From bc0a9830dfefbf2ba63df0eb0873470633fa3a2f Mon Sep 17 00:00:00 2001
From: David Woodhouse <David.Woodhouse@intel.com>
Date: Fri, 16 Jan 2015 14:14:10 -0800
Subject: [PATCH] Add shell of Juniper support

The API to enable this is a dirty hack for now; we'll work it out
properly later. It's entirely feasible that the auth UI will want to
be given the raw HTML to render it, since we really *can* be given
arbitrary web pages (with Java and JavaScript) and we're expected to
fill the forms in.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
---
 Makefile.am            | 10 +++++----
 libopenconnect.map.in  |  1 +
 library.c              | 16 ++++++++++++--
 main.c                 |  5 +++++
 oncp.c                 | 47 ++++++++++++++++++++++++++++++++++++++++++
 openconnect-internal.h |  7 +++++++
 6 files changed, 80 insertions(+), 6 deletions(-)
 create mode 100644 oncp.c

diff --git a/Makefile.am b/Makefile.am
index 9c73bfc0..85512715 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -25,6 +25,7 @@ openconnect_LDADD = libopenconnect.la $(LIBXML2_LIBS) $(LIBPROXY_LIBS) $(INTL_LI
 
 library_srcs = ssl.c http.c auth-common.c library.c compat.c lzs.c mainloop.c script.c ntlm.c digest.c
 lib_srcs_cisco = auth.c cstp.c dtls.c
+lib_srcs_juniper = oncp.c
 lib_srcs_gnutls = gnutls.c gnutls_pkcs12.c gnutls_tpm.c
 lib_srcs_openssl = openssl.c openssl-pkcs11.c
 lib_srcs_win32 = tun-win32.c sspi.c
@@ -35,11 +36,12 @@ lib_srcs_oath = oath.c
 lib_srcs_yubikey = yubikey.c
 lib_srcs_stoken = stoken.c
 
-POTFILES = $(openconnect_SOURCES) $(lib_srcs_cisco) $(lib_srcs_openssl) $(lib_srcs_gnutls) \
-	   $(library_srcs) $(lib_srcs_win32) $(lib_srcs_posix) $(lib_srcs_gssapi) \
-	   $(lib_srcs_iconv) $(lib_srcs_oath) $(lib_srcs_yubikey) $(lib_srcs_stoken) openconnect-internal.h
+POTFILES = $(openconnect_SOURCES) $(lib_srcs_cisco) $(lib_srcs_juniper) \
+	   $(lib_srcs_openssl) $(lib_srcs_gnutls) $(library_srcs) \
+	   $(lib_srcs_win32) $(lib_srcs_posix) $(lib_srcs_gssapi) $(lib_srcs_iconv) \
+	   $(lib_srcs_oath) $(lib_srcs_yubikey) $(lib_srcs_stoken) openconnect-internal.h
 
-library_srcs += $(lib_srcs_cisco)
+library_srcs += $(lib_srcs_juniper) $(lib_srcs_cisco)
 if OPENCONNECT_LIBPCSCLITE
 library_srcs += $(lib_srcs_yubikey)
 endif
diff --git a/libopenconnect.map.in b/libopenconnect.map.in
index 6d474576..addcfb63 100644
--- a/libopenconnect.map.in
+++ b/libopenconnect.map.in
@@ -67,6 +67,7 @@ OPENCONNECT_PRIVATE {
  global: @SYMVER_TIME@ @SYMVER_GETLINE@ @SYMVER_JAVA@ @SYMVER_ASPRINTF@ @SYMVER_VASPRINTF@ @SYMVER_WIN32_STRERROR@
 	openconnect_fopen_utf8;
 	openconnect_open_utf8;
+	openconnect_set_juniper;
 	openconnect_sha1;
 	openconnect_version_str;
  local:
diff --git a/library.c b/library.c
index 34cc32a2..2f6680ff 100644
--- a/library.c
+++ b/library.c
@@ -90,7 +90,6 @@ struct openconnect_info *openconnect_vpninfo_new(const char *useragent,
 #ifdef ENABLE_NLS
 	bindtextdomain("openconnect", LOCALEDIR);
 #endif
-
 	vpninfo->proto.vpn_close_session = cstp_bye;
 	vpninfo->proto.tcp_connect = cstp_connect;
 	vpninfo->proto.tcp_mainloop = cstp_mainloop;
@@ -104,7 +103,6 @@ struct openconnect_info *openconnect_vpninfo_new(const char *useragent,
 #else
 	vpninfo->dtls_state = DTLS_DISABLED;
 #endif
-
 	return vpninfo;
 
 err:
@@ -114,6 +112,20 @@ struct openconnect_info *openconnect_vpninfo_new(const char *useragent,
 	return NULL;
 }
 
+void openconnect_set_juniper(struct openconnect_info *vpninfo)
+{
+	vpninfo->proto.vpn_close_session = NULL;
+	vpninfo->proto.tcp_connect = oncp_connect;
+	vpninfo->proto.tcp_mainloop = oncp_mainloop;
+	vpninfo->proto.add_http_headers = NULL;
+	vpninfo->proto.obtain_cookie = oncp_obtain_cookie;
+	vpninfo->proto.udp_setup = NULL;
+	vpninfo->proto.udp_mainloop = NULL;
+	vpninfo->proto.udp_close = NULL;
+	vpninfo->proto.udp_shutdown = NULL;
+	vpninfo->dtls_state = DTLS_DISABLED;
+}
+
 int openconnect_setup_dtls(struct openconnect_info *vpninfo,
 			   int attempt_period)
 
diff --git a/main.c b/main.c
index 0e9d2978..b3292f66 100644
--- a/main.c
+++ b/main.c
@@ -159,6 +159,7 @@ enum {
 	OPT_DUMP_HTTP,
 	OPT_FORCE_DPD,
 	OPT_GNUTLS_DEBUG,
+	OPT_JUNIPER,
 	OPT_KEY_PASSWORD_FROM_FSID,
 	OPT_LIBPROXY,
 	OPT_NO_CERT_CHECK,
@@ -210,6 +211,7 @@ static const struct option long_options[] = {
 	OPTION("cookie", 1, 'C'),
 	OPTION("compression", 1, OPT_COMPRESSION),
 	OPTION("deflate", 0, 'd'),
+	OPTION("juniper", 0, OPT_JUNIPER),
 	OPTION("no-deflate", 0, 'D'),
 	OPTION("cert-expire-warning", 1, 'e'),
 	OPTION("usergroup", 1, 'g'),
@@ -1033,6 +1035,9 @@ int main(int argc, char **argv)
 			}
 			break;
 		}
+		case OPT_JUNIPER:
+			openconnect_set_juniper(vpninfo);
+			break;
 		case OPT_CSD_USER: {
 			char *strend;
 			vpninfo->uid_csd = strtol(config_arg, &strend, 0);
diff --git a/oncp.c b/oncp.c
new file mode 100644
index 00000000..3ca0216b
--- /dev/null
+++ b/oncp.c
@@ -0,0 +1,47 @@
+/*
+ * OpenConnect (SSL + DTLS) VPN client
+ *
+ * Copyright © 2008-2015 Intel Corporation.
+ *
+ * Author: David Woodhouse <dwmw2@infradead.org>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * version 2.1, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ */
+
+#include <config.h>
+
+#include <unistd.h>
+#include <fcntl.h>
+#include <time.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <stdarg.h>
+
+#include "openconnect-internal.h"
+
+int oncp_obtain_cookie(struct openconnect_info *vpninfo)
+{
+	vpn_progress(vpninfo, PRG_ERR, _("oNCP authentication not yet implemented\n"));
+	return -EOPNOTSUPP;
+}
+
+int oncp_connect(struct openconnect_info *vpninfo)
+{
+	return 0;
+}
+
+int oncp_mainloop(struct openconnect_info *vpninfo, int *timeout)
+{
+	return 0;
+}
diff --git a/openconnect-internal.h b/openconnect-internal.h
index 5e4e7bad..552337c4 100644
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -674,6 +674,11 @@ int decompress_and_queue_packet(struct openconnect_info *vpninfo,
 				unsigned char *buf, int len);
 int compress_packet(struct openconnect_info *vpninfo, int compr_type, struct pkt *this);
 
+/* oncp.c */
+int oncp_obtain_cookie(struct openconnect_info *vpninfo);
+int oncp_connect(struct openconnect_info *vpninfo);
+int oncp_mainloop(struct openconnect_info *vpninfo, int *timeout);
+
 /* lzs.c */
 int lzs_decompress(unsigned char *dst, int dstlen, const unsigned char *src, int srclen);
 int lzs_compress(unsigned char *dst, int dstlen, const unsigned char *src, int srclen);
@@ -841,6 +846,8 @@ int digest_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *b
 /* library.c */
 void nuke_opt_values(struct oc_form_opt *opt);
 int process_auth_form(struct openconnect_info *vpninfo, struct oc_auth_form *form);
+/* This is private for now since we haven't yet worked out what the API will be */
+void openconnect_set_juniper(struct openconnect_info *vpninfo);
 
 /* version.c */
 extern const char *openconnect_version_str;