diff options
| author | Kevin Cernekee <cernekee@gmail.com> | 2012-10-13 10:46:18 -0700 |
|---|---|---|
| committer | Kevin Cernekee <cernekee@gmail.com> | 2012-10-14 20:10:26 -0700 |
| commit | 31f83eca7b8203a6a125abd58bc63ef2e97fe239 (patch) | |
| tree | dd2ae6dfb109310f1ee124b04a02d9d9392f370e | |
| parent | b8a981a8e1e146f6804b38407db6667525331177 (diff) | |
| download | openconnect-31f83eca7b8203a6a125abd58bc63ef2e97fe239.tar.gz openconnect-31f83eca7b8203a6a125abd58bc63ef2e97fe239.tar.bz2 openconnect-31f83eca7b8203a6a125abd58bc63ef2e97fe239.zip | |
stoken: Add software token functions to library API; bump to v2.1
openconnect_has_stoken_support(): returns 1 if the library was linked
with libstoken.
openconnect_set_stoken_mode(): enables/disables tokencode generation,
and tells the library how to locate the seed. Unless this function is
called, the library will not try to use a soft token.
Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
| -rw-r--r-- | libopenconnect.map.in | 8 | ||||
| -rw-r--r-- | library.c | 61 | ||||
| -rw-r--r-- | openconnect-internal.h | 13 | ||||
| -rw-r--r-- | openconnect.h | 13 |
4 files changed, 93 insertions, 2 deletions
diff --git a/libopenconnect.map.in b/libopenconnect.map.in index 0048334..2539335 100644 --- a/libopenconnect.map.in +++ b/libopenconnect.map.in @@ -1,5 +1,11 @@ +OPENCONNECT_2.1 { + global: + openconnect_has_stoken_support; + openconnect_set_stoken_mode; +}; + OPENCONNECT_2.0 { - global: + global: openconnect_clear_cookie; openconnect_get_cert_sha1; openconnect_get_cookie; @@ -26,6 +26,10 @@ #include <errno.h> #include <stdlib.h> +#ifdef LIBSTOKEN_HDR +#include LIBSTOKEN_HDR +#endif + #include "openconnect-internal.h" struct openconnect_info *openconnect_vpninfo_new (char *useragent, @@ -104,6 +108,12 @@ void openconnect_vpninfo_free (struct openconnect_info *vpninfo) vpninfo->peer_cert = NULL; } free(vpninfo->useragent); +#ifdef LIBSTOKEN_HDR + if (vpninfo->stoken_pin) + free(vpninfo->stoken_pin); + if (vpninfo->stoken_ctx) + stoken_destroy(vpninfo->stoken_ctx); +#endif /* No need to free deflate streams; they weren't initialised */ free(vpninfo); } @@ -265,3 +275,54 @@ int openconnect_has_tss_blob_support(void) #endif return 0; } + +int openconnect_has_stoken_support(void) +{ +#ifdef LIBSTOKEN_HDR + return 1; +#else + return 0; +#endif +} + +/* + * Enable software token generation if use_stoken == 1. + * + * If token_str is not NULL, try to parse the string. Otherwise, try to read + * the token data from ~/.stokenrc + * + * Return value: + * = -EOPNOTSUPP, if libstoken is not available + * = -EINVAL, if the token string is invalid (token_str was provided) + * = -ENOENT, if ~/.stokenrc is missing (token_str was NULL) + * = -EIO, for other libstoken failures + * = 0, on success + */ +int openconnect_set_stoken_mode (struct openconnect_info *vpninfo, + int use_stoken, const char *token_str) +{ +#ifdef LIBSTOKEN_HDR + int ret; + + vpninfo->use_stoken = 0; + if (!use_stoken) + return 0; + + if (!vpninfo->stoken_ctx) { + vpninfo->stoken_ctx = stoken_new(); + if (!vpninfo->stoken_ctx) + return -EIO; + } + + ret = token_str ? + stoken_import_string(vpninfo->stoken_ctx, token_str) : + stoken_import_rcfile(vpninfo->stoken_ctx, NULL); + if (ret) + return ret; + + vpninfo->use_stoken = 1; + return 0; +#else + return -EOPNOTSUPP; +#endif +} diff --git a/openconnect-internal.h b/openconnect-internal.h index 5b0b44a..4b88920 100644 --- a/openconnect-internal.h +++ b/openconnect-internal.h @@ -61,6 +61,10 @@ #include LIBPROXY_HDR #endif +#ifdef LIBSTOKEN_HDR +#include LIBSTOKEN_HDR +#endif + #ifdef ENABLE_NLS #include <locale.h> #include <libintl.h> @@ -166,6 +170,15 @@ struct openconnect_info { int uid_csd_given; int no_http_keepalive; +#ifdef LIBSTOKEN_HDR + struct stoken_ctx *stoken_ctx; +#endif + int use_stoken; + int stoken_bypassed; + int stoken_tries; + time_t stoken_time; + char *stoken_pin; + OPENCONNECT_X509 *peer_cert; char *cookie; /* Pointer to within cookies list */ diff --git a/openconnect.h b/openconnect.h index c4a0075..dd89bd9 100644 --- a/openconnect.h +++ b/openconnect.h @@ -31,9 +31,12 @@ #include <unistd.h> #define OPENCONNECT_API_VERSION_MAJOR 2 -#define OPENCONNECT_API_VERSION_MINOR 0 +#define OPENCONNECT_API_VERSION_MINOR 1 /* + * API version 2.1: + * - Add openconnect_set_stoken_mode(), openconnect_has_stoken_support() + * * API version 2.0: * - OPENCONNECT_X509 is now an opaque type. * - Add openconnect_has_pkcs11_support(), openconnect_has_tss_blob_support() @@ -158,6 +161,11 @@ void openconnect_set_hostname (struct openconnect_info *, char *); char *openconnect_get_urlpath (struct openconnect_info *); void openconnect_set_urlpath (struct openconnect_info *, char *); +/* This function does *not* take ownership of the string; it is parsed + and then discarded. */ +int openconnect_set_stoken_mode (struct openconnect_info *, + int use_stoken, const char *token_str); + /* This function does *not* take ownership of the string; it's copied into a static buffer in the vpninfo. The size must be 41 bytes, since that's the size of a 20-byte SHA1 represented as hex with @@ -249,4 +257,7 @@ int openconnect_has_pkcs11_support(void); in the near future. */ int openconnect_has_tss_blob_support(void); +/* Software token capabilities. */ +int openconnect_has_stoken_support(void); + #endif /* __OPENCONNECT_H__ */ |