45
46
static void syslog_progress(struct openconnect_info *info, int level, const char *fmt, ...);
47
48
int verbose = PRG_INFO;
50
int do_passphrase_from_fsid;
49
52
static struct option long_options[] = {
53
{"background", 0, 0, 'b'},
50
54
{"certificate", 1, 0, 'c'},
51
55
{"sslkey", 1, 0, 'k'},
52
56
{"cookie", 1, 0, 'C'},
53
57
{"deflate", 0, 0, 'd'},
54
58
{"no-deflate", 0, 0, 'D'},
59
{"usergroup", 1, 0, 'g'},
55
60
{"help", 0, 0, 'h'},
56
61
{"interface", 1, 0, 'i'},
57
62
{"mtu", 1, 0, 'm'},
59
64
{"script", 1, 0, 's'},
60
65
{"script-tun", 0, 0, 'S'},
61
66
{"syslog", 0, 0, 'l'},
62
{"tpm-key", 0, 0, 't'},
63
{"tpm-password", 1, 0, 'p'},
67
{"key-type", 1, 0, 'K'},
68
{"key-password", 1, 0, 'p'},
64
69
{"user", 1, 0, 'u'},
65
70
{"verbose", 0, 0, 'v'},
66
71
{"version", 0, 0, 'V'},
75
80
{"passwd-on-stdin", 0, 0, '5'},
76
81
{"no-passwd", 0, 0, '6'},
77
82
{"reconnect-timeout", 1, 0, '7'},
83
{"dtls-ciphers", 1, 0, '8'},
84
{"authgroup", 1, 0, '9'},
85
{"servercert", 1, 0, 0x01},
86
{"key-password-from-fsid", 0, 0, 0x02},
83
92
printf("Usage: openconnect [options] <server>\n");
84
93
printf("Open client for Cisco AnyConnect VPN, version %s\n\n", openconnect_version);
94
printf(" -b, --background Continue in background after startup\n");
85
95
printf(" -c, --certificate=CERT Use SSL client certificate CERT\n");
86
96
printf(" -k, --sslkey=KEY Use SSL private key file KEY\n");
97
printf(" -K, --key-type=TYPE Private key type (PKCS#12 / TPM / PEM)\n");
87
98
printf(" -C, --cookie=COOKIE Use WebVPN cookie COOKIE\n");
88
99
printf(" --cookie-on-stdin Read cookie from standard input\n");
89
100
printf(" -d, --deflate Enable compression (default)\n");
90
101
printf(" -D, --no-deflate Disable compression\n");
102
printf(" -g, --usergroup=GROUP Set login usergroup\n");
91
103
printf(" -h, --help Display help text\n");
92
104
printf(" -i, --interface=IFNAME Use IFNAME for tunnel interface\n");
93
105
printf(" -l, --syslog Use syslog for progress messages\n");
94
106
printf(" -U, --setuid=USER Drop privileges after connecting\n");
95
107
printf(" -m, --mtu=MTU Request MTU from server\n");
96
printf(" -p, --tpm-password=PASS Set TPM SRK PIN\n");
108
printf(" -p, --key-password=PASS Set key passphrase or TPM SRK PIN\n");
109
printf(" --key-password-from-fsid Key passphrase is fsid of file system\n");
97
110
printf(" -q, --quiet Less output\n");
98
111
printf(" -Q, --queue-len=LEN Set packet queue limit to LEN pkts\n");
99
112
printf(" -s, --script=SCRIPT Use vpnc-compatible config script\n");
100
113
printf(" -S, --script-tun Pass traffic to 'script' program, not tun\n");
101
printf(" -t, --tpm Use TPM engine for private key\n");
102
114
printf(" -u, --user=NAME Set login username\n");
103
115
printf(" -V, --version Report version number\n");
104
116
printf(" -v, --verbose More output\n");
105
117
printf(" -x, --xmlconfig=CONFIG XML config file\n");
118
