}
len = strlen(fmt) + 1;
-
+
params[0] = (char *)xmlGetProp(xml_node, (unsigned char *)"param1");
if (params[0])
len += strlen(params[0]);
}
strcpy(result, fmt);
- free (fmt);
+ free(fmt);
for (pct = strchr(result, '%'); pct;
(pct = strchr(pct, '%'))) {
struct oc_form_opt_select *sel = (void *)form->opts;
int i;
- for (i=0; i < sel->nr_choices; i++) {
+ for (i = 0; i < sel->nr_choices; i++) {
free(sel->choices[i].name);
free(sel->choices[i].label);
free(sel->choices[i].auth_type);
res = NULL;
goto err;
}
- if (len >=0 && len < 160)
+ if (len >= 0 && len < 160)
goto out;
free(res);
vpninfo->vpn_domain = vpninfo->vpn_proxy_pac = NULL;
vpninfo->banner = NULL;
- for (i=0; i<3; i++)
+ for (i = 0; i < 3; i++)
vpninfo->vpn_dns[i] = vpninfo->vpn_nbns[i] = NULL;
for (inc = vpninfo->split_includes; inc; ) {
buf_append(buf, sizeof(buf), "X-CSTP-Base-MTU: %d\r\n", base_mtu);
buf_append(buf, sizeof(buf), "X-CSTP-MTU: %d\r\n", mtu);
buf_append(buf, sizeof(buf), "X-CSTP-Address-Type: %s\r\n",
- vpninfo->disable_ipv6?"IPv4":"IPv6,IPv4");
+ vpninfo->disable_ipv6 ? "IPv4" : "IPv6,IPv4");
buf_append(buf, sizeof(buf), "X-DTLS-Master-Secret: ");
for (i = 0; i < sizeof(vpninfo->dtls_secret); i++)
buf_append(buf, sizeof(buf), "%02X", vpninfo->dtls_secret[i]);
buf_append(buf, sizeof(buf), "\r\nX-DTLS-CipherSuite: %s\r\n\r\n",
- vpninfo->dtls_ciphers?:"AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA");
+ vpninfo->dtls_ciphers ? : "AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA");
openconnect_SSL_write(vpninfo, buf, strlen(buf));
we should probably remove POLLIN from the events we're looking for,
and add POLLOUT. As it is, though, it'll just chew CPU time in that
fairly unlikely situation, until the write backlog clears. */
- while ( (len = cstp_read(vpninfo, buf, sizeof(buf))) > 0) {
+ while ((len = cstp_read(vpninfo, buf, sizeof(buf))) > 0) {
int payload_len;
if (buf[0] != 'S' || buf[1] != 'T' ||
continue;
}
vpninfo->ssl_times.last_rx = time(NULL);
- switch(buf[6]) {
+ switch (buf[6]) {
case AC_PKT_DPD_OUT:
vpn_progress(vpninfo, PRG_TRACE,
_("Got CSTP DPD request\n"));
#ifdef HAVE_DTLS1_STOP_TIMER
/* OpenSSL doesn't deliberately export this, but we need it to
workaround a DTLS bug in versions < 1.0.0e */
-extern void dtls1_stop_timer (SSL *);
+extern void dtls1_stop_timer(SSL *);
#endif
#if !defined(NO_BROKEN_DTLS_CHECK) && (OPENSSL_VERSION_NUMBER == 0x10002000L || \
#if OPENSSL_VERSION_NUMBER >= 0x1000005fL
/* OpenSSL 1.0.0e or above doesn't resend anyway; do nothing.
However, if we were *built* against 1.0.0e or newer, but at
- runtime we find that we are being run against an older
+ runtime we find that we are being run against an older
version, warn about it. */
if (SSLeay() < 0x1000005fL) {
vpn_progress(vpninfo, PRG_ERR,
* so do it manually. This version also works on all
* sane versions of OpenSSL:
*/
- memset (&(vpninfo->dtls_ssl->d1->next_timeout), 0,
- sizeof((vpninfo->dtls_ssl->d1->next_timeout)));
+ memset(&(vpninfo->dtls_ssl->d1->next_timeout), 0,
+ sizeof((vpninfo->dtls_ssl->d1->next_timeout)));
vpninfo->dtls_ssl->d1->timeout_duration = 1;
BIO_ctrl(SSL_get_rbio(vpninfo->dtls_ssl),
BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
#if defined(OPENCONNECT_GNUTLS) && defined(DTLS_OPENSSL)
/* If we're using GnuTLS for authentication but OpenSSL for DTLS,
we'll need to initialise OpenSSL now... */
- SSL_library_init ();
- ERR_clear_error ();
- SSL_load_error_strings ();
- OpenSSL_add_all_algorithms ();
+ SSL_library_init();
+ ERR_clear_error();
+ SSL_load_error_strings();
+ OpenSSL_add_all_algorithms();
#endif
while (dtls_opt) {
vpninfo->dtls_times.last_rx = time(NULL);
- switch(buf[0]) {
+ switch (buf[0]) {
case AC_PKT_DATA:
dtls_pkt->len = len - 1;
queue_packet(&vpninfo->incoming_queue, dtls_pkt);
}
#else /* !HAVE_DTLS */
#warning Your SSL library does not seem to support Cisco DTLS compatibility
- int setup_dtls(struct openconnect_info *vpninfo)
+int setup_dtls(struct openconnect_info *vpninfo)
{
vpn_progress(vpninfo, PRG_ERR,
_("Built against SSL library with no Cisco DTLS support\n"));
FD_ZERO(&wr_set);
FD_ZERO(&rd_set);
-
+
if (gnutls_record_get_direction(vpninfo->https_sess))
FD_SET(vpninfo->ssl_fd, &wr_set);
else
} else {
FD_ZERO(&wr_set);
FD_ZERO(&rd_set);
-
+
if (gnutls_record_get_direction(vpninfo->https_sess))
FD_SET(vpninfo->ssl_fd, &wr_set);
else
} else {
fd_set rd_set, wr_set;
int maxfd = vpninfo->ssl_fd;
-
+
FD_ZERO(&rd_set);
FD_ZERO(&wr_set);
-
+
if (gnutls_record_get_direction(vpninfo->https_sess))
FD_SET(vpninfo->ssl_fd, &wr_set);
else
p += 11;
