From 21d459d75ca3b580f526f57dfa18789787dee8ee Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 9 Mar 2011 16:15:14 +0000 Subject: [PATCH] Split private parts of openconnect.h out into openconnect-internal.h Signed-off-by: David Woodhouse --- Makefile | 3 +- auth.c | 2 +- cstp.c | 4 +- dtls.c | 2 +- http.c | 2 +- main.c | 2 +- mainloop.c | 2 +- nm-auth-dialog.c | 3 +- openconnect-internal.h | 293 +++++++++++++++++++++++++++++++++++++++++ openconnect.h | 277 ++------------------------------------ ssl.c | 2 +- tun.c | 2 +- xml.c | 2 +- 13 files changed, 320 insertions(+), 276 deletions(-) create mode 100644 openconnect-internal.h diff --git a/Makefile b/Makefile index df89b225..b5063b09 100644 --- a/Makefile +++ b/Makefile @@ -77,7 +77,8 @@ libopenconnect.a: ${AUTH_OBJECTS} $(AR) rcs $@ $^ version.c: $(patsubst %.o,%.c,$(VERSION_OBJS)) Makefile openconnect.h \ - $(wildcard .git/index .git/refs/tags) version.sh + openconnect-internal.h $(wildcard .git/index .git/refs/tags) \ + version.sh @./version.sh openconnect: $(OPENCONNECT_OBJS) $(CONNECTION_OBJS) libopenconnect.a diff --git a/auth.c b/auth.c index aacdc8e8..f2de327e 100644 --- a/auth.c +++ b/auth.c @@ -38,7 +38,7 @@ #include #include -#include "openconnect.h" +#include "openconnect-internal.h" static int append_opt(char *body, int bodylen, char *opt, char *name) { diff --git a/cstp.c b/cstp.c index 6fbe64a8..91c6755e 100644 --- a/cstp.c +++ b/cstp.c @@ -34,14 +34,14 @@ #include #include -#include "openconnect.h" +#include "openconnect-internal.h" /* * Data packets are encapsulated in the SSL stream as follows: * * 0000: Magic "STF\x1" * 0004: Big-endian 16-bit length (not including 8-byte header) - * 0006: Byte packet type (see openconnect.h) + * 0006: Byte packet type (see openconnect-internal.h) * 0008: data payload */ diff --git a/dtls.c b/dtls.c index 2ce2c1c6..1f8e482b 100644 --- a/dtls.c +++ b/dtls.c @@ -33,7 +33,7 @@ #include #include -#include "openconnect.h" +#include "openconnect-internal.h" static unsigned char nybble(unsigned char n) { diff --git a/http.c b/http.c index a9d457ad..8f149f56 100644 --- a/http.c +++ b/http.c @@ -38,7 +38,7 @@ #include #include -#include "openconnect.h" +#include "openconnect-internal.h" static int proxy_write(int fd, unsigned char *buf, size_t len); diff --git a/main.c b/main.c index 60c83412..98d6dae9 100644 --- a/main.c +++ b/main.c @@ -44,7 +44,7 @@ #define _GNU_SOURCE #include -#include "openconnect.h" +#include "openconnect-internal.h" static int write_new_config(struct openconnect_info *vpninfo, char *buf, int buflen); static void write_progress(struct openconnect_info *info, int level, const char *fmt, ...); diff --git a/mainloop.c b/mainloop.c index c50f1c85..55c472a1 100644 --- a/mainloop.c +++ b/mainloop.c @@ -33,7 +33,7 @@ #include -#include "openconnect.h" +#include "openconnect-internal.h" void queue_packet(struct pkt **q, struct pkt *new) { diff --git a/nm-auth-dialog.c b/nm-auth-dialog.c index d442f2ff..e38300fa 100644 --- a/nm-auth-dialog.c +++ b/nm-auth-dialog.c @@ -37,7 +37,8 @@ #include #include "auth-dlg-settings.h" -#include "openconnect.h" + +#include "openconnect-internal.h" #include #include diff --git a/openconnect-internal.h b/openconnect-internal.h new file mode 100644 index 00000000..85402295 --- /dev/null +++ b/openconnect-internal.h @@ -0,0 +1,293 @@ +/* + * OpenConnect (SSL + DTLS) VPN client + * + * Copyright © 2008-2011 Intel Corporation. + * Copyright © 2008 Nick Andrew + * + * Author: David Woodhouse + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1, as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to: + * + * Free Software Foundation, Inc. + * 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301 USA + */ + +#ifndef __OPENCONNECT_INTERNAL_H__ +#define __OPENCONNECT_INTERNAL_H__ + +#include "openconnect.