Commit 321066cf authored by David Woodhouse's avatar David Woodhouse

Move CSTP authentication and obtain_cookie to auth.c

Signed-off-by: default avatarDavid Woodhouse <>
parent 2568f53e
This diff is collapsed.
......@@ -1246,3 +1246,38 @@ int cstp_bye(struct openconnect_info *vpninfo, const char *reason)
return 0;
void cstp_common_headers(struct openconnect_info *vpninfo, struct oc_text_buf *buf)
struct oc_vpn_option *opt;
buf_append(buf, "Host: %s\r\n", vpninfo->hostname);
buf_append(buf, "User-Agent: %s\r\n", vpninfo->useragent);
buf_append(buf, "Accept: */*\r\n");
buf_append(buf, "Accept-Encoding: identity\r\n");
if (vpninfo->cookies) {
buf_append(buf, "Cookie: ");
for (opt = vpninfo->cookies; opt; opt = opt->next)
buf_append(buf, "%s=%s%s", opt->option,
opt->value, opt->next ? "; " : "\r\n");
buf_append(buf, "X-Transcend-Version: 1\r\n");
if (vpninfo->xmlpost) {
buf_append(buf, "X-Aggregate-Auth: 1\r\n");
buf_append(buf, "X-AnyConnect-Platform: %s\r\n",
if (vpninfo->mobile_platform_version) {
buf_append(buf, "X-AnyConnect-Identifier-ClientVersion: %s\r\n",
buf_append(buf, "X-AnyConnect-Identifier-Platform: %s\r\n",
buf_append(buf, "X-AnyConnect-Identifier-PlatformVersion: %s\r\n",
buf_append(buf, "X-AnyConnect-Identifier-DeviceType: %s\r\n",
buf_append(buf, "X-AnyConnect-Identifier-Device-UniqueID: %s\r\n",
This diff is collapsed.
......@@ -94,6 +94,8 @@ struct openconnect_info *openconnect_vpninfo_new(const char *useragent,
vpninfo->proto.vpn_close_session = cstp_bye;
vpninfo->proto.tcp_connect = cstp_connect;
vpninfo->proto.tcp_mainloop = cstp_mainloop;
vpninfo->proto.add_http_headers = cstp_common_headers;
vpninfo->proto.obtain_cookie = cstp_obtain_cookie;
#ifdef HAVE_DTLS
vpninfo->proto.udp_setup = dtls_setup;
vpninfo->proto.udp_mainloop = dtls_mainloop;
......@@ -124,6 +126,11 @@ int openconnect_setup_dtls(struct openconnect_info *vpninfo,
return -EINVAL;
int openconnect_obtain_cookie(struct openconnect_info *vpninfo)
return vpninfo->proto.obtain_cookie(vpninfo);
int openconnect_make_cstp_connection(struct openconnect_info *vpninfo)
return vpninfo->proto.tcp_connect(vpninfo);
......@@ -205,11 +205,17 @@ struct proxy_auth_state {
struct vpn_proto {
int (*vpn_close_session)(struct openconnect_info *vpninfo, const char *reason);
/* This does the full authentication, calling back as appropriate */
int (*obtain_cookie)(struct openconnect_info *vpninfo);
/* Establish the TCP connection (and obtain configuration) */
int (*tcp_connect)(struct openconnect_info *vpninfo);
int (*tcp_mainloop)(struct openconnect_info *vpninfo, int *timeout);
/* Add headers common to each HTTP request */
void (*add_http_headers)(struct openconnect_info *vpninfo, struct oc_text_buf *buf);
/* Set up the UDP (DTLS) connection. Doesn't actually *start* it. */
int (*udp_setup)(struct openconnect_info *vpninfo, int attempt_period);
......@@ -661,6 +667,7 @@ void dtls_close(struct openconnect_info *vpninfo);
void dtls_shutdown(struct openconnect_info *vpninfo);
/* cstp.c */
void cstp_common_headers(struct openconnect_info *vpninfo, struct oc_text_buf *buf);
int cstp_connect(struct openconnect_info *vpninfo);
int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout);
int cstp_bye(struct openconnect_info *vpninfo, const char *reason);
......@@ -786,6 +793,7 @@ int handle_auth_form(struct openconnect_info *vpninfo,
void free_auth_form(struct oc_auth_form *form);
int xmlpost_initial_req(struct openconnect_info *vpninfo,
struct oc_text_buf *request_body, int cert_fail);
int cstp_obtain_cookie(struct openconnect_info *vpninfo);
/* http.c */
struct oc_text_buf *buf_alloc(void);
......@@ -807,6 +815,15 @@ void cleanup_proxy_auth(struct openconnect_info *vpninfo);
int process_proxy(struct openconnect_info *vpninfo, int ssl_sock);
int internal_parse_url(const char *url, char **res_proto, char **res_host,
int *res_port, char **res_path, int default_port);
int do_https_request(struct openconnect_info *vpninfo, const char *method,
const char *request_body_type, struct oc_text_buf *request_body,
char **form_buf, int fetch_redirect);
int http_add_cookie(struct openconnect_info *vpninfo,
const char *option, const char *value);
int process_http_response(struct openconnect_info *vpninfo, int connect,
int (*header_cb)(struct openconnect_info *, char *, char *),
struct oc_text_buf *body);
int handle_redirect(struct openconnect_info *vpninfo);
/* ntlm.c */
int ntlm_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *buf);
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment