Multi-protocol support

.gitmodules

@@ -1,6 +1,7 @@
 [submodule "external/openconnect"]
 	path = external/openconnect
-	url = https://github.com/cernekee/openconnect
+	url = https://gitlab.com/openconnect/openconnect
+	branch = master
 [submodule "external/stoken"]
 	path = external/stoken
 	url = https://github.com/cernekee/stoken

.travis.yml

@@ -5,14 +5,15 @@ android:
    - tools
    - platform-tools
    - build-tools-26.0.2
-   - android-19
+   - android-24
 
 notifications:
   email:
     on_success: change
     on_failure: always
 
 before_install:
+ - yes | sdkmanager "platforms;android-24"
  # Install NDK + openconnect build deps
  - sudo apt-get update -qq
  - sudo apt-get install -qq build-essential autoconf automake libtool groff expect ant

README.md

@@ -1,6 +1,16 @@
+Multi-protocol version, based on [openconnect v8.03](http://www.infradead.org/openconnect/changelog.html).
+
+APK: [OpenConnect_1.11+multi.apk](https://drive.google.com/file/d/17IRsGNYqUav9Yf2bsInxnc0uGD6g_PZz/view)
+XDA thread: [comment](https://forum.xda-developers.com/showthread.php?p=77318683#post77318683)
+
+![Screenshot](https://lh3.googleusercontent.com/Jf8N3KVu29dw0l_LZ0uYPdCFvCUfc5BAMrmJacecXQXv2p8PiLrAbWCPiLg--9kFB3o18ak-eBvmPMaIkBm3j6vDwY4DZOP_FnYtc3p-YUZkynB7_xdFX_H_mdQM6qxqfu7M58Qdr4HB7ypciYzHivAHY5GSk7vcYZRnfBDOa46yuZz8ElcVH6c51VoRWzvy2u4o47Bhxmqtx55BeUK3Z6jYdTsvbGIcnxPZjAhvkw_hvHif54urKvM7xMR8tI-agEoa0bvOrnQP-hIRVSauCFMuVCODBEI5O7R_dfzYEbErh8zwKiIV-DC6KqwW12lB3neYv064OJotU_4kARlv8vMJJ-CYV5AsyvtNMlYa1PyvQFqe5uQ7MMX4hJ326abcqNl-mFThuuofBaddIlQPdNB3iuzZd2xi6MRgLrJpVXe0ILAi0B56KN8xYsPz2NLzaDZewwOAozGawMiMQbk6pWfA1d7bnIyerFc9tv1c9ItPIIYrQUITt2EiOFE4sBGIPeD53JiGtQ-oaxJPNSES4MruUkHm6ynYkHkgK2qgMK5PPKUtK7_0rArXC2jPMkRd8nrS4bU4wd3-fqMGpA_QY68iaLRK7IOfWFQ3HJ3q=w720-h1280-no)
+
 OpenConnect for Android
 =======================
 
+[![License: GPL v2](https://img.shields.io/badge/License-GPL%20v2-blue.svg)](https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html)
+[![Build Status](https://travis-ci.org/cernekee/ics-openconnect.svg?branch=master)](https://travis-ci.org/cernekee/ics-openconnect)
+
 This is a VPN client for Android, based on the Linux build of
 [OpenConnect](http://www.infradead.org/openconnect/).
 

app/build.gradle

@@ -1,13 +1,13 @@
 apply plugin: 'com.android.application'
 
 android {
-    compileSdkVersion 19
+    compileSdkVersion 24
     defaultConfig {
         applicationId "app.openconnect"
         minSdkVersion 14
         targetSdkVersion 19
         versionCode 1119
-        versionName "1.11"
+        versionName "1.11+multi"
         testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner"
     }
     signingConfigs {

app/src/main/AndroidManifest.xml

@@ -13,7 +13,7 @@
 
     <uses-sdk
         android:minSdkVersion="14"
-        android:targetSdkVersion="19" />
+        android:targetSdkVersion="24" />
 
