1 /* 2 * Copyright (C) 2015 Adrien Vergé 3 * 4 * This program is free software: you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License as published by 6 * the Free Software Foundation, either version 3 of the License, or 7 * (at your option) any later version. 8 * 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * 14 * You should have received a copy of the GNU General Public License 15 * along with this program. If not, see <http://www.gnu.org/licenses/>. 16 */ 17 18 #ifndef OPENFORTIVPN_CONFIG_H 19 #define OPENFORTIVPN_CONFIG_H 20 21 #include <netinet/in.h> 22 #include <net/if.h> 23 24 #include <errno.h> 25 #include <stdint.h> 26 #include <string.h> 27 28 #define ERR_CFG_UNKNOWN -1 29 #define ERR_CFG_SEE_ERRNO -2 30 #define ERR_CFG_EMPTY_FILE -3 31 #define ERR_CFG_NO_MEM -4 32 #define ERR_CFG_CANNOT_READ -5 33 err_cfg_str(int code)34static inline const char *err_cfg_str(int code) 35 { 36 if (code == ERR_CFG_SEE_ERRNO) 37 return strerror(errno); 38 else if (code == ERR_CFG_EMPTY_FILE) 39 return "Empty file"; 40 else if (code == ERR_CFG_NO_MEM) 41 return "Not enough memory"; 42 else if (code == ERR_CFG_CANNOT_READ) 43 return "Cannot read file"; 44 return "unknown"; 45 } 46 47 #if HAVE_USR_SBIN_PPPD 48 #define PPP_DAEMON "pppd" 49 #else 50 #define PPP_DAEMON "ppp" 51 #endif 52 53 #define SHA256LEN (256 / 8) 54 #define SHA256STRLEN (2 * SHA256LEN + 1) 55 56 struct x509_digest { 57 struct x509_digest *next; 58 char data[SHA256STRLEN]; 59 }; 60 61 #define GATEWAY_HOST_SIZE 253 62 #define USERNAME_SIZE 64 63 #define PASSWORD_SIZE 256 64 #define OTP_SIZE 64 65 #define REALM_SIZE 63 66 #define PEM_PASSPHRASE_SIZE 31 67 68 /* 69 * RFC 6265 does not limit the size of cookies: 70 * https://www.rfc-editor.org/info/rfc6265 71 * 72 * Yet browsers typically limit themselves to ~4K so we are on the safe side: 73 * http://browsercookielimits.squawky.net/ 74 */ 75 #define COOKIE_SIZE 4096 76 77 /* 78 * GNU libc used to limit the search list to 256 characters: 79 * https://unix.stackexchange.com/questions/245849 80 * 81 * We believe we are on the safe side using this value. 82 */ 83 #define MAX_DOMAIN_LENGTH 256 84 85 struct vpn_config { 86 char gateway_host[GATEWAY_HOST_SIZE + 1]; 87 struct in_addr gateway_ip; 88 uint16_t gateway_port; 89 char username[USERNAME_SIZE + 1]; 90 char password[PASSWORD_SIZE + 1]; 91 int password_set; 92 char otp[OTP_SIZE + 1]; 93 char *otp_prompt; 94 unsigned int otp_delay; 95 int no_ftm_push; 96 char *pinentry; 97 char iface_name[IF_NAMESIZE]; 98 char realm[REALM_SIZE + 1]; 99 100 int set_routes; 101 int set_dns; 102 int pppd_use_peerdns; 103 int use_syslog; 104 #if HAVE_RESOLVCONF 105 int use_resolvconf; 106 #endif 107 int half_internet_routes; 108 109 unsigned int persistent; 110 111 #if HAVE_USR_SBIN_PPPD 112 char *pppd_log; 113 char *pppd_plugin; 114 char *pppd_ipparam; 115 char *pppd_ifname; 116 char *pppd_call; 117 #endif 118 #if HAVE_USR_SBIN_PPP 119 char *ppp_system; 120 #endif 121 char *ca_file; 122 char *user_cert; 123 char *user_key; 124 char pem_passphrase[PEM_PASSPHRASE_SIZE + 1]; 125 int pem_passphrase_set; 126 int insecure_ssl; 127 int min_tls; 128 int seclevel_1; 129 char *cipher_list; 130 struct x509_digest *cert_whitelist; 131 int use_engine; 132 char *user_agent; 133 char *hostcheck; 134 char *check_virtual_desktop; 135 }; 136 137 int add_trusted_cert(struct vpn_config *cfg, const char *digest); 138 int strtob(const char *str); 139 int parse_min_tls(const char *str); 140 141 int load_config(struct vpn_config *cfg, const char *filename); 142 void destroy_vpn_config(struct vpn_config *cfg); 143 144 /* 145 * merge source config into dest 146 * 147 * memory allocated dynamically is transferred with this function 148 * e.g. ownership goes to dest config 149 */ 150 void merge_config(struct vpn_config *dest, struct vpn_config *source); 151 152 extern const struct vpn_config invalid_cfg; 153 154 #endif 155