This patch just play with space and tabs, so git diff -w does not report anything. Signed-off-by: Antonio Borneo <borneo.antonio at gmail.com> --- auth.c | 6 ++-- compat.c | 2 +- cstp.c | 10 +++--- dtls.c | 20 ++++++------ gnutls.c | 78 ++++++++++++++++++++++++------------------------ gnutls.h | 18 +++++----- gnutls_tpm.c | 8 ++-- http.c | 46 ++++++++++++++-------------- library.c | 72 ++++++++++++++++++++++---------------------- main.c | 22 +++++++------- openconnect-internal.h | 4 +- openconnect.h | 62 +++++++++++++++++++------------------- openssl.c | 54 ++++++++++++++++---------------- ssl.c | 14 ++++---- tun.c | 14 ++++---- 15 files changed, 215 insertions(+), 215 deletions(-) diff --git a/auth.c b/auth.c index ff2eae9..d5f64a4 100644 --- a/auth.c +++ b/auth.c @@ -276,7 +276,7 @@ static char *xmlnode_msg(xmlNode *xml_node) } len = strlen(fmt) + 1; - + params[0] = (char *)xmlGetProp(xml_node, (unsigned char *)"param1"); if (params[0]) len += strlen(params[0]); @@ -291,7 +291,7 @@ static char *xmlnode_msg(xmlNode *xml_node) } strcpy(result, fmt); - free (fmt); + free(fmt); for (pct = strchr(result, '%'); pct; (pct = strchr(pct, '%'))) { @@ -643,7 +643,7 @@ void free_auth_form(struct oc_auth_form *form) struct oc_form_opt_select *sel = (void *)form->opts; int i; - for (i=0; i < sel->nr_choices; i++) { + for (i = 0; i < sel->nr_choices; i++) { free(sel->choices[i].name); free(sel->choices[i].label); free(sel->choices[i].auth_type); diff --git a/compat.c b/compat.c index 2fbad2e..bc396f2 100644 --- a/compat.c +++ b/compat.c @@ -77,7 +77,7 @@ static int oc_vasprintf(char **strp, const char *fmt, va_list ap) res = NULL; goto err; } - if (len >=0 && len < 160) + if (len >= 0 && len < 160) goto out; free(res); diff --git a/cstp.c b/cstp.c index 0c4cdcb..ad99657 100644 --- a/cstp.c +++ b/cstp.c @@ -171,7 +171,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) vpninfo->vpn_domain = vpninfo->vpn_proxy_pac = NULL; vpninfo->banner = NULL; - for (i=0; i<3; i++) + for (i = 0; i < 3; i++) vpninfo->vpn_dns[i] = vpninfo->vpn_nbns[i] = NULL; for (inc = vpninfo->split_includes; inc; ) { @@ -215,12 +215,12 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) buf_append(buf, sizeof(buf), "X-CSTP-Base-MTU: %d\r\n", base_mtu); buf_append(buf, sizeof(buf), "X-CSTP-MTU: %d\r\n", mtu); buf_append(buf, sizeof(buf), "X-CSTP-Address-Type: %s\r\n", - vpninfo->disable_ipv6?"IPv4":"IPv6,IPv4"); + vpninfo->disable_ipv6 ? "IPv4" : "IPv6,IPv4"); buf_append(buf, sizeof(buf), "X-DTLS-Master-Secret: "); for (i = 0; i < sizeof(vpninfo->dtls_secret); i++) buf_append(buf, sizeof(buf), "%02X", vpninfo->dtls_secret[i]); buf_append(buf, sizeof(buf), "\r\nX-DTLS-CipherSuite: %s\r\n\r\n", - vpninfo->dtls_ciphers?:"AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA"); + vpninfo->dtls_ciphers ? : "AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA"); openconnect_SSL_write(vpninfo, buf, strlen(buf)); @@ -715,7 +715,7 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout) we should probably remove POLLIN from the events we're looking for, and add POLLOUT. As it is, though, it'll just chew CPU time in that fairly unlikely situation, until the write backlog clears. */ - while ( (len = cstp_read(vpninfo, buf, sizeof(buf))) > 0) { + while ((len = cstp_read(vpninfo, buf, sizeof(buf))) > 0) { int payload_len; if (buf[0] != 'S' || buf[1] != 'T' || @@ -734,7 +734,7 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout) continue; } vpninfo->ssl_times.last_rx = time(NULL); - switch(buf[6]) { + switch (buf[6]) { case AC_PKT_DPD_OUT: vpn_progress(vpninfo, PRG_TRACE, _("Got CSTP DPD request\n")); diff --git a/dtls.c b/dtls.c index adb01c6..45992b1 100644 --- a/dtls.c +++ b/dtls.c @@ -112,7 +112,7 @@ int RAND_bytes(char *buf, int len) #ifdef HAVE_DTLS1_STOP_TIMER /* OpenSSL doesn't deliberately export this, but we need it to workaround a DTLS bug in versions < 1.0.0e */ -extern void dtls1_stop_timer (SSL *); +extern void dtls1_stop_timer(SSL *); #endif #if !defined(NO_BROKEN_DTLS_CHECK) && (OPENSSL_VERSION_NUMBER == 0x10002000L || \ @@ -265,7 +265,7 @@ int dtls_try_handshake(struct openconnect_info *vpninfo) #if OPENSSL_VERSION_NUMBER >= 0x1000005fL /* OpenSSL 1.0.0e or above doesn't resend anyway; do nothing. However, if we were *built* against 1.0.0e or newer, but at - runtime we find that we are being run against an older + runtime we find that we are being run against an older version, warn about it. */ if (SSLeay() < 0x1000005fL) { vpn_progress(vpninfo, PRG_ERR, @@ -284,8 +284,8 @@ int dtls_try_handshake(struct openconnect_info *vpninfo) * so do it manually. This version also works on all * sane versions of OpenSSL: */ - memset (&(vpninfo->dtls_ssl->d1->next_timeout), 0, - sizeof((vpninfo->dtls_ssl->d1->next_timeout))); + memset(&(vpninfo->dtls_ssl->d1->next_timeout), 0, + sizeof((vpninfo->dtls_ssl->d1->next_timeout))); vpninfo->dtls_ssl->d1->timeout_duration = 1; BIO_ctrl(SSL_get_rbio(vpninfo->dtls_ssl), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, @@ -633,10 +633,10 @@ int setup_dtls(struct openconnect_info *vpninfo) #if defined(OPENCONNECT_GNUTLS) && defined(DTLS_OPENSSL) /* If we're using GnuTLS for authentication but OpenSSL for DTLS, we'll need to initialise OpenSSL now... */ - SSL_library_init (); - ERR_clear_error (); - SSL_load_error_strings (); - OpenSSL_add_all_algorithms (); + SSL_library_init(); + ERR_clear_error(); + SSL_load_error_strings(); + OpenSSL_add_all_algorithms(); #endif while (dtls_opt) { @@ -726,7 +726,7 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout) vpninfo->dtls_times.last_rx = time(NULL); - switch(buf[0]) { + switch (buf[0]) { case AC_PKT_DATA: dtls_pkt->len = len - 1; queue_packet(&vpninfo->incoming_queue, dtls_pkt); @@ -884,7 +884,7 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout) } #else /* !HAVE_DTLS */ #warning Your SSL library does not seem to