Skip to content

Commit

Permalink
Merge OpenConnect v5.03 bugfix
Browse files Browse the repository at this point in the history
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Feb 3, 2014
2 parents 2916f06 + 1df2832 commit 0b6dfb2
Show file tree
Hide file tree
Showing 30 changed files with 3,321 additions and 728 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Expand Up @@ -5,6 +5,7 @@ version.c
.*.h.dep
*.o
/libopenconnect.la
/libopenconnect-wrapper.la
/*.lo
/.libs/
/cscope.*
Expand Down
25 changes: 19 additions & 6 deletions Makefile.am
View file
Expand Up @@ -11,13 +11,14 @@ lib_LTLIBRARIES = libopenconnect.la
sbin_PROGRAMS = openconnect
man8_MANS = openconnect.8

AM_CFLAGS = @WFLAGS@
AM_CPPFLAGS = -DLOCALEDIR="\"$(localedir)\""
openconnect_SOURCES = xml.c main.c dtls.c cstp.c mainloop.c tun.c

openconnect_CFLAGS = $(SSL_CFLAGS) $(DTLS_SSL_CFLAGS) $(LIBXML2_CFLAGS) $(LIBPROXY_CFLAGS) $(ZLIB_CFLAGS) $(LIBSTOKEN_CFLAGS) $(LIBOATH_CFLAGS)
openconnect_LDADD = libopenconnect.la $(SSL_LIBS) $(DTLS_SSL_LIBS) $(LIBXML2_LIBS) $(LIBPROXY_LIBS) $(ZLIB_LIBS) $(LIBINTL) $(LIBSTOKEN_LIBS) $(LIBOATH_LIBS)
openconnect_SOURCES = xml.c main.c
openconnect_CFLAGS = $(AM_CFLAGS) $(SSL_CFLAGS) $(DTLS_SSL_CFLAGS) $(LIBXML2_CFLAGS) $(LIBPROXY_CFLAGS) $(ZLIB_CFLAGS) $(LIBSTOKEN_CFLAGS) $(LIBOATH_CFLAGS)
openconnect_LDADD = libopenconnect.la $(LIBXML2_LIBS) $(LIBPROXY_LIBS) $(LIBINTL)

library_srcs = ssl.c http.c auth.c library.c compat.c
library_srcs = ssl.c http.c auth.c library.c compat.c dtls.c cstp.c mainloop.c tun.c
lib_srcs_gnutls = gnutls.c gnutls_pkcs12.c gnutls_tpm.c
lib_srcs_openssl = openssl.c

Expand All @@ -30,8 +31,8 @@ if OPENCONNECT_OPENSSL
library_srcs += $(lib_srcs_openssl)
endif
libopenconnect_la_SOURCES = version.c $(library_srcs)
libopenconnect_la_CFLAGS = $(SSL_CFLAGS) $(LIBXML2_CFLAGS) $(LIBPROXY_CFLAGS) $(P11KIT_CFLAGS) $(TSS_CFLAGS) $(LIBSTOKEN_CFLAGS) $(LIBOATH_CFLAGS)
libopenconnect_la_LIBADD = $(SSL_LIBS) $(LIBXML2_LIBS) $(LIBPROXY_LIBS) $(LIBINTL) $(P11KIT_LIBS) $(TSS_LIBS) $(LIBSTOKEN_LIBS) $(LIBOATH_LIBS)
libopenconnect_la_CFLAGS = $(AM_CFLAGS) $(SSL_CFLAGS) $(DTLS_SSL_CFLAGS) $(LIBXML2_CFLAGS) $(LIBPROXY_CFLAGS) $(ZLIB_CFLAGS) $(P11KIT_CFLAGS) $(TSS_CFLAGS) $(LIBSTOKEN_CFLAGS) $(LIBOATH_CFLAGS)
libopenconnect_la_LIBADD = $(SSL_LIBS) $(DTLS_SSL_LIBS) $(LIBXML2_LIBS) $(LIBPROXY_LIBS) $(ZLIB_LIBS) $(LIBINTL) $(P11KIT_LIBS) $(TSS_LIBS) $(LIBSTOKEN_LIBS) $(LIBOATH_LIBS)
if OPENBSD_LIBTOOL
# OpenBSD's libtool doesn't have -version-number, but its -version-info arg
# does what GNU libtool's -version-number does. Which arguably is what the
Expand All @@ -48,6 +49,18 @@ libopenconnect_la_LDFLAGS += -Wl,@VERSION_SCRIPT_ARG@,libopenconnect.map
libopenconnect_la_DEPENDENCIES = libopenconnect.map
endif

