From 6dab526cf7b2d2f68c4c30ff3729b20b8c10e067 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 26 Mar 2015 13:28:55 +0000 Subject: [PATCH] Make it possible to override getaddrinfo() This will be used for implementing a '--resolve HOSTNAME:IP' argument to allow bypassing DNS lookups while still putting the appropriate hostname into SNI (which is important when proxies are routing requests based on SNI). Some fixes from David Ocon. Signed-off-by: David Woodhouse --- libopenconnect.map.in | 5 +++++ library.c | 5 +++++ openconnect-internal.h | 1 + openconnect.h | 10 +++++++++- ssl.c | 5 ++++- 5 files changed, 24 insertions(+), 2 deletions(-) diff --git a/libopenconnect.map.in b/libopenconnect.map.in index 7cbdd662..6369b2f8 100644 --- a/libopenconnect.map.in +++ b/libopenconnect.map.in @@ -73,6 +73,11 @@ OPENCONNECT_5_2 { openconnect_set_http_auth; } OPENCONNECT_5_1; +OPENCONNECT_5_3 { + global: + openconnect_override_getaddrinfo; +} OPENCONNECT_5_2; + OPENCONNECT_PRIVATE { global: @SYMVER_TIME@ @SYMVER_GETLINE@ @SYMVER_JAVA@ @SYMVER_ASPRINTF@ @SYMVER_VASPRINTF@ @SYMVER_WIN32_STRERROR@ openconnect_fopen_utf8; diff --git a/library.c b/library.c index 7159fc8d..f36b06bf 100644 --- a/library.c +++ b/library.c @@ -754,6 +754,11 @@ void openconnect_set_protect_socket_handler(struct openconnect_info *vpninfo, vpninfo->protect_socket = protect_socket; } +void openconnect_override_getaddrinfo(struct openconnect_info *vpninfo, openconnect_getaddrinfo_vfn gai_fn) +{ + vpninfo->getaddrinfo_override = gai_fn; +} + void openconnect_set_stats_handler(struct openconnect_info *vpninfo, openconnect_stats_vfn stats_handler) { diff --git a/openconnect-internal.h b/openconnect-internal.h index 2548d57d..0385f392 100644 --- a/openconnect-internal.h +++ b/openconnect-internal.h @@ -600,6 +600,7 @@ struct openconnect_info { openconnect_process_auth_form_vfn process_auth_form; openconnect_progress_vfn progress; openconnect_protect_socket_vfn protect_socket; + openconnect_getaddrinfo_vfn getaddrinfo_override; int (*ssl_read)(struct openconnect_info *vpninfo, char *buf, size_t len); int (*ssl_gets)(struct openconnect_info *vpninfo, char *buf, size_t len); diff --git a/openconnect.h b/openconnect.h index 0450e387..c79c4e7d 100644 --- a/openconnect.h +++ b/openconnect.h @@ -29,9 +29,12 @@ #endif #define OPENCONNECT_API_VERSION_MAJOR 5 -#define OPENCONNECT_API_VERSION_MINOR 1 +#define OPENCONNECT_API_VERSION_MINOR 3 /* + * API version 5.3: + * - Add openconnect_override_getaddrinfo(). + * * API version 5.2: * - Add openconnect_set_http_auth(), openconnect_set_protocol(). * @@ -575,4 +578,9 @@ int openconnect_has_system_key_support(void); int openconnect_set_protocol(struct openconnect_info *vpninfo, const char *protocol); +struct addrinfo; +typedef int (*openconnect_getaddrinfo_vfn) (void *privdata, const char *nost, const char *service, + const struct addrinfo *hints, struct addrinfo **res); +void openconnect_override_getaddrinfo(struct openconnect_info *vpninfo, openconnect_getaddrinfo_vfn gai_fn); + #endif /* __OPENCONNECT_H__ */ diff --git a/ssl.c b/ssl.c index c0462ad2..9ea54b8d 100644 --- a/ssl.c +++ b/ssl.c @@ -247,7 +247,10 @@ int connect_https_socket(struct openconnect_info *vpninfo) hints.ai_flags |= AI_NUMERICHOST; } - err = getaddrinfo(hostname, port, &hints, &result); + if (vpninfo->getaddrinfo_override) + err = vpninfo->getaddrinfo_override(vpninfo->cbdata, hostname, port, &hints, &result); + else + err = getaddrinfo(hostname, port, &hints, &result); if (err) { vpn_progress(vpninfo, PRG_ERR,