support Cisco DTLS compatibility - int setup_dtls(struct openconnect_info *vpninfo) +int setup_dtls(struct openconnect_info *vpninfo) { vpn_progress(vpninfo, PRG_ERR, _("Built against SSL library with no Cisco DTLS support\n")); diff --git a/gnutls.c b/gnutls.c index 38355f8..e881ce6 100644 --- a/gnutls.c +++ b/gnutls.c @@ -88,7 +88,7 @@ int openconnect_SSL_write(struct openconnect_info *vpninfo, char *buf, size_t le FD_ZERO(&wr_set); FD_ZERO(&rd_set); - + if (gnutls_record_get_direction(vpninfo->https_sess)) FD_SET(vpninfo->ssl_fd, &wr_set); else @@ -125,7 +125,7 @@ int openconnect_SSL_read(struct openconnect_info *vpninfo, char *buf, size_t len } else { FD_ZERO(&wr_set); FD_ZERO(&rd_set); - + if (gnutls_record_get_direction(vpninfo->https_sess)) FD_SET(vpninfo->ssl_fd, &wr_set); else @@ -180,10 +180,10 @@ int openconnect_SSL_gets(struct openconnect_info *vpninfo, char *buf, size_t len } else { fd_set rd_set, wr_set; int maxfd = vpninfo->ssl_fd; - + FD_ZERO(&rd_set); FD_ZERO(&wr_set); - + if (gnutls_record_get_direction(vpninfo->https_sess)) FD_SET(vpninfo->ssl_fd, &wr_set); else @@ -434,7 +434,7 @@ static int count_x509_certificates(gnutls_datum_t *datum) p += 11; if (!strncmp(p, "CERTIFICATE", 11) || !strncmp(p, "X509 CERTIFICATE", 16)) - count++; + count++; } return count; } @@ -555,7 +555,7 @@ static int assign_privkey(struct openconnect_info *vpninfo, if (!pcerts) return GNUTLS_E_MEMORY_ERROR; - for (i=0 ; i < nr_certs; i++) { + for (i = 0 ; i < nr_certs; i++) { err = gnutls_pcert_import_x509(pcerts + i, certs[i], 0); if (err) { vpn_progress(vpninfo, PRG_ERR, @@ -572,9 +572,9 @@ static int assign_privkey(struct openconnect_info *vpninfo, _("Setting PKCS#11 certificate failed: %s\n"), gnutls_strerror(err)); free_pcerts: - for (i=0 ; i < nr_certs; i++) + for (i = 0 ; i < nr_certs; i++) gnutls_pcert_deinit(pcerts + i); - free (pcerts); + free(pcerts); } return err; } @@ -668,7 +668,7 @@ static int import_openssl_pem(struct openconnect_info *vpninfo, else if (type == 'R') begin = "RSA PRIVATE KEY"; else if (type == 'D') - begin = "DSA PRIVATE KEY"; + begin = "DSA PRIVATE KEY"; else return -EINVAL; @@ -1123,10 +1123,10 @@ static int load_certificate(struct openconnect_info *vpninfo) s = sizeof(token->model) + 1; if (!gnutls_pkcs11_obj_get_info(crt, GNUTLS_PKCS11_OBJ_TOKEN_MODEL, buf, &s)) { - s--; - memcpy(token->model, buf, s); - memset(token->model + s, ' ', - sizeof(token->model) - s); + s--; + memcpy(token->model, buf, s); + memset(token->model + s, ' ', + sizeof(token->model) - s); } } if (!token->serialNumber[0]) { @@ -1322,11 +1322,11 @@ static int load_certificate(struct openconnect_info *vpninfo) goto out; } /* If extra_certs[] is NULL, we have one candidate in 'cert' to check. */ - for (i = 0; i < (extra_certs?nr_extra_certs:1); i++) { + for (i = 0; i < (extra_certs ? nr_extra_certs : 1); i++) { unsigned char cert_id[20]; size_t cert_id_size = sizeof(cert_id); - err = gnutls_x509_crt_get_key_id(extra_certs?extra_certs[i]:cert, 0, cert_id, &cert_id_size); + err = gnutls_x509_crt_get_key_id(extra_certs ? extra_certs[i] : cert, 0, cert_id, &cert_id_size); if (err) continue; @@ -1369,11 +1369,11 @@ static int load_certificate(struct openconnect_info *vpninfo) } /* If extra_certs[] is NULL, we have one candidate in 'cert' to check. */ - for (i=0; i < (extra_certs?nr_extra_certs:1); i++) { + for (i = 0; i < (extra_certs ? nr_extra_certs : 1); i++) { gnutls_pubkey_t pubkey; gnutls_pubkey_init(&pubkey); - err = gnutls_pubkey_import_x509(pubkey, extra_certs?extra_certs[i]:cert, 0); + err = gnutls_pubkey_import_x509(pubkey, extra_certs ? extra_certs[i] : cert, 0); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Error validating signature against certificate: %s\n"), @@ -1461,7 +1461,7 @@ static int load_certificate(struct openconnect_info *vpninfo) err = gnutls_certificate_get_issuer(vpninfo->https_cred, last_cert, &issuer, 0); if (err) - break; + break; /* The check_issuer_sanity() function works fine as a workaround where it was used above, but when gnutls_certificate_get_issuer() returns @@ -1597,7 +1597,7 @@ static int get_cert_fingerprint(struct openconnect_info *vpninfo, if (gnutls_x509_crt_get_fingerprint(cert, algo, md, &md_size)) return -EIO; - for (i=0; i < md_size; i++) + for (i = 0; i < md_size; i++) sprintf(&buf[i*2], "%02X", md[i]); return 0; @@ -1623,11 +1623,11 @@ char *openconnect_get_cert_details(struct openconnect_info *vpninfo, if (gnutls_x509_crt_print(cert, GNUTLS_CRT_PRINT_FULL, &buf)) return NULL; - + /* Just in case gnutls_free() isn't free(), we can't steal it. */ ret = strdup((char *)buf.data); gnutls_free(buf.data); - + return ret; } @@ -1637,7 +1637,7 @@ int openconnect_get_cert_DER(struct openconnect_info *vpninfo, size_t l = 0; unsigned char *ret = NULL; - if (gnutls_x509_crt_export(cert, GNUTLS_X509_FMT_DER, ret, &l) != + if (gnutls_x509_crt_export(cert, GNUTLS_X509_FMT_DER, ret, &l) != GNUTLS_E_SHORT_MEMORY_BUFFER) return -EIO; @@ -1647,7 +1647,7 @@ int openconnect_get_cert_DER(struct openconnect_info *vpninfo, if (gnutls_x509_crt_export(cert, GNUTLS_X509_FMT_DER, ret, &l)) { free(ret); - return -EIO; + return -EIO; } *buf = ret; return l; @@ -1667,7 +1667,7 @@ static int verify_peer(gnutls_session_t session) vpninfo->peer_cert = NULL; } - cert_list = gnutls_certificate_get_peers (session, &cert_list_size); + cert_list = gnutls_certificate_get_peers(session, &cert_list_size); if (!cert_list) { vpn_progress(vpninfo, PRG_ERR, _("Server presented no certificate\n")); return GNUTLS_E_CERTIFICATE_ERROR; @@ -1677,14 +1677,14 @@ static int verify_peer(gnutls_session_t session) unsigned char sha1bin[SHA1_SIZE]; char fingerprint[(SHA1_SIZE * 2) + 1]; int i; - + err = openconnect_sha1(sha1bin, cert_list[0].data, cert_list[0].size); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Could not calculate SHA1 of server's certificate\n")); return