openconnect-internal.h

   1 /*
   2  * OpenConnect (SSL + DTLS) VPN client
   3  *
   4  * Copyright © 2008-2011 Intel Corporation.
   5  * Copyright © 2008 Nick Andrew <nick@nick-andrew.net>
   6  *
   7  * Author: David Woodhouse <dwmw2@infradead.org>
   8  *
   9  * This program is free software; you can redistribute it and/or
  10  * modify it under the terms of the GNU Lesser General Public License
  11  * version 2.1, as published by the Free Software Foundation.
  12  *
  13  * This program is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * Lesser General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU Lesser General Public
  19  * License along with this library; if not, write to:
  20  *
  21  *   Free Software Foundation, Inc.
  22  *   51 Franklin Street, Fifth Floor,
  23  *   Boston, MA 02110-1301 USA
  24  */
  25
  26 #ifndef __OPENCONNECT_INTERNAL_H__
  27 #define __OPENCONNECT_INTERNAL_H__
  28
  29 #include "openconnect.h"
  30
  31 #include <openssl/ssl.h>
  32 #include <zlib.h>
  33 #include <stdint.h>
  34 #include <sys/socket.h>
  35 #include <sys/select.h>
  36 #include <sys/time.h>
  37 #include <sys/types.h>
  38 #include <unistd.h>
  39 #ifdef OPENCONNECT_LIBPROXY
  40 #include LIBPROXY_HDR
  41 #endif
  42
  43
  44 /****************************************************************************/
  45
  46 struct pkt {
  47         int len;
  48         struct pkt *next;
  49         unsigned char hdr[8];
  50         unsigned char data[];
  51 };
  52
  53 struct vpn_option {
  54         char *option;
  55         char *value;
  56         struct vpn_option *next;
  57 };
  58
  59 #define KA_NONE         0
  60 #define KA_DPD          1
  61 #define KA_DPD_DEAD     2
  62 #define KA_KEEPALIVE    3
  63 #define KA_REKEY        4
  64
  65 struct keepalive_info {
  66         int dpd;
  67         int keepalive;
  68         int rekey;
  69         time_t last_rekey;
  70         time_t last_tx;
  71         time_t last_rx;
  72         time_t last_dpd;
  73 };
  74
  75 struct split_include {
  76         char *route;
  77         struct split_include *next;
  78 };
  79
  80 #define RECONNECT_INTERVAL_MIN  10
  81 #define RECONNECT_INTERVAL_MAX  100
  82
  83 #define CERT_TYPE_UNKNOWN       0
  84 #define CERT_TYPE_PEM           1
  85 #define CERT_TYPE_PKCS12        2
  86 #define CERT_TYPE_TPM           3
  87
  88 struct openconnect_info {
  89         char *redirect_url;
  90
  91         char *csd_token;
  92         char *csd_ticket;
  93         char *csd_stuburl;
  94         char *csd_starturl;
  95         char *csd_waiturl;
  96         char *csd_preurl;
  97
  98         char *csd_scriptname;
  99
 100 #ifdef OPENCONNECT_LIBPROXY
 101         pxProxyFactory *proxy_factory;
 102 #endif
 103         char *proxy_type;
 104         char *proxy;
 105         int proxy_port;
 106
 107         const char *localname;
 108         char *hostname;
 109         int port;
 110         char *urlpath;
 111         const char *cert;
 112         const char *sslkey;
 113         X509 *cert_x509;
 114         int cert_type;
 115         char *cert_password;
 116         const char *cafile;
 117         const char *servercert;
 118         const char *xmlconfig;
 119         char xmlsha1[(SHA_DIGEST_LENGTH * 2) + 1];
 120         char *username;
 121         char *password;
 122         char *authgroup;
 123         int nopasswd;
 124         char *dtls_ciphers;
 125         uid_t uid_csd;
 126         char *csd_wrapper;
 127         int uid_csd_given;
 128         int no_http_keepalive;
 129
 130         char *cookie; /* Pointer to within cookies list */
 131         struct vpn_option *cookies;
 132         struct vpn_option *cstp_options;
 133         struct vpn_option *dtls_options;
 134
 135         SSL_CTX *https_ctx;
 136         SSL *https_ssl;
 137         struct keepalive_info ssl_times;
 138         int owe_ssl_dpd_response;
 139         struct pkt *deflate_pkt;
 140         struct pkt *current_ssl_pkt;
 141
 142         z_stream inflate_strm;
 143         uint32_t inflate_adler32;
 144         z_stream deflate_strm;
 145         uint32_t deflate_adler32;
 146
 147         int disable_ipv6;
 148         int reconnect_timeout;
 149         int reconnect_interval;
 150         int dtls_attempt_period;
 151         time_t new_dtls_started;
 152         SSL_CTX *dtls_ctx;
 153         SSL *dtls_ssl;
 154         SSL *new_dtls_ssl;
 155         SSL_SESSION *dtls_session;
 156         struct keepalive_info dtls_times;
 157         unsigned char dtls_session_id[32];
 158         unsigned char dtls_secret[48];
 159
 160         char *dtls_cipher;
 161         char *vpnc_script;
 162         int script_tun;
 163         char *ifname;
 164
 165         int mtu;
 166         const char *banner;
 167         const char *vpn_addr;
 168         const char *vpn_netmask;
 169         const char *vpn_addr6;
