[GIT PULL V6] Library/Android/JNI improvements

Kevin Cernekee cernekee at gmail.com
Mon Dec 30 20:48:18 EST 2013


Reorder commits to put possible 5.10 (?) bugfix release items in front,
followed by new features.

New bugfix: fix --cookie-on-stdin so it works with ocserv cookies,
allowing network-manager-openconnect to connect to ocserv gateways.

New bugfix: always redirect CSD trojan stdout to stderr, so --cookieonly
works properly with CSD.

New bugfix: set FD_CLOEXEC on CSTP sockets so they don't get passed to
the tun script.

New bugfix: don't leak name/label strings on parse_auth_choice() error

New bugfix: don't leak HTTP request buffer if the connection cannot be

Rework auth form changes again per David's latest feedback; rev the
library to libopenconnect.so.3.  Lightly tested with
network-manager-openconnect and with Android ics-openconnect.

New API versions:

 - OPENCONNECT_3.0 just covers the auth form changes, intended for a
   bugfix release.

 - OPENCONNECT_3.1 covers the new functions added for JNI support and
   the more invasive library changes.

Fix mishandling of authgroup responses in CLI (main.c).

Provide a reference for the Android MIPS NDK link bug.

Add --timestamp option (this is slightly nicer than using
annotate-output since the latter breaks interactive prompts).

Change OC_CMD_RECONNECT to OC_CMD_PAUSE, allowing the mainloop to be
started and stopped at will.  This helps prevent unnecessary wakeups on
mobile devices, while still allowing the login session to remain active
for extended periods of time.

Add OC_CMD_STATS, to query TX/RX stats without exiting the mainloop.

Fix more reference leaks in the JNI code.

Fix off-by-one select() nfds argument in mainloop.

Fix JNI assignment of opt->value on SELECT dropdowns.

Add CLI logic to avoid infinite loops if we select a certificate-only
authgroup and the login fails.

Extend setCSDWrapper() to set $PATH, as Java is missing setenv().  Make
both TMPDIR and PATH optional (null-able).

Extend the new openconnect_get_ip_info() library call so that it also
returns the X-{CSTP,DTLS} options.  This can be useful for
enabling/disabling random features like smartcard removal disconnect,
and knowing the session/idle/DPD timeouts also lets the frontend make
more intelligent decisions about how to keep the session alive.

The following changes since commit 3cb5435da91e263e2dc7e3aa4f54488ae43dd5c4:

  auth: Add <group-access> node to XML POST initial request (2013-12-30 22:13:36 +0000)

are available in the git repository at:

  git://github.com/cernekee/openconnect jni-20131230

for you to fetch changes up to 5550734cb9a7ffdf83ee73bbdd1ec07c8b0df522:

  main: Add --timestamp option (2013-12-30 16:06:58 -0800)

Kevin Cernekee (61):
      android: Fix broken ARCH=mips build
      library: Use named constants for process_auth_form() return value
      main: Rename process_auth_form() to avoid conflict with library
      Create a common process_auth_form() wrapper function
      auth: Remove outdated comment for parse_auth_choice()
      auth: Introduce free_opt() helper function
      library: Change oc_form_opt_select->choices to a pointer array
      auth: Provide information on which auth choice is currently selected
      process_auth_form: Add code to support NEWGROUP return status from UI
      auth: Parse second-auth-related properties from the auth form
      auth: Hide unused form fields based on the selected authgroup
      main: Avoid infinite "303 See Other" loops on certificate-only authgroups
      library: Bump API version to 3.0 and document changes
      Unconditionally redirect CSD stdout to stderr
      dtls: Don't send packets to a dead socket during rekeying
      main: --cookie-on-stdin doesn't work with ocserv cookies
      ssl: Set FD_CLOEXEC on all sockets
      www: Fix quoting in v5.01 changelog
      www: Update changelog
      gnutls: Remove unused local variable
      http: Don't leak HTTP request buffer on failed connections

