You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

99 lines
3.3 KiB

11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
  1. #!/bin/sh
  2. . /lib/functions.sh
  3. . ../netifd-proto.sh
  4. init_proto "$@"
  5. proto_openconnect_init_config() {
  6. proto_config_add_string "server"
  7. proto_config_add_int "port"
  8. proto_config_add_string "username"
  9. proto_config_add_string "serverhash"
  10. proto_config_add_string "authgroup"
  11. proto_config_add_string "password"
  12. proto_config_add_string "password2"
  13. proto_config_add_string "token_mode"
  14. proto_config_add_string "token_secret"
  15. proto_config_add_string "interface"
  16. proto_config_add_string "os"
  17. proto_config_add_string "csd_wrapper"
  18. no_device=1
  19. available=1
  20. }
  21. proto_openconnect_setup() {
  22. local config="$1"
  23. json_get_vars server port username serverhash authgroup password password2 interface token_mode token_secret os csd_wrapper
  24. grep -q tun /proc/modules || insmod tun
  25. ifname="vpn-$config"
  26. logger -t openconnect "initializing..."
  27. serv_addr=
  28. for ip in $(resolveip -t 10 "$server"); do
  29. ( proto_add_host_dependency "$interface" "$ip" "$ifname" )
  30. serv_addr=1
  31. done
  32. [ -n "$serv_addr" ] || {
  33. logger -t openconnect "Could not resolve server address: '$server'"
  34. sleep 60
  35. proto_setup_failed "$config"
  36. exit 1
  37. }
  38. [ -n "$port" ] && port=":$port"
  39. cmdline="$server$port -i "$ifname" --non-inter --syslog --script /lib/netifd/vpnc-script"
  40. # migrate to standard config files
  41. [ -f "/etc/config/openconnect-user-cert-vpn-$config.pem" ] && mv "/etc/config/openconnect-user-cert-vpn-$config.pem" "/etc/openconnect/user-cert-vpn-$config.pem"
  42. [ -f "/etc/config/openconnect-user-key-vpn-$config.pem" ] && mv "/etc/config/openconnect-user-key-vpn-$config.pem" "/etc/openconnect/user-key-vpn-$config.pem"
  43. [ -f "/etc/config/openconnect-ca-vpn-$config.pem" ] && mv "/etc/config/openconnect-ca-vpn-$config.pem" "/etc/openconnect/ca-vpn-$config.pem"
  44. [ -f /etc/openconnect/user-cert-vpn-$config.pem ] && append cmdline "-c /etc/openconnect/user-cert-vpn-$config.pem"
  45. [ -f /etc/openconnect/user-key-vpn-$config.pem ] && append cmdline "--sslkey /etc/openconnect/user-key-vpn-$config.pem"
  46. [ -f /etc/openconnect/ca-vpn-$config.pem ] && {
  47. append cmdline "--cafile /etc/openconnect/ca-vpn-$config.pem"
  48. append cmdline "--no-system-trust"
  49. }
  50. [ -n "$serverhash" ] && {
  51. append cmdline " --servercert=$serverhash"
  52. append cmdline "--no-system-trust"
  53. }
  54. [ -n "$authgroup" ] && append cmdline "--authgroup $authgroup"
  55. [ -n "$username" ] && append cmdline "-u $username"
  56. [ -n "$password" ] && {
  57. umask 077
  58. mkdir -p /var/etc
  59. pwfile="/var/etc/openconnect-$config.passwd"
  60. echo "$password" > "$pwfile"
  61. [ -n "$password2" ] && echo "$password2" >> "$pwfile"
  62. append cmdline "--passwd-on-stdin"
  63. }
  64. [ -n "$token_mode" ] && append cmdline "--token-mode=$token_mode"
  65. [ -n "$token_secret" ] && append cmdline "--token-secret=$token_secret"
  66. [ -n "$os" ] && append cmdline "--os=$os"
  67. [ -n "$csd_wrapper" ] && [ -x "$csd_wrapper" ] && append cmdline "--csd-wrapper=$csd_wrapper"
  68. proto_export INTERFACE="$config"
  69. logger -t openconnect "executing 'openconnect $cmdline'"
  70. if [ -f "$pwfile" ]; then
  71. proto_run_command "$config" /usr/sbin/openconnect-wrapper $pwfile $cmdline
  72. else
  73. proto_run_command "$config" /usr/sbin/openconnect $cmdline
  74. fi
  75. }
  76. proto_openconnect_teardown() {
  77. local config="$1"
  78. pwfile="/var/etc/openconnect-$config.passwd"
  79. rm -f $pwfile
  80. logger -t openconnect "bringing down openconnect"
  81. proto_kill_command "$config" 2
  82. }
  83. add_protocol openconnect