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef OPENCONNECT_LIBPROXY +#include LIBPROXY_HDR +#endif + + +/****************************************************************************/ + +struct pkt { + int len; + struct pkt *next; + unsigned char hdr[8]; + unsigned char data[]; +}; + +struct vpn_option { + char *option; + char *value; + struct vpn_option *next; +}; + +#define KA_NONE 0 +#define KA_DPD 1 +#define KA_DPD_DEAD 2 +#define KA_KEEPALIVE 3 +#define KA_REKEY 4 + +struct keepalive_info { + int dpd; + int keepalive; + int rekey; + time_t last_rekey; + time_t last_tx; + time_t last_rx; + time_t last_dpd; +}; + +struct split_include { + char *route; + struct split_include *next; +}; + +#define RECONNECT_INTERVAL_MIN 10 +#define RECONNECT_INTERVAL_MAX 100 + +#define CERT_TYPE_UNKNOWN 0 +#define CERT_TYPE_PEM 1 +#define CERT_TYPE_PKCS12 2 +#define CERT_TYPE_TPM 3 + +struct openconnect_info { + char *redirect_url; + + char *csd_token; + char *csd_ticket; + char *csd_stuburl; + char *csd_starturl; + char *csd_waiturl; + char *csd_preurl; + + char *csd_scriptname; + + char *vpn_name; + +#ifdef OPENCONNECT_LIBPROXY + pxProxyFactory *proxy_factory; +#endif + char *proxy_type; + char *proxy; + int proxy_port; + + const char *localname; + char *hostname; + int port; + char *urlpath; + const char *cert; + const char *sslkey; + X509 *cert_x509; + int cert_type; + char *cert_password; + const char *cafile; + const char *servercert; + const char *xmlconfig; + char xmlsha1[(SHA_DIGEST_LENGTH * 2) + 1]; + char *username; + char *password; + char *authgroup; + int nopasswd; + char *dtls_ciphers; + uid_t uid_csd; + char *csd_wrapper; + int uid_csd_given; + int no_http_keepalive; + + char *cookie; + struct vpn_option *cookies; + struct vpn_option *cstp_options; + struct vpn_option *dtls_options; + + SSL_CTX *https_ctx; + SSL *https_ssl; + struct keepalive_info ssl_times; + int owe_ssl_dpd_response; + struct pkt *deflate_pkt; + struct pkt *current_ssl_pkt; + + z_stream inflate_strm; + uint32_t inflate_adler32; + z_stream deflate_strm; + uint32_t deflate_adler32; + + int disable_ipv6; + int reconnect_timeout; + int reconnect_interval; + int dtls_attempt_period; + time_t new_dtls_started; + SSL_CTX *dtls_ctx; + SSL *dtls_ssl; + SSL *new_dtls_ssl; + SSL_SESSION *dtls_session; + struct keepalive_info dtls_times; + unsigned char dtls_session_id[32]; + unsigned char dtls_secret[48]; + + char *dtls_cipher; + char *vpnc_script; + int script_tun; + char *ifname; + + int mtu; + const char *banner; + const char *vpn_addr; + const char *vpn_netmask; + const char *vpn_addr6; + const char *vpn_netmask6; + const char *vpn_dns[3]; + const char *vpn_nbns[3]; + const char *vpn_domain; + const char *vpn_proxy_pac; + struct split_include *split_includes; + struct split_include *split_excludes; + + int select_nfds; + fd_set select_rfds; + fd_set select_wfds; + fd_set select_efds; + +#ifdef __sun__ + int ip_fd; + int tun_muxid; +#endif + int tun_fd; + int ssl_fd; + int dtls_fd; + int new_dtls_fd; + + struct pkt *incoming_queue; + struct pkt *outgoing_queue; + int outgoing_qlen; + int max_qlen; + + socklen_t peer_addrlen; + struct sockaddr *peer_addr; + struct sockaddr *dtls_addr; + + int deflate; + char *useragent; + + char *quit_reason; + + int (*validate_peer_cert) (struct openconnect_info *vpninfo, X509 *cert, const char *reason); + int (*write_new_config) (struct openconnect_info *vpninfo, char *buf, int buflen); + int (*process_auth_form) (struct openconnect_info *vpninfo, struct oc_auth_form *form); + + void __attribute__ ((format(printf, 3, 4))) + (*progress) (struct openconnect_info *vpninfo, int level, const char *fmt, ...); +}; + +/* Packet types */ + +#define AC_PKT_DATA 0 /* Uncompressed data */ +#define AC_PKT_DPD_OUT 3 /* Dead Peer Detection */ +#define AC_PKT_DPD_RESP 4 /* DPD response */ +#define