if OPENCONNECT_JNI
if JNI_STANDALONE
libopenconnect_la_SOURCES += jni.c
libopenconnect_la_CFLAGS += $(JNI_CFLAGS) -Wno-missing-declarations
else
lib_LTLIBRARIES += libopenconnect-wrapper.la
libopenconnect_wrapper_la_SOURCES = jni.c
libopenconnect_wrapper_la_CFLAGS = $(AM_CFLAGS) $(JNI_CFLAGS) -Wno-missing-declarations
libopenconnect_wrapper_la_LIBADD = libopenconnect.la
endif
endif

pkgconfig_DATA = openconnect.pc

EXTRA_DIST = version.sh COPYING.LGPL $(lib_srcs_openssl) $(lib_srcs_gnutls)
Expand Down
125 changes: 125 additions & 0 deletions acinclude.m4
View file
Expand Up @@ -59,3 +59,128 @@ AC_DEFUN([AS_COMPILER_FLAGS],
fi
$1="$$1 $flags_supported"
])

# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_jni_include_dir.html
# ===========================================================================
#
# SYNOPSIS
#
# AX_JNI_INCLUDE_DIR
#
# DESCRIPTION
#
# AX_JNI_INCLUDE_DIR finds include directories needed for compiling
# programs using the JNI interface.
#
# JNI include directories are usually in the Java distribution. This is
# deduced from the value of $JAVA_HOME, $JAVAC, or the path to "javac",
# in that order. When this macro completes, a list of directories is left
# in the variable JNI_INCLUDE_DIRS.
#
# Example usage follows:
#
# AX_JNI_INCLUDE_DIR
#
# for JNI_INCLUDE_DIR in $JNI_INCLUDE_DIRS
# do
# CPPFLAGS="$CPPFLAGS -I$JNI_INCLUDE_DIR"
# done
#
# If you want to force a specific compiler:
#
# - at the configure.in level, set JAVAC=yourcompiler before calling
# AX_JNI_INCLUDE_DIR
#
# - at the configure level, setenv JAVAC
#
# Note: This macro can work with the autoconf M4 macros for Java programs.
# This particular macro is not part of the original set of macros.
#
# LICENSE
#
# Copyright (c) 2008 Don Anderson <dda@sleepycat.com>
#
# Copying and distribution of this file, with or without modification, are
# permitted in any medium without royalty provided the copyright notice
# and this notice are preserved. This file is offered as-is, without any
# warranty.

AU_ALIAS([AC_JNI_INCLUDE_DIR], [AX_JNI_INCLUDE_DIR])
AC_DEFUN([AX_JNI_INCLUDE_DIR],[
JNI_INCLUDE_DIRS=""
if test "x$JAVA_HOME" != x; then
_JTOPDIR="$JAVA_HOME"
else
if test "x$JAVAC" = x; then
JAVAC=javac
fi
AC_PATH_PROG([_ACJNI_JAVAC], [$JAVAC], [no])
if test "x$_ACJNI_JAVAC" = xno; then
AC_MSG_ERROR([cannot find JDK; try setting \$JAVAC or \$JAVA_HOME])
fi
_ACJNI_FOLLOW_SYMLINKS("$_ACJNI_JAVAC")
_JTOPDIR=`echo "$_ACJNI_FOLLOWED" | sed -e 's://*:/:g' -e 's:/[[^/]]*$::'`
fi
case "$host_os" in
darwin*) _JTOPDIR=`echo "$_JTOPDIR" | sed -e 's:/[[^/]]*$::'`
_JINC="$_JTOPDIR/Headers";;
*) _JINC="$_JTOPDIR/include";;
esac
_AS_ECHO_LOG([_JTOPDIR=$_JTOPDIR])
_AS_ECHO_LOG([_JINC=$_JINC])
# On Mac OS X 10.6.4, jni.h is a symlink:
# /System/Library/Frameworks/JavaVM.framework/Versions/Current/Headers/jni.h
# -> ../../CurrentJDK/Headers/jni.h.
AC_CHECK_FILE([$_JINC/jni.h],
[JNI_INCLUDE_DIRS="$JNI_INCLUDE_DIRS $_JINC"],
[_JTOPDIR=`echo "$_JTOPDIR" | sed -e 's:/[[^/]]*$::'`
AC_CHECK_FILE([$_JTOPDIR/include/jni.h],
[JNI_INCLUDE_DIRS="$JNI_INCLUDE_DIRS $_JTOPDIR/include"],
AC_MSG_ERROR([cannot find JDK header files]))
])
# get the likely subdirectories for system specific java includes
case "$host_os" in
bsdi*) _JNI_INC_SUBDIRS="bsdos";;
freebsd*) _JNI_INC_SUBDIRS="freebsd";;
linux*) _JNI_INC_SUBDIRS="linux genunix";;
osf*) _JNI_INC_SUBDIRS="alpha";;
solaris*) _JNI_INC_SUBDIRS="solaris";;
mingw*) _JNI_INC_SUBDIRS="win32";;
cygwin*) _JNI_INC_SUBDIRS="win32";;
*) _JNI_INC_SUBDIRS="genunix";;
esac
# add any subdirectories that are present
for JINCSUBDIR in $_JNI_INC_SUBDIRS
do
if test -d "$_JTOPDIR/include/$JINCSUBDIR"; then
JNI_INCLUDE_DIRS="$JNI_INCLUDE_DIRS $_JTOPDIR/include/$JINCSUBDIR"
fi
done
])