     <!-- Copy the <permission> block to your app when using the REMOTE API. Otherwise OpenConnect
         needs to be installed first -->
@@ -91,6 +91,7 @@
             tools:ignore="ExportedActivity" >
             <intent-filter>
                 <action android:name="android.intent.action.MAIN" />
+                <action android:name="android.service.quicksettings.action.QS_TILE_PREFERENCES"/>
 
                 <category android:name="android.intent.category.BROWSABLE" />
                 <category android:name="android.intent.category.LAUNCHER" />
@@ -120,6 +121,14 @@
             </intent-filter>
         </service>
 -->
+        <service android:name=".QSTileService"
+                 android:label="@string/app"
+                 android:icon="@drawable/ic_launcher"
+                 android:permission="android.permission.BIND_QUICK_SETTINGS_TILE">
+            <intent-filter>
+                <action android:name="android.service.quicksettings.action.QS_TILE"/>
+            </intent-filter>
+        </service>
 
         <activity
             android:permission="app.openconnect.REMOTE_API"

app/src/main/assets/about.html

@@ -3,6 +3,9 @@
 	<link rel="stylesheet" href="style.css" type="text/css" media="screen" />
   </head>
   <body>
+    Extended to include multi-protocol support, 2018-2019 Daniel Lenski <a href="mailto:[email protected]">&lt;[email protected]&gt;</a>
+    using <a href="http://www.infradead.org/openconnect/changelog.html">openconnect v8.03</a>. Quick settings tile added by Terry Yao.<br>
+    <br>
     Copyright 2013-2014 Kevin Cernekee <a href="mailto:[email protected]">&lt;[email protected]&gt;</a><br>
     This is free software with ABSOLUTELY NO WARRANTY.<br>
     For details see the COPYING file in the source distribution.<br>
@@ -25,11 +28,11 @@
     Copyright 2012-2013 Arne Schwab<br>
     <br>
     <a href="http://www.infradead.org/openconnect">OpenConnect</a><br>
-    Copyright 2008-2012 Intel Corporation.<br>
+    Copyright 2008-2019 Intel Corporation.<br>
     Author: David Woodhouse<br>
     <br>
     <a href="http://www.gnutls.org/">GnuTLS</a><br>
-    Copyright 2000-2012 Free Software Foundation, Inc.<br>
+    Copyright 2000-2019 Free Software Foundation, Inc.<br>
     Author: Nikos Mavrogiannopoulos<br>
     <br>
     <a href="https://gmplib.org/">GMP</a><br>

