Add a new public function, openconnect_get_supported_protocols(), which returns a list of protocols supported by the client. Each supported protocol has a short name (as accepted by the --protocol command-line option), description, and list of flags. The flags indicate features that are meaningful for this protocol, to be used by tools like the Networkmanager configuration UI. Current flags: * OC_PROTO_PROXY: can connect via HTTP or SOCKS proxy * OC_PROTO_CSD: supports verification of the client via CSD trojan * OC_PROTO_AUTH_CERT: supports authentication by client certificate * OC_PROTO_AUTH_OTP: supports authentication by OATH HOTP/TOTP token * OC_PROTO_AUTH_STOKEN: supports authentication by RSA SecurID token (stoken) Description of anyconnect protocol adjusted to match IETF draft standard for openconnect VPN (https://tools.ietf.org/html/draft-mavrogiannopoulos-openconnect-00). Signed-off-by: Daniel Lenski <dlenski at gmail.com> --- libopenconnect.map.in | 5 +++++ library.c | 23 +++++++++++++++++++++++ openconnect-internal.h | 2 ++ openconnect.h | 20 ++++++++++++++++++++ 4 files changed, 50 insertions(+) diff --git a/libopenconnect.map.in b/libopenconnect.map.in index 44eea34..749466c 100644 --- a/libopenconnect.map.in +++ b/libopenconnect.map.in @@ -92,6 +92,11 @@ OPENCONNECT_5_4 { openconnect_set_pass_tos; } OPENCONNECT_5_3; +OPENCONNECT_5_5 { + global: + openconnect_get_supported_protocols; +} OPENCONNECT_5_4; + OPENCONNECT_PRIVATE { global: @SYMVER_TIME@ @SYMVER_GETLINE@ @SYMVER_JAVA@ @SYMVER_ASPRINTF@ @SYMVER_VASPRINTF@ @SYMVER_WIN32_STRERROR@ openconnect_fopen_utf8; diff --git a/library.c b/library.c index 55a0dca..becf8c8 100644 --- a/library.c +++ b/library.c @@ -109,6 +109,8 @@ err: const struct vpn_proto openconnect_protos[] = { { .name = "anyconnect", + .description = "Cisco AnyConnect or openconnect", + .flags = OC_PROTO_PROXY | OC_PROTO_CSD | OC_PROTO_AUTH_CERT | OC_PROTO_AUTH_OTP | OC_PROTO_AUTH_STOKEN, .vpn_close_session = cstp_bye, .tcp_connect = cstp_connect, .tcp_mainloop = cstp_mainloop, @@ -122,6 +124,8 @@ const struct vpn_proto openconnect_protos[] = { #endif }, { .name = "nc", + .description = "Juniper Network Connect (also supported by Junos Pulse servers)", + .flags = OC_PROTO_PROXY | OC_PROTO_CSD | OC_PROTO_AUTH_CERT | OC_PROTO_AUTH_OTP, .vpn_close_session = NULL, .tcp_connect = oncp_connect, .tcp_mainloop = oncp_mainloop, @@ -154,6 +160,23 @@ const struct vpn_proto openconnect_protos[] = { { /* NULL */ } }; +int openconnect_get_supported_protocols(struct oc_vpn_proto **protos) +{ + struct oc_vpn_proto *pr; + const struct vpn_proto *p; + + *protos = pr = calloc(sizeof(openconnect_protos)/sizeof(*openconnect_protos), sizeof(*pr)); + if (!pr) + return -ENOMEM; + + for (p = openconnect_protos; p->name; p++, pr++) { + pr->name = p->name; + pr->description = p->description; + pr->flags = p->flags; + } + return 0; +} + int openconnect_set_protocol(struct openconnect_info *vpninfo, const char *protocol) { const struct vpn_proto *p; diff --git a/openconnect-internal.h b/openconnect-internal.h index 1ab73c5..a7a4740 100644 --- a/openconnect-internal.h +++ b/openconnect-internal.h @@ -257,6 +257,8 @@ struct http_auth_state { struct vpn_proto { const char *name; + const char *description; + unsigned int flags; int (*vpn_close_session)(struct openconnect_info *vpninfo, const char *reason); /* This does the full authentication, calling back as appropriate */ diff --git a/openconnect.h b/openconnect.h index c621765..5e42cd8 100644 --- a/openconnect.h +++ b/openconnect.h @@ -36,6 +36,9 @@ extern "C" { #define OPENCONNECT_API_VERSION_MINOR 4 /* + * API version 5.5: + * - Add openconnect_get_supported_protocols() + * * API version 5.4: * - Add openconnect_set_pass_tos() * @@ -166,6 +169,22 @@ extern "C" { /****************************************************************************/ +/* Enumeration of supported VPN protocols */ + +#define OC_PROTO_PROXY (1<<0) +#define OC_PROTO_CSD (1<<1) +#define OC_PROTO_AUTH_CERT (1<<2) +#define OC_PROTO_AUTH_OTP (1<<4) +#define OC_PROTO_AUTH_STOKEN (1<<8) + +struct oc_vpn_proto { + const char *name; + const char *description; + unsigned int flags; +}; + +/****************************************************************************/ + /* Authentication form processing */ #define OC_FORM_OPT_TEXT 1 @@ -640,6 +659,7 @@ int openconnect_has_oath_support(void); int openconnect_has_yubioath_support(void); int openconnect_has_system_key_support(void); +int openconnect_get_supported_protocols(struct oc_vpn_proto **protos); int openconnect_set_protocol(struct openconnect_info *vpninfo, const char *protocol); struct addrinfo; -- 2.7.4