if (!strncmp(p, "CERTIFICATE", 11) ||
!strncmp(p, "X509 CERTIFICATE", 16))
- count++;
+ count++;
}
return count;
}
if (!pcerts)
return GNUTLS_E_MEMORY_ERROR;
- for (i=0 ; i < nr_certs; i++) {
+ for (i = 0 ; i < nr_certs; i++) {
err = gnutls_pcert_import_x509(pcerts + i, certs[i], 0);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Setting PKCS#11 certificate failed: %s\n"),
gnutls_strerror(err));
free_pcerts:
- for (i=0 ; i < nr_certs; i++)
+ for (i = 0 ; i < nr_certs; i++)
gnutls_pcert_deinit(pcerts + i);
- free (pcerts);
+ free(pcerts);
}
return err;
}
else if (type == 'R')
begin = "RSA PRIVATE KEY";
else if (type == 'D')
- begin = "DSA PRIVATE KEY";
+ begin = "DSA PRIVATE KEY";
else
return -EINVAL;
s = sizeof(token->model) + 1;
if (!gnutls_pkcs11_obj_get_info(crt, GNUTLS_PKCS11_OBJ_TOKEN_MODEL,
buf, &s)) {
- s--;
- memcpy(token->model, buf, s);
- memset(token->model + s, ' ',
- sizeof(token->model) - s);
+ s--;
+ memcpy(token->model, buf, s);
+ memset(token->model + s, ' ',
+ sizeof(token->model) - s);
}
}
if (!token->serialNumber[0]) {
goto out;
}
/* If extra_certs[] is NULL, we have one candidate in 'cert' to check. */
- for (i = 0; i < (extra_certs?nr_extra_certs:1); i++) {
+ for (i = 0; i < (extra_certs ? nr_extra_certs : 1); i++) {
unsigned char cert_id[20];
size_t cert_id_size = sizeof(cert_id);
- err = gnutls_x509_crt_get_key_id(extra_certs?extra_certs[i]:cert, 0, cert_id, &cert_id_size);
+ err = gnutls_x509_crt_get_key_id(extra_certs ? extra_certs[i] : cert, 0, cert_id, &cert_id_size);
if (err)
continue;
}
/* If extra_certs[] is NULL, we have one candidate in 'cert' to check. */
- for (i=0; i < (extra_certs?nr_extra_certs:1); i++) {
+ for (i = 0; i < (extra_certs ? nr_extra_certs : 1); i++) {
gnutls_pubkey_t pubkey;
gnutls_pubkey_init(&pubkey);
- err = gnutls_pubkey_import_x509(pubkey, extra_certs?extra_certs[i]:cert, 0);
+ err = gnutls_pubkey_import_x509(pubkey, extra_certs ? extra_certs[i] : cert, 0);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Error validating signature against certificate: %s\n"),
err = gnutls_certificate_get_issuer(vpninfo->https_cred,
last_cert, &issuer, 0);
if (err)
- break;
+ break;
/* The check_issuer_sanity() function works fine as a workaround where
it was used above, but when gnutls_certificate_get_issuer() returns
if (gnutls_x509_crt_get_fingerprint(cert, algo, md, &md_size))
return -EIO;
- for (i=0; i < md_size; i++)
+ for (i = 0; i < md_size; i++)
sprintf(&buf[i*2], "%02X", md[i]);
return 0;
if (gnutls_x509_crt_print(cert, GNUTLS_CRT_PRINT_FULL, &buf))
return NULL;
-
+
/* Just in case gnutls_free() isn't free(), we can't steal it. */
ret = strdup((char *)buf.data);
gnutls_free(buf.data);
-
+
return ret;
}
size_t l = 0;
unsigned char *ret = NULL;
- if (gnutls_x509_crt_export(cert, GNUTLS_X509_FMT_DER, ret, &l) !=
+ if (gnutls_x509_crt_export(cert, GNUTLS_X509_FMT_DER, ret, &l) !=
GNUTLS_E_SHORT_MEMORY_BUFFER)
return -EIO;
if (gnutls_x509_crt_export(cert, GNUTLS_X509_FMT_DER, ret, &l)) {
free(ret);
- return -EIO;
+ return -EIO;
}
*buf = ret;
return l;
vpninfo->peer_cert = NULL;
}
- cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
+ cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
if (!cert_list) {
vpn_progress(vpninfo, PRG_ERR, _("Server presented no certificate\n"));
return GNUTLS_E_CERTIFICATE_ERROR;
unsigned char sha1bin[SHA1_SIZE];
char fingerprint[(SHA1_SIZE * 2) + 1];
int i;
-
+
err = openconnect_sha1(sha1bin, cert_list[0].data, cert_list[0].size);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Could not calculate SHA1 of server's certificate\n"));
return GNUTLS_E_CERTIFICATE_ERROR;
}
- for (i=0; i < SHA1_SIZE; i++)
+ for (i = 0; i < SHA1_SIZE; i++)
sprintf(&fingerprint[i*2], "%02X", sha1bin[i]);
if (strcasecmp(vpninfo->servercert, fingerprint)) {
return 0;
}
- err = gnutls_certificate_verify_peers2 (session, &status);
+ err = gnutls_certificate_verify_peers2(session, &status);
if (err) {
vpn_progress(vpninfo, PRG_ERR, _("Error checking server cert status\n"));
return GNUTLS_E_CERTIFICATE_ERROR;
DEFAULT_SYSTEM_CAFILE,
GNUTLS_X509_FMT_PEM);
#endif
- gnutls_certificate_set_verify_function (vpninfo->https_cred,
- verify_peer);
+ gnutls_certificate_set_verify_function(vpninfo->https_cred,
+ verify_peer);
#ifdef ANDROID_KEYSTORE
if (vpninfo->cafile && !strncmp(vpninfo->cafile, "keystore:", 9)) {
}
}
}
- gnutls_init (&vpninfo->https_sess, GNUTLS_CLIENT);
- gnutls_session_set_ptr (vpninfo->https_sess, (void *) vpninfo);
+ gnutls_init(&vpninfo->https_sess, GNUTLS_CLIENT);
+ gnutls_session_set_ptr(vpninfo->https_sess, (void *) vpninfo);
