Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
enumerate supported VPN protocols via openconnect_get_supported_proto…
…cols()

Add two new public functions:

* int openconnect_get_supported_protocols(struct oc_vpn_proto **protos)

  Fetches a list of protocols supported by the client.  Each supported
  protocol has a short name (as accepted by the --protocol command-line
  option), pretty name, longer description, and list of flags.

  The return value of the function is the number of protocols supported (or
  negative if an error occurred).

  The flags indicate features that are meaningful for this protocol, to be
  used by tools like the Networkmanager configuration UI. Current flags:

    * OC_PROTO_PROXY: can connect via HTTP or SOCKS proxy
    * OC_PROTO_CSD: supports verification of the client via CSD trojan
    * OC_PROTO_AUTH_CERT: supports authentication by client certificate
    * OC_PROTO_AUTH_OTP: supports authentication by OATH HOTP/TOTP token
    * OC_PROTO_AUTH_STOKEN: supports authentication by RSA SecurID token (stoken)

* void openconnect_free_supported_protocols(struct oc_vpn_proto *protos)

  Frees the list of protocols fetched by openconnect_get_supported_protocols()

The description of the "anyconnect" protocol matches the IETF draft
standard for openconnect VPN (https://tools.ietf.org/html/draft-mavrogiannopoulos-openconnect-00).

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
  • Loading branch information
dlenski authored and dwmw2 committed May 14, 2017
1 parent 9ac5e23 commit 40802e4
Show file tree
Hide file tree
Showing 4 changed files with 63 additions and 1 deletion.
6 changes: 6 additions & 0 deletions libopenconnect.map.in
Expand Up @@ -92,6 +92,12 @@ OPENCONNECT_5_4 {
openconnect_set_pass_tos;
} OPENCONNECT_5_3;

OPENCONNECT_5_5 {
global:
openconnect_get_supported_protocols;
openconnect_free_supported_protocols;
} OPENCONNECT_5_4;

OPENCONNECT_PRIVATE {
global: @SYMVER_TIME@ @SYMVER_GETLINE@ @SYMVER_JAVA@ @SYMVER_ASPRINTF@ @SYMVER_VASPRINTF@ @SYMVER_WIN32_STRERROR@
openconnect_fopen_utf8;
Expand Down
29 changes: 29 additions & 0 deletions library.c
Expand Up @@ -109,6 +109,9 @@ struct openconnect_info *openconnect_vpninfo_new(const char *useragent,
const struct vpn_proto openconnect_protos[] = {
{
.name = "anyconnect",
.pretty_name = N_("Cisco AnyConnect or openconnect"),
.description = N_("Compatible with Cisco AnyConnect SSL VPN, as well as ocserv"),
.flags = OC_PROTO_PROXY | OC_PROTO_CSD | OC_PROTO_AUTH_CERT | OC_PROTO_AUTH_OTP | OC_PROTO_AUTH_STOKEN,
.vpn_close_session = cstp_bye,
.tcp_connect = cstp_connect,
.tcp_mainloop = cstp_mainloop,
Expand All @@ -122,6 +125,9 @@ const struct vpn_proto openconnect_protos[] = {
#endif
}, {
.name = "nc",
.pretty_name = N_("Juniper Network Connect"),
.description = N_("Compatible with Juniper Network Connect / Pulse Secure SSL VPN"),
.flags = OC_PROTO_PROXY | OC_PROTO_CSD | OC_PROTO_AUTH_CERT | OC_PROTO_AUTH_OTP,
.vpn_close_session = NULL,
.tcp_connect = oncp_connect,
.tcp_mainloop = oncp_mainloop,
Expand All @@ -137,6 +143,29 @@ const struct vpn_proto openconnect_protos[] = {
{ /* NULL */ }
};

int openconnect_get_supported_protocols(struct oc_vpn_proto **protos)
{
struct oc_vpn_proto *pr;
const struct vpn_proto *p;

*protos = pr = calloc(sizeof(openconnect_protos)/sizeof(*openconnect_protos), sizeof(*pr));
if (!pr)
return -ENOMEM;

for (p = openconnect_protos; p->name; p++, pr++) {
pr->name = p->name;
pr->pretty_name = p->pretty_name;
pr->description = p->description;
pr->flags = p->flags;
}
return (p - openconnect_protos);
}

void openconnect_free_supported_protocols(struct oc_vpn_proto *protos)
{
free((void *)protos);
}

int openconnect_set_protocol(struct openconnect_info *vpninfo, const char *protocol)
{
const struct vpn_proto *p;
Expand Down
3 changes: 3 additions & 0 deletions openconnect-internal.h
Expand Up @@ -254,6 +254,9 @@ struct http_auth_state {

struct vpn_proto {
const char *name;
const char *pretty_name;
const char *description;
unsigned int flags;
int (*vpn_close_session)(struct openconnect_info *vpninfo, const char *reason);

/* This does the full authentication, calling back as appropriate */
Expand Down
26 changes: 25 additions & 1 deletion openconnect.h
Expand Up @@ -33,9 +33,13 @@ extern "C" {
#endif

#define OPENCONNECT_API_VERSION_MAJOR 5
#define OPENCONNECT_API_VERSION_MINOR 4
#define OPENCONNECT_API_VERSION_MINOR 5

/*
* API version 5.5:
* - Add openconnect_get_supported_protocols()
* - Add openconnect_free_supported_protocols()
*
* API version 5.4 (v7.08; 2016-12-13):
* - Add openconnect_set_pass_tos()
*
Expand Down Expand Up @@ -166,6 +170,23 @@ extern "C" {

/****************************************************************************/

/* Enumeration of supported VPN protocols */

#define OC_PROTO_PROXY (1<<0)
#define OC_PROTO_CSD (1<<1)
#define OC_PROTO_AUTH_CERT (1<<2)
#define OC_PROTO_AUTH_OTP (1<<3)
#define OC_PROTO_AUTH_STOKEN (1<<4)

struct oc_vpn_proto {
const char *name;
const char *pretty_name;
const char *description;
unsigned int flags;
};

/****************************************************************************/

/* Authentication form processing */

#define OC_FORM_OPT_TEXT 1
Expand Down Expand Up @@ -640,6 +661,9 @@ int openconnect_has_oath_support(void);
int openconnect_has_yubioath_support(void);
int openconnect_has_system_key_support(void);

/* Query and select from among supported protocols */
int openconnect_get_supported_protocols(struct oc_vpn_proto **protos);
void openconnect_free_supported_protocols(struct oc_vpn_proto *protos);
int openconnect_set_protocol(struct openconnect_info *vpninfo, const char *protocol);

struct addrinfo;
Expand Down

0 comments on commit 40802e4

Please sign in to comment.