 170         const char *vpn_netmask6;
 171         const char *vpn_dns[3];
 172         const char *vpn_nbns[3];
 173         const char *vpn_domain;
 174         const char *vpn_proxy_pac;
 175         struct split_include *split_includes;
 176         struct split_include *split_excludes;
 177
 178         int select_nfds;
 179         fd_set select_rfds;
 180         fd_set select_wfds;
 181         fd_set select_efds;
 182
 183 #ifdef __sun__
 184         int ip_fd;
 185         int tun_muxid;
 186 #endif
 187         int tun_fd;
 188         int ssl_fd;
 189         int dtls_fd;
 190         int new_dtls_fd;
 191
 192         struct pkt *incoming_queue;
 193         struct pkt *outgoing_queue;
 194         int outgoing_qlen;
 195         int max_qlen;
 196
 197         socklen_t peer_addrlen;
 198         struct sockaddr *peer_addr;
 199         struct sockaddr *dtls_addr;
 200
 201         int deflate;
 202         char *useragent;
 203
 204         char *quit_reason;
 205
 206         int (*validate_peer_cert) (struct openconnect_info *vpninfo, X509 *cert, const char *reason);
 207         int (*write_new_config) (struct openconnect_info *vpninfo, char *buf, int buflen);
 208         int (*process_auth_form) (struct openconnect_info *vpninfo, struct oc_auth_form *form);
 209
 210         void __attribute__ ((format(printf, 3, 4)))
 211         (*progress) (struct openconnect_info *vpninfo, int level, const char *fmt, ...);
 212 };
 213
 214 /* Packet types */
 215
 216 #define AC_PKT_DATA             0       /* Uncompressed data */
 217 #define AC_PKT_DPD_OUT          3       /* Dead Peer Detection */
 218 #define AC_PKT_DPD_RESP         4       /* DPD response */
 219 #define AC_PKT_DISCONN          5       /* Client disconnection notice */
 220 #define AC_PKT_KEEPALIVE        7       /* Keepalive */
 221 #define AC_PKT_COMPRESSED       8       /* Compressed data */
 222 #define AC_PKT_TERM_SERVER      9       /* Server kick */
 223
 224 /* Ick */
 225 #if OPENSSL_VERSION_NUMBER >= 0x00909000L
 226 #define method_const const
 227 #else
 228 #define method_const
 229 #endif
 230
 231 /****************************************************************************/
 232
 233 /* tun.c */
 234 int setup_tun(struct openconnect_info *vpninfo);
 235 int tun_mainloop(struct openconnect_info *vpninfo, int *timeout);
 236 void shutdown_tun(struct openconnect_info *vpninfo);
 237
 238 /* dtls.c */
 239 unsigned char unhex(const char *data);
 240 int setup_dtls(struct openconnect_info *vpninfo);
 241 int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout);
 242 int dtls_try_handshake(struct openconnect_info *vpninfo);
 243 int connect_dtls_socket(struct openconnect_info *vpninfo);
 244
 245 /* cstp.c */
 246 int make_cstp_connection(struct openconnect_info *vpninfo);
 247 int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout);
 248 int cstp_bye(struct openconnect_info *vpninfo, char *reason);
 249 int cstp_reconnect(struct openconnect_info *vpninfo);
 250
 251 /* ssl.c */
 252 int  __attribute__ ((format (printf, 2, 3)))
 253                 openconnect_SSL_printf(SSL *ssl, const char *fmt, ...);
 254 int openconnect_SSL_gets(SSL *ssl, char *buf, size_t len);
 255 int openconnect_open_https(struct openconnect_info *vpninfo);
 256 void openconnect_close_https(struct openconnect_info *vpninfo);
 257 int get_cert_md5_fingerprint(struct openconnect_info *vpninfo, X509 *cert,
 258                              char *buf);
 259 void report_ssl_errors(struct openconnect_info *vpninfo);
 260
 261 /* mainloop.c */
 262 int vpn_add_pollfd(struct openconnect_info *vpninfo, int fd, short events);
 263 int vpn_mainloop(struct openconnect_info *vpninfo);
 264 int queue_new_packet(struct pkt **q, void *buf, int len);
 265 void queue_packet(struct pkt **q, struct pkt *new);
 266 int keepalive_action(struct keepalive_info *ka, int *timeout);
 267 int ka_stalled_dpd_time(struct keepalive_info *ka, int *timeout);
 268
 269 extern int killed;
 270
 271 /* xml.c */
 272 int config_lookup_host(struct openconnect_info *vpninfo, const char *host);
 273
 274 /* auth.c */
 275 int parse_xml_response(struct openconnect_info *vpninfo, char *response,
 276                        char *request_body, int req_len, char **method,
 277                        char **request_body_type);
 278
 279 /* http.c */
 280 char *openconnect_create_useragent(char *base);
 281 int process_proxy(struct openconnect_info *vpninfo, int ssl_sock);
 282 int internal_parse_url(char *url, char **res_proto, char **res_host,
 283                        int *res_port, char **res_path, int default_port);
 284
 285 /* ssl_ui.c */
 286 int set_openssl_ui(void);
 287
 288 /* securid.c */
 289 int generate_securid_tokencodes(struct openconnect_info *vpninfo);
 290 int add_securid_pin(char *token, char *pin);
 291
 292 /* version.c */
 293 extern char openconnect_version[];
 294
 295 #endif /* __OPENCONNECT_INTERNAL_H__ */