printf(" --authgroup=GROUP Choose authentication login selection\n");
106
119
printf(" --cookieonly Fetch webvpn cookie only; don't connect\n");
107
120
printf(" --printcookie Print webvpn cookie before connecting\n");
108
121
printf(" --cafile=FILE Cert file for server verification\n");
122
printf(" --dtls-ciphers=LIST OpenSSL ciphers to support for DTLS\n");
109
123
printf(" --no-dtls Disable DTLS\n");
110
124
printf(" --no-passwd Disable password/SecurID authentication\n");
111
125
printf(" --passwd-on-stdin Read password from standard input\n");
112
126
printf(" --reconnect-timeout Connection retry timeout in seconds\n");
127
printf(" --servercert Server's certificate SHA1 fingerprint\n");
213
240
vpninfo->sslkey = optarg;
243
if (!strcasecmp(optarg, "PKCS#12") ||
244
!strcasecmp(optarg, "PKCS12")) {
245
vpninfo->cert_type = CERT_TYPE_PKCS12;
246
} else if (!strcasecmp(optarg, "TPM")) {
247
vpninfo->cert_type = CERT_TYPE_TPM;
248
} else if (!strcasecmp(optarg, "PEM")) {
249
vpninfo->cert_type = CERT_TYPE_PEM;
251
fprintf(stderr, "Unknown certificate type '%s'\n",
216
256
vpninfo->deflate = 1;
219
259
vpninfo->deflate = 0;
262
free(vpninfo->urlpath);
263
vpninfo->urlpath = strdup(optarg);
301
345
vpninfo->progress = write_progress;
348
if (vpninfo->sslkey && do_passphrase_from_fsid)
349
passphrase_from_fsid(vpninfo);
304
351
if (config_lookup_host(vpninfo, argv[optind]))
307
354
if (!vpninfo->hostname)
308
355
vpninfo->hostname = strdup(argv[optind]);
309
vpninfo->urlpath = strdup("/");
312
358
set_openssl_ui();
315
if (!vpninfo->cookie && openconnect_obtain_cookie(vpninfo) != 1) {
361
if (!vpninfo->cookie && openconnect_obtain_cookie(vpninfo)) {
316
362
fprintf(stderr, "Failed to obtain WebVPN cookie\n");
343
389
if (vpninfo->dtls_attempt_period && setup_dtls(vpninfo))
344
390
fprintf(stderr, "Set up DTLS failed; using SSL instead\n");
346
392
vpninfo->progress(vpninfo, PRG_INFO,
347
393
"Connected %s as %s, using %s\n", vpninfo->ifname,
348
394
vpninfo->vpn_addr,
349
(vpninfo->dtls_fd==-1)?(vpninfo->deflate?"SSL + deflate":"SSL"):"DTLS");
395
(vpninfo->dtls_fd == -1) ?
396
(vpninfo->deflate ? "SSL + deflate" : "SSL")
401
if ((pid = fork ())) {
402
vpninfo->progress(vpninfo, PRG_INFO,
403
"Continuing in background; pid %d\n",
351
408
vpn_mainloop(vpninfo);
359
416
config_fd = open(vpninfo->xmlconfig, O_WRONLY|O_TRUNC|O_CREAT, 0644);
360
417
if (!config_fd) {
361
fprintf(stderr, "Failed to open %s for write: %s\n",
418
fprintf(stderr, "Failed to open %s for write: %s\n",
362
419
vpninfo->xmlconfig, strerror(errno));
366
423
/* FIXME: We should actually write to a new tempfile, then rename */
367
write(config_fd, buf, buflen);
424
write(config_fd, buf, buflen);
371
428
void write_progress(struct openconnect_info *info, int level, const char *fmt, ...)
373
FILE *outf = level?stdout:stderr;
430
FILE *outf = level ? stdout : stderr;
376
433
if (verbose >= level) {