GNUTLS_E_CERTIFICATE_ERROR; } - for (i=0; i < SHA1_SIZE; i++) + for (i = 0; i < SHA1_SIZE; i++) sprintf(&fingerprint[i*2], "%02X", sha1bin[i]); if (strcasecmp(vpninfo->servercert, fingerprint)) { @@ -1695,7 +1695,7 @@ static int verify_peer(gnutls_session_t session) return 0; } - err = gnutls_certificate_verify_peers2 (session, &status); + err = gnutls_certificate_verify_peers2(session, &status); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Error checking server cert status\n")); return GNUTLS_E_CERTIFICATE_ERROR; @@ -1773,8 +1773,8 @@ int openconnect_open_https(struct openconnect_info *vpninfo) DEFAULT_SYSTEM_CAFILE, GNUTLS_X509_FMT_PEM); #endif - gnutls_certificate_set_verify_function (vpninfo->https_cred, - verify_peer); + gnutls_certificate_set_verify_function(vpninfo->https_cred, + verify_peer); #ifdef ANDROID_KEYSTORE if (vpninfo->cafile && !strncmp(vpninfo->cafile, "keystore:", 9)) { @@ -1855,20 +1855,20 @@ int openconnect_open_https(struct openconnect_info *vpninfo) } } } - gnutls_init (&vpninfo->https_sess, GNUTLS_CLIENT); - gnutls_session_set_ptr (vpninfo->https_sess, (void *) vpninfo); + gnutls_init(&vpninfo->https_sess, GNUTLS_CLIENT); + gnutls_session_set_ptr(vpninfo->https_sess, (void *) vpninfo); #if defined(HAVE_TROUSERS) && !defined(HAVE_GNUTLS_CERTIFICATE_SET_KEY) if (vpninfo->my_pkey == OPENCONNECT_TPM_PKEY) gnutls_sign_callback_set(vpninfo->https_sess, gtls2_tpm_sign_cb, vpninfo); #endif - err = gnutls_priority_set_direct (vpninfo->https_sess, - "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:" + err = gnutls_priority_set_direct(vpninfo->https_sess, + "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:" #if GNUTLS_VERSION_MAJOR >= 3 - "-CURVE-ALL:" + "-CURVE-ALL:" #endif - "%COMPAT:%DISABLE_SAFE_RENEGOTIATION:%LATEST_RECORD_VERSION", - NULL); + "%COMPAT:%DISABLE_SAFE_RENEGOTIATION:%LATEST_RECORD_VERSION", + NULL); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to set TLS priority string: %s\n"), @@ -1879,14 +1879,14 @@ int openconnect_open_https(struct openconnect_info *vpninfo) return -EIO; } - gnutls_record_disable_padding (vpninfo->https_sess); - gnutls_credentials_set (vpninfo->https_sess, GNUTLS_CRD_CERTIFICATE, vpninfo->https_cred); + gnutls_record_disable_padding(vpninfo->https_sess); + gnutls_credentials_set(vpninfo->https_sess, GNUTLS_CRD_CERTIFICATE, vpninfo->https_cred); gnutls_transport_set_ptr(vpninfo->https_sess, /* really? */(gnutls_transport_ptr_t)(long) ssl_sock); vpn_progress(vpninfo, PRG_INFO, _("SSL negotiation with %s\n"), vpninfo->hostname); - while ((err = gnutls_handshake (vpninfo->https_sess))) { + while ((err = gnutls_handshake(vpninfo->https_sess))) { if (err == GNUTLS_E_AGAIN) { fd_set rd_set, wr_set; int maxfd = ssl_sock; diff --git a/gnutls.h b/gnutls.h index f09fee2..c7eb977 100644 --- a/gnutls.h +++ b/gnutls.h @@ -32,16 +32,16 @@ #include "openconnect-internal.h" #ifndef HAVE_GNUTLS_PKCS12_SIMPLE_PARSE -/* If we're using a version of GnuTLS from before this was +/* If we're using a version of GnuTLS from before this was exported, pull in our local copy. */ -int gnutls_pkcs12_simple_parse (gnutls_pkcs12_t p12, const char *password, - gnutls_x509_privkey_t * key, - gnutls_x509_crt_t ** chain, - unsigned int * chain_len, - gnutls_x509_crt_t ** extra_certs, - unsigned int * extra_certs_len, - gnutls_x509_crl_t * crl, - unsigned int flags); +int gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12, const char *password, + gnutls_x509_privkey_t *key, + gnutls_x509_crt_t **chain, + unsigned int *chain_len, + gnutls_x509_crt_t **extra_certs, + unsigned int *extra_certs_len, + gnutls_x509_crl_t *crl, + unsigned int flags); #endif /* !HAVE_GNUTLS_PKCS12_SIMPLE_PARSE */ diff --git a/gnutls_tpm.c b/gnutls_tpm.c index bc62d76..478b0da 100644 --- a/gnutls_tpm.c +++ b/gnutls_tpm.c @@ -296,7 +296,7 @@ int load_tpm_key(struct openconnect_info *vpninfo, gnutls_datum_t *fdata, goto out_key_policy; } } - err = request_passphrase(vpninfo, "openconnect_tpm_key", + err = request_passphrase(vpninfo, "openconnect_tpm_key", &pass, _("Enter TPM key PIN:")); if (err) goto out_key_policy; @@ -304,7 +304,7 @@ int load_tpm_key(struct openconnect_info *vpninfo, gnutls_datum_t *fdata, err = Tspi_Policy_SetSecret(vpninfo->tpm_key_policy, TSS_SECRET_MODE_PLAIN, strlen(pass), (void *)pass); - free (pass); + free(pass); if (err) { vpn_progress(vpninfo, PRG_ERR, @@ -315,7 +315,7 @@ int load_tpm_key(struct openconnect_info *vpninfo, gnutls_datum_t *fdata, goto retry_sign; } - free (asn1.data); + free(asn1.data); return 0; out_key_policy: Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->tpm_key_policy); @@ -333,7 +333,7 @@ int load_tpm_key(struct openconnect_info *vpninfo, gnutls_datum_t *fdata, Tspi_Context_Close(vpninfo->tpm_context); vpninfo->tpm_context = 0; out_blob: - free (asn1.data); + free(asn1.data); return -EIO; } diff --git a/http.c b/http.c index 660dd67..e7ec7a9 100644 --- a/http.c +++ b/http.c @@ -164,7 +164,7 @@ static int http_add_cookie(struct openconnect_info *vpninfo, new->next = (*this)->next; else new = (*this)->next; - + free((*this)->option); free((*this)->value); free(*this); @@ -202,14 +202,14 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, if (!strncmp(buf, "HTTP/1.0 ", 9)) closeconn = 1; - + if ((!closeconn && strncmp(buf, "HTTP/1.1 ", 9)) || !(*result = atoi(buf+9))) { vpn_progress(vpninfo, PRG_ERR, _("Failed to parse HTTP response '%s'\n"), buf); return -EINVAL; } - vpn_progress(vpninfo, (*result==200)?PRG_TRACE:PRG_INFO, + vpn_progress(vpninfo, (*result == 200) ? PRG_TRACE : PRG_INFO, _("Got HTTP response: %s\n"), buf); /* Eat headers... */ @@ -255,8 +255,8 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, if (!strcmp(colon, "webvpn") && *equals) print_equals = _("<elided>"); vpn_progress(vpninfo, PRG_TRACE, "%s: %s=%s%s%s\n", - buf, colon, print_equals, semicolon?";":"", - semicolon?