« back to all changes in this revision
Viewing changes to main.c
- browse files at revision 4
- compare with another revision
- download diff
- download tarball
- view history from revision 4
- Committer: Bazaar Package Importer
- Author(s): Ross Burton
- Date: 2009-06-24 19:17:44 UTC
- mfrom: (1.2.1 upstream) (3.1.2 karmic)
- Revision ID: james.westby@ubuntu.com-20090624191744-0fk1vxfmjopaistk
Tags: 2.01-1
New upstream release.
- files added:
- README.DTLS
- files removed:
- ssl_ui_gtk.c
- files modified:
- COPYING.LGPL
added
removed
main.c
2
2
* OpenConnect (SSL + DTLS) VPN client
3
3
*
4
4
* Copyright © 2008 Intel Corporation.
5
* Copyright © 2008 Nick Andrew <nick@nick-andrew.net>
5
6
*
6
7
* Author: David Woodhouse <dwmw2@infradead.org>
7
8
*
45
46
static void syslog_progress(struct openconnect_info *info, int level, const char *fmt, ...);
46
47
47
48
int verbose = PRG_INFO;
49
int background;
50
int do_passphrase_from_fsid;
48
51
49
52
static struct option long_options[] = {
53
{"background", 0, 0, 'b'},
50
54
{"certificate", 1, 0, 'c'},
51
55
{"sslkey", 1, 0, 'k'},
52
56
{"cookie", 1, 0, 'C'},
53
57
{"deflate", 0, 0, 'd'},
54
58
{"no-deflate", 0, 0, 'D'},
59
{"usergroup", 1, 0, 'g'},
55
60
{"help", 0, 0, 'h'},
56
61
{"interface", 1, 0, 'i'},
57
62
{"mtu", 1, 0, 'm'},
59
64
{"script", 1, 0, 's'},
60
65
{"script-tun", 0, 0, 'S'},
61
66
{"syslog", 0, 0, 'l'},
62
{"tpm-key", 0, 0, 't'},
63
{"tpm-password", 1, 0, 'p'},
67
{"key-type", 1, 0, 'K'},
68
{"key-password", 1, 0, 'p'},
64
69
{"user", 1, 0, 'u'},
65
70
{"verbose", 0, 0, 'v'},
66
71
{"version", 0, 0, 'V'},
75
80
{"passwd-on-stdin", 0, 0, '5'},
76
81
{"no-passwd", 0, 0, '6'},
77
82
{"reconnect-timeout", 1, 0, '7'},
83
{"dtls-ciphers", 1, 0, '8'},
84
{"authgroup", 1, 0, '9'},
85
{"servercert", 1, 0, 0x01},
86
{"key-password-from-fsid", 0, 0, 0x02},
78
87
{NULL, 0, 0, 0},
79
88
};
80
89
82
91
{
83
92
printf("Usage: openconnect [options] <server>\n");
84
93
printf("Open client for Cisco AnyConnect VPN, version %s\n\n", openconnect_version);
94
printf(" -b, --background Continue in background after startup\n");
85
95
printf(" -c, --certificate=CERT Use SSL client certificate CERT\n");
86
96
printf(" -k, --sslkey=KEY Use SSL private key file KEY\n");
97
printf(" -K, --key-type=TYPE Private key type (PKCS#12 / TPM / PEM)\n");
87
98
printf(" -C, --cookie=COOKIE Use WebVPN cookie COOKIE\n");
88
99
printf(" --cookie-on-stdin Read cookie from standard input\n");
89
100
printf(" -d, --deflate Enable compression (default)\n");
90
101
printf(" -D, --no-deflate Disable compression\n");
102
printf(" -g, --usergroup=GROUP Set login usergroup\n");
91
103
printf(" -h, --help Display help text\n");
92
104
printf(" -i, --interface=IFNAME Use IFNAME for tunnel interface\n");
93
105
printf(" -l, --syslog Use syslog for progress messages\n");
94
106
printf(" -U, --setuid=USER Drop privileges after connecting\n");
95
107
printf(" -m, --mtu=MTU Request MTU from server\n");
96
printf(" -p, --tpm-password=PASS Set TPM SRK PIN\n");
108
printf(" -p, --key-password=PASS Set key passphrase or TPM SRK PIN\n");
