[PATCH v3 1/2] enumerate supported VPN protocols via openconnect_get_supported_protocols()

Daniel Lenski dlenski at gmail.com
Wed Jan 11 11:50:01 PST 2017 

From: Dan Lenski <dlenski at gmail.com>

Add a new public function, openconnect_get_supported_protocols(), which
returns a list of protocols supported by the client.  Each supported
protocol has a short name (as accepted by the --protocol command-line
option), description, and list of flags; currently, the only flags are:

  * OPENCONNECT_PROTO_TCP (TCP transport supported)
  * OPENCONNECT_PROTO_UDP (UDP transport supported)

Description of anyconnect protocol adjusted to match IETF draft
standard for openconnect VPN (https://tools.ietf.org/html/draft-mavrogiannopoulos-openconnect-00).

Signed-off-by: Daniel Lenski <dlenski at gmail.com>
---
 libopenconnect.map.in  |  5 +++++
 library.c              | 23 +++++++++++++++++++++++
 openconnect-internal.h |  1 +
 openconnect.h          | 17 +++++++++++++++++
 4 files changed, 46 insertions(+)

diff --git a/libopenconnect.map.in b/libopenconnect.map.in
index 44eea34..749466c 100644
--- a/libopenconnect.map.in
+++ b/libopenconnect.map.in
@@ -92,6 +92,11 @@ OPENCONNECT_5_4 {
 	openconnect_set_pass_tos;
 } OPENCONNECT_5_3;
 
+OPENCONNECT_5_5 {
+ global:
+	openconnect_get_supported_protocols;
+} OPENCONNECT_5_4;
+
 OPENCONNECT_PRIVATE {
  global: @SYMVER_TIME@ @SYMVER_GETLINE@ @SYMVER_JAVA@ @SYMVER_ASPRINTF@ @SYMVER_VASPRINTF@ @SYMVER_WIN32_STRERROR@
 	openconnect_fopen_utf8;
diff --git a/library.c b/library.c
index 55a0dca..3883177 100644
--- a/library.c
+++ b/library.c
@@ -109,6 +109,7 @@ err:
 const struct vpn_proto openconnect_protos[] = {
 	{
 		.name = "anyconnect",
+		.description = "Cisco AnyConnect or openconnect",
 		.vpn_close_session = cstp_bye,
 		.tcp_connect = cstp_connect,
 		.tcp_mainloop = cstp_mainloop,
@@ -122,6 +123,7 @@ const struct vpn_proto openconnect_protos[] = {
 #endif
 	}, {
 		.name = "nc",
+		.description = "Juniper Network Connect (also supported by Junos Pulse servers)",
 		.vpn_close_session = NULL,
 		.tcp_connect = oncp_connect,
 		.tcp_mainloop = oncp_mainloop,
@@ -137,6 +139,7 @@ const struct vpn_proto openconnect_protos[] = {
 #endif
 	}, {
 		.name = "gp",
+		.description = "Palo Alto Networks GlobalProtect",
 		.vpn_close_session = gpst_bye,
 		.tcp_connect = gpst_setup,
 		.tcp_mainloop = gpst_mainloop,
@@ -154,6 +157,26 @@ const struct vpn_proto openconnect_protos[] = {
 	{ /* NULL */ }
 };
 
+int openconnect_get_supported_protocols(struct oc_vpn_proto **protos)
+{
+	struct oc_vpn_proto *pr;
+	const struct vpn_proto *p;
+
+	*protos = pr = calloc(sizeof(openconnect_protos)/sizeof(*openconnect_protos), sizeof(*pr));
+	if (!pr)
+		return -ENOMEM;
+
+	for (p = openconnect_protos; p->name; p++, pr++) {
+		pr->name = p->name;
+		pr->description = p->description;
+		if (p->tcp_mainloop)
+			pr->flags |= OPENCONNECT_PROTO_TCP;
+		if (p->udp_mainloop)
+			pr->flags |= OPENCONNECT_PROTO_UDP;
+	}
+	return 0;
+}
+
 int openconnect_set_protocol(struct openconnect_info *vpninfo, const char *protocol)
 {
 	const struct vpn_proto *p;
diff --git a/openconnect-internal.h b/openconnect-internal.h
index 1ab73c5..466828d 100644
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -257,6 +257,7 @@ struct http_auth_state {
 
 struct vpn_proto {
 	const char *name;
+	const char *description;
 	int (*vpn_close_session)(struct openconnect_info *vpninfo, const char *reason);
 
 	/* This does the full authentication, calling back as appropriate */
diff --git a/openconnect.h b/openconnect.h
index c621765..c3db27f 100644
--- a/openconnect.h
+++ b/openconnect.h
@@ -36,6 +36,9 @@ extern "C" {
 #define OPENCONNECT_API_VERSION_MINOR 4
 
 /*
+ * API version 5.5:
+ *  - Add openconnect_get_supported_protocols()
+ *
  * API version 5.4:
  *  - Add openconnect_set_pass_tos()
  *
@@ -166,6 +169,19 @@ extern "C" {
 
 /****************************************************************************/
 
+/* Enumeration of supported VPN protocols */
+
+#define OPENCONNECT_PROTO_TCP 1
+#define OPENCONNECT_PROTO_UDP 2
+
+struct oc_vpn_proto {
+	const char *name;
+	const char *description;
+	unsigned int flags;
+};
+
+/****************************************************************************/
+
 /* Authentication form processing */
 
 #define OC_FORM_OPT_TEXT	1
@@ -640,6 +656,7 @@ int openconnect_has_oath_support(void);
 int openconnect_has_yubioath_support(void);
 int openconnect_has_system_key_support(void);
 
+int openconnect_get_supported_protocols(struct oc_vpn_proto **protos);
 int openconnect_set_protocol(struct openconnect_info *vpninfo, const char *protocol);
 
 struct addrinfo;
-- 
2.7.4

More information about the openconnect-devel mailing list