app/src/main/assets/raw/noarch/android_csd_gp.sh

@@ -0,0 +1,57 @@
+#!/system/bin/sh
+
+# These value may need to be extracted from the official HIP report, if made-up values are not accepted.
+PLATFORM_VERSION="4.3"
+PLATFORM_NAME="Android-x86"
+HOSTID="deadbeef-dead-beef-dead-beefdeadbeef"
+
+# Read command line arguments into variables
+COOKIE=
+IP=
+MD5=
+
+while [ "$1" ]; do
+    if [ "$1" = "--cookie" ];    then shift; COOKIE="$1"; fi
+    if [ "$1" = "--client-ip" ]; then shift; IP="$1"; fi
+    if [ "$1" = "--md5" ];       then shift; MD5="$1"; fi
+    shift
+done
+
+if [ -z "$COOKIE" -o -z "$IP" -o -z "$MD5" ]; then
+    echo "Parameters --cookie, --client-ip, and --md5 are required" >&2
+    exit 1
+fi
+
+# Extract username and domain and computer from cookie
+USER=$(echo "$COOKIE" | sed -rn 's/(.+&|^)user=([^&]+)(&.+|$)/\2/p')
+DOMAIN=$(echo "$COOKIE" | sed -rn 's/(.+&|^)domain=([^&]+)(&.+|$)/\2/p')
+COMPUTER=$(echo "$COOKIE" | sed -rn 's/(.+&|^)computer=([^&]+)(&.+|$)/\2/p')
+
+# Timestamp in the format expected by GlobalProtect server
+NOW=$(date +'%m/%d/%Y %H:%M:%S')
+
+log OPENCONNECT GP SCRIPT BEFORE TIMID ECHO
+
+echo '   '
+
+# FIXME: Doesn't work as a here-doc (cat <<EOF) with Android /system/bin/sh
+echo '<hip-report name="hip-report">'
+echo "	<md5-sum>$MD5</md5-sum>"
+echo "	<user-name>$USER</user-name>"
+echo "	<domain>$DOMAIN</domain>"
+echo "	<host-name>$COMPUTER</host-name>"
+echo "	<host-id>$HOSTID</host-id>"
+echo "	<ip-address>$IP</ip-address>"
+echo '	<ipv6-address></ipv6-address>'
+echo "	<generate-time>$NOW</generate-time>"
+echo '	<categories>'
+echo '		<entry name="host-info">'
+echo '			<client-version>4.0.2-19</client-version>'
+echo "			<os>$PLATFORM_NAME $PLATFORM_VERSION</os>"
+echo '			<os-vendor>Google</os-vendor>'
+echo "			<domain>$DOMAIN.internal</domain>"
+echo "			<host-name>$COMPUTER</host-name>"
+echo "			<host-id>$HOSTID</host-id>"
+echo '		</entry>'
+echo '	</categories>'
+echo '</hip-report>'

app/src/main/assets/raw/noarch/android_csd_nc.sh

@@ -0,0 +1,4 @@
+#!/system/bin/sh
+
+echo "Juniper 'CSD' script is not yet supported on Android" >&2
+exit 1

app/src/main/java/app/openconnect/QSTileService.java

@@ -0,0 +1,111 @@
+/*
+ * Copyright (c) 2019.
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package app.openconnect;
+
+import android.annotation.TargetApi;
+import android.service.quicksettings.Tile;
+import android.service.quicksettings.TileService;
+import android.util.Log;
+import app.openconnect.core.OpenConnectManagementThread;
+import app.openconnect.core.OpenVpnService;
+import app.openconnect.core.VPNConnector;
+
+/**
+ * @author Terry E-mail: yaoxinghuo at qq dot com
+ * @date 2019-6-2 18:33
+ * @description
+ */
+@TargetApi(24)
+public class QSTileService extends TileService {
+
+    private static final String TAG = QSTileService.class.getName();
+
+    private int mConnectionState;
+    private VPNConnector mConn;
+
+    @Override
+    public void onStartListening() {
+        super.onStartListening();
+        mConn = new VPNConnector(this, true) {
+            @Override
+            public void onUpdate(OpenVpnService service) {
+                updateState(service);
+            }
+        };
+    }
+
+    @Override
+    public void onStopListening() {
+        super.onStopListening();
+
+        mConn.stopActiveDialog();
+        mConn.unbind();
+    }
+
+    @Override
+    public void onClick() {
+        super.onClick();
+
+        toggle();
+    }
+
+    private void updateState(OpenVpnService service) {
+        int newState = service.getConnectionState();
+
+        if (mConnectionState != newState) {
+            String tileLabel = null;
+            int tileState;
+            String profileName;
+            switch (newState) {
+                case OpenConnectManagementThread.STATE_CONNECTED:
+                    tileState = Tile.STATE_ACTIVE;
+                    tileLabel = getString(R.string.disconnect);
+                    profileName = service.getReconnectName();
+                    if (profileName != null) {
+                        tileLabel = tileLabel + " " + profileName;
+                    }
+//                    Toast.makeText(this, getString(R.string.state_connected_to, service.profile.getName()), Toast.LENGTH_SHORT).show();
+                    break;
+                case OpenConnectManagementThread.STATE_DISCONNECTED:
+                    tileState = Tile.STATE_INACTIVE;
+                    profileName = service.getReconnectName();
+                    if (profileName != null) {
+                        tileLabel = getString(R.string.reconnect_to, profileName);
+                    }
+                    break;
+                default:
+                    tileLabel = service.getConnectionStateName();
+                    tileState = Tile.STATE_UNAVAILABLE;
+                    break;
+            }
+            mConnectionState = newState;
+
+            if (tileLabel == null) {
+                tileLabel = getString(R.string.app);
+            }
+
+            Tile tile = getQsTile();
+            tile.setState(tileState);
+            tile.setLabel(tileLabel);
+            Log.d(TAG, "set tile state: " + tileState + ", label: " + tileLabel);
+            tile.updateTile();
+        }
+    }
+
+    private void toggle() {
+        if (mConnectionState == OpenConnectManagementThread.STATE_CONNECTED) {
+            mConn.service.stopVPN();
+        } else if (mConnectionState == OpenConnectManagementThread.STATE_DISCONNECTED) {
+            mConn.service.startReconnectActivity(this);
+        }
+    }
+}