AC_PKT_DISCONN 5 /* Client disconnection notice */ +#define AC_PKT_KEEPALIVE 7 /* Keepalive */ +#define AC_PKT_COMPRESSED 8 /* Compressed data */ +#define AC_PKT_TERM_SERVER 9 /* Server kick */ + +/* Ick */ +#if OPENSSL_VERSION_NUMBER >= 0x00909000L +#define method_const const +#else +#define method_const +#endif + +/****************************************************************************/ + +/* tun.c */ +int setup_tun(struct openconnect_info *vpninfo); +int tun_mainloop(struct openconnect_info *vpninfo, int *timeout); +void shutdown_tun(struct openconnect_info *vpninfo); + +/* dtls.c */ +unsigned char unhex(const char *data); +int setup_dtls(struct openconnect_info *vpninfo); +int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout); +int dtls_try_handshake(struct openconnect_info *vpninfo); +int connect_dtls_socket(struct openconnect_info *vpninfo); + +/* cstp.c */ +int make_cstp_connection(struct openconnect_info *vpninfo); +int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout); +int cstp_bye(struct openconnect_info *vpninfo, char *reason); +int cstp_reconnect(struct openconnect_info *vpninfo); + +/* ssl.c */ +int __attribute__ ((format (printf, 2, 3))) + openconnect_SSL_printf(SSL *ssl, const char *fmt, ...); +int openconnect_SSL_gets(SSL *ssl, char *buf, size_t len); +int openconnect_open_https(struct openconnect_info *vpninfo); +int get_cert_md5_fingerprint(struct openconnect_info *vpninfo, X509 *cert, + char *buf); +void report_ssl_errors(struct openconnect_info *vpninfo); + +/* mainloop.c */ +int vpn_add_pollfd(struct openconnect_info *vpninfo, int fd, short events); +int vpn_mainloop(struct openconnect_info *vpninfo); +int queue_new_packet(struct pkt **q, void *buf, int len); +void queue_packet(struct pkt **q, struct pkt *new); +int keepalive_action(struct keepalive_info *ka, int *timeout); +int ka_stalled_dpd_time(struct keepalive_info *ka, int *timeout); + +extern int killed; + +/* xml.c */ +int config_lookup_host(struct openconnect_info *vpninfo, const char *host); + +/* auth.c */ +int parse_xml_response(struct openconnect_info *vpninfo, char *response, + char *request_body, int req_len, char **method, + char **request_body_type); + +/* http.c */ +int process_proxy(struct openconnect_info *vpninfo, int ssl_sock); + +/* ssl_ui.c */ +int set_openssl_ui(void); + +/* securid.c */ +int generate_securid_tokencodes(struct openconnect_info *vpninfo); +int add_securid_pin(char *token, char *pin); + +/* version.c */ +extern char openconnect_version[]; + +#endif /* __OPENCONNECT_INTERNAL_H__ */ diff --git a/openconnect.h b/openconnect.h index ddbc0d4e..9835b2e4 100644 --- a/openconnect.h +++ b/openconnect.h @@ -1,7 +1,7 @@ /* * OpenConnect (SSL + DTLS) VPN client * - * Copyright © 2008-2010 Intel Corporation. + * Copyright © 2008-2011 Intel Corporation. * Copyright © 2008 Nick Andrew * * Author: David Woodhouse @@ -23,20 +23,12 @@ * Boston, MA 02110-1301 USA */ -#ifndef __OPENCONNECT_ANYCONNECT_H -#define __OPENCONNECT_ANYCONNECT_H +#ifndef __OPENCONNECT_H__ +#define __OPENCONNECT_H__ -#include -#include #include -#include -#include -#include #include #include -#ifdef OPENCONNECT_LIBPROXY -#include LIBPROXY_HDR -#endif /****************************************************************************/ @@ -88,266 +80,23 @@ struct oc_auth_form { /****************************************************************************/ -struct pkt { - int len; - struct pkt *next; - unsigned char hdr[8]; - unsigned char data[]; -}; - -struct vpn_option { - char *option; - char *value; - struct vpn_option *next; -}; - -#define KA_NONE 0 -#define KA_DPD 1 -#define KA_DPD_DEAD 2 -#define KA_KEEPALIVE 3 -#define KA_REKEY 4 - -struct keepalive_info { - int dpd; - int keepalive; - int rekey; - time_t last_rekey; - time_t last_tx; - time_t last_rx; - time_t last_dpd; -}; - -struct