(semicolon+1):""); + buf, colon, print_equals, semicolon ? ";" : "", + semicolon ? (semicolon+1) : ""); /* The server tends to ask for the username and password as usual, even if we've already failed because it didn't like @@ -318,9 +318,9 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, goto cont; /* Now the body, if there is one */ - vpn_progress(vpninfo, PRG_TRACE, _("HTTP body %s (%d)\n"), - bodylen==BODY_HTTP10?"http 1.0" : - bodylen==BODY_CHUNKED?"chunked" : "length: ", + vpn_progress(vpninfo, PRG_TRACE, _("HTTP body %s (%d)\n"), + bodylen == BODY_HTTP10 ? "http 1.0" : + bodylen == BODY_CHUNKED ? "chunked" : "length: ", bodylen); /* If we were given Content-Length, it's nice and easy... */ @@ -333,7 +333,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, if (i < 0) { vpn_progress(vpninfo, PRG_ERR, _("Error reading HTTP response body\n")); - free(body); + free(body); return -EINVAL; } done += i; @@ -361,7 +361,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, if (i < 0) { vpn_progress(vpninfo, PRG_ERR, _("Error reading HTTP response body\n")); - free(body); + free(body); return -EINVAL; } chunklen -= i; @@ -377,7 +377,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, _("Error in chunked decoding. Expected '', got: '%s'"), buf); } - free(body); + free(body); return -EINVAL; } @@ -411,7 +411,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result, if (!body) return -ENOMEM; break; - } + } } } @@ -581,27 +581,27 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle if (vpninfo->csd_wrapper) csd_argv[i++] = vpninfo->csd_wrapper; csd_argv[i++] = fname; - csd_argv[i++]= (char *)"-ticket"; + csd_argv[i++] = (char *)"-ticket"; if (asprintf(&csd_argv[i++], "\"%s\"", vpninfo->csd_ticket) == -1) goto out; - csd_argv[i++]= (char *)"-stub"; - csd_argv[i++]= (char *)"\"0\""; - csd_argv[i++]= (char *)"-group"; + csd_argv[i++] = (char *)"-stub"; + csd_argv[i++] = (char *)"\"0\""; + csd_argv[i++] = (char *)"-group"; if (asprintf(&csd_argv[i++], "\"%s\"", vpninfo->authgroup?:"") == -1) goto out; openconnect_local_cert_md5(vpninfo, ccertbuf); scertbuf[0] = 0; get_cert_md5_fingerprint(vpninfo, vpninfo->peer_cert, scertbuf); - csd_argv[i++]= (char *)"-certhash"; + csd_argv[i++] = (char *)"-certhash"; if (asprintf(&csd_argv[i++], "\"%s:%s\"", scertbuf, ccertbuf) == -1) goto out; - csd_argv[i++]= (char *)"-url"; + csd_argv[i++] = (char *)"-url"; if (asprintf(&csd_argv[i++], "\"https://%s%s\"", vpninfo->hostname, vpninfo->csd_starturl) == -1) goto out; - csd_argv[i++]= (char *)"-langselen"; + csd_argv[i++] = (char *)"-langselen"; csd_argv[i++] = NULL; if (setenv("CSD_TOKEN", vpninfo->csd_token, 1)) @@ -1147,7 +1147,7 @@ static int proxy_gets(struct openconnect_info *vpninfo, int fd, if (len < 2) return -EINVAL; - while ( (ret = proxy_read(vpninfo, fd, (void *)(buf + i), 1)) == 0) { + while ((ret = proxy_read(vpninfo, fd, (void *)(buf + i), 1)) == 0) { if (buf[i] == '\n') { buf[i] = 0; if (i && buf[i-1] == '\r') { @@ -1267,7 +1267,7 @@ static int process_socks_proxy(struct openconnect_info *vpninfo, int ssl_sock) strerror(-i)); return i; } - + if ((i = proxy_read(vpninfo, ssl_sock, buf, 2))) { vpn_progress(vpninfo, PRG_ERR, _("Error reading auth response from SOCKS proxy: %s\n"), @@ -1331,7 +1331,7 @@ static int process_socks_proxy(struct openconnect_info *vpninfo, int ssl_sock) goto socks_err; /* Connect responses contain an address */ - switch(buf[3]) { + switch (buf[3]) { case 1: /* Legacy IP */ i = 5; break; @@ -1426,7 +1426,7 @@ int process_proxy(struct openconnect_info *vpninfo, int ssl_sock) { if (!vpninfo->proxy_type || !strcmp(vpninfo->proxy_type, "http")) return process_http_proxy(vpninfo, ssl_sock); - + if (!strcmp(vpninfo->proxy_type, "socks") || !strcmp(vpninfo->proxy_type, "socks5")) return process_socks_proxy(vpninfo, ssl_sock); diff --git a/library.c b/library.c index 59a5939..9a8f133 100644 --- a/library.c +++ b/library.c @@ -34,23 +34,23 @@ #include "openconnect-internal.h" -struct openconnect_info *openconnect_vpninfo_new (char *useragent, - openconnect_validate_peer_cert_vfn validate_peer_cert, - openconnect_write_new_config_vfn write_new_config, - openconnect_process_auth_form_vfn process_auth_form, - openconnect_progress_vfn progress, - void *privdata) +struct openconnect_info *openconnect_vpninfo_new(char *useragent, + openconnect_validate_peer_cert_vfn validate_peer_cert, + openconnect_write_new_config_vfn write_new_config, + openconnect_process_auth_form_vfn process_auth_form, + openconnect_progress_vfn progress, + void *privdata) { - struct openconnect_info *vpninfo = calloc (sizeof(*vpninfo), 1); + struct openconnect_info *vpninfo = calloc(sizeof(*vpninfo), 1); vpninfo->ssl_fd = -1; vpninfo->cert_expire_warning = 60 * 86400; - vpninfo->useragent = openconnect_create_useragent (useragent); + vpninfo->useragent = openconnect_create_useragent(useragent); vpninfo->validate_peer_cert = validate_peer_cert; vpninfo->write_new_config = write_new_config; vpninfo->process_auth_form = process_auth_form; vpninfo->progress = progress; - vpninfo->cbdata = privdata?:vpninfo; + vpninfo->cbdata = privdata ? : vpninfo; vpninfo->cancel_fd = -1; openconnect_set_reported_os(vpninfo, NULL); @@ -61,7 +61,7 @@ struct openconnect_info *openconnect_vpninfo_new (char *useragent, return vpninfo; } -int openconnect_set_reported_os (struct openconnect_info *vpninfo, const char *os) +int openconnect_set_reported_os(struct openconnect_info *vpninfo, const char *os) { if (!os) { #if defined(__APPLE__) @@ -85,7 +85,7 @@ int openconnect_set_reported_os (struct openconnect_info *vpninfo, const char *o return 0; } -static void free_optlist (struct vpn_option *opt) +static void free_optlist(struct vpn_option *opt) { struct vpn_option *next; @@ -97,7 +97,7 @@ static void free_optlist (struct vpn_option *opt) } } -void openconnect_vpninfo_free (struct openconnect_info *vpninfo) +void