[PATCH/RFC V2 17/26] library: Add get/set functions for servercert, ifname, reqmtu

Kevin Cernekee cernekee at gmail.com
Sun Aug 11 21:49:18 EDT 2013 

This allows all connection parameters used by nm-openconnect to be set
through the library API.

Signed-off-by: Kevin Cernekee <cernekee at gmail.com>
---
 libopenconnect.map.in  |    3 +++
 library.c              |   18 +++++++++++++++++-
 main.c                 |   18 ++++++++++--------
 openconnect-internal.h |    4 ++--
 openconnect.h          |    3 +++
 5 files changed, 35 insertions(+), 11 deletions(-)

diff --git a/libopenconnect.map.in b/libopenconnect.map.in
index c6aba18..0b0bf74 100644
--- a/libopenconnect.map.in
+++ b/libopenconnect.map.in
@@ -52,6 +52,9 @@ OPENCONNECT_2.3 {
 	openconnect_setup_tun_fd;
 	openconnect_setup_dtls;
 	openconnect_make_cstp_connection;
+	openconnect_set_server_cert_sha1;
+	openconnect_get_ifname;
+	openconnect_set_reqmtu;
 } OPENCONNECT_2.2;
 
 OPENCONNECT_PRIVATE {
diff --git a/library.c b/library.c
index 9b4cb89..7d59cd5 100644
--- a/library.c
+++ b/library.c
@@ -139,6 +139,8 @@ void openconnect_vpninfo_free(struct openconnect_info *vpninfo)
 	free(vpninfo->proxy_type);
 	free(vpninfo->proxy);
 	free(vpninfo->vpnc_script);
+	free(vpninfo->cafile);
+	free(vpninfo->servercert);
 	free(vpninfo->ifname);
 
 	if (vpninfo->csd_scriptname) {
@@ -157,7 +159,6 @@ void openconnect_vpninfo_free(struct openconnect_info *vpninfo)
 	/* These are const in openconnect itself, but for consistency of
 	   the library API we do take ownership of the strings we're given,
 	   and thus we have to free them too. */
-	free((void *)vpninfo->cafile);
 	if (vpninfo->cert != vpninfo->sslkey)
 		free((void *)vpninfo->sslkey);
 	free((void *)vpninfo->cert);
@@ -226,6 +227,21 @@ void openconnect_set_cafile(struct openconnect_info *vpninfo, char *cafile)
 	vpninfo->cafile = cafile;
 }
 
+void openconnect_set_server_cert_sha1(struct openconnect_info *vpninfo, char *servercert)
+{
+	vpninfo->servercert = servercert;
+}
+
+const char *openconnect_get_ifname(struct openconnect_info *vpninfo)
+{
+	return vpninfo->ifname;
+}
+
+void openconnect_set_reqmtu(struct openconnect_info *vpninfo, int reqmtu)
+{
+	vpninfo->reqmtu = reqmtu;
+}
+
 void openconnect_setup_csd(struct openconnect_info *vpninfo, uid_t uid, int silent, char *wrapper)
 {
 	vpninfo->uid_csd = uid;
diff --git a/main.c b/main.c
index afcefb2..ce72622 100644
--- a/main.c
+++ b/main.c
@@ -544,13 +544,13 @@ int main(int argc, char **argv)
 			/* The next option will come from the file... */
 			break;
 		case OPT_CAFILE:
-			vpninfo->cafile = keep_config_arg();
+			openconnect_set_cafile(vpninfo, xstrdup(config_arg));
 			break;
 		case OPT_PIDFILE:
 			pidfile = keep_config_arg();
 			break;
 		case OPT_SERVERCERT:
-			vpninfo->servercert = keep_config_arg();
+			openconnect_set_server_cert_sha1(vpninfo, xstrdup(config_arg));
 			break;
 		case OPT_NO_DTLS:
 			use_dtls = 0;
@@ -624,13 +624,15 @@ int main(int argc, char **argv)
 		case 'l':
 			use_syslog = 1;
 			break;
-		case 'm':
-			vpninfo->reqmtu = atol(config_arg);
-			if (vpninfo->reqmtu < 576) {
-				fprintf(stderr, _("MTU %d too small\n"), vpninfo->reqmtu);
-				vpninfo->reqmtu = 576;
+		case 'm': {
+			int mtu = atol(config_arg);
+			if (mtu < 576) {
+				fprintf(stderr, _("MTU %d too small\n"), mtu);
+				mtu = 576;
 			}
+			openconnect_set_reqmtu(vpninfo, mtu);
 			break;
+		}
 		case OPT_BASEMTU:
 			vpninfo->basemtu = atol(config_arg);
 			if (vpninfo->basemtu < 576) {
@@ -905,7 +907,7 @@ int main(int argc, char **argv)
 		fprintf(stderr, _("Set up DTLS failed; using SSL instead\n"));
 
 	vpn_progress(vpninfo, PRG_INFO,
-		     _("Connected %s as %s%s%s, using %s\n"), vpninfo->ifname,
+		     _("Connected %s as %s%s%s, using %s\n"), openconnect_get_ifname(vpninfo),
 		     vpninfo->vpn_addr?:"",
 		     (vpninfo->vpn_addr6 && vpninfo->vpn_addr) ? " + " : "",
 		     vpninfo->vpn_addr6 ? : "",
diff --git a/openconnect-internal.h b/openconnect-internal.h
index 7580264..db90ae6 100644
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -167,8 +167,8 @@ struct openconnect_info {
 	const char *sslkey;
 	int cert_type;
 	char *cert_password;
-	const char *cafile;
-	const char *servercert;
+	char *cafile;
+	char *servercert;
 	const char *xmlconfig;
 	char xmlsha1[(SHA1_SIZE * 2) + 1];
 	char *username;
diff --git a/openconnect.h b/openconnect.h
index 3a64ba7..7a55f1f 100644
--- a/openconnect.h
+++ b/openconnect.h
@@ -190,6 +190,9 @@ void openconnect_set_cafile(struct openconnect_info *, char *);
 void openconnect_setup_csd(struct openconnect_info *, uid_t, int silent, char *wrapper);
 int openconnect_set_reported_os(struct openconnect_info *, const char *os);
 void openconnect_set_client_cert(struct openconnect_info *, char *cert, char *sslkey);
+void openconnect_set_server_cert_sha1(struct openconnect_info *, char *);
+const char *openconnect_get_ifname(struct openconnect_info *);
+void openconnect_set_reqmtu(struct openconnect_info *, int reqmtu);
 
 /* This is *not* yours and must not be destroyed with X509_free(). It
  * will be valid when a cookie has been obtained successfully, and will
-- 
1.7.9.5

More information about the openconnect-devel mailing list