app/src/main/java/app/openconnect/core/OpenConnectManagementThread.java

@@ -162,6 +162,14 @@ private void acceptCert(String hash, boolean save) {
     }
 
 	private class AndroidOC extends LibOpenConnect {
+		AndroidOC() {
+			super();
+		}
+
+		AndroidOC(String userAgent) {
+			super(userAgent);
+		}
+
 		private String getPeerCertSHA1() {
 			MessageDigest md;
 			try {
@@ -431,6 +439,15 @@ private String prefToTempFile(String prefName, boolean isExecutable) throws IOEx
 
 	private boolean setPreferences() {
 		String s;
+		int ret = 0;
+
+		s = getStringPref("vpn_protocol");
+		if (s != null && s.length() > 0)
+			ret = mOC.setProtocol(s);
+		if (ret < 0) {
+			log("Error " + ret + " setting VPN protocol to " + s);
+			return false;
+		}
 
 		try {
 			String PATH = System.getenv("PATH");
@@ -439,7 +456,7 @@ private boolean setPreferences() {
 				PATH = mFilesDir + ":" + PATH;
 			}
 			s = prefToTempFile("custom_csd_wrapper", true);
-			mOC.setCSDWrapper(s != null ? s : (mFilesDir + File.separator + "android_csd.sh"), mCacheDir, PATH);
+			mOC.setCSDWrapper(s != null ? s : (mFilesDir + File.separator + "android_csd_" + mOC.getProtocol() + ".sh"), mCacheDir, PATH);
 
 			s = prefToTempFile("ca_certificate", false);
 			if (s != null) {
@@ -486,7 +503,6 @@ private boolean setPreferences() {
 
 		s = getStringPref("software_token");
 		String token = getStringPref("token_string");
-		int ret = 0;
 
 		if (s.equals("securid")) {
 			ret = mOC.setTokenMode(LibOpenConnect.OC_TOKEN_MODE_STOKEN, token);
@@ -648,7 +664,7 @@ private void setIPInfo(VpnService.Builder b) {
 			log("DOMAIN: " + domain);
 		}
 
-		mOpenVPNService.setIPInfo(ip, mOC.getHostname());
+		mOpenVPNService.setIPInfo(ip, mOC.getHostname(), mOC.getIdleTimeout());
 	}
 
 	private void errorAlert(String message) {
@@ -692,9 +708,15 @@ private boolean runVPN() {
 		mCacheDir = mContext.getCacheDir().getPath();
 		extractBinaries();
 
+		String userAgent = getBoolPref("reported_user_agent_override")
+			? getStringPref("reported_user_agent") : null;
+
 		setState(STATE_CONNECTING);
 		synchronized (mMainloopLock) {
-			mOC = new AndroidOC();
+			if (userAgent != null)
+				mOC = new AndroidOC(userAgent);
+			else
+				mOC = new AndroidOC();
 		}
 
 		if (setPreferences() == false) {