# _ACJNI_FOLLOW_SYMLINKS <path>
# Follows symbolic links on <path>,
# finally setting variable _ACJNI_FOLLOWED
# ----------------------------------------
AC_DEFUN([_ACJNI_FOLLOW_SYMLINKS],[
# find the include directory relative to the javac executable
_cur="$1"
while ls -ld "$_cur" 2>/dev/null | grep " -> " >/dev/null; do
AC_MSG_CHECKING([symlink for $_cur])
_slink=`ls -ld "$_cur" | sed 's/.* -> //'`
case "$_slink" in
/*) _cur="$_slink";;
# 'X' avoids triggering unwanted echo options.
*) _cur=`echo "X$_cur" | sed -e 's/^X//' -e 's:[[^/]]*$::'`"$_slink";;
esac
AC_MSG_RESULT([$_cur])
done
_ACJNI_FOLLOWED="$_cur"
])# _ACJNI
33 changes: 33 additions & 0 deletions android/0001-Remove-call-to-mlockall.patch
View file
@@ -0,0 +1,33 @@
From aecf4b5e1bb335a41ea00c99c771dfa889ce314b Mon Sep 17 00:00:00 2001
From: Kevin Cernekee <cernekee@gmail.com>
Date: Sun, 11 Aug 2013 13:26:39 -0700
Subject: [PATCH] Remove call to mlockall()

This patch against v0.2 allows for building stoken on Android, without
rerunning autotools.

Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
---
src/common.c | 6 ------
1 file changed, 6 deletions(-)

diff --git a/src/common.c b/src/common.c
index d2d22f1..4711696 100644
--- a/src/common.c
+++ b/src/common.c
@@ -331,12 +331,6 @@ int common_init(char *cmd)
struct securid_token *t;
int is_import = !strcmp(cmd, "import");

- /*
- * we don't actually scrub memory, but at least try to keep the seeds
- * from being swapped out to disk
- */
- mlockall(MCL_CURRENT | MCL_FUTURE);
-
cfg = xzalloc(sizeof(*cfg));
if (__stoken_read_rcfile(opt_rcfile, cfg, &warn) != ERR_NONE)
__stoken_zap_rcfile_data(cfg);
--
1.7.9.5

43 changes: 43 additions & 0 deletions android/0001-fflush-freadahead-fseeko-Fix-for-Android.patch
View file
@@ -0,0 +1,43 @@
fflush, freadahead, and fseeko have trouble compiling on Android[1]
because they need access to internal elements of the FILE struct.
Bionic libc[2], like OpenBSD libc[3], puts the ungetc buffer "_ub"
at the beginning of the __sfileext struct. Therefore we can reuse the
existing OpenBSD implementation for Android.