109
printf(" --key-password-from-fsid Key passphrase is fsid of file system\n");
97
110
printf(" -q, --quiet Less output\n");
98
111
printf(" -Q, --queue-len=LEN Set packet queue limit to LEN pkts\n");
99
112
printf(" -s, --script=SCRIPT Use vpnc-compatible config script\n");
100
113
printf(" -S, --script-tun Pass traffic to 'script' program, not tun\n");
101
printf(" -t, --tpm Use TPM engine for private key\n");
102
114
printf(" -u, --user=NAME Set login username\n");
103
115
printf(" -V, --version Report version number\n");
104
116
printf(" -v, --verbose More output\n");
105
117
printf(" -x, --xmlconfig=CONFIG XML config file\n");
118
printf(" --authgroup=GROUP Choose authentication login selection\n");
106
119
printf(" --cookieonly Fetch webvpn cookie only; don't connect\n");
107
120
printf(" --printcookie Print webvpn cookie before connecting\n");
108
121
printf(" --cafile=FILE Cert file for server verification\n");
122
printf(" --dtls-ciphers=LIST OpenSSL ciphers to support for DTLS\n");
109
123
printf(" --no-dtls Disable DTLS\n");
110
124
printf(" --no-passwd Disable password/SecurID authentication\n");
111
125
printf(" --passwd-on-stdin Read password from standard input\n");
112
126
printf(" --reconnect-timeout Connection retry timeout in seconds\n");
127
printf(" --servercert Server's certificate SHA1 fingerprint\n");
113
128
exit(1);
114
129
}
115
130
169
184
else
170
185
vpninfo->localname = "localhost";
171
186
172
while ((opt = getopt_long(argc, argv, "C:c:Ddhi:k:lp:Q:qSs:tU:u:Vvx:",
187
while ((opt = getopt_long(argc, argv, "bC:c:Ddg:hi:k:K:lp:Q:qSs:U:u:Vvx:",
173
188
long_options, NULL))) {
174
189
if (opt < 0)
175
190
break;
178
193
case '0':
179
194
vpninfo->cafile = optarg;
180
195
break;
196
case 0x01:
197
vpninfo->servercert = optarg;
198
break;
181
199
case '1':
182
200
vpninfo->dtls_attempt_period = 0;
183
201
break;
203
221
case '7':
204
222
vpninfo->reconnect_timeout = atoi(optarg);
205
223
break;
224
case '8':
225
vpninfo->dtls_ciphers = optarg;
226
break;
227
case '9':
228
vpninfo->authgroup = optarg;
229
break;
230
case 'b':
231
background = 1;
232
break;
206
233
case 'C':
207
234
vpninfo->cookie = optarg;
208
235
break;
212
239
case 'k':
213
240
vpninfo->sslkey = optarg;
214
241
break;
242
case 'K':
243
if (!strcasecmp(optarg, "PKCS#12") ||
244
!strcasecmp(optarg, "PKCS12")) {
245
vpninfo->cert_type = CERT_TYPE_PKCS12;
246
} else if (!strcasecmp(optarg, "TPM")) {
247
vpninfo->cert_type = CERT_TYPE_TPM;
248
} else if (!strcasecmp(optarg, "PEM")) {
249
vpninfo->cert_type = CERT_TYPE_PEM;
250
} else {
251
fprintf(stderr, "Unknown certificate type '%s'\n",
252
optarg);
253
usage();
254
}
215
255
case 'd':
216
256
vpninfo->deflate = 1;
217
257
break;
218
258
case 'D':
219
259
vpninfo->deflate = 0;
220
260
break;
261
case 'g':
262
free(vpninfo->urlpath);
263
vpninfo->urlpath = strdup(optarg);
264
break;
221
265
case 'h':
222
266
usage();
223
267
case 'i':
234
278
}
235
279
break;
236
280
case 'p':
237
vpninfo->tpmpass = optarg;
281
vpninfo->cert_password = optarg;
238
282
break;
239
283
case 's':
240
284
