starturl;
  95         char *csd_waiturl;
  96         char *csd_preurl;
  97
  98         char *csd_scriptname;
  99
 100         char *vpn_name;
 101
 102 #ifdef OPENCONNECT_LIBPROXY
 103         pxProxyFactory *proxy_factory;
 104 #endif
 105         char *proxy_type;
 106         char *proxy;
 107         int proxy_port;
 108
 109         const char *localname;
 110         char *hostname;
 111         int port;
 112         char *urlpath;
 113         const char *cert;
 114         const char *sslkey;
 115         X509 *cert_x509;
 116         int cert_type;
 117         char *cert_password;
 118         const char *cafile;
 119         const char *servercert;
 120         const char *xmlconfig;
 121         char xmlsha1[(SHA_DIGEST_LENGTH * 2) + 1];
 122         char *username;
 123         char *password;
 124         char *authgroup;
 125         int nopasswd;
 126         char *dtls_ciphers;
 127         uid_t uid_csd;
 128         char *csd_wrapper;
 129         int uid_csd_given;
 130         int no_http_keepalive;
 131
 132         char *cookie;
 133         struct vpn_option *cookies;
 134         struct vpn_option *cstp_options;
 135         struct vpn_option *dtls_options;
 136
 137         SSL_CTX *https_ctx;
 138         SSL *https_ssl;
 139         struct keepalive_info ssl_times;
 140         int owe_ssl_dpd_response;
 141         struct pkt *deflate_pkt;
 142         struct pkt *current_ssl_pkt;
 143
 144         z_stream inflate_strm;
 145         uint32_t inflate_adler32;
 146         z_stream deflate_strm;
 147         uint32_t deflate_adler32;
 148
 149         int disable_ipv6;
 150         int reconnect_timeout;
 151         int reconnect_interval;
 152         int dtls_attempt_period;
 153         time_t new_dtls_started;
 154         SSL_CTX *dtls_ctx;
 155         SSL *dtls_ssl;
 156         SSL *new_dtls_ssl;
 157         SSL_SESSION *dtls_session;
 158         struct keepalive_info dtls_times;
 159         unsigned char dtls_session_id[32];
 160         unsigned char dtls_secret[48];
 161
 162         char *dtls_cipher;
 163         char *vpnc_script;
 164         int script_tun;
 165         char *ifname;
 166
 167         int mtu;
 168         const char *banner;
 169         const char *vpn_addr;
 170         const char *vpn_netmask;
 171         const char *vpn_addr6;
 172         const char *vpn_netmask6;
 173         const char *vpn_dns[3];
 174         const char *vpn_nbns[3];
 175         const char *vpn_domain;
 176         const char *vpn_proxy_pac;
 177         struct split_include *split_includes;
 178         struct split_include *split_excludes;
 179
 180         int select_nfds;
 181         fd_set select_rfds;
 182         fd_set select_wfds;
 183         fd_set select_efds;
 184
 185 #ifdef __sun__
 186         int ip_fd;
 187         int tun_muxid;
 188 #endif
 189         int tun_fd;
 190         int ssl_fd;
 191         int dtls_fd;
 192         int new_dtls_fd;
 193
 194         struct pkt *incoming_queue;
 195         struct pkt *outgoing_queue;
 196         int outgoing_qlen;
 197         int max_qlen;
 198
 199         socklen_t peer_addrlen;
 200         struct sockaddr *peer_addr;
 201         struct sockaddr *dtls_addr;
 202
 203         int deflate;
 204         char *useragent;
 205
 206         char *quit_reason;
 207
 208         int (*validate_peer_cert) (struct openconnect_info *vpninfo, X509 *cert, const char *reason);
 209         int (*write_new_config) (struct openconnect_info *vpninfo, char *buf, int buflen);
 210         int (*process_auth_form) (struct openconnect_info *vpninfo, struct oc_auth_form *form);
 211
 212         void __attribute__ ((format(printf, 3, 4)))
 213         (*progress) (struct openconnect_info *vpninfo, int level, const char *fmt, ...);
 214 };
 215
 216 /* Packet types */
 217
 218 #define AC_PKT_DATA             0       /* Uncompressed data */
 219 #define AC_PKT_DPD_OUT          3       /* Dead Peer Detection */
 220 #define AC_PKT_DPD_RESP         4       /* DPD response */
 221 #define AC_PKT_DISCONN          5       /* Client disconnection notice */
 222 #define AC_PKT_KEEPALIVE        7       /* Keepalive */
 223 #define AC_PKT_COMPRESSED       8       /* Compressed data */
 224 #define AC_PKT_TERM_SERVER      9       /* Server kick */
 225
 226 /* Ick */
 227 #if OPENSSL_VERSION_NUMBER >= 0x00909000L
 228 #define method_const const
 229 #else
 230 #define method_const
 231 #endif
 232
 233 /****************************************************************************/
 234
 235 /* tun.c */
 236 int setup_tun(struct openconnect_info *vpninfo);
 237 int tun_mainloop(struct openconnect_info *vpninfo, int *timeout);
 238 void shutdown_tun(struct openconnect_info *vpninfo);
 239
 240 /* dtls.c */
 241 unsigned char unhex(const char *data);
 242 int setup_dtls(struct openconnect_info *vpninfo);
 243 int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout);
 244 int dtls_try_handshake(struct openconnect_info *vpninfo);
 245 int connect_dtls_socket(struct openconnect_info *vpninfo);
 246
 247 /* cstp.c */
 248 int make_cstp_connection(struct openconnect_info *vpninfo);
 249 int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout);
 250 int cstp_bye(struct openconnect_info *vpninfo, char *reason);
 251 int cstp_reconnect(struct openconnect_info *vpninfo);
 252
 253 /* ssl.c */
 254 int  __attribute__ ((format (printf, 2, 3)))
 255                 openconnect_SSL_printf(SSL *ssl, const char *fmt, ...);
 256 int openconnect_SSL_gets(SSL *ssl, char *buf, size_t len);
 257 int openconnect_open_https(struct openconnect_info *vpninfo);
 258 int get_cert_md5_fingerprint(struct openconnect_info *vpninfo, X509 *cert,
 259                              char *buf);
 260 void report_ssl_errors(struct openconnect_info *vpninfo);
 261
 262 /* mainloop.c */
 263 int vpn_add_pollfd(struct openconnect_info *vpninfo, int fd, short events);
 264 int vpn_mainloop(struct openconnect_info *vpninfo);
 265 int queue_new_packet(struct pkt **q, void *buf, int len);
 266 void queue_packet(struct pkt **q, struct pkt *new);
 267 int keepalive_action(struct keepalive_info *ka, int *timeout);
 268 int ka_stalled_dpd_time(struct keepalive_info *ka, int *timeout);
 269
 270 extern int killed;
 271
 272 /* xml.c */
 273 int config_lookup_host(struct openconnect_info *vpninfo, const char *host);
 274
 275 /* auth.c */
 276 int parse_xml_response(struct openconnect_info *vpninfo, char *response,
 277                        char *request_body, int req_len, char **method,
 278                        char **request_body_type);
 279
 280 /* http.c */
 281 int process_proxy(struct openconnect_info *vpninfo, int ssl_sock);
 282
 283 /* ssl_ui.c */
 284 int set_openssl_ui(void);
 285
 286 /* securid.c */
 287 int generate_securid_tokencodes(struct openconnect_info *vpninfo);
 288 int add_securid_pin(char *token, char *pin);
 289
 290 /* version.c */
 291 extern char openconnect_version[];
 292
 293 #endif /* __OPENCONNECT_INTERNAL_H__ */