Test results (Android 4.2.2, ARMv7, NDK r9):

root@android:/data/local/tmp # export srcdir=`pwd`
root@android:/data/local/tmp # ./test-fflush2.sh ; echo $?
0
root@android:/data/local/tmp # ./test-freadahead.sh ; echo $?
0
root@android:/data/local/tmp # ./test-fseeko.sh ; echo $?
0
root@android:/data/local/tmp # ./test-fseeko2.sh ; echo $?
Skipping test: ungetc cannot handle arbitrary bytes
77
root@android:/data/local/tmp # ./test-fseeko3.sh ; echo $?
0
root@android:/data/local/tmp # ./test-fseeko4.sh ; echo $?
0

[1] http://lists.gnu.org/archive/html/bug-gnulib/2012-01/msg00295.html
[2] https://android.googlesource.com/platform/bionic/+/android-4.3_r2.2/libc/stdio/fileext.h
[3] http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdio/fileext.h?rev=1.2;content-type=text%2Fplain

diff --git a/liboath/gl/stdio-impl.h b/liboath/gl/stdio-impl.h
index e00600a..45291cf 100644
--- a/liboath/gl/stdio-impl.h
+++ b/liboath/gl/stdio-impl.h
@@ -57,7 +57,7 @@
# define fp_ fp
# endif

-# if (defined __NetBSD__ && __NetBSD_Version__ >= 105270000) || defined __OpenBSD__ /* NetBSD >= 1.5ZA, OpenBSD */
+# if (defined __NetBSD__ && __NetBSD_Version__ >= 105270000) || defined __OpenBSD__ || defined __ANDROID__ /* NetBSD >= 1.5ZA, OpenBSD, Android */
/* See <http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdio/fileext.h?rev=HEAD&content-type=text/x-cvsweb-markup>
and <http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdio/fileext.h?rev=HEAD&content-type=text/x-cvsweb-markup> */
struct __sfileext
--
1.7.10.4

111 changes: 109 additions & 2 deletions android/Makefile
View file
Expand Up @@ -241,6 +241,106 @@ GNUTLS_DEPS := $(OC_SYSROOT)/lib/libgnutls.la
gnutls: $(GNUTLS_DEPS)


#####################################################################
#
# Build libtomcrypt
#
TOMCRYPT_VER := 1.17
TOMCRYPT_DIR := $(TRIPLET)/libtomcrypt-$(TOMCRYPT_VER)

crypt-$(TOMCRYPT_VER).tar.bz2:
curl http://libtom.org/files/crypt-$(TOMCRYPT_VER).tar.bz2 -o $@.tmp && mv $@.tmp $@

$(TOMCRYPT_DIR)/makefile: crypt-$(TOMCRYPT_VER).tar.bz2
mkdir -p $(TRIPLET)
tar xfj $< -C $(TRIPLET)
touch $@

$(TOMCRYPT_DIR)/libtomcrypt.a: $(TOMCRYPT_DIR)/makefile
$(MAKE) -C $(TOMCRYPT_DIR) \
CC="$(TRIPLET)-gcc --sysroot=$(NDK_SYSROOT)" \
AR="$(TRIPLET)-ar" \
RANLIB="$(TRIPLET)-ranlib"

$(OC_SYSROOT)/lib/libtomcrypt.a: $(TOMCRYPT_DIR)/libtomcrypt.a
$(MAKE) -C $(TOMCRYPT_DIR) \
DESTDIR=$(OC_SYSROOT) \
LIBPATH=/lib INCPATH=/include \
INSTALL_USER=$(shell id -u) \
INSTALL_GROUP=$(shell id -g) \
NODOCS=1 install

TOMCRYPT_DEPS := $(OC_SYSROOT)/lib/libtomcrypt.a

tomcrypt: $(TOMCRYPT_DEPS)


#####################################################################
#
# Build libstoken
#
STOKEN_VER := 0.2
STOKEN_SRC := sources/stoken-$(STOKEN_VER)
STOKEN_BUILD := $(TRIPLET)/stoken

stoken-$(STOKEN_VER).tar.gz:
curl -L http://sourceforge.net/projects/stoken/files/stoken-$(STOKEN_VER).tar.gz/download -o $@.tmp && mv $@.tmp $@

$(STOKEN_SRC)/configure: stoken-$(STOKEN_VER).tar.gz
mkdir -p sources
tar xfz $< -C sources
cd $(STOKEN_SRC) && patch -p1 < ../../0001-Remove-call-to-mlockall.patch
touch $@