split_include { - char *route; - struct split_include *next; -}; - -#define RECONNECT_INTERVAL_MIN 10 -#define RECONNECT_INTERVAL_MAX 100 - -#define CERT_TYPE_UNKNOWN 0 -#define CERT_TYPE_PEM 1 -#define CERT_TYPE_PKCS12 2 -#define CERT_TYPE_TPM 3 - -struct openconnect_info { - char *redirect_url; - - char *csd_token; - char *csd_ticket; - char *csd_stuburl; - char *csd_starturl; - char *csd_waiturl; - char *csd_preurl; - - char *csd_scriptname; - - char *vpn_name; - -#ifdef OPENCONNECT_LIBPROXY - pxProxyFactory *proxy_factory; -#endif - char *proxy_type; - char *proxy; - int proxy_port; - - const char *localname; - char *hostname; - int port; - char *urlpath; - const char *cert; - const char *sslkey; - X509 *cert_x509; - int cert_type; - char *cert_password; - const char *cafile; - const char *servercert; - const char *xmlconfig; - char xmlsha1[(SHA_DIGEST_LENGTH * 2) + 1]; - char *username; - char *password; - char *authgroup; - int nopasswd; - char *dtls_ciphers; - uid_t uid_csd; - char *csd_wrapper; - int uid_csd_given; - int no_http_keepalive; - - char *cookie; - struct vpn_option *cookies; - struct vpn_option *cstp_options; - struct vpn_option *dtls_options; - - SSL_CTX *https_ctx; - SSL *https_ssl; - struct keepalive_info ssl_times; - int owe_ssl_dpd_response; - struct pkt *deflate_pkt; - struct pkt *current_ssl_pkt; - - z_stream inflate_strm; - uint32_t inflate_adler32; - z_stream deflate_strm; - uint32_t deflate_adler32; - - int disable_ipv6; - int reconnect_timeout; - int reconnect_interval; - int dtls_attempt_period; - time_t new_dtls_started; - SSL_CTX *dtls_ctx; - SSL *dtls_ssl; - SSL *new_dtls_ssl; - SSL_SESSION *dtls_session; - struct keepalive_info dtls_times; - unsigned char dtls_session_id[32]; - unsigned char dtls_secret[48]; - - char *dtls_cipher; - char *vpnc_script; - int script_tun; - char *ifname; - - int mtu; - const char *banner; - const char *vpn_addr; - const char *vpn_netmask; - const char *vpn_addr6; - const char *vpn_netmask6; - const char *vpn_dns[3]; - const char *vpn_nbns[3]; - const char *vpn_domain; - const char *vpn_proxy_pac; - struct split_include *split_includes; - struct split_include *split_excludes; - - int select_nfds; - fd_set select_rfds; - fd_set select_wfds; - fd_set select_efds; - -#ifdef __sun__ - int ip_fd; - int tun_muxid; -#endif - int tun_fd; - int ssl_fd; - int dtls_fd; - int new_dtls_fd; - - struct pkt *incoming_queue; - struct pkt *outgoing_queue; - int outgoing_qlen; - int max_qlen; - - socklen_t peer_addrlen; - struct sockaddr *peer_addr; - struct sockaddr *dtls_addr; - - int deflate; - char *useragent; - - char *quit_reason; - - int (*validate_peer_cert) (struct openconnect_info *vpninfo, X509 *cert, const char *reason); - int (*write_new_config) (struct openconnect_info *vpninfo, char *buf, int buflen); - int (*process_auth_form) (struct openconnect_info *vpninfo, struct oc_auth_form *form); - - void __attribute__ ((format(printf, 3, 4))) - (*progress) (struct openconnect_info *vpninfo, int level, const char *fmt, ...); -}; - #define PRG_ERR 0 #define PRG_INFO 1 #define PRG_DEBUG 2 #define PRG_TRACE 3 -/* Packet types */ - -#define AC_PKT_DATA 0 /* Uncompressed data */ -#define AC_PKT_DPD_OUT 3 /* Dead Peer Detection */ -#define AC_PKT_DPD_RESP 4 /* DPD response */ -#define AC_PKT_DISCONN 5 /* Client disconnection notice */ -#define AC_PKT_KEEPALIVE 7 /* Keepalive */ -#define AC_PKT_COMPRESSED 8 /* Compressed data */ -#define AC_PKT_TERM_SERVER 9 /* Server kick */ +struct openconnect_info; +struct x509_st; -/* Ick */ -#if OPENSSL_VERSION_NUMBER >= 0x00909000L -#define method_const const -#else -#define method_const -#endif - -/****************************************************************************/ - -/* tun.c */ -int setup_tun(struct openconnect_info *vpninfo); -int tun_mainloop(struct openconnect_info *vpninfo, int *timeout); -void shutdown_tun(struct openconnect_info *vpninfo); - -/* dtls.c */ -unsigned char unhex(const char *data); -int setup_dtls(struct openconnect_info *vpninfo); -int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout); -int dtls_try_handshake(struct openconnect_info *vpninfo); -int connect_dtls_socket(struct openconnect_info *vpninfo); - -/* cstp.c */ -int make_cstp_connection(struct openconnect_info *vpninfo); -int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout); -int cstp_bye(struct openconnect_info *vpninfo, char *reason); -int cstp_reconnect(struct openconnect_info *vpninfo); - -/* ssl.c */ -void openconnect_init_openssl(void); -int __attribute__ ((format (printf, 2, 3))) - openconnect_SSL_printf(SSL *ssl, const char *fmt, ...); -int openconnect_SSL_gets(SSL *ssl, char *buf, size_t len); -int openconnect_open_https(struct openconnect_info *vpninfo); -void openconnect_close_https(struct openconnect_info *vpninfo); -int get_cert_md5_fingerprint(struct openconnect_info *vpninfo, X509 *cert, - char *buf); -int get_cert_sha1_fingerprint(struct openconnect_info *vpninfo, X509 *cert, - char *buf); -void report_ssl_errors(struct openconnect_info *vpninfo); +int get_cert_sha1_fingerprint(struct openconnect_info *vpninfo, + struct x509_st *cert, char *buf); +int openconnect_set_http_proxy(struct openconnect_info *vpninfo, char *proxy); int openconnect_passphrase_from_fsid(struct openconnect_info *vpninfo); - -/* mainloop.c */ -int vpn_add_pollfd(struct openconnect_info *vpninfo, int fd, short events); -int vpn_mainloop(struct openconnect_info *vpninfo); -int queue_new_packet(struct pkt **q, void *buf, int len); -void queue_packet(struct pkt **q, struct pkt *new); -int keepalive_action(struct keepalive_info *ka, int *timeout); -int ka_stalled_dpd_time(struct keepalive_info *ka, int *timeout); - -extern int killed; - -/* xml.c */ -int config_lookup_host(struct openconnect_info *vpninfo, const char *host); - -/* auth.c */ -int parse_xml_response(struct openconnect_info *vpninfo, char *response, - char *request_body, int req_len, char **method, - char **request_body_type); - -/* http.c */ int openconnect_obtain_cookie(struct openconnect_info *vpninfo); +void openconnect_close_https(struct openconnect_info *vpninfo); char *openconnect_create_useragent(char *base); -int process_proxy(struct openconnect_info *vpninfo, int ssl_sock); -int openconnect_parse_url(char *url, char **res_proto, char **res_host, int *res_port, - char **res_path, int default_port); -int openconnect_set_http_proxy(struct openconnect_info *vpninfo, char *proxy); - -/* ssl_ui.c */ -int set_openssl_ui(void); - -/* securid.c */ -int generate_securid_tokencodes(struct openconnect_info *vpninfo); -int add_securid_pin(char *token, char *pin); - -/* version.c */ -extern char openconnect_version[]; +void openconnect_init_openssl(void); +int openconnect_parse_url(char *url, char **res_proto, char **res_host, + int *res_port, char **res_path, int default_port); -#endif /* __OPENCONNECT_ANYCONNECT_H */ +#endif /* __OPENCONNECT_H__ */ diff --git a/ssl.c b/ssl.c index a8183d61..a7f30daf 100644 --- a/ssl.c +++ b/ssl.c @@ -49,7 +49,7 @@ #include #include -#include "openconnect.h" +#include "openconnect-internal.h" /* OSX < 1.6 doesn't have AI_NUMERICSERV */ #ifndef AI_NUMERICSERV diff --git a/tun.c b/tun.c index b88b83df..123a3f44 100644 --- a/tun.c +++ b/tun.c @@ -47,7 +47,7 @@ #endif #endif -#include "openconnect.h" +#include "openconnect-internal.h" /* * If an if_tun.h include file was found anywhere (by the Makefile), it's diff --git a/xml.c b/xml.c index bb2632fb..4819ff1b 100644 --- a/xml.c +++ b/xml.c @@ -34,7 +34,7 @@ #include #include -#include "openconnect.h" +#include "openconnect-internal.h" int config_lookup_host(struct openconnect_info *vpninfo, const char *host) {