V6->V7: Rebase on top of v5.02. Fix regressions: - Close CSTP socket after a failed connection attempt. exit() used to do this for us, but the library no longer calls exit(). - Terminate the mainloop if we get a 401 Unauthorized (dead cookie) response on reconnect. exit() used to do this too. - Restore original CLI exit code 2 behavior on 401 Unauthorized. Other changes: - API: Get rid of oc_auth_form->authgroup_field, in favor of making authgroup_opt public. This makes life easier for the library users, as they no longer need to iterate through the option list. - Refactor CLI process_auth_form_cb() and fix NEWGROUP handling. - Allow case-insensitive partial-word matching and retry-on-typo in the authgroup picker CLI. - Correct Mac OS platform name (affects both CLI and API). Document all supported OS names in openconnect.h and in the man page. - Have the library clean up any partially completed forms (free opt->value) if the process_auth_form callback returns an error. - Don't close tun_fd if it was supplied by the caller. When the Android VpnService cleans up after a connection, it will try closing this fd itself; if another file happened to be opened under the same fd it causes bizarre, hard-to-debug problems. - Close DTLS sockets when freeing the library instance. - Change openconnect_mainloop() return status to provide more helpful error codes. - Fix minor memory leaks. My Android front-end is now posted at: https://f-droid.org/repository/browse/?fdid=app.openconnect in case anyone is interested in testing, contributing, or drawing a nicer icon. The following changes since commit e39abb44e12f7bd46cf0302c510f67d432f1a75c: Tag version 5.02 (2014-01-01 23:14:26 +0000) are available in the git repository at: git://github.com/cernekee/openconnect jni-v7 for you to fetch changes up to 2695c65bf752c060d2e5c884c530bb0c30c37745: Fix a few minor memory leaks (2014-01-12 16:10:20 -0800) ---------------------------------------------------------------- Kevin Cernekee (68): library: Use named constants for process_auth_form() return value main: Rename process_auth_form() to avoid conflict with library Create a common process_auth_form() wrapper function auth: Remove outdated comment for parse_auth_choice() auth: Introduce free_opt() helper function library: Change oc_form_opt_select->choices to a pointer array auth: Provide information on which auth choice is currently selected process_auth_form: Add code to support NEWGROUP return status from UI main: Extend read_stdin() to accept hidden (password) input main: Split process_auth_form_cb() into smaller functions main: Make the authgroup picker CLI more user-friendly auth: Parse second-auth-related properties from the auth form auth: Hide unused form fields based on the selected authgroup Revert "auth: Temporarily disable XML POST if an authgroup dropdown exists" library: Bump API version to 3.0 and document changes main: Update CLI to handle hidden fields and NEWGROUP main: Avoid infinite "303 See Other" loops on certificate-only authgroups main: Don't free password if it isn't used in the first auth form library: Clean up partially completed auth forms on error Unconditionally redirect CSD stdout to stderr ssl: Set FD_CLOEXEC on all sockets gnutls: Remove unused local variable Introduce new helper functions for cancel_fd checking library: Rename cancel_fd to cmd_fd library: Add new openconnect_setup_cmd_pipe() call Add new helper functions to support cmd_fd feature Temporarily build ssl.c + deps into the main executable Move signal handling out of mainloop cstp: Propagate error status up to the mainloop mainloop: Convert vpn_mainloop() into a library function dtls: Add dtls_close() helper function and call it on library cleanup mainloop: Add OC_CMD_PAUSE operation main: Introduce xstrdup() function tun: Export setup_tun() functionality Move vpninfo default settings into library library: Check for failed allocations in openconnect_vpninfo_new() dtls: Export setup_dtls() function cstp: Export make_cstp_connection() library: Move the mainloop guts into libopenconnect library: Update openconnect.pc.in cstp: Close socket after failed connection attempt tun, cstp: Don't exit() on failure library: Free zlib state cstp: Clean up split include/exclude/DNS lists when freeing vpninfo library: Add get/set functions for servercert, ifname, reqmtu library: Move IP information into a public struct library: Make vpn_option a public struct library: Export VPN configuration info to callers library: Add protect_socket callback library: Add support for mobile headers library: Add openconnect_set_xmlpost() to support different CSD modes library: Add new callback for obtaining TX/RX statistics ssl: Don't let cmd_fd activity break timeouts library: Update changelog and bump minor version main: Add openconnect_vpninfo_free() on a couple of exit paths buildsys: Allow overriding -W flags acinclude: Add AX_JNI_INCLUDE_DIR macro JNI: Initial commit of C wrapper functions JNI: Initial commit of Java library + example program android: Enable JNI in build android: Add libstoken to build android: Add liboath to build android: Add "sources" target main: Add --timestamp option library: Fix incorrect platform ID for Mac Update documentation/help with the correct "--os" names www: Update changelog Fix a few minor memory leaks .gitignore | 1 + Makefile.am | 25 +- acinclude.m4 | 125 +++ android/0001-Remove-call-to-mlockall.patch | 33 + ...-fflush-freadahead-fseeko-Fix-for-Android.patch | 43 + android/Makefile | 111 +- auth.c | 236 ++-- configure.ac | 48 +- cstp.c | 177 +-- dtls.c | 119 +-- gnutls.c | 40 +- http.c | 65 +- java/.gitignore | 2 + java/README | 22 + java/build.xml | 33 + java/src/com/example/LibTest.java | 246 +++++ .../infradead/libopenconnect/LibOpenConnect.java | 278 +++++ jni.c | 1128 ++++++++++++++++++++ libopenconnect.map.in | 32 +- library.c | 137 ++- main.c | 491 +++++---- mainloop.c | 68 +- openconnect-internal.h | 68 +- openconnect.8.in | 19 +- openconnect.h | 146 ++- openconnect.pc.in | 2 +- openssl.c | 38 +- ssl.c | 101 +- tun.c | 198 ++-- www/changelog.xml | 7 +- 30 files changed, 3314 insertions(+), 725 deletions(-) create mode 100644 android/0001-Remove-call-to-mlockall.patch create mode 100644 android/0001-fflush-freadahead-fseeko-Fix-for-Android.patch create mode 100644 java/.gitignore create mode 100644 java/README create mode 100644 java/build.xml create mode 100644 java/src/com/example/LibTest.java create mode 100644 java/src/org/infradead/libopenconnect/LibOpenConnect.java create mode 100644 jni.c -- 1.7.9.5
