From 31f83eca7b8203a6a125abd58bc63ef2e97fe239 Mon Sep 17 00:00:00 2001
From: Kevin Cernekee <cernekee@gmail.com>
Date: Sat, 13 Oct 2012 10:46:18 -0700
Subject: [PATCH] stoken: Add software token functions to library API; bump to
 v2.1

openconnect_has_stoken_support(): returns 1 if the library was linked
with libstoken.

openconnect_set_stoken_mode(): enables/disables tokencode generation,
and tells the library how to locate the seed.  Unless this function is
called, the library will not try to use a soft token.

Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
---
 libopenconnect.map.in  |  8 +++++-
 library.c              | 61 ++++++++++++++++++++++++++++++++++++++++++
 openconnect-internal.h | 13 +++++++++
 openconnect.h          | 13 ++++++++-
 4 files changed, 93 insertions(+), 2 deletions(-)

diff --git a/libopenconnect.map.in b/libopenconnect.map.in
index 0048334e..25393356 100644
--- a/libopenconnect.map.in
+++ b/libopenconnect.map.in
@@ -1,5 +1,11 @@
+OPENCONNECT_2.1 {
+ global:
+	openconnect_has_stoken_support;
+	openconnect_set_stoken_mode;
+};
+
 OPENCONNECT_2.0 {
- global: 
+ global:
 	openconnect_clear_cookie;
 	openconnect_get_cert_sha1;
 	openconnect_get_cookie;
diff --git a/library.c b/library.c
index b97f8dfe..c8db9682 100644
--- a/library.c
+++ b/library.c
@@ -26,6 +26,10 @@
 #include <errno.h>
 #include <stdlib.h>
 
+#ifdef LIBSTOKEN_HDR
+#include LIBSTOKEN_HDR
+#endif
+
 #include "openconnect-internal.h"
 
 struct openconnect_info *openconnect_vpninfo_new (char *useragent,
@@ -104,6 +108,12 @@ void openconnect_vpninfo_free (struct openconnect_info *vpninfo)
 		vpninfo->peer_cert = NULL;
 	}
 	free(vpninfo->useragent);
+#ifdef LIBSTOKEN_HDR
+	if (vpninfo->stoken_pin)
+		free(vpninfo->stoken_pin);
+	if (vpninfo->stoken_ctx)
+		stoken_destroy(vpninfo->stoken_ctx);
+#endif
 	/* No need to free deflate streams; they weren't initialised */
 	free(vpninfo);
 }
@@ -265,3 +275,54 @@ int openconnect_has_tss_blob_support(void)
 #endif
 	return 0;
 }
+
+int openconnect_has_stoken_support(void)
+{
+#ifdef LIBSTOKEN_HDR
+	return 1;
+#else
+	return 0;
+#endif
+}
+
+/*
+ * Enable software token generation if use_stoken == 1.
+ *
+ * If token_str is not NULL, try to parse the string.  Otherwise, try to read
+ * the token data from ~/.stokenrc
+ *
+ * Return value:
+ *  = -EOPNOTSUPP, if libstoken is not available
+ *  = -EINVAL, if the token string is invalid (token_str was provided)
+ *  = -ENOENT, if ~/.stokenrc is missing (token_str was NULL)
+ *  = -EIO, for other libstoken failures
+ *  = 0, on success
+ */
+int openconnect_set_stoken_mode (struct openconnect_info *vpninfo,
+				 int use_stoken, const char *token_str)
+{
+#ifdef LIBSTOKEN_HDR
+	int ret;
+
+	vpninfo->use_stoken = 0;
+	if (!use_stoken)
+		return 0;
+
+	if (!vpninfo->stoken_ctx) {
+		vpninfo->stoken_ctx = stoken_new();
+		if (!vpninfo->stoken_ctx)
+			return -EIO;
+	}
+
+	ret = token_str ?
+	      stoken_import_string(vpninfo->stoken_ctx, token_str) :
+	      stoken_import_rcfile(vpninfo->stoken_ctx, NULL);
+	if (ret)
+		return ret;
+
+	vpninfo->use_stoken = 1;
+	return 0;
+#else
+	return -EOPNOTSUPP;
+#endif
+}
diff --git a/openconnect-internal.h b/openconnect-internal.h
index 5b0b44a3..4b889208 100644
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -61,6 +61,10 @@
 #include LIBPROXY_HDR
 #endif
 
+#ifdef LIBSTOKEN_HDR
+#include LIBSTOKEN_HDR
+#endif
+
 #ifdef ENABLE_NLS
 #include <locale.h>
 #include <libintl.h>
@@ -166,6 +170,15 @@ struct openconnect_info {
 	int uid_csd_given;
 	int no_http_keepalive;
 
+#ifdef LIBSTOKEN_HDR
+	struct stoken_ctx *stoken_ctx;
+#endif
+	int use_stoken;
+	int stoken_bypassed;
+	int stoken_tries;
+	time_t stoken_time;
+	char *stoken_pin;
+
 	OPENCONNECT_X509 *peer_cert;
 
 	char *cookie; /* Pointer to within cookies list */
diff --git a/openconnect.h b/openconnect.h
index c4a0075e..dd89bd91 100644
--- a/openconnect.h
+++ b/openconnect.h
@@ -31,9 +31,12 @@
 #include <unistd.h>
 
 #define OPENCONNECT_API_VERSION_MAJOR 2
-#define OPENCONNECT_API_VERSION_MINOR 0
+#define OPENCONNECT_API_VERSION_MINOR 1
 
 /*
+ * API version 2.1:
+ *  - Add openconnect_set_stoken_mode(), openconnect_has_stoken_support()
+ *
  * API version 2.0:
  *  - OPENCONNECT_X509 is now an opaque type.
  *  - Add openconnect_has_pkcs11_support(), openconnect_has_tss_blob_support()
@@ -158,6 +161,11 @@ void openconnect_set_hostname (struct openconnect_info *, char *);
 char *openconnect_get_urlpath (struct openconnect_info *);
 void openconnect_set_urlpath (struct openconnect_info *, char *);
 
+/* This function does *not* take ownership of the string; it is parsed
+   and then discarded. */
+int openconnect_set_stoken_mode (struct openconnect_info *,
+				 int use_stoken, const char *token_str);
+
 /* This function does *not* take ownership of the string; it's copied
    into a static buffer in the vpninfo. The size must be 41 bytes,
    since that's the size of a 20-byte SHA1 represented as hex with
@@ -249,4 +257,7 @@ int openconnect_has_pkcs11_support(void);
    in the near future. */
 int openconnect_has_tss_blob_support(void);
 
+/* Software token capabilities. */
+int openconnect_has_stoken_support(void);
+
 #endif /* __OPENCONNECT_H__ */