#if defined(HAVE_TROUSERS) && !defined(HAVE_GNUTLS_CERTIFICATE_SET_KEY)
if (vpninfo->my_pkey == OPENCONNECT_TPM_PKEY)
gnutls_sign_callback_set(vpninfo->https_sess, gtls2_tpm_sign_cb, vpninfo);
#endif
- err = gnutls_priority_set_direct (vpninfo->https_sess,
- "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:"
+ err = gnutls_priority_set_direct(vpninfo->https_sess,
+ "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:"
#if GNUTLS_VERSION_MAJOR >= 3
- "-CURVE-ALL:"
+ "-CURVE-ALL:"
#endif
- "%COMPAT:%DISABLE_SAFE_RENEGOTIATION:%LATEST_RECORD_VERSION",
- NULL);
+ "%COMPAT:%DISABLE_SAFE_RENEGOTIATION:%LATEST_RECORD_VERSION",
+ NULL);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to set TLS priority string: %s\n"),
return -EIO;
}
- gnutls_record_disable_padding (vpninfo->https_sess);
- gnutls_credentials_set (vpninfo->https_sess, GNUTLS_CRD_CERTIFICATE, vpninfo->https_cred);
+ gnutls_record_disable_padding(vpninfo->https_sess);
+ gnutls_credentials_set(vpninfo->https_sess, GNUTLS_CRD_CERTIFICATE, vpninfo->https_cred);
gnutls_transport_set_ptr(vpninfo->https_sess, /* really? */(gnutls_transport_ptr_t)(long) ssl_sock);
vpn_progress(vpninfo, PRG_INFO, _("SSL negotiation with %s\n"),
vpninfo->hostname);
- while ((err = gnutls_handshake (vpninfo->https_sess))) {
+ while ((err = gnutls_handshake(vpninfo->https_sess))) {
if (err == GNUTLS_E_AGAIN) {
fd_set rd_set, wr_set;
int maxfd = ssl_sock;
#include "openconnect-internal.h"
#ifndef HAVE_GNUTLS_PKCS12_SIMPLE_PARSE
-/* If we're using a version of GnuTLS from before this was
+/* If we're using a version of GnuTLS from before this was
exported, pull in our local copy. */
-int gnutls_pkcs12_simple_parse (gnutls_pkcs12_t p12, const char *password,
- gnutls_x509_privkey_t * key,
- gnutls_x509_crt_t ** chain,
- unsigned int * chain_len,
- gnutls_x509_crt_t ** extra_certs,
- unsigned int * extra_certs_len,
- gnutls_x509_crl_t * crl,
- unsigned int flags);
+int gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12, const char *password,
+ gnutls_x509_privkey_t *key,
+ gnutls_x509_crt_t **chain,
+ unsigned int *chain_len,
+ gnutls_x509_crt_t **extra_certs,
+ unsigned int *extra_certs_len,
+ gnutls_x509_crl_t *crl,
+ unsigned int flags);
#endif /* !HAVE_GNUTLS_PKCS12_SIMPLE_PARSE */
goto out_key_policy;
}
}
- err = request_passphrase(vpninfo, "openconnect_tpm_key",
+ err = request_passphrase(vpninfo, "openconnect_tpm_key",
&pass, _("Enter TPM key PIN:"));
if (err)
goto out_key_policy;
err = Tspi_Policy_SetSecret(vpninfo->tpm_key_policy,
TSS_SECRET_MODE_PLAIN,
strlen(pass), (void *)pass);
- free (pass);
+ free(pass);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
goto retry_sign;
}
- free (asn1.data);
+ free(asn1.data);
return 0;
out_key_policy:
Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->tpm_key_policy);
Tspi_Context_Close(vpninfo->tpm_context);
vpninfo->tpm_context = 0;
out_blob:
- free (asn1.data);
+ free(asn1.data);
return -EIO;
}
new->next = (*this)->next;
else
new = (*this)->next;
-
+
free((*this)->option);
free((*this)->value);
free(*this);
if (!strncmp(buf, "HTTP/1.0 ", 9))
closeconn = 1;
-
+
if ((!closeconn && strncmp(buf, "HTTP/1.1 ", 9)) || !(*result = atoi(buf+9))) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to parse HTTP response '%s'\n"), buf);
return -EINVAL;
}
- vpn_progress(vpninfo, (*result==200)?PRG_TRACE:PRG_INFO,
+ vpn_progress(vpninfo, (*result == 200) ? PRG_TRACE : PRG_INFO,
_("Got HTTP response: %s\n"), buf);
/* Eat headers... */
if (!strcmp(colon, "webvpn") && *equals)
print_equals = _("<elided>");
vpn_progress(vpninfo, PRG_TRACE, "%s: %s=%s%s%s\n",
- buf, colon, print_equals, semicolon?";":"",
- semicolon?(semicolon+1):"");
+ buf, colon, print_equals, semicolon ? ";" : "",
+ semicolon ? (semicolon+1) : "");
/* The server tends to ask for the username and password as
usual, even if we've already failed because it didn't like
goto cont;
/* Now the body, if there is one */
- vpn_progress(vpninfo, PRG_TRACE, _("HTTP body %s (%d)\n"),
- bodylen==BODY_HTTP10?"http 1.0" :
- bodylen==BODY_CHUNKED?"chunked" : "length: ",
+ vpn_progress(vpninfo, PRG_TRACE, _("HTTP body %s (%d)\n"),
+ bodylen == BODY_HTTP10 ? "http 1.0" :
+ bodylen == BODY_CHUNKED ? "chunked" : "length: ",
bodylen);
/* If we were given Content-Length, it's nice and easy... */
if (i < 0) {
vpn_progress(vpninfo, PRG_ERR,
_("Error reading HTTP response body\n"));
- free(body);
+ free(body);
return -EINVAL;
}
done += i;
if (i < 0) {
vpn_progress(vpninfo, PRG_ERR,
_("Error reading HTTP response body\n"));
- free(body);
+ free(body);
return -EINVAL;
}
chunklen -= i;
_("Error in chunked decoding. Expected '', got: '%s'"),
buf);
}
- free(body);
+ free(body);
return -EINVAL;
}
if (!body)
return -ENOMEM;
break;
- }
+ }
}
}
if (vpninfo->csd_wrapper)
csd_argv[i++] = vpninfo->csd_wrapper;
csd_argv[i++] = fname;
- csd_argv[i++]= (char *)"-ticket";
+ csd_argv[i++] = (char *)"-ticket";
if (asprintf(&csd_argv[i++], "\"%s\"", vpninfo->csd_ticket) == -1)
goto out;
- csd_argv[i++]= (char *)"-stub";
- csd_argv[i++]= (char *)"\"0\"";
- csd_argv[i++]= (char *)"-group";
+ csd_argv[i++] = (char *)"-stub";
+ csd_argv[i++] = (char *)"\"0\"";
+ csd_argv[i++] = (char *)"-group";
if (asprintf(&csd_argv[i++], "\"%s\"", vpninfo->authgroup?:"") == -1)
goto out;
openconnect_local_cert_md5(vpninfo, ccertbuf);
scertbuf[0] = 0;
get_cert_md5_fingerprint(vpninfo, vpninfo->peer_cert, scertbuf);
- csd_argv[i++]= (char *)"-certhash";
+ csd_argv[i++] = (char *)"-certhash";
if (asprintf(&csd_argv[i++], "\"%s:%s\"", scertbuf, ccertbuf) == -1)
goto out;
- csd_argv[i++]= (char *)"-url";
+ csd_argv[i++] = (char *)"-url";
if (asprintf(&csd_argv[i++], "\"https://%s%s\"", vpninfo->hostname, vpninfo->csd_starturl) == -1)
goto out;
- csd_argv[i++]= (char *)"-langselen";
+ csd_argv[i++] = (char *)"-langselen";
csd_argv[i++] = NULL;
if (setenv("CSD_TOKEN", vpninfo->csd_token, 1))
if (len < 2)
return -EINVAL;
- while ( (ret = proxy_read(vpninfo, fd, (void *)(buf + i), 1)) == 0) {
+ while ((ret = proxy_read(vpninfo, fd, (void *)(buf + i), 1)) == 0) {
if (buf[i] == '\n') {
buf[i] = 0;
if (i && buf[i-1] == '\r') {
strerror(-i));
return i;
}
-
+
if ((i = proxy_read(vpninfo, ssl_sock, buf, 2))) {
vpn_progress(vpninfo, PRG_ERR,
_("Error reading auth response from SOCKS proxy: %s\n"),
goto socks_err;
/* Connect responses contain an address */
- switch(buf[3]) {
+ switch (buf[3]) {
case 1: /* Legacy IP */
i = 5;
break;
{
if (!vpninfo->proxy_type || !strcmp(vpninfo->proxy_type, "http"))
return process_http_proxy(vpninfo, ssl_sock);
-
+
if (!strcmp(vpninfo->proxy_type, "socks") ||
!strcmp(vpninfo->proxy_type, "socks5"))
return process_socks_proxy(vpninfo, ssl_sock);
#include "openconnect-internal.h"
-struct openconnect_info *openconnect_vpninfo_new (char *useragent,
- openconnect_validate_peer_cert_vfn validate_peer_cert,
- openconnect_write_new_config_vfn write_new_config,
- openconnect_process_auth_form_vfn process_auth_form,
- openconnect_progress_vfn progress,
- void *privdata)
+struct openconnect_info *openconnect_vpninfo_new(char *useragent,
+ openconnect_validate_peer_cert_vfn validate_peer_cert,
+ openconnect_write_new_config_vfn write_new_config,
+ openconnect_process_auth_form_vfn process_auth_form,
+ openconnect_progress_vfn progress,
+ void *privdata)
{
- struct openconnect_info *vpninfo = calloc (sizeof(*vpninfo), 1);
+ struct openconnect_info *vpninfo = calloc(sizeof(*vpninfo), 1);
vpninfo->ssl_fd = -1;
vpninfo->cert_expire_warning = 60 * 86400;
- vpninfo->useragent = openconnect_create_useragent (useragent);
+ vpninfo->useragent = openconnect_create_useragent(useragent);
vpninfo->validate_peer_cert = validate_peer_cert;
vpninfo->write_new_config = write_new_config;
vpninfo->process_auth_form = process_auth_form;
vpninfo->progress = progress;
- vpninfo->cbdata = privdata?:vpninfo;
+ vpninfo->cbdata = privdata ? : vpninfo;
vpninfo->cancel_fd = -1;
openconnect_set_reported_os(vpninfo, NULL);
return vpninfo;
}
-int openconnect_set_reported_os (struct openconnect_info *vpninfo, const char *os)
+int openconnect_set_reported_os(struct openconnect_info *vpninfo, const char *os)
{
if (!os) {
#if defined(__APPLE__)
return 0;
}
-static void free_optlist (struct vpn_option *opt)
+static void free_optlist(struct vpn_option *opt)
{
struct vpn_option *next;
}
}
-void openconnect_vpninfo_free (struct openconnect_info *vpninfo)
+void openconnect_vpninfo_free(struct openconnect_info *vpninfo)
{
openconnect_close_https(vpninfo, 1);
free(vpninfo->peer_addr);
free(vpninfo);
}
-char *openconnect_get_hostname (struct openconnect_info *vpninfo)
+char *openconnect_get_hostname(struct openconnect_info *vpninfo)
{
return vpninfo->unique_hostname?:vpninfo->hostname;
}
-void openconnect_set_hostname (struct openconnect_info *vpninfo, char *hostname)
+void openconnect_set_hostname(struct openconnect_info *vpninfo, char *hostname)
{
free(vpninfo->hostname);
vpninfo->hostname = hostname;
vpninfo->unique_hostname = NULL;
}
-char *openconnect_get_urlpath (struct openconnect_info *vpninfo)
+char *openconnect_get_urlpath(struct openconnect_info *vpninfo)
