LILiK
/
openwrt-packages-dist

#!/bin/sh
. /lib/functions.sh. ../netifd-proto.shinit_proto "$@"
proto_openconnect_init_config() {	proto_config_add_string "server"	proto_config_add_int "port"	proto_config_add_int "mtu"	proto_config_add_int "juniper"	proto_config_add_string "interface"	proto_config_add_string "username"	proto_config_add_string "serverhash"	proto_config_add_string "authgroup"	proto_config_add_string "password"	proto_config_add_string "password2"	proto_config_add_string "token_mode"	proto_config_add_string "token_secret"	proto_config_add_string "token_script"	proto_config_add_string "os"	proto_config_add_string "csd_wrapper"	proto_config_add_array 'form_entry:regex("[^:]+:[^=]+=.*")'	no_device=1	available=1}
proto_openconnect_add_form_entry() {	[ -n "$1" ] && append cmdline "--form-entry $1"}
proto_openconnect_setup() {	local config="$1"
	json_get_vars server port interface username serverhash authgroup password password2 token_mode token_secret token_script os csd_wrapper mtu juniper form_entry
	grep -q tun /proc/modules || insmod tun	ifname="vpn-$config"
	logger -t openconnect "initializing..."
	logger -t "openconnect" "adding host dependency for $server at $config"	for ip in $(resolveip -t 10 "$server"); do		logger -t "openconnect" "adding host dependency for $ip at $config"		proto_add_host_dependency "$config" "$ip" "$interface"	done
	[ -n "$port" ] && port=":$port"
	cmdline="$server$port -i "$ifname" --non-inter --syslog --script /lib/netifd/vpnc-script"	[ -n "$mtu" ] && cmdline="$cmdline --mtu $mtu"
	# migrate to standard config files	[ -f "/etc/config/openconnect-user-cert-vpn-$config.pem" ] && mv "/etc/config/openconnect-user-cert-vpn-$config.pem" "/etc/openconnect/user-cert-vpn-$config.pem"	[ -f "/etc/config/openconnect-user-key-vpn-$config.pem" ] && mv "/etc/config/openconnect-user-key-vpn-$config.pem" "/etc/openconnect/user-key-vpn-$config.pem"	[ -f "/etc/config/openconnect-ca-vpn-$config.pem" ] && mv "/etc/config/openconnect-ca-vpn-$config.pem" "/etc/openconnect/ca-vpn-$config.pem"
	[ -f /etc/openconnect/user-cert-vpn-$config.pem ] && append cmdline "-c /etc/openconnect/user-cert-vpn-$config.pem"	[ -f /etc/openconnect/user-key-vpn-$config.pem ] && append cmdline "--sslkey /etc/openconnect/user-key-vpn-$config.pem"	[ -f /etc/openconnect/ca-vpn-$config.pem ] && {		append cmdline "--cafile /etc/openconnect/ca-vpn-$config.pem"		append cmdline "--no-system-trust"	}
	if [ "${juniper:-0}" -gt 0 ]; then		append cmdline "--juniper"	fi
	[ -n "$serverhash" ] && {		append cmdline " --servercert=$serverhash"		append cmdline "--no-system-trust"	}	[ -n "$authgroup" ] && append cmdline "--authgroup $authgroup"	[ -n "$username" ] && append cmdline "-u $username"	[ -n "$password" ] || [ "$token_mode" = "script" ] && {		umask 077		mkdir -p /var/etc		pwfile="/var/etc/openconnect-$config.passwd"		[ -n "$password" ] && {			echo "$password" > "$pwfile"			[ -n "$password2" ] && echo "$password2" >> "$pwfile"		}		[ "$token_mode" = "script" ] && {			$token_script > "$pwfile" 2> /dev/null || {				logger -t openconenct "Cannot get password from script '$token_script'"				proto_setup_failed "$config"			}		}		append cmdline "--passwd-on-stdin"	}
	[ -n "$token_mode" -a "$token_mode" != "script" ] && append cmdline "--token-mode=$token_mode"	[ -n "$token_secret" ] && append cmdline "--token-secret=$token_secret"	[ -n "$os" ] && append cmdline "--os=$os"	[ -n "$csd_wrapper" ] && [ -x "$csd_wrapper" ] && append cmdline "--csd-wrapper=$csd_wrapper"
	json_for_each_item proto_openconnect_add_form_entry form_entry
	proto_export INTERFACE="$config"	logger -t openconnect "executing 'openconnect $cmdline'"
	if [ -f "$pwfile" ]; then		proto_run_command "$config" /usr/sbin/openconnect-wrapper $pwfile $cmdline	else		proto_run_command "$config" /usr/sbin/openconnect $cmdline	fi}
proto_openconnect_teardown() {	local config="$1"
	pwfile="/var/etc/openconnect-$config.passwd"
	rm -f $pwfile	logger -t openconnect "bringing down openconnect"	proto_kill_command "$config" 2}
add_protocol openconnect