openconnect_vpninfo_free(struct openconnect_info *vpninfo) { openconnect_close_https(vpninfo, 1); free(vpninfo->peer_addr); @@ -149,12 +149,12 @@ void openconnect_vpninfo_free (struct openconnect_info *vpninfo) free(vpninfo); } -char *openconnect_get_hostname (struct openconnect_info *vpninfo) +char *openconnect_get_hostname(struct openconnect_info *vpninfo) { return vpninfo->unique_hostname?:vpninfo->hostname; } -void openconnect_set_hostname (struct openconnect_info *vpninfo, char *hostname) +void openconnect_set_hostname(struct openconnect_info *vpninfo, char *hostname) { free(vpninfo->hostname); vpninfo->hostname = hostname; @@ -162,37 +162,37 @@ void openconnect_set_hostname (struct openconnect_info *vpninfo, char *hostname) vpninfo->unique_hostname = NULL; } -char *openconnect_get_urlpath (struct openconnect_info *vpninfo) +char *openconnect_get_urlpath(struct openconnect_info *vpninfo) { return vpninfo->urlpath; } -void openconnect_set_urlpath (struct openconnect_info *vpninfo, char *urlpath) +void openconnect_set_urlpath(struct openconnect_info *vpninfo, char *urlpath) { vpninfo->urlpath = urlpath; } -void openconnect_set_xmlsha1 (struct openconnect_info *vpninfo, const char *xmlsha1, int size) +void openconnect_set_xmlsha1(struct openconnect_info *vpninfo, const char *xmlsha1, int size) { - if (size != sizeof (vpninfo->xmlsha1)) + if (size != sizeof(vpninfo->xmlsha1)) return; - memcpy (&vpninfo->xmlsha1, xmlsha1, size); + memcpy(&vpninfo->xmlsha1, xmlsha1, size); } -void openconnect_set_cafile (struct openconnect_info *vpninfo, char *cafile) +void openconnect_set_cafile(struct openconnect_info *vpninfo, char *cafile) { vpninfo->cafile = cafile; } -void openconnect_setup_csd (struct openconnect_info *vpninfo, uid_t uid, int silent, char *wrapper) +void openconnect_setup_csd(struct openconnect_info *vpninfo, uid_t uid, int silent, char *wrapper) { vpninfo->uid_csd = uid; - vpninfo->uid_csd_given = silent?2:1; + vpninfo->uid_csd_given = silent ? 2 : 1; vpninfo->csd_wrapper = wrapper; } -void openconnect_set_client_cert (struct openconnect_info *vpninfo, char *cert, char *sslkey) +void openconnect_set_client_cert(struct openconnect_info *vpninfo, char *cert, char *sslkey) { vpninfo->cert = cert; if (sslkey) @@ -201,28 +201,28 @@ void openconnect_set_client_cert (struct openconnect_info *vpninfo, char *cert, vpninfo->sslkey = cert; } -OPENCONNECT_X509 *openconnect_get_peer_cert (struct openconnect_info *vpninfo) +OPENCONNECT_X509 *openconnect_get_peer_cert(struct openconnect_info *vpninfo) { return vpninfo->peer_cert; } -int openconnect_get_port (struct openconnect_info *vpninfo) +int openconnect_get_port(struct openconnect_info *vpninfo) { return vpninfo->port; } -char *openconnect_get_cookie (struct openconnect_info *vpninfo) +char *openconnect_get_cookie(struct openconnect_info *vpninfo) { return vpninfo->cookie; } -void openconnect_clear_cookie (struct openconnect_info *vpninfo) +void openconnect_clear_cookie(struct openconnect_info *vpninfo) { if (vpninfo->cookie) memset(vpninfo->cookie, 0, strlen(vpninfo->cookie)); } -void openconnect_reset_ssl (struct openconnect_info *vpninfo) +void openconnect_reset_ssl(struct openconnect_info *vpninfo) { openconnect_close_https(vpninfo, 0); if (vpninfo->peer_addr) { @@ -231,7 +231,7 @@ void openconnect_reset_ssl (struct openconnect_info *vpninfo) } } -int openconnect_parse_url (struct openconnect_info *vpninfo, char *url) +int openconnect_parse_url(struct openconnect_info *vpninfo, char *url) { char *scheme = NULL; int ret; @@ -248,8 +248,8 @@ int openconnect_parse_url (struct openconnect_info *vpninfo, char *url) free(vpninfo->urlpath); vpninfo->urlpath = NULL; - ret = internal_parse_url (url, &scheme, &vpninfo->hostname, - &vpninfo->port, &vpninfo->urlpath, 443); + ret = internal_parse_url(url, &scheme, &vpninfo->hostname, + &vpninfo->port, &vpninfo->urlpath, 443); if (ret) { vpn_progress(vpninfo, PRG_ERR, @@ -266,18 +266,18 @@ int openconnect_parse_url (struct openconnect_info *vpninfo, char *url) return ret; } -void openconnect_set_cert_expiry_warning (struct openconnect_info *vpninfo, +void openconnect_set_cert_expiry_warning(struct openconnect_info *vpninfo, int seconds) { vpninfo->cert_expire_warning = seconds; } -void openconnect_set_cancel_fd (struct openconnect_info *vpninfo, int fd) +void openconnect_set_cancel_fd(struct openconnect_info *vpninfo, int fd) { vpninfo->cancel_fd = fd; } -const char *openconnect_get_version (void) +const char *openconnect_get_version(void) { return openconnect_version_str; } @@ -334,8 +334,8 @@ int openconnect_has_stoken_support(void) * = -EIO, for other libstoken failures * = 0, on success */ -int openconnect_set_stoken_mode (struct openconnect_info *vpninfo, - int use_stoken, const char *token_str) +int openconnect_set_stoken_mode(struct openconnect_info *vpninfo, + int use_stoken, const char *token_str) { #ifdef LIBSTOKEN_HDR int ret; diff --git a/main.c b/main.c index 37595f5..1cbcb82 100644 --- a/main.c +++ b/main.c @@ -398,7 +398,7 @@ static int next_option(int argc, char **argv, char **config_arg) if (!strncmp(this->name, line, optlen) && (!line[optlen] || line[optlen] == ' ' || line[optlen] == '\t' || line[optlen] == '=')) - break; + break; } if (!this->name) { char *l; @@ -461,7 +461,7 @@ int main(int argc, char **argv) " the libopenconnect library is %s\n"), openconnect_binary_version, openconnect_version_str); } - + openconnect_init_ssl(); vpninfo = malloc(sizeof(*vpninfo)); @@ -541,7 +541,7 @@ int main(int argc, char **argv) case OPT_COOKIE_ON_STDIN: read_stdin(&vpninfo->cookie); /* If the cookie is empty, ignore it */ - if (! *vpninfo->cookie) { + if (!