vpninfo->vpnc_script = optarg;
242
286
case 'S':
243
287
vpninfo->script_tun = 1;
244
288
break;
245
case 't':
246
vpninfo->tpm = 1;
247
break;
248
289
case 'u':
249
290
vpninfo->username = optarg;
250
291
break;
282
323
vpninfo->xmlconfig = optarg;
283
324
vpninfo->write_new_config = write_new_config;
284
325
break;
326
case 0x02:
327
do_passphrase_from_fsid = 1;
328
break;
285
329
default:
286
330
usage();
287
331
}
301
345
vpninfo->progress = write_progress;
302
346
}
303
347
348
if (vpninfo->sslkey && do_passphrase_from_fsid)
349
passphrase_from_fsid(vpninfo);
350
304
351
if (config_lookup_host(vpninfo, argv[optind]))
305
352
exit(1);
306
353
307
354
if (!vpninfo->hostname)
308
355
vpninfo->hostname = strdup(argv[optind]);
309
vpninfo->urlpath = strdup("/");
310
356
311
357
#ifdef SSL_UI
312
358
set_openssl_ui();
313
359
#endif
314
360
315
if (!vpninfo->cookie && openconnect_obtain_cookie(vpninfo) != 1) {
361
if (!vpninfo->cookie && openconnect_obtain_cookie(vpninfo)) {
316
362
fprintf(stderr, "Failed to obtain WebVPN cookie\n");
317
363
exit(1);
318
364
}
327
373
fprintf(stderr, "Creating SSL connection failed\n");
328
374
exit(1);
329
375
}
330
376
331
377
if (setup_tun(vpninfo)) {
332
378
fprintf(stderr, "Set up tun device failed\n");
333
379
exit(1);
339
385
exit(1);
340
386
}
341
387
}
342
388
343
389
if (vpninfo->dtls_attempt_period && setup_dtls(vpninfo))
344
390
fprintf(stderr, "Set up DTLS failed; using SSL instead\n");
345
391
346
392
vpninfo->progress(vpninfo, PRG_INFO,
347
393
"Connected %s as %s, using %s\n", vpninfo->ifname,
348
394
vpninfo->vpn_addr,
349
(vpninfo->dtls_fd==-1)?(vpninfo->deflate?"SSL + deflate":"SSL"):"DTLS");
395
(vpninfo->dtls_fd == -1) ?
396
(vpninfo->deflate ? "SSL + deflate" : "SSL")
397
: "DTLS");
350
398
399
if (background) {
400
int pid;
401
if ((pid = fork ())) {
402
vpninfo->progress(vpninfo, PRG_INFO,
403
"Continuing in background; pid %d\n",
404
pid);
405
exit (1);
406
}
407
}
351
408
vpn_mainloop(vpninfo);
352
409
exit(1);
353
410
}
358
415
359
416
config_fd = open(vpninfo->xmlconfig, O_WRONLY|O_TRUNC|O_CREAT, 0644);
360
417
if (!config_fd) {
361
fprintf(stderr, "Failed to open %s for write: %s\n",
418
fprintf(stderr, "Failed to open %s for write: %s\n",
362
419
vpninfo->xmlconfig, strerror(errno));
363
420
return -errno;
364
421
}
365
422
366
423
/* FIXME: We should actually write to a new tempfile, then rename */
367
write(config_fd, buf, buflen);
424
write(config_fd, buf, buflen);
368
425
return 0;
369
426
}
370
427
371
428
void write_progress(struct openconnect_info *info, int level, const char *fmt, ...)
372
429
{
373
FILE *outf = level?stdout:stderr;
430
FILE *outf = level ? stdout : stderr;
374
431
va_list args;
375
432
376
433
if (verbose >= level) {
383
440
void syslog_progress(struct openconnect_info *info, int level,
384
441
const char *fmt, ...)
385
442
{
386
int priority = level?LOG_INFO:LOG_NOTICE;
443
int priority = level ? LOG_INFO : LOG_NOTICE;
387
444
va_list args;
388
445
389
446
if (verbose >= level) {
Loggerhead is a web-based interface for Breezy
Version: 2.0.1