- #!/bin/sh
- . /lib/functions.sh
- . ../netifd-proto.sh
- init_proto "$@"
-
- append_args() {
- while [ $# -gt 0 ]; do
- append cmdline "'${1//\'/\'\\\'\'}'"
- shift
- done
- }
-
- proto_openconnect_init_config() {
- proto_config_add_string "server"
- proto_config_add_int "port"
- proto_config_add_int "mtu"
- proto_config_add_int "juniper"
- proto_config_add_string "vpn_protocol"
- proto_config_add_boolean "no_dtls"
- proto_config_add_string "interface"
- proto_config_add_string "username"
- proto_config_add_string "serverhash"
- proto_config_add_string "authgroup"
- proto_config_add_string "usergroup"
- proto_config_add_string "password"
- proto_config_add_string "password2"
- proto_config_add_string "token_mode"
- proto_config_add_string "token_secret"
- proto_config_add_string "token_script"
- proto_config_add_string "os"
- proto_config_add_string "csd_wrapper"
- proto_config_add_array 'form_entry:regex("[^:]+:[^=]+=.*")'
- no_device=1
- available=1
- }
-
- proto_openconnect_add_form_entry() {
- [ -n "$1" ] && append_args --form-entry "$1"
- }
-
- proto_openconnect_setup() {
- local config="$1"
-
- json_get_vars \
- authgroup \
- csd_wrapper \
- form_entry \
- interface \
- juniper \
- vpn_protocol \
- mtu \
- no_dtls \
- os \
- password \
- password2 \
- port \
- server \
- serverhash \
- token_mode \
- token_script \
- token_secret \
- usergroup \
- username \
-
- grep -q tun /proc/modules || insmod tun
- ifname="vpn-$config"
-
- logger -t openconnect "initializing..."
-
- logger -t "openconnect" "adding host dependency for $server at $config"
- for ip in $(resolveip -t 10 "$server"); do
- logger -t "openconnect" "adding host dependency for $ip at $config"
- proto_add_host_dependency "$config" "$ip" "$interface"
- done
-
- [ -n "$port" ] && port=":$port"
-
- append_args "$server$port" -i "$ifname" --non-inter --syslog --script /lib/netifd/vpnc-script
- [ "$no_dtls" = 1 ] && append_args --no-dtls
- [ -n "$mtu" ] && append_args --mtu "$mtu"
-
- # migrate to standard config files
- [ -f "/etc/config/openconnect-user-cert-vpn-$config.pem" ] && mv "/etc/config/openconnect-user-cert-vpn-$config.pem" "/etc/openconnect/user-cert-vpn-$config.pem"
- [ -f "/etc/config/openconnect-user-key-vpn-$config.pem" ] && mv "/etc/config/openconnect-user-key-vpn-$config.pem" "/etc/openconnect/user-key-vpn-$config.pem"
- [ -f "/etc/config/openconnect-ca-vpn-$config.pem" ] && mv "/etc/config/openconnect-ca-vpn-$config.pem" "/etc/openconnect/ca-vpn-$config.pem"
-
- [ -f /etc/openconnect/user-cert-vpn-$config.pem ] && append_args -c "/etc/openconnect/user-cert-vpn-$config.pem"
- [ -f /etc/openconnect/user-key-vpn-$config.pem ] && append_args --sslkey "/etc/openconnect/user-key-vpn-$config.pem"
- [ -f /etc/openconnect/ca-vpn-$config.pem ] && {
- append_args --cafile "/etc/openconnect/ca-vpn-$config.pem"
- append_args --no-system-trust
- }
-
- if [ "${juniper:-0}" -gt 0 ]; then
- append_args --juniper
- fi
-
- [ -n "$vpn_protocol" ] && {
- append_args --protocol "$vpn_protocol"
- }
-
- [ -n "$serverhash" ] && {
- append_args "--servercert=$serverhash"
- append_args --no-system-trust
- }
- [ -n "$authgroup" ] && append_args --authgroup "$authgroup"
- [ -n "$usergroup" ] && append_args --usergroup "$usergroup"
- [ -n "$username" ] && append_args -u "$username"
- [ -n "$password" ] || [ "$token_mode" = "script" ] && {
- umask 077
- mkdir -p /var/etc
- pwfile="/var/etc/openconnect-$config.passwd"
- [ -n "$password" ] && {
- echo "$password" > "$pwfile"
- [ -n "$password2" ] && echo "$password2" >> "$pwfile"
- }
- [ "$token_mode" = "script" ] && {
- $token_script > "$pwfile" 2> /dev/null || {
- logger -t openconenct "Cannot get password from script '$token_script'"
- proto_setup_failed "$config"
- }
- }
- append_args --passwd-on-stdin
- }
-
- [ -n "$token_mode" -a "$token_mode" != "script" ] && append_args "--token-mode=$token_mode"
- [ -n "$token_secret" ] && append_args "--token-secret=$token_secret"
- [ -n "$os" ] && append_args "--os=$os"
- [ -n "$csd_wrapper" ] && [ -x "$csd_wrapper" ] && append_args "--csd-wrapper=$csd_wrapper"
-
- json_for_each_item proto_openconnect_add_form_entry form_entry
-
- proto_export INTERFACE="$config"
- logger -t openconnect "executing 'openconnect $cmdline'"
-
- if [ -f "$pwfile" ]; then
- eval "proto_run_command '$config' /usr/sbin/openconnect-wrapper '$pwfile' $cmdline"
- else
- eval "proto_run_command '$config' /usr/sbin/openconnect $cmdline"
- fi
- }
-
- proto_openconnect_teardown() {
- local config="$1"
-
- pwfile="/var/etc/openconnect-$config.passwd"
-
- rm -f $pwfile
- logger -t openconnect "bringing down openconnect"
- proto_kill_command "$config" 2
- }
-
- add_protocol openconnect
|