*vpninfo->cookie) { vpninfo->cookie = NULL; } break; @@ -613,7 +613,7 @@ int main(int argc, char **argv) case 'p': vpninfo->cert_password = strdup(config_arg); break; - case 'P': + case 'P': proxy = keep_config_arg(); autoproxy = 0; break; @@ -849,8 +849,8 @@ int main(int argc, char **argv) vpn_progress(vpninfo, PRG_INFO, _("Connected %s as %s%s%s, using %s\n"), vpninfo->ifname, vpninfo->vpn_addr?:"", - (vpninfo->vpn_addr6 && vpninfo->vpn_addr)?" + ":"", - vpninfo->vpn_addr6?:"", + (vpninfo->vpn_addr6 && vpninfo->vpn_addr) ? " + " : "", + vpninfo->vpn_addr6 ? : "", (vpninfo->dtls_fd == -1) ? (vpninfo->deflate ? "SSL + deflate" : "SSL") : "DTLS"); @@ -910,7 +910,7 @@ static int write_new_config(void *_vpninfo, char *buf, int buflen) } /* FIXME: We should actually write to a new tempfile, then rename */ - if(write(config_fd, buf, buflen) != buflen) { + if (write(config_fd, buf, buflen) != buflen) { err = errno; fprintf(stderr, _("Failed to write config to %s: %s\n"), vpninfo->xmlconfig, strerror(err)); @@ -941,12 +941,12 @@ void write_progress(void *_vpninfo, int level, const char *fmt, ...) #ifdef ANDROID void syslog_progress(void *_vpninfo, int level, const char *fmt, ...) { - static int l[4] = { + static int l[4] = { ANDROID_LOG_ERROR, /* PRG_ERR */ ANDROID_LOG_INFO, /* PRG_INFO */ ANDROID_LOG_DEBUG, /* PRG_DEBUG */ ANDROID_LOG_DEBUG /* PRG_TRACE */ - }; + }; va_list args, args2; if (verbose >= level) { @@ -1151,7 +1151,7 @@ static int process_auth_form(void *_vpninfo, _("User input required in non-interactive mode\n")); goto err; } else { - opt->value=malloc(80); + opt->value = malloc(80); if (!opt->value) goto err; @@ -1179,7 +1179,7 @@ static int process_auth_form(void *_vpninfo, goto err; } else { struct termios t; - opt->value=malloc(80); + opt->value = malloc(80); if (!opt->value) goto err; diff --git a/openconnect-internal.h b/openconnect-internal.h index 9d9fa6b..3355c3d 100644 --- a/openconnect-internal.h +++ b/openconnect-internal.h @@ -327,7 +327,7 @@ struct openconnect_info { #define AC_PKT_COMPRESSED 8 /* Compressed data */ #define AC_PKT_TERM_SERVER 9 /* Server kick */ -#define vpn_progress(vpninfo, ...) (vpninfo)->progress ((vpninfo)->cbdata, __VA_ARGS__) +#define vpn_progress(vpninfo, ...) (vpninfo)->progress((vpninfo)->cbdata, __VA_ARGS__) /****************************************************************************/ /* Oh Solaris how we hate thee! */ @@ -362,7 +362,7 @@ char *openconnect__strcasestr(const char *haystack, const char *needle); int setup_tun(struct openconnect_info *vpninfo); int tun_mainloop(struct openconnect_info *vpninfo, int *timeout); void shutdown_tun(struct openconnect_info *vpninfo); -int script_config_tun (struct openconnect_info *vpninfo, const char *reason); +int script_config_tun(struct openconnect_info *vpninfo, const char *reason); /* dtls.c */ unsigned char unhex(const char *data); diff --git a/openconnect.h b/openconnect.h index 95cb6e8..2533e2c 100644 --- a/openconnect.h +++ b/openconnect.h @@ -73,7 +73,7 @@ * #define OPENCONNECT_CHECK_VER(x,y) 0 * #endif */ -#define OPENCONNECT_CHECK_VER(maj,min) \ +#define OPENCONNECT_CHECK_VER(maj, min) \ (OPENCONNECT_API_VERSION_MAJOR > (maj) || \ (OPENCONNECT_API_VERSION_MAJOR == (maj) && \ OPENCONNECT_API_VERSION_MINOR >= (min))) @@ -157,42 +157,42 @@ int openconnect_passphrase_from_fsid(struct openconnect_info *vpninfo); int openconnect_obtain_cookie(struct openconnect_info *vpninfo); void openconnect_init_ssl(void); -char *openconnect_get_vpn_name (struct openconnect_info *); -char *openconnect_get_hostname (struct openconnect_info *); -void openconnect_set_hostname (struct openconnect_info *, char *); -char *openconnect_get_urlpath (struct openconnect_info *); -void openconnect_set_urlpath (struct openconnect_info *, char *); +char *openconnect_get_vpn_name(struct openconnect_info *); +char *openconnect_get_hostname(struct openconnect_info *); +void openconnect_set_hostname(struct openconnect_info *, char *); +char *openconnect_get_urlpath(struct openconnect_info *); +void openconnect_set_urlpath(struct openconnect_info *, char *); /* This function does *not* take ownership of the string; it is parsed and then discarded. */ -int openconnect_set_stoken_mode (struct openconnect_info *, - int use_stoken, const char *token_str); +int openconnect_set_stoken_mode(struct openconnect_info *, + int use_stoken, const char *token_str); /* This function does *not* take ownership of the string; it's copied into a static buffer in the vpninfo. The size must be 41 bytes, since that's the size of a 20-byte SHA1 represented as hex with a trailing NUL. */ -void openconnect_set_xmlsha1 (struct openconnect_info *, const char *, int size); +void openconnect_set_xmlsha1(struct openconnect_info *, const char *, int size); -void openconnect_set_cafile (struct openconnect_info *, char *); -void openconnect_setup_csd (struct openconnect_info *, uid_t, int silent, char *wrapper); -int openconnect_set_reported_os (struct openconnect_info *, const char *os); -void openconnect_set_client_cert (struct openconnect_info *, char *cert, char *sslkey); +void openconnect_set_cafile(struct openconnect_info *, char *); +void openconnect_setup_csd(struct openconnect_info *, uid_t, int silent, char *wrapper); +int openconnect_set_reported_os(struct openconnect_info *, const char *os); +void openconnect_set_client_cert(struct openconnect_info *, char *cert, char *sslkey); /* This is *not* yours and must not be destroyed with X509_free(). It * will be valid when a cookie has been obtained successfully, and will * be valid until the connection is destroyed or another attempt it made * to use it. */ -OPENCONNECT_X509 *openconnect_get_peer_cert (struct openconnect_info *); +OPENCONNECT_X509 *openconnect_get_peer_cert(struct openconnect_info *); -int openconnect_get_port (struct openconnect_info *); -char *openconnect_get_cookie (struct openconnect_info *); -void openconnect_clear_cookie (struct openconnect_info *); +int openconnect_get_port(struct openconnect_info *); +char *openconnect_get_cookie(struct openconnect_info *); +void openconnect_clear_cookie(struct