patch/0006-library-Add-openconnect_get_dnsname.patch - apps/nacl-openconnect - Git at Google

 From 5c61996cb5bdf23ebc4280cabb2d65dbab7597ec Mon Sep 17 00:00:00 2001
 From: Kevin Cernekee <cernekee@gmail.com>
 Date: Sun, 10 Apr 2016 22:01:37 -0700
 Subject: [PATCH 6/8] library: Add openconnect_get_dnsname()

 openconnect_get_hostname() usually returns an IP, because it is used
 for two-stage connections.  Add a new API call that returns a hostname
 so certificate validation can be handled externally.

 Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
 ---
  java/src/org/infradead/libopenconnect/LibOpenConnect.java |  1 +
  jni.c                                                     |  8 ++++++++
  libopenconnect.map.in                                     |  1 +
  library.c                                                 |  5 +++++
  openconnect.h                                             | 14 ++++++++++++++
  5 files changed, 29 insertions(+)

 diff --git a/java/src/org/infradead/libopenconnect/LibOpenConnect.java b/java/src/org/infradead/libopenconnect/LibOpenConnect.java
 index 8dc7452..3f70b2b 100644
 --- a/java/src/org/infradead/libopenconnect/LibOpenConnect.java
 +++ b/java/src/org/infradead/libopenconnect/LibOpenConnect.java
 @@ -139,6 +139,7 @@ public abstract class LibOpenConnect {
  	/* connection info */

  	public synchronized native String getHostname();
 +	public synchronized native String getDNSName();
  	public synchronized native String getUrlpath();
  	public synchronized native int getPort();
  	public synchronized native String getCookie();
 diff --git a/jni.c b/jni.c
 index b5aa92d..bfcdaa5 100644
 --- a/jni.c
 +++ b/jni.c
 @@ -1084,6 +1084,14 @@ JNIEXPORT jstring JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_getHo
  	RETURN_STRING_END
  }

 +JNIEXPORT jstring JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_getDNSName(
 +	JNIEnv *jenv, jobject jobj)
 +{
 +	RETURN_STRING_START
 +	buf = openconnect_get_dnsname(ctx->vpninfo);
 +	RETURN_STRING_END
 +}
 +
  JNIEXPORT jstring JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_getUrlpath(
  	JNIEnv *jenv, jobject jobj)
  {
 diff --git a/libopenconnect.map.in b/libopenconnect.map.in
 index ea63e2e..deaf058 100644
 --- a/libopenconnect.map.in
 +++ b/libopenconnect.map.in
 @@ -5,6 +5,7 @@ OPENCONNECT_5.0 {
  	openconnect_free_cert_info;
  	openconnect_get_cookie;
  	openconnect_get_cstp_cipher;
 +	openconnect_get_dnsname;
  	openconnect_get_dtls_cipher;
  	openconnect_get_hostname;
  	openconnect_get_ifname;
 diff --git a/library.c b/library.c
 index 97be310..8524c15 100644
 --- a/library.c
 +++ b/library.c
 @@ -376,6 +376,11 @@ const char *openconnect_get_hostname(struct openconnect_info *vpninfo)
  	return vpninfo->unique_hostname?:vpninfo->hostname;
  }

 +const char *openconnect_get_dnsname(struct openconnect_info *vpninfo)
 +{
 +	return vpninfo->hostname;
 +}
 +
  int openconnect_set_hostname(struct openconnect_info *vpninfo,
  			     const char *hostname)
  {
 diff --git a/openconnect.h b/openconnect.h
 index 22f7c5e..d34aae0 100644
 --- a/openconnect.h
 +++ b/openconnect.h
 @@ -45,6 +45,7 @@ extern "C" {
   *  - Add ip_info->gateway_addr.
   *  - Add openconnect_set_setup_tun_handler().
   *  - Add openconnect_set_reconnected_handler().
 + *  - Add openconnect_get_dnsname().
   *
   * API version 5.2 (v7.05; 2015-03-10):
   *  - Add openconnect_set_http_auth(), openconnect_set_protocol().
 @@ -391,7 +392,20 @@ const char *openconnect_get_dtls_cipher(struct openconnect_info *);
  const char *openconnect_get_cstp_compression(struct openconnect_info *);
  const char *openconnect_get_dtls_compression(struct openconnect_info *);

 +/* Returns the IP address of the exact host to which the connection
 + * was made. In --cookieonly mode or in any other scenario involving
 + * a "two stage" connection, it is important to reconnect by IP because
 + * the server side may be using DNS trickery for load balancing.
 + *
 + * If the IP address is unavailable due to the use of a proxy, this will
 + * fall back to returning the DNS name. */
  const char *openconnect_get_hostname(struct openconnect_info *);
 +
 +/* Returns the hostname parsed out of the server name URL. This is
 + * intended to be used by the validate_peer_cert callback to check that
 + * the certificate matches the server name. */
 +const char *openconnect_get_dnsname(struct openconnect_info *);
 +
  int openconnect_set_hostname(struct openconnect_info *, const char *);
  char *openconnect_get_urlpath(struct openconnect_info *);
  int openconnect_set_urlpath(struct openconnect_info *, const char *);
 --
 1.9.1
	From 5c61996cb5bdf23ebc4280cabb2d65dbab7597ec Mon Sep 17 00:00:00 2001
	From: Kevin Cernekee <cernekee@gmail.com>
	Date: Sun, 10 Apr 2016 22:01:37 -0700
	Subject: [PATCH 6/8] library: Add openconnect_get_dnsname()

	openconnect_get_hostname() usually returns an IP, because it is used
	for two-stage connections. Add a new API call that returns a hostname
	so certificate validation can be handled externally.

	Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
	---
	java/src/org/infradead/libopenconnect/LibOpenConnect.java \| 1 +
	jni.c \| 8 ++++++++
	libopenconnect.map.in \| 1 +
	library.c \| 5 +++++
	openconnect.h \| 14 ++++++++++++++
	5 files changed, 29 insertions(+)

	diff --git a/java/src/org/infradead/libopenconnect/LibOpenConnect.java b/java/src/org/infradead/libopenconnect/LibOpenConnect.java
	index 8dc7452..3f70b2b 100644
	--- a/java/src/org/infradead/libopenconnect/LibOpenConnect.java
	+++ b/java/src/org/infradead/libopenconnect/LibOpenConnect.java
	@@ -139,6 +139,7 @@ public abstract class LibOpenConnect {
	/* connection info */

	public synchronized native String getHostname();
	+ public synchronized native String getDNSName();
	public synchronized native String getUrlpath();
	public synchronized native int getPort();
	public synchronized native String getCookie();
	diff --git a/jni.c b/jni.c
	index b5aa92d..bfcdaa5 100644
	--- a/jni.c
	+++ b/jni.c
	@@ -1084,6 +1084,14 @@ JNIEXPORT jstring JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_getHo
	RETURN_STRING_END
	}

	+JNIEXPORT jstring JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_getDNSName(
	+ JNIEnv *jenv, jobject jobj)
	+{
	+ RETURN_STRING_START
	+ buf = openconnect_get_dnsname(ctx->vpninfo);
	+ RETURN_STRING_END
	+}
	+
	JNIEXPORT jstring JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_getUrlpath(
	JNIEnv *jenv, jobject jobj)
	{
	diff --git a/libopenconnect.map.in b/libopenconnect.map.in
	index ea63e2e..deaf058 100644
	--- a/libopenconnect.map.in
	+++ b/libopenconnect.map.in
	@@ -5,6 +5,7 @@ OPENCONNECT_5.0 {
	openconnect_free_cert_info;
	openconnect_get_cookie;
	openconnect_get_cstp_cipher;
	+ openconnect_get_dnsname;
	openconnect_get_dtls_cipher;
	openconnect_get_hostname;
	openconnect_get_ifname;
	diff --git a/library.c b/library.c
	index 97be310..8524c15 100644
	--- a/library.c
	+++ b/library.c
	@@ -376,6 +376,11 @@ const char openconnect_get_hostname(struct openconnect_info vpninfo)
	return vpninfo->unique_hostname?:vpninfo->hostname;
	}

	+const char openconnect_get_dnsname(struct openconnect_info vpninfo)
	+{
	+ return vpninfo->hostname;
	+}
	+
	int openconnect_set_hostname(struct openconnect_info *vpninfo,
	const char *hostname)
	{
	diff --git a/openconnect.h b/openconnect.h
	index 22f7c5e..d34aae0 100644
	--- a/openconnect.h
	+++ b/openconnect.h
	@@ -45,6 +45,7 @@ extern "C" {
	* - Add ip_info->gateway_addr.
	* - Add openconnect_set_setup_tun_handler().
	* - Add openconnect_set_reconnected_handler().
	+ * - Add openconnect_get_dnsname().
	*
	* API version 5.2 (v7.05; 2015-03-10):
	* - Add openconnect_set_http_auth(), openconnect_set_protocol().
	@@ -391,7 +392,20 @@ const char openconnect_get_dtls_cipher(struct openconnect_info );
	const char openconnect_get_cstp_compression(struct openconnect_info );
	const char openconnect_get_dtls_compression(struct openconnect_info );

	+/* Returns the IP address of the exact host to which the connection
	+ * was made. In --cookieonly mode or in any other scenario involving
	+ * a "two stage" connection, it is important to reconnect by IP because
	+ * the server side may be using DNS trickery for load balancing.
	+ *
	+ * If the IP address is unavailable due to the use of a proxy, this will
	+ * fall back to returning the DNS name. */
	const char openconnect_get_hostname(struct openconnect_info );
	+
	+/* Returns the hostname parsed out of the server name URL. This is
	+ * intended to be used by the validate_peer_cert callback to check that
	+ * the certificate matches the server name. */
	+const char openconnect_get_dnsname(struct openconnect_info );
	+
	int openconnect_set_hostname(struct openconnect_info , const char );
	char openconnect_get_urlpath(struct openconnect_info );
	int openconnect_set_urlpath(struct openconnect_info , const char );
	--
	1.9.1