#include "openconnect.h"
-#if defined (OPENCONNECT_OPENSSL)
+#if defined (OPENCONNECT_OPENSSL) || defined(DTLS_OPENSSL)
#include <openssl/ssl.h>
-#elif defined (OPENCONNECT_GNUTLS)
+#include <openssl/err.h>
+/* Ick */
+#if OPENSSL_VERSION_NUMBER >= 0x00909000L
+#define method_const const
+#else
+#define method_const
+#endif
+#endif /* OPENSSL */
+
+#if defined (OPENCONNECT_GNUTLS)
#include <gnutls/gnutls.h>
+#include <gnutls/abstract.h>
#include <gnutls/x509.h>
+#ifdef HAVE_TROUSERS
+#include <trousers/tss.h>
+#include <trousers/trousers.h>
+#endif
#endif
#include <zlib.h>
#include LIBPROXY_HDR
#endif
+#ifdef LIBSTOKEN_HDR
+#include LIBSTOKEN_HDR
+#endif
+
#ifdef ENABLE_NLS
#include <locale.h>
#include <libintl.h>
#endif
#define N_(s) s
+#include <libxml/tree.h>
+
#define SHA1_SIZE 20
#define MD5_SIZE 16
struct split_include *next;
};
+struct pin_cache {
+ struct pin_cache *next;
+ char *token;
+ char *pin;
+};
+
#define RECONNECT_INTERVAL_MIN 10
#define RECONNECT_INTERVAL_MAX 100
#define CERT_TYPE_PKCS12 2
#define CERT_TYPE_TPM 3
+#define REDIR_TYPE_NONE 0
+#define REDIR_TYPE_NEWHOST 1
+#define REDIR_TYPE_LOCAL 2
+
struct openconnect_info {
char *redirect_url;
+ int redirect_type;
+ const char *csd_xmltag;
+ const char *platname;
char *csd_token;
char *csd_ticket;
char *csd_stuburl;
char *csd_preurl;
char *csd_scriptname;
+ xmlNode *opaque_srvdata;
#ifdef LIBPROXY_HDR
pxProxyFactory *proxy_factory;
int uid_csd_given;
int no_http_keepalive;
+#ifdef LIBSTOKEN_HDR
+ struct stoken_ctx *stoken_ctx;
+#endif
+ int use_stoken;
+ int stoken_bypassed;
+ int stoken_tries;
+ time_t stoken_time;
+ char *stoken_pin;
+
OPENCONNECT_X509 *peer_cert;
char *cookie; /* Pointer to within cookies list */
#elif defined(OPENCONNECT_GNUTLS)
gnutls_session_t https_sess;
gnutls_certificate_credentials_t https_cred;
+ struct pin_cache *pin_cache;
+#ifdef HAVE_TROUSERS
+ TSS_HCONTEXT tpm_context;
+ TSS_HKEY srk;
+ TSS_HPOLICY srk_policy;
+ TSS_HKEY tpm_key;
+ TSS_HPOLICY tpm_key_policy;
#endif
+#ifndef HAVE_GNUTLS_CERTIFICATE_SET_KEY
+#ifdef HAVE_P11KIT
+ gnutls_pkcs11_privkey_t my_p11key;
+#endif
+ gnutls_privkey_t my_pkey;
+ gnutls_x509_crt_t *my_certs;
+ unsigned int nr_my_certs;
+#endif
+#endif /* OPENCONNECT_GNUTLS */
struct keepalive_info ssl_times;
int owe_ssl_dpd_response;
struct pkt *deflate_pkt;
int reconnect_interval;
int dtls_attempt_period;
time_t new_dtls_started;
-#if defined(OPENCONNECT_OPENSSL)
+#if defined(DTLS_OPENSSL)
SSL_CTX *dtls_ctx;
SSL *dtls_ssl;
SSL *new_dtls_ssl;
SSL_SESSION *dtls_session;
-#elif defined(OPENCONNECT_GNUTLS)
+#elif defined(DTLS_GNUTLS)
/* Call these *_ssl rather than *_sess because they're just
pointers, and generic code (in mainloop.c for example)
wants to check if they're NULL or not. No point in being
int script_tun;
char *ifname;
- int mtu, basemtu;
+ int actual_mtu;
+ int reqmtu, basemtu;
const char *banner;
const char *vpn_addr;
const char *vpn_netmask;
struct sockaddr *peer_addr;
struct sockaddr *dtls_addr;
+ int dtls_local_port;
+
int deflate;
char *useragent;
openconnect_progress_vfn progress;
};
-#if (defined (OPENCONNECT_OPENSSL) && defined (SSL_OP_CISCO_ANYCONNECT)) || \
- (defined(OPENCONNECT_GNUTLS) && defined (HAVE_GNUTLS_SESSION_SET_PREMASTER))
+#if (defined (DTLS_OPENSSL) && defined (SSL_OP_CISCO_ANYCONNECT)) || \
+ (defined (DTLS_GNUTLS) && defined (HAVE_GNUTLS_SESSION_SET_PREMASTER))
#define HAVE_DTLS 1
#endif
#define AC_PKT_COMPRESSED 8 /* Compressed data */
#define AC_PKT_TERM_SERVER 9 /* Server kick */
-/* Ick */
-#if OPENSSL_VERSION_NUMBER >= 0x00909000L