openconnect_info *); -void openconnect_reset_ssl (struct openconnect_info *vpninfo); -int openconnect_parse_url (struct openconnect_info *vpninfo, char *url); -void openconnect_set_cert_expiry_warning (struct openconnect_info *vpninfo, - int seconds); +void openconnect_reset_ssl(struct openconnect_info *vpninfo); +int openconnect_parse_url(struct openconnect_info *vpninfo, char *url); +void openconnect_set_cert_expiry_warning(struct openconnect_info *vpninfo, + int seconds); /* If this is set, then openconnect_obtain_cookie() will abort and return failure if the file descriptor is readable. Typically a user may create @@ -203,7 +203,7 @@ void openconnect_set_cert_expiry_warning (struct openconnect_info *vpninfo, has the ability to cancel that call, reap its thread and free the vpninfo structure (or retry). An 'fd' argument of -1 will render the cancellation mechanism inactive. */ -void openconnect_set_cancel_fd (struct openconnect_info *vpninfo, int fd); +void openconnect_set_cancel_fd(struct openconnect_info *vpninfo, int fd); const char *openconnect_get_version(void); @@ -212,7 +212,7 @@ const char *openconnect_get_version(void); or if that argument was NULL then it'll be the vpninfo itself. */ /* When the server's certificate fails validation via the normal means, - this function is called with the offending certificate along with + this function is called with the offending certificate along with a textual reason for the failure (which may not be translated, if it comes directly from OpenSSL, but will be if it is rejected for "certificate does not match hostname", because that check is done @@ -231,7 +231,7 @@ typedef int (*openconnect_validate_peer_cert_vfn) (void *privdata, then the new XML is downloaded and this function is invoked. */ typedef int (*openconnect_write_new_config_vfn) (void *privdata, char *buf, int buflen); -/* Handle an authentication form, requesting input from the user. +/* Handle an authentication form, requesting input from the user. * Return value: * < 0, on error * = 0, when form was parsed and POST required @@ -243,13 +243,13 @@ typedef int (*openconnect_process_auth_form_vfn) (void *privdata, typedef void __attribute__ ((format(printf, 3, 4))) (*openconnect_progress_vfn) (void *privdata, int level, const char *fmt, ...); -struct openconnect_info *openconnect_vpninfo_new (char *useragent, - openconnect_validate_peer_cert_vfn, - openconnect_write_new_config_vfn, - openconnect_process_auth_form_vfn, - openconnect_progress_vfn, - void *privdata); -void openconnect_vpninfo_free (struct openconnect_info *vpninfo); +struct openconnect_info *openconnect_vpninfo_new(char *useragent, + openconnect_validate_peer_cert_vfn, + openconnect_write_new_config_vfn, + openconnect_process_auth_form_vfn, + openconnect_progress_vfn, + void *privdata); +void openconnect_vpninfo_free(struct openconnect_info *vpninfo); /* SSL certificate capabilities. openconnect_has_pkcs11_support() means that we can accept PKCS#11 URLs in place of filenames, for the certificate and key. */ diff --git a/openssl.c b/openssl.c index 58d9e7b..36897f2 100644 --- a/openssl.c +++ b/openssl.c @@ -42,13 +42,13 @@ int openconnect_sha1(unsigned char *result, void *data, int len) { - EVP_MD_CTX c; + EVP_MD_CTX c; - EVP_MD_CTX_init(&c); - EVP_Digest(data, len, result, NULL, EVP_sha1(), NULL); - EVP_MD_CTX_cleanup(&c); + EVP_MD_CTX_init(&c); + EVP_Digest(data, len, result, NULL, EVP_sha1(), NULL); + EVP_MD_CTX_cleanup(&c); - return 0; + return 0; } int openconnect_get_cert_DER(struct openconnect_info *vpninfo, @@ -101,7 +101,7 @@ int openconnect_SSL_write(struct openconnect_info *vpninfo, char *buf, size_t le FD_ZERO(&wr_set); FD_ZERO(&rd_set); - + if (err == SSL_ERROR_WANT_READ) FD_SET(vpninfo->ssl_fd, &rd_set); else if (err == SSL_ERROR_WANT_WRITE) @@ -138,7 +138,7 @@ int openconnect_SSL_read(struct openconnect_info *vpninfo, char *buf, size_t len FD_ZERO(&wr_set); FD_ZERO(&rd_set); - + if (err == SSL_ERROR_WANT_READ) FD_SET(vpninfo->ssl_fd, &rd_set); else if (err == SSL_ERROR_WANT_WRITE) @@ -191,10 +191,10 @@ int openconnect_SSL_gets(struct openconnect_info *vpninfo, char *buf, size_t len } else { fd_set rd_set, wr_set; int maxfd = vpninfo->ssl_fd; - + FD_ZERO(&rd_set); FD_ZERO(&wr_set); - + ret = SSL_get_error(vpninfo->https_ssl, ret); if (ret == SSL_ERROR_WANT_READ) FD_SET(vpninfo->ssl_fd, &rd_set); @@ -249,7 +249,7 @@ static int ui_open(UI *ui) if (!vpninfo || !vpninfo->process_auth_form) return 0; - + ui_data = malloc(sizeof(*ui_data)); if (!ui_data) return 0; @@ -268,7 +268,7 @@ static int ui_write(UI *ui, UI_STRING *uis) struct ui_data *ui_data = UI_get0_user_data(ui); struct ui_form_opt *opt; - switch(UI_get_string_type(uis)) { + switch (UI_get_string_type(uis)) { case UIT_ERROR: ui_data->form.error = (char *)UI_get0_output_string(uis); break; @@ -356,7 +356,7 @@ static UI_METHOD *create_openssl_ui(struct openconnect_info *vpninfo) and *both* manage to be within that short window of time between setting ui_vpninfo and invoking ui_open() to fetch the PIN, then one connection's ->process_auth_form() could - get a PIN request for the *other* connection. + get a PIN request for the *other* connection. However, the only thing that ever does run libopenconnect more than once from the same process is KDE's NetworkManager support, @@ -667,7 +667,7 @@ static int load_certificate(struct openconnect_info *vpninfo) _("This binary built without PKCS#11 support\n")); return -EINVAL; } - + vpn_progress(vpninfo, PRG_TRACE, _("Using certificate file %s\n"), vpninfo->cert); @@ -822,7 +822,7 @@ static int get_cert_fingerprint(struct openconnect_info *vpninfo, if (!X509_digest(cert, type, md, &n)) return -ENOMEM; - for (i=0; i < n; i++) + for (i = 0; i < n; i++) sprintf(&buf[i*2], "%02X", md[i]); return 0; @@ -879,7 +879,7 @@ static int match_hostname_elem(const char *hostname, int helem_len, } /* From