<<< end of bugfix commits >>>

      Introduce new helper functions for cancel_fd checking
      library: Rename cancel_fd to cmd_fd
      library: Add new openconnect_setup_cmd_pipe() call
      Add new helper functions to support cmd_fd feature
      Move signal handling out of mainloop
      mainloop: Convert vpn_mainloop() into a library function
      dtls: Add dtls_close() helper function
      mainloop: Add OC_CMD_PAUSE operation
      main: Introduce xstrdup() function
      tun: Export setup_tun() functionality
      Move vpninfo default settings into library
      library: Check for failed allocations in openconnect_vpninfo_new()
      dtls: Export setup_dtls() function
      cstp: Export make_cstp_connection()
      library: Move the mainloop guts into libopenconnect
      library: Update openconnect.pc.in
      tun, cstp: Don't exit() on failure
      library: Free zlib state
      cstp: Clean up split include/exclude/DNS lists when freeing vpninfo
      library: Add get/set functions for servercert, ifname, reqmtu
      library: Move IP information into a public struct
      library: Make vpn_option a public struct
      library: Export VPN configuration info to callers
      library: Add protect_socket callback
      library: Add support for mobile headers
      library: Add openconnect_set_xmlpost() to support different CSD modes
      library: Add new callback for obtaining TX/RX statistics
      ssl: Don't let cmd_fd activity break timeouts
      library: Update changelog and bump minor version
      main: Add openconnect_vpninfo_free() on a couple of exit paths
      buildsys: Allow overriding -W flags
      acinclude: Add AX_JNI_INCLUDE_DIR macro
      JNI: Initial commit of C wrapper functions
      JNI: Initial commit of Java library + example program
      android: Enable JNI in build
      android: Add libstoken to build
      android: Add liboath to build
      android: Add "sources" target
      android: Detect /dev/tun shutdown
      main: Add --timestamp option

 .gitignore                                         |    1 +
 Makefile.am                                        |   25 +-
 acinclude.m4                                       |  125 +++
 android/0001-Remove-call-to-mlockall.patch         |   33 +
 ...-fflush-freadahead-fseeko-Fix-for-Android.patch |   43 +
 android/Makefile                                   |  113 +-
 auth.c                                             |  206 +++-
 configure.ac                                       |   48 +-
 cstp.c                                             |  156 +--
 dtls.c                                             |  117 +-
 gnutls.c                                           |   40 +-
 http.c                                             |   59 +-
 java/.gitignore                                    |    2 +
 java/README                                        |   22 +
 java/build.xml                                     |   33 +
 java/src/com/example/LibTest.java                  |  237 ++++
 .../infradead/libopenconnect/LibOpenConnect.java   |  278 +++++
 jni.c                                              | 1127 ++++++++++++++++++++
 libopenconnect.map.in                              |   32 +-
 library.c                                          |  128 ++-
 main.c                                             |  210 ++--
 mainloop.c                                         |   53 +-
 openconnect-internal.h                             |   70 +-
 openconnect.8.in                                   |    4 +
 openconnect.h                                      |  143 ++-
 openconnect.pc.in                                  |    2 +-
 openssl.c                                          |   38 +-
 ssl.c                                              |  101 +-
 tun.c                                              |  199 ++--
 www/changelog.xml                                  |    7 +-
 30 files changed, 3096 insertions(+), 556 deletions(-)
 create mode 100644 android/0001-Remove-call-to-mlockall.patch
 create mode 100644 android/0001-fflush-freadahead-fseeko-Fix-for-Android.patch
 create mode 100644 java/.gitignore
 create mode 100644 java/README
 create mode 100644 java/build.xml
 create mode 100644 java/src/com/example/LibTest.java
 create mode 100644 java/src/org/infradead/libopenconnect/LibOpenConnect.java
 create mode 100644 jni.c


More information about the openconnect-devel mailing list