[GIT PULL V6] Library/Android/JNI improvements
Kevin Cernekee
cernekee at gmail.com
Mon Dec 30 20:48:18 EST 2013
V5->V6:
Reorder commits to put possible 5.10 (?) bugfix release items in front,
followed by new features.
New bugfix: fix --cookie-on-stdin so it works with ocserv cookies,
allowing network-manager-openconnect to connect to ocserv gateways.
New bugfix: always redirect CSD trojan stdout to stderr, so --cookieonly
works properly with CSD.
New bugfix: set FD_CLOEXEC on CSTP sockets so they don't get passed to
the tun script.
New bugfix: don't leak name/label strings on parse_auth_choice() error
paths.
New bugfix: don't leak HTTP request buffer if the connection cannot be
opened.
Rework auth form changes again per David's latest feedback; rev the
library to libopenconnect.so.3. Lightly tested with
network-manager-openconnect and with Android ics-openconnect.
New API versions:
- OPENCONNECT_3.0 just covers the auth form changes, intended for a
bugfix release.
- OPENCONNECT_3.1 covers the new functions added for JNI support and
the more invasive library changes.
Fix mishandling of authgroup responses in CLI (main.c).
Provide a reference for the Android MIPS NDK link bug.
Add --timestamp option (this is slightly nicer than using
annotate-output since the latter breaks interactive prompts).
Change OC_CMD_RECONNECT to OC_CMD_PAUSE, allowing the mainloop to be
started and stopped at will. This helps prevent unnecessary wakeups on
mobile devices, while still allowing the login session to remain active
for extended periods of time.
Add OC_CMD_STATS, to query TX/RX stats without exiting the mainloop.
Fix more reference leaks in the JNI code.
Fix off-by-one select() nfds argument in mainloop.
Fix JNI assignment of opt->value on SELECT dropdowns.
Add CLI logic to avoid infinite loops if we select a certificate-only
authgroup and the login fails.
Extend setCSDWrapper() to set $PATH, as Java is missing setenv(). Make
both TMPDIR and PATH optional (null-able).
Extend the new openconnect_get_ip_info() library call so that it also
returns the X-{CSTP,DTLS} options. This can be useful for
enabling/disabling random features like smartcard removal disconnect,
and knowing the session/idle/DPD timeouts also lets the frontend make
more intelligent decisions about how to keep the session alive.
The following changes since commit 3cb5435da91e263e2dc7e3aa4f54488ae43dd5c4:
auth: Add <group-access> node to XML POST initial request (2013-12-30 22:13:36 +0000)
are available in the git repository at:
git://github.com/cernekee/openconnect jni-20131230
for you to fetch changes up to 5550734cb9a7ffdf83ee73bbdd1ec07c8b0df522:
main: Add --timestamp option (2013-12-30 16:06:58 -0800)
----------------------------------------------------------------
Kevin Cernekee (61):
android: Fix broken ARCH=mips build
library: Use named constants for process_auth_form() return value
main: Rename process_auth_form() to avoid conflict with library
Create a common process_auth_form() wrapper function
auth: Remove outdated comment for parse_auth_choice()
auth: Introduce free_opt() helper function
library: Change oc_form_opt_select->choices to a pointer array
auth: Provide information on which auth choice is currently selected
process_auth_form: Add code to support NEWGROUP return status from UI
auth: Parse second-auth-related properties from the auth form
auth: Hide unused form fields based on the selected authgroup
main: Avoid infinite "303 See Other" loops on certificate-only authgroups
library: Bump API version to 3.0 and document changes
Unconditionally redirect CSD stdout to stderr
dtls: Don't send packets to a dead socket during rekeying
main: --cookie-on-stdin doesn't work with ocserv cookies
ssl: Set FD_CLOEXEC on all sockets
www: Fix quoting in v5.01 changelog
www: Update changelog
gnutls: Remove unused local variable
http: Don't leak HTTP request buffer on failed connections
<<< end of bugfix commits >>>
Introduce new helper functions for cancel_fd checking
library: Rename cancel_fd to cmd_fd
library: Add new openconnect_setup_cmd_pipe() call
Add new helper functions to support cmd_fd feature
Move signal handling out of mainloop
mainloop: Convert vpn_mainloop() into a library function
dtls: Add dtls_close() helper function
mainloop: Add OC_CMD_PAUSE operation
main: Introduce xstrdup() function
tun: Export setup_tun() functionality
Move vpninfo default settings into library
library: Check for failed allocations in openconnect_vpninfo_new()
dtls: Export setup_dtls() function
cstp: Export make_cstp_connection()
library: Move the mainloop guts into libopenconnect
library: Update openconnect.pc.in
tun, cstp: Don't exit() on failure
library: Free zlib state
cstp: Clean up split include/exclude/DNS lists when freeing vpninfo
library: Add get/set functions for servercert, ifname, reqmtu
library: Move IP information into a public struct
library: Make vpn_option a public struct
library: Export VPN configuration info to callers
library: Add protect_socket callback
library: Add support for mobile headers
library: Add openconnect_set_xmlpost() to support different CSD modes
library: Add new callback for obtaining TX/RX statistics
ssl: Don't let cmd_fd activity break timeouts
library: Update changelog and bump minor version
main: Add openconnect_vpninfo_free() on a couple of exit paths
buildsys: Allow overriding -W flags
acinclude: Add AX_JNI_INCLUDE_DIR macro
JNI: Initial commit of C wrapper functions
JNI: Initial commit of Java library + example program
android: Enable JNI in build
android: Add libstoken to build
android: Add liboath to build
android: Add "sources" target
android: Detect /dev/tun shutdown
main: Add --timestamp option
.gitignore | 1 +
Makefile.am | 25 +-
acinclude.m4 | 125 +++
android/0001-Remove-call-to-mlockall.patch | 33 +
...-fflush-freadahead-fseeko-Fix-for-Android.patch | 43 +
android/Makefile | 113 +-
auth.c | 206 +++-
configure.ac | 48 +-
cstp.c | 156 +--
dtls.c | 117 +-
gnutls.c | 40 +-
http.c | 59 +-
java/.gitignore | 2 +
java/README | 22 +
java/build.xml | 33 +
java/src/com/example/LibTest.java | 237 ++++
.../infradead/libopenconnect/LibOpenConnect.java | 278 +++++
jni.c | 1127 ++++++++++++++++++++
libopenconnect.map.in | 32 +-
library.c | 128 ++-
main.c | 210 ++--
mainloop.c | 53 +-
openconnect-internal.h | 70 +-
openconnect.8.in | 4 +
openconnect.h | 143 ++-
openconnect.pc.in | 2 +-
openssl.c | 38 +-
ssl.c | 101 +-
tun.c | 199 ++--
www/changelog.xml | 7 +-
30 files changed, 3096 insertions(+), 556 deletions(-)
create mode 100644 android/0001-Remove-call-to-mlockall.patch
create mode 100644 android/0001-fflush-freadahead-fseeko-Fix-for-Android.patch
create mode 100644 java/.gitignore
create mode 100644 java/README
create mode 100644 java/build.xml
create mode 100644 java/src/com/example/LibTest.java
create mode 100644 java/src/org/infradead/libopenconnect/LibOpenConnect.java
create mode 100644 jni.c
--
1.7.9.5
More information about the openconnect-devel
mailing list