V4->V5 changes: Added support for refreshing the auth form when a new group is chosen Added support for second-auth fields and noaaa Changed "cancel_pipe" to "cmd_pipe" so it can be used for other asynchronous requests Added a "force reconnect" command, issued via cmd_pipe, for use when a mobile device's IP or connectivity changes Clean up some of the JNI local reference usage The code changes needed to make the Android UI work with OC_FORM_RESULT_NEWGROUP were not too bad: https://github.com/cernekee/ics-openconnect/commit/c8d30bb24ef17aabba6efc66ffed1ff6be1ea3d2 https://github.com/cernekee/ics-openconnect/commit/ffb882f28d1f90c8c9fc40a8288eec11653e5e72 I tested both the Android client and the CLI, with XML POST enabled and disabled. AFAICT the results mirrored what Cisco AnyConnect is doing. However, I am not aware of any live servers that actually enable second-auth on certain authgroups; vpn.cmu.edu looks like the best test case we have at the moment. I did not test NEWGROUP with CSD, which may be a risk since it changes the openconnect_obtain_cookie() flow. -- The following changes since commit b06b862f572c0b6cbdf3a8e81b93554f98fbef80: Include supporting certificates from PKCS#11 tokens (2013-11-15 22:49:25 +0000) are available in the git repository at: git://github.com/cernekee/openconnect jni-v5 for you to fetch changes up to 6dfcb9f57a100cb1fc44a3cbc988c463ae1d1c58: auth: Hide unused form fields based on the selected authgroup (2013-12-07 18:54:13 -0800) ---------------------------------------------------------------- Kevin Cernekee (50): Clear peer_addr if aborting XML POST changes the hostname library: Remove declaration for nonexistent openconnect_get_vpn_name() auth: Hack around const warnings Introduce new helper functions for cancel_fd checking library: Rename cancel_fd to cmd_fd library: Add new openconnect_setup_cmd_pipe() call Add new helper functions to support cmd_fd feature Move signal handling out of mainloop mainloop: Convert vpn_mainloop() into a library function mainloop: Add OC_CMD_RECONNECT operation main: Introduce xstrdup() function tun: Export setup_tun() functionality Move vpninfo default settings into library library: Check for failed allocations in openconnect_vpninfo_new() dtls: Export setup_dtls() function cstp: Export make_cstp_connection() library: Move the mainloop guts into libopenconnect library: Update openconnect.pc.in tun, cstp: Don't exit() on failure library: Free zlib state cstp: Clean up split include/exclude/DNS lists when freeing vpninfo library: Add get/set functions for servercert, ifname, reqmtu library: Export VPN IP information to callers library: Add protect_socket callback library: Add support for mobile headers library: Add openconnect_set_xmlpost() to support different CSD modes library: Update changelog and bump minor version main: Add openconnect_vpninfo_free() on a couple of exit paths buildsys: Allow overriding -W flags acinclude: Add AX_JNI_INCLUDE_DIR macro JNI: Initial commit of C wrapper functions JNI: Initial commit of Java library + example program android: Bump gmp up to version 5.1.2 android: Enable JNI in build android: Add libstoken to build android: Add liboath to build android: Honor $TMPDIR when writing CSD script auth: Fix comment in parse_form() android: Add "sources" target android: Fix broken ARCH=mips build android: Add .gitignore file android: Update Makefile to use NDK r9b library: Use named constants for process_auth_form() return value main: Move username/password/authgroup vars into main.c auth: Add <group-access> node to XML POST initial request auth: Add oc_choice->selected flag process_auth_form: Add code to support NEWGROUP return status from UI auth: Remove outdated comment for parse_auth_choice() auth: Parse second-auth-related properties from the auth form auth: Hide unused form fields based on the selected authgroup .gitignore | 1 + Makefile.am | 25 +- acinclude.m4 | 125 +++ android/.gitignore | 8 + android/0001-Remove-call-to-mlockall.patch | 33 + ...-fflush-freadahead-fseeko-Fix-for-Android.patch | 43 + android/Makefile | 119 ++- auth.c | 159 +++- configure.ac | 48 +- cstp.c | 137 +-- dtls.c | 18 +- gnutls.c | 36 +- http.c | 49 +- java/.gitignore | 2 + java/README | 22 + java/build.xml | 33 + java/src/com/example/LibTest.java | 207 ++++ .../infradead/libopenconnect/LibOpenConnect.java | 256 +++++ jni.c | 1004 ++++++++++++++++++++ libopenconnect.map.in | 19 + library.c | 109 ++- main.c | 193 ++-- mainloop.c | 38 +- openconnect-internal.h | 56 +- openconnect.h | 99 +- openconnect.pc.in | 2 +- openssl.c | 36 +- ssl.c | 62 +- tun.c | 187 ++-- 29 files changed, 2716 insertions(+), 410 deletions(-) create mode 100644 android/.gitignore create mode 100644 android/0001-Remove-call-to-mlockall.patch create mode 100644 android/0001-fflush-freadahead-fseeko-Fix-for-Android.patch create mode 100644 java/.gitignore create mode 100644 java/README create mode 100644 java/build.xml create mode 100644 java/src/com/example/LibTest.java create mode 100644 java/src/org/infradead/libopenconnect/LibOpenConnect.java create mode 100644 jni.c