$(STOKEN_BUILD)/Makefile: $(STOKEN_SRC)/configure $(TOMCRYPT_DEPS)
mkdir -p $(STOKEN_BUILD)
cd $(STOKEN_BUILD) && ../../$(STOKEN_SRC)/configure $(CONFIGURE_ARGS) \
--without-gtk

$(STOKEN_BUILD)/libstoken.la: $(STOKEN_BUILD)/Makefile
$(MAKE) -C $(STOKEN_BUILD)

$(OC_SYSROOT)/lib/libstoken.la: $(STOKEN_BUILD)/libstoken.la
$(MAKEINSTALL) -C $(STOKEN_BUILD) install

STOKEN_DEPS := $(OC_SYSROOT)/lib/libstoken.la

stoken: $(STOKEN_DEPS)


#####################################################################
#
# Build liboath
#
OATH_VER := 2.4.0
OATH_SRC := sources/oath-toolkit-$(OATH_VER)
OATH_BUILD := $(TRIPLET)/oath

oath-toolkit-$(OATH_VER).tar.gz:
curl -L http://download.savannah.gnu.org/releases/oath-toolkit/oath-toolkit-$(OATH_VER).tar.gz -o $@.tmp && mv $@.tmp $@

$(OATH_SRC)/configure: oath-toolkit-$(OATH_VER).tar.gz
mkdir -p sources
tar xfz $< -C sources
cd $(OATH_SRC) && patch -p1 < ../../0001-fflush-freadahead-fseeko-Fix-for-Android.patch
touch $@

$(OATH_BUILD)/Makefile: $(OATH_SRC)/configure
mkdir -p $(OATH_BUILD)
cd $(OATH_BUILD) && ../../$(OATH_SRC)/configure $(CONFIGURE_ARGS) \
--disable-pskc --disable-pam

$(OATH_BUILD)/liboath.la: $(OATH_BUILD)/Makefile
$(MAKE) -C $(OATH_BUILD)

$(OC_SYSROOT)/lib/liboath.la: $(OATH_BUILD)/liboath.la
$(MAKEINSTALL) -C $(OATH_BUILD) install

OATH_DEPS := $(OC_SYSROOT)/lib/liboath.la

oath: $(OATH_DEPS)


#####################################################################
#
# Build OpenConnect for Android
Expand All @@ -251,13 +351,20 @@ OPENCONNECT_BUILD := $(TRIPLET)/openconnect
$(OPENCONNECT_SRC)/configure:
cd $(OPENCONNECT_SRC) && ./autogen.sh

$(OPENCONNECT_BUILD)/Makefile: $(GNUTLS_DEPS) $(LIBXML_DEPS) $(OPENCONNECT_SRC)/configure
$(OPENCONNECT_BUILD)/Makefile: $(GNUTLS_DEPS) $(LIBXML_DEPS) $(STOKEN_DEPS) $(OATH_DEPS) $(OPENCONNECT_SRC)/configure
mkdir -p $(OPENCONNECT_BUILD)
cd $(OPENCONNECT_BUILD) && ../../../configure $(CONFIGURE_ARGS) \
CFLAGS="--sysroot=$(NDK_SYSROOT) -DNO_BROKEN_DTLS_CHECK" \
LDFLAGS="$(EXTRA_LDFLAGS)" \
GNUTLS_LIBS="$(shell PKG_CONFIG_LIBDIR=$(OC_SYSROOT)/lib/pkgconfig pkg-config --static --libs gnutls)" \
--enable-shared --with-vpnc-script=/etc/vpnc/vpnc-script
--enable-shared --with-vpnc-script=/etc/vpnc/vpnc-script \
--with-java=$(NDK_SYSROOT)/usr/include --enable-jni-standalone

openconnect: $(OPENCONNECT_BUILD)/Makefile
make -C $(OPENCONNECT_BUILD)

# download + extract, but do not build
sources: $(LIBXML2_SRC)/configure $(GMP_SRC)/configure \
$(NETTLE_SRC)/configure $(GNUTLS_SRC)/configure \
$(TOMCRYPT_DIR)/makefile $(STOKEN_SRC)/configure \
$(OATH_SRC)/configure

0 comments on commit 0b6dfb2

Please sign in to comment.