the NetBSD (5.1) man page for ctype(3): - Values of type char or signed char must first be cast to unsigned char, + Values of type char or signed char must first be cast to unsigned char, to ensure that the values are within the correct range. The result should then be cast to int to avoid warnings from some compilers. We do indeed get warning "array subscript has type 'char'" without @@ -900,7 +900,7 @@ static int match_hostname(const char *hostname, const char *match) h_dot = strchr(hostname, '.'); m_dot = strchr(match, '.'); - + if (h_dot && m_dot) { helem_len = h_dot - hostname + 1; melem_len = m_dot - match + 1; @@ -996,7 +996,7 @@ static int match_cert_hostname(struct openconnect_info *vpninfo, X509 *peer_cert this->d.ip->length); continue; } - + /* We only do this for the debug messages */ inet_ntop(family, this->d.ip->data, host, sizeof(host)); @@ -1004,14 +1004,14 @@ static int match_cert_hostname(struct openconnect_info *vpninfo, X509 *peer_cert !memcmp(addrbuf, this->d.ip->data, addrlen)) { vpn_progress(vpninfo, PRG_TRACE, _("Matched %s address '%s'\n"), - (family == AF_INET6)?"IPv6":"IPv4", + (family == AF_INET6) ? "IPv6" : "IPv4", host); GENERAL_NAMES_free(altnames); return 0; } else { vpn_progress(vpninfo, PRG_TRACE, _("No match for %s address '%s'\n"), - (family == AF_INET6)?"IPv6":"IPv4", + (family == AF_INET6) ? "IPv6" : "IPv4", host); } } else if (this->type == GEN_URI) { @@ -1127,7 +1127,7 @@ static int match_cert_hostname(struct openconnect_info *vpninfo, X509 *peer_cert subjstr); } - OPENSSL_free(subjstr); + OPENSSL_free(subjstr); return ret; } @@ -1290,7 +1290,7 @@ int openconnect_open_https(struct openconnect_info *vpninfo) /* Some servers (or their firewalls) really don't like seeing extensions. */ #ifdef SSL_OP_NO_TICKET - SSL_CTX_set_options (vpninfo->https_ctx, SSL_OP_NO_TICKET); + SSL_CTX_set_options(vpninfo->https_ctx, SSL_OP_NO_TICKET); #endif if (vpninfo->cert) { @@ -1307,8 +1307,8 @@ int openconnect_open_https(struct openconnect_info *vpninfo) } /* We just want to do: - SSL_CTX_set_purpose(vpninfo->https_ctx, X509_PURPOSE_ANY); - ... but it doesn't work with OpenSSL < 0.9.8k because of + SSL_CTX_set_purpose(vpninfo->https_ctx, X509_PURPOSE_ANY); + ... but it doesn't work with OpenSSL < 0.9.8k because of problems with inheritance (fixed in v1.1.4.6 of crypto/x509/x509_vpm.c) so we have to play silly buggers instead. This trick doesn't work _either_ in < 0.9.7 but @@ -1469,10 +1469,10 @@ void openconnect_close_https(struct openconnect_info *vpninfo, int final) void openconnect_init_ssl(void) { - SSL_library_init (); - ERR_clear_error (); - SSL_load_error_strings (); - OpenSSL_add_all_algorithms (); + SSL_library_init(); + ERR_clear_error(); + SSL_load_error_strings(); + OpenSSL_add_all_algorithms(); } char *openconnect_get_cert_details(struct openconnect_info *vpninfo, diff --git a/ssl.c b/ssl.c index 9afc9a5..5d40a64 100644 --- a/ssl.c +++ b/ssl.c @@ -78,7 +78,7 @@ static int cancellable_connect(struct openconnect_info *vpninfo, int sockfd, if (vpninfo->cancel_fd > sockfd) maxfd = vpninfo->cancel_fd; } - + /* Later we'll render this whole exercise non-pointless by including a 'cancelfd' here too. */ select(maxfd + 1, &rd_set, &wr_set, NULL, NULL); @@ -87,7 +87,7 @@ static int cancellable_connect(struct openconnect_info *vpninfo, int sockfd, errno = EINTR; return -1; } - + /* Check whether connect() succeeded or failed by using getpeername(). See http://cr.yp.to/docs/connect.html */ return getpeername(sockfd, (void *)&peer, &peerlen); @@ -227,12 +227,12 @@ int connect_https_socket(struct openconnect_info *vpninfo) host[0] = 0; if (!getnameinfo(rp->ai_addr, rp->ai_addrlen, host, sizeof(host), NULL, 0, NI_NUMERICHOST)) - vpn_progress(vpninfo, PRG_INFO, vpninfo->proxy_type? - _("Attempting to connect to proxy %s%s%s:%s\n"): + vpn_progress(vpninfo, PRG_INFO, vpninfo->proxy_type ? + _("Attempting to connect to proxy %s%s%s:%s\n") : _("Attempting to connect to server %s%s%s:%s\n"), - rp->ai_family == AF_INET6?"[":"", + rp->ai_family == AF_INET6 ? "[" : "", host, - rp->ai_family == AF_INET6?"]":"", + rp->ai_family == AF_INET6 ? "]" : "", port); ssl_sock = socket(rp->ai_family, rp->ai_socktype, @@ -274,7 +274,7 @@ int connect_https_socket(struct openconnect_info *vpninfo) ssl_sock = -1; } freeaddrinfo(result); - + if (ssl_sock < 0) { vpn_progress(vpninfo, PRG_ERR, _("Failed to connect to host %s\n"), diff --git a/tun.c b/tun.c index 4685dfb..7f711a5 100644 --- a/tun.c +++ b/tun.c @@ -53,7 +53,7 @@ #include "openconnect-internal.h" /* - * If an if_tun.h include file was found anywhere (by the Makefile), it's + * If an if_tun.h include file was found anywhere (by the Makefile), it's * included. Else, we end up assuming that we have BSD-style devices such * as /dev/tun0 etc. */ @@ -126,7 +126,7 @@ static int process_split_xxclude(struct openconnect_info *vpninfo, int *v6_incs) { struct in_addr addr; - const char *in_ex = include?"IN":"EX"; + const char *in_ex = include ? "IN" : "EX"; char envname[80]; char *slash; @@ -158,7 +158,7 @@ static int process_split_xxclude(struct openconnect_info *vpninfo, (*v6_incs)++; return 0; } - + if (!inet_aton(route, &addr)) { *slash = '/'; goto badinc; @@ -233,20 +233,20 @@ static void set_banner(struct openconnect_info *vpninfo) } p = vpninfo->banner; q = banner; - + while (*p) { if (*p == '%' && isxdigit((int)(unsigned char)p[1]) && isxdigit((int)(unsigned char)p[2])) { *(q++) = unhex(p + 1); p += 3; - } else + } else *(q++) = *(p++); } *q = 0; setenv("CISCO_BANNER", banner, 1); free(banner); -} +} static void set_script_env(struct openconnect_info *vpninfo) { @@ -786,7 +786,7 @@ int tun_mainloop(struct openconnect_info *vpninfo, int *timeout) } void shutdown_tun(struct openconnect_info *vpninfo) -{ +{ if (vpninfo->script_tun) { /* nuke the whole process group */ kill(-vpninfo->script_tun, SIGHUP); -- 1.7.3.4