-#define method_const const
-#else
-#define method_const
-#endif
-
#define vpn_progress(vpninfo, ...) (vpninfo)->progress ((vpninfo)->cbdata, __VA_ARGS__)
/****************************************************************************/
#define getline openconnect__getline
ssize_t openconnect__getline(char **lineptr, size_t *n, FILE *stream);
#endif
+#ifndef HAVE_STRCASESTR
+#define strcasestr openconnect__strcasestr
+char *openconnect__strcasestr(const char *haystack, const char *needle);
+#endif
/****************************************************************************/
/* ssl.c */
int connect_https_socket(struct openconnect_info *vpninfo);
-int request_passphrase(struct openconnect_info *vpninfo,
+int request_passphrase(struct openconnect_info *vpninfo, const char *label,
char **response, const char *fmt, ...);
int __attribute__ ((format (printf, 2, 3)))
openconnect_SSL_printf(struct openconnect_info *vpninfo, const char *fmt, ...);
+int openconnect_print_err_cb(const char *str, size_t len, void *ptr);
+#define openconnect_report_ssl_errors(v) ERR_print_errors_cb(openconnect_print_err_cb, (v))
+#ifdef FAKE_ANDROID_KEYSTORE
+#define ANDROID_KEYSTORE
+#endif
+#ifdef ANDROID_KEYSTORE
+char *keystore_strerror(int err);
+int keystore_fetch(const char *key, unsigned char **result);
+#endif
/* ${SSL_LIBRARY}.c */
int openconnect_SSL_gets(struct openconnect_info *vpninfo, char *buf, size_t len);
int openconnect_SSL_write(struct openconnect_info *vpninfo, char *buf, size_t len);
int openconnect_SSL_read(struct openconnect_info *vpninfo, char *buf, size_t len);
int openconnect_open_https(struct openconnect_info *vpninfo);
-void openconnect_close_https(struct openconnect_info *vpninfo);
+void openconnect_close_https(struct openconnect_info *vpninfo, int final);
int get_cert_md5_fingerprint(struct openconnect_info *vpninfo, OPENCONNECT_X509 *cert,
char *buf);
-/* This one is actually OpenSSL-specific */
-void openconnect_report_ssl_errors(struct openconnect_info *vpninfo);
int openconnect_sha1(unsigned char *result, void *data, int len);
int openconnect_random(void *bytes, int len);
int openconnect_local_cert_md5(struct openconnect_info *vpninfo,
int queue_new_packet(struct pkt **q, void *buf, int len);
void queue_packet(struct pkt **q, struct pkt *new);
int keepalive_action(struct keepalive_info *ka, int *timeout);
-int ka_stalled_dpd_time(struct keepalive_info *ka, int *timeout);
+int ka_stalled_action(struct keepalive_info *ka, int *timeout);
extern int killed;
int config_lookup_host(struct openconnect_info *vpninfo, const char *host);
/* auth.c */
-int parse_xml_response(struct openconnect_info *vpninfo, char *response,
- char *request_body, int req_len, const char **method,
- const char **request_body_type);
+int parse_xml_response(struct openconnect_info *vpninfo, char *response, struct oc_auth_form **form);
+int handle_auth_form(struct openconnect_info *vpninfo, struct oc_auth_form *form,
+ char *request_body, int req_len, const char **method,
+ const char **request_body_type, int xmlpost);
+void free_auth_form(struct oc_auth_form *form);
+int xmlpost_initial_req(struct openconnect_info *vpninfo, char *request_body, int req_len);
+int prepare_stoken(struct openconnect_info *vpninfo);
/* http.c */
char *openconnect_create_useragent(const char *base);
/* ssl_ui.c */
int set_openssl_ui(void);
-/* securid.c */
-int generate_securid_tokencodes(struct openconnect_info *vpninfo);
-int add_securid_pin(char *token, char *pin);
-
/* version.c */
extern const char *openconnect_version_str;