{
return vpninfo->urlpath;
}
-void openconnect_set_urlpath (struct openconnect_info *vpninfo, char *urlpath)
+void openconnect_set_urlpath(struct openconnect_info *vpninfo, char *urlpath)
{
vpninfo->urlpath = urlpath;
}
-void openconnect_set_xmlsha1 (struct openconnect_info *vpninfo, const char *xmlsha1, int size)
+void openconnect_set_xmlsha1(struct openconnect_info *vpninfo, const char *xmlsha1, int size)
{
- if (size != sizeof (vpninfo->xmlsha1))
+ if (size != sizeof(vpninfo->xmlsha1))
return;
- memcpy (&vpninfo->xmlsha1, xmlsha1, size);
+ memcpy(&vpninfo->xmlsha1, xmlsha1, size);
}
-void openconnect_set_cafile (struct openconnect_info *vpninfo, char *cafile)
+void openconnect_set_cafile(struct openconnect_info *vpninfo, char *cafile)
{
vpninfo->cafile = cafile;
}
-void openconnect_setup_csd (struct openconnect_info *vpninfo, uid_t uid, int silent, char *wrapper)
+void openconnect_setup_csd(struct openconnect_info *vpninfo, uid_t uid, int silent, char *wrapper)
{
vpninfo->uid_csd = uid;
- vpninfo->uid_csd_given = silent?2:1;
+ vpninfo->uid_csd_given = silent ? 2 : 1;
vpninfo->csd_wrapper = wrapper;
}
-void openconnect_set_client_cert (struct openconnect_info *vpninfo, char *cert, char *sslkey)
+void openconnect_set_client_cert(struct openconnect_info *vpninfo, char *cert, char *sslkey)
{
vpninfo->cert = cert;
if (sslkey)
vpninfo->sslkey = cert;
}
-OPENCONNECT_X509 *openconnect_get_peer_cert (struct openconnect_info *vpninfo)
+OPENCONNECT_X509 *openconnect_get_peer_cert(struct openconnect_info *vpninfo)
{
return vpninfo->peer_cert;
}
-int openconnect_get_port (struct openconnect_info *vpninfo)
+int openconnect_get_port(struct openconnect_info *vpninfo)
{
return vpninfo->port;
}
-char *openconnect_get_cookie (struct openconnect_info *vpninfo)
+char *openconnect_get_cookie(struct openconnect_info *vpninfo)
{
return vpninfo->cookie;
}
-void openconnect_clear_cookie (struct openconnect_info *vpninfo)
+void openconnect_clear_cookie(struct openconnect_info *vpninfo)
{
if (vpninfo->cookie)
memset(vpninfo->cookie, 0, strlen(vpninfo->cookie));
}
-void openconnect_reset_ssl (struct openconnect_info *vpninfo)
+void openconnect_reset_ssl(struct openconnect_info *vpninfo)
{
openconnect_close_https(vpninfo, 0);
if (vpninfo->peer_addr) {
}
}
-int openconnect_parse_url (struct openconnect_info *vpninfo, char *url)
+int openconnect_parse_url(struct openconnect_info *vpninfo, char *url)
{
char *scheme = NULL;
int ret;
free(vpninfo->urlpath);
vpninfo->urlpath = NULL;
- ret = internal_parse_url (url, &scheme, &vpninfo->hostname,
- &vpninfo->port, &vpninfo->urlpath, 443);
+ ret = internal_parse_url(url, &scheme, &vpninfo->hostname,
+ &vpninfo->port, &vpninfo->urlpath, 443);
if (ret) {
vpn_progress(vpninfo, PRG_ERR,
return ret;
}
-void openconnect_set_cert_expiry_warning (struct openconnect_info *vpninfo,
+void openconnect_set_cert_expiry_warning(struct openconnect_info *vpninfo,
int seconds)
{
vpninfo->cert_expire_warning = seconds;
}
-void openconnect_set_cancel_fd (struct openconnect_info *vpninfo, int fd)
+void openconnect_set_cancel_fd(struct openconnect_info *vpninfo, int fd)
{
vpninfo->cancel_fd = fd;
}
-const char *openconnect_get_version (void)
+const char *openconnect_get_version(void)
{
return openconnect_version_str;
}
* = -EIO, for other libstoken failures
* = 0, on success
*/
-int openconnect_set_stoken_mode (struct openconnect_info *vpninfo,
- int use_stoken, const char *token_str)
+int openconnect_set_stoken_mode(struct openconnect_info *vpninfo,
+ int use_stoken, const char *token_str)
{
#ifdef LIBSTOKEN_HDR
int ret;
if (!strncmp(this->name, line, optlen) &&
(!line[optlen] || line[optlen] == ' ' || line[optlen] == '\t' ||
line[optlen] == '='))
- break;
+ break;
}
if (!this->name) {
char *l;
" the libopenconnect library is %s\n"),
openconnect_binary_version, openconnect_version_str);
}
-
+
openconnect_init_ssl();
vpninfo = malloc(sizeof(*vpninfo));
case OPT_COOKIE_ON_STDIN:
read_stdin(&vpninfo->cookie);
/* If the cookie is empty, ignore it */
- if (! *vpninfo->cookie) {
+ if (!*vpninfo->cookie) {
vpninfo->cookie = NULL;
}
break;
case 'p':
vpninfo->cert_password = strdup(config_arg);
break;
- case 'P':
+ case 'P':
proxy = keep_config_arg();
autoproxy = 0;
break;
vpn_progress(vpninfo, PRG_INFO,
_("Connected %s as %s%s%s, using %s\n"), vpninfo->ifname,
vpninfo->vpn_addr?:"",
- (vpninfo->vpn_addr6 && vpninfo->vpn_addr)?" + ":"",
- vpninfo->vpn_addr6?:"",
+ (vpninfo->vpn_addr6 && vpninfo->vpn_addr) ? " + " : "",
+ vpninfo->vpn_addr6 ? : "",
(vpninfo->dtls_fd == -1) ?
(vpninfo->deflate ? "SSL + deflate" : "SSL")
: "DTLS");
}
/* FIXME: We should actually write to a new tempfile, then rename */
- if(write(config_fd, buf, buflen) != buflen) {
+ if (write(config_fd, buf, buflen) != buflen) {
err = errno;
fprintf(stderr, _("Failed to write config to %s: %s\n"),
vpninfo->xmlconfig, strerror(err));
#ifdef ANDROID
void syslog_progress(void *_vpninfo, int level, const char *fmt, ...)
{
- static int l[4] = {
+ static int l[4] = {
ANDROID_LOG_ERROR, /* PRG_ERR */
ANDROID_LOG_INFO, /* PRG_INFO */
ANDROID_LOG_DEBUG, /* PRG_DEBUG */
ANDROID_LOG_DEBUG /* PRG_TRACE */
- };
+ };
va_list args, args2;
if (verbose >= level) {
_("User input required in non-interactive mode\n"));
goto err;
} else {
- opt->value=malloc(80);
+ opt->value = malloc(80);
if (!opt->value)
goto err;
goto err;
} else {
struct termios t;
- opt->value=malloc(80);
+ opt->value = malloc(80);
if (!opt->value)
goto err;
#define AC_PKT_COMPRESSED 8 /* Compressed data */
#define AC_PKT_TERM_SERVER 9 /* Server kick */
-#define vpn_progress(vpninfo, ...) (vpninfo)->progress ((vpninfo)->cbdata, __VA_ARGS__)
+#define vpn_progress(vpninfo, ...) (vpninfo)->progress((vpninfo)->cbdata, __VA_ARGS__)
/****************************************************************************/
/* Oh Solaris how we hate thee! */
int setup_tun(struct openconnect_info *vpninfo);
int tun_mainloop(struct openconnect_info *vpninfo, int *timeout);
void shutdown_tun(struct openconnect_info *vpninfo);
-int script_config_tun (struct openconnect_info *vpninfo, const char *reason);
+int script_config_tun(struct openconnect_info *vpninfo, const char *reason);
/* dtls.c */
unsigned char unhex(const char *data);
* #define OPENCONNECT_CHECK_VER(x,y) 0
* #endif
*/
-#define OPENCONNECT_CHECK_VER(maj,min) \
+#define OPENCONNECT_CHECK_VER(maj, min) \
(OPENCONNECT_API_VERSION_MAJOR > (maj) || \
(OPENCONNECT_API_VERSION_MAJOR == (maj) && \
OPENCONNECT_API_VERSION_MINOR >= (min)))
int openconnect_obtain_cookie(struct openconnect_info *vpninfo);
void openconnect_init_ssl(void);
-char *openconnect_get_vpn_name (struct openconnect_info *);
-char *openconnect_get_hostname (struct openconnect_info *);
-void openconnect_set_hostname (struct openconnect_info *, char *);
-char *openconnect_get_urlpath (struct openconnect_info *);
-void openconnect_set_urlpath (struct openconnect_info *, char *);
+char *openconnect_get_vpn_name(struct openconnect_info *);
+char *openconnect_get_hostname(struct openconnect_info *);
+void openconnect_set_hostname(struct openconnect_info *, char *);
+char *openconnect_get_urlpath(struct openconnect_info *);
+void openconnect_set_urlpath(struct openconnect_info *, char *);
/* This function does *not* take ownership of the string; it is parsed
and then discarded. */
-int openconnect_set_stoken_mode (struct openconnect_info *,
- int use_stoken, const char *token_str);
+int openconnect_set_stoken_mode(struct openconnect_info *,
+ int use_stoken, const char *token_str);
/* This function does *not* take ownership of the string; it's copied
into a static buffer in the vpninfo. The size must be 41 bytes,
since that's the size of a 20-byte SHA1 represented as hex with
a trailing NUL. */
-void openconnect_set_xmlsha1 (struct openconnect_info *, const char *, int size);
+void openconnect_set_xmlsha1(struct openconnect_info *, const char *, int size);
-void openconnect_set_cafile (struct openconnect_info *, char *);
-void openconnect_setup_csd (struct openconnect_info *, uid_t, int silent, char *wrapper);
-int openconnect_set_reported_os (struct openconnect_info *, const char *os);
-void openconnect_set_client_cert (struct openconnect_info *, char *cert, char *sslkey);
+void openconnect_set_cafile(struct openconnect_info *, char *);
+void openconnect_setup_csd(struct openconnect_info *, uid_t, int silent, char *wrapper);
+int openconnect_set_reported_os(struct openconnect_info *, const char *os);
+void openconnect_set_client_cert(struct openconnect_info *, char *cert, char *sslkey);
/* This is *not* yours and must not be destroyed with X509_free(). It
* will be valid when a cookie has been obtained successfully, and will
* be valid until the connection is destroyed or another attempt it made
* to use it. */
-OPENCONNECT_X509 *openconnect_get_peer_cert (struct openconnect_info *);
+OPENCONNECT_X509 *openconnect_get_peer_cert(struct openconnect_info *);
-int openconnect_get_port (struct openconnect_info *);
-char *openconnect_get_cookie (struct openconnect_info *);
-void openconnect_clear_cookie (struct openconnect_info *);
+int openconnect_get_port(struct openconnect_info *);
+char *openconnect_get_cookie(struct openconnect_info *);
+void openconnect_clear_cookie(struct openconnect_info *);
-void openconnect_reset_ssl (struct openconnect_info *vpninfo);
-int openconnect_parse_url (struct openconnect_info *vpninfo, char *url);
-void openconnect_set_cert_expiry_warning (struct openconnect_info *vpninfo,
- int seconds);
+void openconnect_reset_ssl(struct openconnect_info *vpninfo);
+int openconnect_parse_url(struct openconnect_info *vpninfo, char *url);
+void openconnect_set_cert_expiry_warning(struct openconnect_info *vpninfo,
+ int seconds);
/* If this is set, then openconnect_obtain_cookie() will abort and return
failure if the file descriptor is readable. Typically a user may create
has the ability to cancel that call, reap its thread and free the
vpninfo structure (or retry). An 'fd' argument of -1 will render the
cancellation mechanism inactive. */
-void openconnect_set_cancel_fd (struct openconnect_info *vpninfo, int fd);
+void openconnect_set_cancel_fd(struct openconnect_info *vpninfo, int fd);
const char *openconnect_get_version(void);
or if that argument was NULL then it'll be the vpninfo itself. */
/* When the server's certificate fails validation via the normal means,
- this function is called with the offending certificate along with
+ this function is called with the offending certificate along with
a textual reason for the failure (which may not be translated, if
it comes directly from OpenSSL, but will be if it is rejected for
"certificate does not match hostname", because that check is done
then the new XML is downloaded and this function is invoked. */
typedef int (*openconnect_write_new_config_vfn) (void *privdata, char *buf,
int buflen);
-/* Handle an authentication form, requesting input from the user.
+/* Handle an authentication form, requesting input from the user.
* Return value:
* < 0, on error
* = 0, when form was parsed and POST required
typedef void __attribute__ ((format(printf, 3, 4)))
(*openconnect_progress_vfn) (void *privdata, int level,
const char *fmt, ...);
-struct openconnect_info *openconnect_vpninfo_new (char *useragent,
- openconnect_validate_peer_cert_vfn,
- openconnect_write_new_config_vfn,
- openconnect_process_auth_form_vfn,
- openconnect_progress_vfn,
- void *privdata);
-void openconnect_vpninfo_free (struct openconnect_info *vpninfo);
+struct openconnect_info *openconnect_vpninfo_new(char *useragent,
+ openconnect_validate_peer_cert_vfn,
+ openconnect_write_new_config_vfn,
+ openconnect_process_auth_form_vfn,
+ openconnect_progress_vfn,
+ void *privdata);
+void openconnect_vpninfo_free(struct openconnect_info *vpninfo);
/* SSL certificate capabilities. openconnect_has_pkcs11_support() means that we
can accept PKCS#11 URLs in place of filenames, for the certificate and key. */
int openconnect_sha1(unsigned char *result, void *data, int len)
{
- EVP_MD_CTX c;
+ EVP_MD_CTX c;
- EVP_MD_CTX_init(&c);
- EVP_Digest(data, len, result, NULL, EVP_sha1(), NULL);
- EVP_MD_CTX_cleanup(&c);
+ EVP_MD_CTX_init(&c);
+ EVP_Digest(data, len, result, NULL, EVP_sha1(), NULL);
+ EVP_MD_CTX_cleanup(&c);
- return 0;
+ return 0;
}
int openconnect_get_cert_DER(struct openconnect_info *vpninfo,
FD_ZERO(&wr_set);
FD_ZERO(&rd_set);
-
+
if (err == SSL_ERROR_WANT_READ)
FD_SET(vpninfo->ssl_fd, &rd_set);
else if (err == SSL_ERROR_WANT_WRITE)
FD_ZERO(&wr_set);
FD_ZERO(&rd_set);
-
+
if (err == SSL_ERROR_WANT_READ)
FD_SET(vpninfo->ssl_fd, &rd_set);
else if (err == SSL_ERROR_WANT_WRITE)
} else {
fd_set rd_set, wr_set;
int maxfd = vpninfo->ssl_fd;
-
+
FD_ZERO(&rd_set);
FD_ZERO(&wr_set);
-
+
ret = SSL_get_error(vpninfo->https_ssl, ret);
if (ret == SSL_ERROR_WANT_READ)
FD_SET(vpninfo->ssl_fd, &rd_set);
if (!vpninfo || !vpninfo->process_auth_form)
return 0;
-
+
ui_data = malloc(sizeof(*ui_data));
if (!ui_data)
return 0;
struct ui_data *ui_data = UI_get0_user_data(ui);
struct ui_form_opt *opt;
- switch(UI_get_string_type(uis)) {
+ switch (UI_get_string_type(uis)) {
case UIT_ERROR:
ui_data->form.error = (char *)UI_get0_output_string(uis);
break;
and *both* manage to be within that short window of time
between setting ui_vpninfo and invoking ui_open() to fetch
the PIN, then one connection's ->process_auth_form() could
- get a PIN request for the *other* connection.
+ get a PIN request for the *other* connection.
However, the only thing that ever does run libopenconnect more
than once from the same process is KDE's NetworkManager support,
_("This binary built without PKCS#11 support\n"));
return -EINVAL;
}
-
+
vpn_progress(vpninfo, PRG_TRACE,
_("Using certificate file %s\n"), vpninfo->cert);
if (!X509_digest(cert, type, md, &n))
return -ENOMEM;
- for (i=0; i < n; i++)
+ for (i = 0; i < n; i++)
sprintf(&buf[i*2], "%02X", md[i]);
return 0;
}
/* From the NetBSD (5.1) man page for ctype(3):
- Values of type char or signed char must first be cast to unsigned char,
+ Values of type char or signed char must first be cast to unsigned char,
to ensure that the values are within the correct range. The result
should then be cast to int to avoid warnings from some compilers.
We do indeed get warning "array subscript has type 'char'" without
h_dot = strchr(hostname, '.');
m_dot = strchr(match, '.');
-
+
if (h_dot && m_dot) {
helem_len = h_dot - hostname + 1;
melem_len = m_dot - match + 1;
this->d.ip->length);
continue;
}
-
+
/* We only do this for the debug messages */
inet_ntop(family, this->d.ip->data, host, sizeof(host));
!memcmp(addrbuf, this->d.ip->data, addrlen)) {
vpn_progress(vpninfo, PRG_TRACE,
_("Matched %s address '%s'\n"),
- (family == AF_INET6)?"IPv6":"IPv4",
+ (family == AF_INET6) ? "IPv6" : "IPv4",
host);
GENERAL_NAMES_free(altnames);
return 0;
} else {
vpn_progress(vpninfo, PRG_TRACE,
_("No match for %s address '%s'\n"),
- (family == AF_INET6)?"IPv6":"IPv4",
+ (family == AF_INET6) ? "IPv6" : "IPv4",
host);
}
} else if (this->type == GEN_URI) {
subjstr);
}
- OPENSSL_free(subjstr);
+ OPENSSL_free(subjstr);
return ret;
}
/* Some servers (or their firewalls) really don't like seeing
extensions. */
#ifdef SSL_OP_NO_TICKET
- SSL_CTX_set_options (vpninfo->https_ctx, SSL_OP_NO_TICKET);
+ SSL_CTX_set_options(vpninfo->https_ctx, SSL_OP_NO_TICKET);
#endif
if (vpninfo->cert) {
}
/* We just want to do:
- SSL_CTX_set_purpose(vpninfo->https_ctx, X509_PURPOSE_ANY);
- ... but it doesn't work with OpenSSL < 0.9.8k because of
+ SSL_CTX_set_purpose(vpninfo->https_ctx, X509_PURPOSE_ANY);
+ ... but it doesn't work with OpenSSL < 0.9.8k because of
problems with inheritance (fixed in v1.1.4.6 of
crypto/x509/x509_vpm.c) so we have to play silly buggers
instead. This trick doesn't work _either_ in < 0.9.7 but
void openconnect_init_ssl(void)
{
- SSL_library_init ();
- ERR_clear_error ();
- SSL_load_error_strings ();
- OpenSSL_add_all_algorithms ();
+ SSL_library_init();
+ ERR_clear_error();
+ SSL_load_error_strings();
+ OpenSSL_add_all_algorithms();
}
char *openconnect_get_cert_details(struct openconnect_info *vpninfo,
if (vpninfo->cancel_fd > sockfd)
maxfd = vpninfo->cancel_fd;
}
-
+
/* Later we'll render this whole exercise non-pointless by
including a 'cancelfd' here too. */
select(maxfd + 1, &rd_set, &wr_set, NULL, NULL);
errno = EINTR;
return -1;
}
-
+
/* Check whether connect() succeeded or failed by using
getpeername(). See http://cr.yp.to/docs/connect.html */
return getpeername(sockfd, (void *)&peer, &peerlen);
host[0] = 0;
if (!getnameinfo(rp->ai_addr, rp->ai_addrlen, host,
sizeof(host), NULL, 0, NI_NUMERICHOST))
- vpn_progress(vpninfo, PRG_INFO, vpninfo->proxy_type?
- _("Attempting to connect to proxy %s%s%s:%s\n"):
+ vpn_progress(vpninfo, PRG_INFO, vpninfo->proxy_type ?
+ _("Attempting to connect to proxy %s%s%s:%s\n") :
_("Attempting to connect to server %s%s%s:%s\n"),
- rp->ai_family == AF_INET6?"[":"",
+ rp->ai_family == AF_INET6 ? "[" : "",
host,
- rp->ai_family == AF_INET6?"]":"",
+ rp->ai_family == AF_INET6 ? "]" : "",
port);
ssl_sock = socket(rp->ai_family, rp->ai_socktype,
ssl_sock = -1;
}
freeaddrinfo(result);
-
+
if (ssl_sock < 0) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to connect to host %s\n"),
#include "openconnect-internal.h"
/*
- * If an if_tun.h include file was found anywhere (by the Makefile), it's
+ * If an if_tun.h include file was found anywhere (by the Makefile), it's
* included. Else, we end up assuming that we have BSD-style devices such
* as /dev/tun0 etc.
*/
int *v6_incs)
{
struct in_addr addr;
- const char *in_ex = include?"IN":"EX";
+ const char *in_ex = include ? "IN" : "EX";
char envname[80];
char *slash;
(*v6_incs)++;
return 0;
}
-
+
if (!inet_aton(route, &addr)) {
*slash = '/';
goto badinc;
}
p = vpninfo->banner;
q = banner;
-
+
while (*p) {
if (*p == '%' && isxdigit((int)(unsigned char)p[1]) &&
isxdigit((int)(unsigned char)p[2])) {
*(q++) = unhex(p + 1);
p += 3;
- } else
+ } else
*(q++) = *(p++);
}
*q = 0;
setenv("CISCO_BANNER", banner, 1);
free(banner);
-}
+}
static void set_script_env(struct openconnect_info *vpninfo)
{
}
void shutdown_tun(struct openconnect_info *vpninfo)
-{
+{
if (vpninfo->script_tun) {
/* nuke the whole process group */
kill(-vpninfo->script_tun, SIGHUP);
projects / users / dwmw2 / openconnect.git / commitdiff