From a8ef9fa75e2bb4ec65cdb53d2f437a400654f95d Mon Sep 17 00:00:00 2001
From: Daniel Lenski <dlenski@gmail.com>
Date: Tue, 19 May 2020 14:36:48 -0700
Subject: [PATCH] add 'nullppp' protocol for testing

Use `socat` to set up a PTY connected to a TLS socket (listening only on the local interface):

    socat -s -d -d \
      PTY,raw,b9600 \
      OPENSSL-LISTEN:5556,cert=tests/certs/server-cert.pem,key=tests/certs/server-key.pem,verify=0,so-bindtodevice=lo
    [ N PTY is /dev/pts/X ]

Connect the PTY to `pppd` (requires root):

    # Add 'sync' to disable HDLC framing
    sudo pppd /dev/pts/X 10.0.0.1:10.0.0.101 noauth debug dump logfd 2 local nodetach passive persist ms-dns 1.1.1.1 ms-wins 5.5.5.5 +ipv6

Connect OpenConnect to the TLS socket, and watch it negotiate LCP/IPCP/IP6CP with its peer, and reject CCP:

    # Add noipv4,noipv6 to cookie to try those
    ./openconnect --protocol=nullppp --cookie hdlc --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --dump localhost:5556

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
---
 Makefile.am            |  3 +-
 library.c              |  9 ++++++
 nullppp.c              | 71 ++++++++++++++++++++++++++++++++++++++++++
 openconnect-internal.h |  4 +++
 4 files changed, 86 insertions(+), 1 deletion(-)
 create mode 100644 nullppp.c

diff --git a/Makefile.am b/Makefile.am
index 1b632c62..c293b20a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -38,10 +38,11 @@ lib_srcs_globalprotect = gpst.c win32-ipicmp.h auth-globalprotect.c
 lib_srcs_oath = oath.c
 lib_srcs_oidc = oidc.c
 lib_srcs_ppp = ppp.c ppp.h
+lib_srcs_nullppp = nullppp.c
 
 library_srcs += $(lib_srcs_juniper) $(lib_srcs_cisco) $(lib_srcs_oath) \
 		$(lib_srcs_globalprotect) $(lib_srcs_pulse) \
-		$(lib_srcs_oidc) $(lib_srcs_ppp)
+		$(lib_srcs_oidc) $(lib_srcs_ppp) $(lib_srcs_nullppp)
 
 
 lib_srcs_gnutls = gnutls.c gnutls_tpm.c gnutls_tpm2.c
diff --git a/library.c b/library.c
index f8e99a38..206949da 100644
--- a/library.c
+++ b/library.c
@@ -188,6 +188,15 @@ static const struct vpn_proto openconnect_protos[] = {
 		.udp_send_probes = oncp_esp_send_probes,
 		.udp_catch_probe = oncp_esp_catch_probe,
 #endif
+	}, {
+		.name = "nullppp",
+		.pretty_name = N_("nullppp"),
+		.description = N_("Unauthenticated RFC1661/RFC1662 PPP over TLS, for testing"),
+		.flags = OC_PROTO_PROXY,
+		.tcp_connect = nullppp_connect,
+		.tcp_mainloop = ppp_mainloop,
+		.add_http_headers = http_common_headers,
+		.obtain_cookie = nullppp_obtain_cookie,
 	}
 };
 
diff --git a/nullppp.c b/nullppp.c
new file mode 100644
index 00000000..bf2964b4
--- /dev/null
+++ b/nullppp.c
@@ -0,0 +1,71 @@
+/*
+ * OpenConnect (SSL + DTLS) VPN client
+ *
+ * Copyright © 2020 David Woodhouse
+ *
+ * Author: David Woodhouse <dwmw2@infradead.org>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * version 2.1, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ */
+
+#include <config.h>
+
+#include <unistd.h>
+#include <fcntl.h>
+#include <time.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <stdarg.h>
+#include <sys/types.h>
+
+#include "openconnect-internal.h"
+
+int nullppp_obtain_cookie(struct openconnect_info *vpninfo)
+{
+	if (!(vpninfo->cookie = strdup("")))
+		return -ENOMEM;
+	return 0;
+}
+
+int nullppp_connect(struct openconnect_info *vpninfo)
+{
+	int ret;
+	int ipv4, ipv6, hdlc;
+
+	/* XX: cookie hack. Use -C hdlc,noipv4,noipv6 on the
+	 * command line to set options. */
+	hdlc = strstr(vpninfo->cookie, "hdlc") ? 1 : 0;
+	ipv4 = strstr(vpninfo->cookie, "noipv4") ? 0 : 1;
+	ipv6 = strstr(vpninfo->cookie, "noipv6") ? 0 : 1;
+
+	/* Now establish the actual connection */
+	ret = openconnect_open_https(vpninfo);
+	if (ret)
+		goto out;
+
+	ret = openconnect_ppp_new(vpninfo,
+				  hdlc ? PPP_ENCAP_RFC1662_HDLC : PPP_ENCAP_RFC1661,
+				  ipv4, ipv6);
+
+ out:
+	if (ret)
+		openconnect_close_https(vpninfo, 0);
+	else {
+		monitor_fd_new(vpninfo, ssl);
+		monitor_read_fd(vpninfo, ssl);
+		monitor_except_fd(vpninfo, ssl);
+	}
+
+	return ret;
+}
diff --git a/openconnect-internal.h b/openconnect-internal.h
index da3166b5..72a3ad17 100644
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -977,6 +977,10 @@ int pulse_bye(struct openconnect_info *vpninfo, const char *reason);
 int pulse_eap_ttls_send(struct openconnect_info *vpninfo, const void *data, int len);
 int pulse_eap_ttls_recv(struct openconnect_info *vpninfo, void *data, int len);
 
+/* nullppp.c */
+int nullppp_obtain_cookie(struct openconnect_info *vpninfo);
+int nullppp_connect(struct openconnect_info *vpninfo);
+
 /* ppp.c */
 struct oc_ppp;
 void buf_append_ppphdlc(struct oc_text_buf *buf, const unsigned char *bytes, int len, uint32_t asyncmap);
-- 
2.49.0