This allows all connection parameters used by nm-openconnect to be set through the library API. Signed-off-by: Kevin Cernekee <cernekee at gmail.com> --- libopenconnect.map.in | 3 +++ library.c | 18 +++++++++++++++++- main.c | 18 ++++++++++-------- openconnect-internal.h | 4 ++-- openconnect.h | 3 +++ 5 files changed, 35 insertions(+), 11 deletions(-) diff --git a/libopenconnect.map.in b/libopenconnect.map.in index c6aba18..0b0bf74 100644 --- a/libopenconnect.map.in +++ b/libopenconnect.map.in @@ -52,6 +52,9 @@ OPENCONNECT_2.3 { openconnect_setup_tun_fd; openconnect_setup_dtls; openconnect_make_cstp_connection; + openconnect_set_server_cert_sha1; + openconnect_get_ifname; + openconnect_set_reqmtu; } OPENCONNECT_2.2; OPENCONNECT_PRIVATE { diff --git a/library.c b/library.c index 9b4cb89..7d59cd5 100644 --- a/library.c +++ b/library.c @@ -139,6 +139,8 @@ void openconnect_vpninfo_free(struct openconnect_info *vpninfo) free(vpninfo->proxy_type); free(vpninfo->proxy); free(vpninfo->vpnc_script); + free(vpninfo->cafile); + free(vpninfo->servercert); free(vpninfo->ifname); if (vpninfo->csd_scriptname) { @@ -157,7 +159,6 @@ void openconnect_vpninfo_free(struct openconnect_info *vpninfo) /* These are const in openconnect itself, but for consistency of the library API we do take ownership of the strings we're given, and thus we have to free them too. */ - free((void *)vpninfo->cafile); if (vpninfo->cert != vpninfo->sslkey) free((void *)vpninfo->sslkey); free((void *)vpninfo->cert); @@ -226,6 +227,21 @@ void openconnect_set_cafile(struct openconnect_info *vpninfo, char *cafile) vpninfo->cafile = cafile; } +void openconnect_set_server_cert_sha1(struct openconnect_info *vpninfo, char *servercert) +{ + vpninfo->servercert = servercert; +} + +const char *openconnect_get_ifname(struct openconnect_info *vpninfo) +{ + return vpninfo->ifname; +} + +void openconnect_set_reqmtu(struct openconnect_info *vpninfo, int reqmtu) +{ + vpninfo->reqmtu = reqmtu; +} + void openconnect_setup_csd(struct openconnect_info *vpninfo, uid_t uid, int silent, char *wrapper) { vpninfo->uid_csd = uid; diff --git a/main.c b/main.c index afcefb2..ce72622 100644 --- a/main.c +++ b/main.c @@ -544,13 +544,13 @@ int main(int argc, char **argv) /* The next option will come from the file... */ break; case OPT_CAFILE: - vpninfo->cafile = keep_config_arg(); + openconnect_set_cafile(vpninfo, xstrdup(config_arg)); break; case OPT_PIDFILE: pidfile = keep_config_arg(); break; case OPT_SERVERCERT: - vpninfo->servercert = keep_config_arg(); + openconnect_set_server_cert_sha1(vpninfo, xstrdup(config_arg)); break; case OPT_NO_DTLS: use_dtls = 0; @@ -624,13 +624,15 @@ int main(int argc, char **argv) case 'l': use_syslog = 1; break; - case 'm': - vpninfo->reqmtu = atol(config_arg); - if (vpninfo->reqmtu < 576) { - fprintf(stderr, _("MTU %d too small\n"), vpninfo->reqmtu); - vpninfo->reqmtu = 576; + case 'm': { + int mtu = atol(config_arg); + if (mtu < 576) { + fprintf(stderr, _("MTU %d too small\n"), mtu); + mtu = 576; } + openconnect_set_reqmtu(vpninfo, mtu); break; + } case OPT_BASEMTU: vpninfo->basemtu = atol(config_arg); if (vpninfo->basemtu < 576) { @@ -905,7 +907,7 @@ int main(int argc, char **argv) fprintf(stderr, _("Set up DTLS failed; using SSL instead\n")); vpn_progress(vpninfo, PRG_INFO, - _("Connected %s as %s%s%s, using %s\n"), vpninfo->ifname, + _("Connected %s as %s%s%s, using %s\n"), openconnect_get_ifname(vpninfo), vpninfo->vpn_addr?:"", (vpninfo->vpn_addr6 && vpninfo->vpn_addr) ? " + " : "", vpninfo->vpn_addr6 ? : "", diff --git a/openconnect-internal.h b/openconnect-internal.h index 7580264..db90ae6 100644 --- a/openconnect-internal.h +++ b/openconnect-internal.h @@ -167,8 +167,8 @@ struct openconnect_info { const char *sslkey; int cert_type; char *cert_password; - const char *cafile; - const char *servercert; + char *cafile; + char *servercert; const char *xmlconfig; char xmlsha1[(SHA1_SIZE * 2) + 1]; char *username; diff --git a/openconnect.h b/openconnect.h index 3a64ba7..7a55f1f 100644 --- a/openconnect.h +++ b/openconnect.h @@ -190,6 +190,9 @@ void openconnect_set_cafile(struct openconnect_info *, char *); void openconnect_setup_csd(struct openconnect_info *, uid_t, int silent, char *wrapper); int openconnect_set_reported_os(struct openconnect_info *, const char *os); void openconnect_set_client_cert(struct openconnect_info *, char *cert, char *sslkey); +void openconnect_set_server_cert_sha1(struct openconnect_info *, char *); +const char *openconnect_get_ifname(struct openconnect_info *); +void openconnect_set_reqmtu(struct openconnect_info *, int reqmtu); /* This is *not* yours and must not be destroyed with X509_free(). It * will be valid when a cookie has been obtained successfully, and will -- 1.7.9.5