Commit bc0a9830 authored by David Woodhouse's avatar David Woodhouse

Add shell of Juniper support

The API to enable this is a dirty hack for now; we'll work it out
properly later. It's entirely feasible that the auth UI will want to
be given the raw HTML to render it, since we really *can* be given
arbitrary web pages (with Java and JavaScript) and we're expected to
fill the forms in.
Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent 2454358d
......@@ -25,6 +25,7 @@ openconnect_LDADD = libopenconnect.la $(LIBXML2_LIBS) $(LIBPROXY_LIBS) $(INTL_LI
library_srcs = ssl.c http.c auth-common.c library.c compat.c lzs.c mainloop.c script.c ntlm.c digest.c
lib_srcs_cisco = auth.c cstp.c dtls.c
lib_srcs_juniper = oncp.c
lib_srcs_gnutls = gnutls.c gnutls_pkcs12.c gnutls_tpm.c
lib_srcs_openssl = openssl.c openssl-pkcs11.c
lib_srcs_win32 = tun-win32.c sspi.c
......@@ -35,11 +36,12 @@ lib_srcs_oath = oath.c
lib_srcs_yubikey = yubikey.c
lib_srcs_stoken = stoken.c
POTFILES = $(openconnect_SOURCES) $(lib_srcs_cisco) $(lib_srcs_openssl) $(lib_srcs_gnutls) \
$(library_srcs) $(lib_srcs_win32) $(lib_srcs_posix) $(lib_srcs_gssapi) \
$(lib_srcs_iconv) $(lib_srcs_oath) $(lib_srcs_yubikey) $(lib_srcs_stoken) openconnect-internal.h
POTFILES = $(openconnect_SOURCES) $(lib_srcs_cisco) $(lib_srcs_juniper) \
$(lib_srcs_openssl) $(lib_srcs_gnutls) $(library_srcs) \
$(lib_srcs_win32) $(lib_srcs_posix) $(lib_srcs_gssapi) $(lib_srcs_iconv) \
$(lib_srcs_oath) $(lib_srcs_yubikey) $(lib_srcs_stoken) openconnect-internal.h
library_srcs += $(lib_srcs_cisco)
library_srcs += $(lib_srcs_juniper) $(lib_srcs_cisco)
if OPENCONNECT_LIBPCSCLITE
library_srcs += $(lib_srcs_yubikey)
endif
......
......@@ -67,6 +67,7 @@ OPENCONNECT_PRIVATE {
global: @SYMVER_TIME@ @SYMVER_GETLINE@ @SYMVER_JAVA@ @SYMVER_ASPRINTF@ @SYMVER_VASPRINTF@ @SYMVER_WIN32_STRERROR@
openconnect_fopen_utf8;
openconnect_open_utf8;
openconnect_set_juniper;
openconnect_sha1;
openconnect_version_str;
local:
......
......@@ -90,7 +90,6 @@ struct openconnect_info *openconnect_vpninfo_new(const char *useragent,
#ifdef ENABLE_NLS
bindtextdomain("openconnect", LOCALEDIR);
#endif
vpninfo->proto.vpn_close_session = cstp_bye;
vpninfo->proto.tcp_connect = cstp_connect;
vpninfo->proto.tcp_mainloop = cstp_mainloop;
......@@ -104,7 +103,6 @@ struct openconnect_info *openconnect_vpninfo_new(const char *useragent,
#else
vpninfo->dtls_state = DTLS_DISABLED;
#endif
return vpninfo;
err:
......@@ -114,6 +112,20 @@ err:
return NULL;
}
void openconnect_set_juniper(struct openconnect_info *vpninfo)
{
vpninfo->proto.vpn_close_session = NULL;
vpninfo->proto.tcp_connect = oncp_connect;
vpninfo->proto.tcp_mainloop = oncp_mainloop;
vpninfo->proto.add_http_headers = NULL;
vpninfo->proto.obtain_cookie = oncp_obtain_cookie;
vpninfo->proto.udp_setup = NULL;
vpninfo->proto.udp_mainloop = NULL;
vpninfo->proto.udp_close = NULL;
vpninfo->proto.udp_shutdown = NULL;
vpninfo->dtls_state = DTLS_DISABLED;
}
int openconnect_setup_dtls(struct openconnect_info *vpninfo,
int attempt_period)
......
......@@ -159,6 +159,7 @@ enum {
OPT_DUMP_HTTP,
OPT_FORCE_DPD,
OPT_GNUTLS_DEBUG,
OPT_JUNIPER,
OPT_KEY_PASSWORD_FROM_FSID,
OPT_LIBPROXY,
OPT_NO_CERT_CHECK,
......@@ -210,6 +211,7 @@ static const struct option long_options[] = {
OPTION("cookie", 1, 'C'),
OPTION("compression", 1, OPT_COMPRESSION),
OPTION("deflate", 0, 'd'),
OPTION("juniper", 0, OPT_JUNIPER),
OPTION("no-deflate", 0, 'D'),
OPTION("cert-expire-warning", 1, 'e'),
OPTION("usergroup", 1, 'g'),
......@@ -1033,6 +1035,9 @@ int main(int argc, char **argv)
}
break;
}
case OPT_JUNIPER:
openconnect_set_juniper(vpninfo);
break;
case OPT_CSD_USER: {
char *strend;
vpninfo->uid_csd = strtol(config_arg, &strend, 0);
......
/*
* OpenConnect (SSL + DTLS) VPN client
*
* Copyright © 2008-2015 Intel Corporation.
*
* Author: David Woodhouse <dwmw2@infradead.org>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
* version 2.1, as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*/
#include <config.h>
#include <unistd.h>
#include <fcntl.h>
#include <time.h>
#include <string.h>
#include <ctype.h>
#include <errno.h>
#include <stdlib.h>
#include <stdio.h>
#include <sys/types.h>
#include <stdarg.h>
#include "openconnect-internal.h"
int oncp_obtain_cookie(struct openconnect_info *vpninfo)
{
vpn_progress(vpninfo, PRG_ERR, _("oNCP authentication not yet implemented\n"));
return -EOPNOTSUPP;
}
int oncp_connect(struct openconnect_info *vpninfo)
{
return 0;
}
int oncp_mainloop(struct openconnect_info *vpninfo, int *timeout)
{
return 0;
}
......@@ -674,6 +674,11 @@ int decompress_and_queue_packet(struct openconnect_info *vpninfo,
unsigned char *buf, int len);
int compress_packet(struct openconnect_info *vpninfo, int compr_type, struct pkt *this);
/* oncp.c */
int oncp_obtain_cookie(struct openconnect_info *vpninfo);
int oncp_connect(struct openconnect_info *vpninfo);
int oncp_mainloop(struct openconnect_info *vpninfo, int *timeout);
/* lzs.c */
int lzs_decompress(unsigned char *dst, int dstlen, const unsigned char *src, int srclen);
int lzs_compress(unsigned char *dst, int dstlen, const unsigned char *src, int srclen);
......@@ -841,6 +846,8 @@ int digest_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *b
/* library.c */
void nuke_opt_values(struct oc_form_opt *opt);
int process_auth_form(struct openconnect_info *vpninfo, struct oc_auth_form *form);
/* This is private for now since we haven't yet worked out what the API will be */
void openconnect_set_juniper(struct openconnect_info *vpninfo);
/* version.c */
extern const char *openconnect_version_str;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment