Merge pull request #12899 from aaronjg/openwrtize-openfortivpn

openfortivpn: use a more 'OpenWRT' paradigm throughout the code

net/openfortivpn/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openfortivpn
 PKG_VERSION:=1.14.1
-PKG_RELEASE:=5
+PKG_RELEASE:=6
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/adrienverge/openfortivpn/tar.gz/v$(PKG_VERSION)?

net/openfortivpn/files/14-openforticlient

@@ -1,18 +1,27 @@
 #!/bin/sh
+. /lib/functions.sh
 . /usr/share/libubox/jshn.sh
 [ "$ACTION" != ifup ] && exit
 
-networks=$(uci show network | sed "s/network.\([^.]*\).proto='openfortivpn'/\1/;t;d")
-for i in $networks; do
-    iface=$(uci get "network.${i}.iface_name")
-    iface_success=$?
-    [ $? -eq 0 ] && [ $INTERFACE == "$iface" ] && {
-        logger -t "openfortivpnhotplug" "$ACTION on $INTERFACE to bring up $i"
-        json_load "$(ifstatus $i)"
+handle_network()
+{
+    config_get iface $1 iface_name
+    [ $INTERFACE != "$iface" ] && return
+    [ $(config_get $1 proto) != "openfortivpn" ] && return
+
+    config_get_bool load_on_boot $1 auto
+    [ -n "$load_on_boot" ] && [ "$load_on_boot" -eq 0 ] && return
+    status="$(ifstatus $1)" || continue
+        json_load "$status"
         json_get_var autostart autostart
+        logger -t "openfortivpnhotplug" "$ACTION on $INTERFACE to bring up $1. Autostart is $autostart"
 	[ "$autostart" -eq 0 ] && {
-            logger -t "openfortivpnhotplug" "auto-start was false. bringing $i up"
-            ubus call network.interface up "{ \"interface\" : \"$i\" }"
+            logger -t "openfortivpnhotplug" "auto-start was false. bringing $1 up"
+            ubus call network.interface up "{ \"interface\" : \"$1\" }"
         }
-    }
-done
+}
+
+
+config_load network
+config_foreach handle_network interface
+exit 0

net/openfortivpn/files/openfortivpn-wrapper

@@ -4,10 +4,40 @@
 # file from cmd and to daemonize
 
 # $1 password file
-# $2... are passed to openconnect
+# $2 is the config name
+# $3... are passed to openconnect
 
 test -z "$1" && exit 1
 
-pwfile=$1
-shift
-exec /usr/sbin/openfortivpn "$@" < $pwfile
+pwfile=$1; shift
+config=$1; shift
+killed=0
+
+trap_with_arg() {
+    func="$1" ; shift
+    for sig ; do
+        trap "$func $sig" "$sig"
+    done
+}
+
+func_trap() {
+    logger "openfortivpn-wrapper[$$]" "$config: sending signal ${1}"
+    killed=1
+    kill -${1} $child 2>/dev/null
+}
+
+trap_with_arg func_trap INT TERM KILL
+
+
+start_time=$(date '+%s')
+/usr/sbin/openfortivpn "$@" < $pwfile 2>/dev/null &
+child=$!
+wait $child || {
+    [ "$killed" = 1 ] && exit 0
+    current_time=$(date '+%s')
+    elapsed=$(($current_time-$start_time))
+    . /lib/netifd/netifd-proto.sh
+    proto_notify_error "$config" "Failed to connect after $elapsed seconds."
+    proto_block_restart "$config"
+    exit 1
+}

net/openfortivpn/files/openfortivpn.sh

@@ -1,5 +1,6 @@
 #!/bin/sh
 . /lib/functions.sh
+. /lib/functions/network.sh
 . ../netifd-proto.sh
 init_proto "$@"
 
@@ -18,38 +19,36 @@ proto_openfortivpn_init_config() {
         proto_config_add_string "username"
         proto_config_add_string "password"
         proto_config_add_string "trusted_cert"
-        proto_config_add_string "remote_status_check"	
-        proto_config_add_int "peerdns"
-        proto_config_add_int "metric"
+        proto_config_add_string "remote_status_check"
         no_device=1
         available=1
 }
 
 proto_openfortivpn_setup() {
-        local config="$1"
-        local msg
+	local config="$1"
+
+	local msg ifname ip server_ip pwfile callfile
 
+	local host server port iface_name local_ip username password trusted_cert \
+	              remote_status_check
         json_get_vars host server port iface_name local_ip username password trusted_cert \
-	              remote_status_check peerdns metric
+	              remote_status_check
 
         ifname="vpn-$config"
 
 
         [ -n "$iface_name" ] && {
-            json_load "$(ifstatus $iface_name)"
-            json_get_var iface_device_name l3_device
-            json_get_var iface_device_up up
-        }
-
-        [ "$iface_device_up" -eq 1 ] || {
-            msg="$iface_name is not up $iface_device_up"
-            logger -t "openfortivpn" "$config: $msg"
-            proto_notify_error "$config" "$msg"
-            proto_block_restart "$config"
-            exit 1
-        }
+		network_get_device iface_device_name "$iface_name"
+		network_is_up "$iface_name"  || {
+		msg="$iface_name is not up $iface_device_up"
+		logger -t "openfortivpn" "$config: $msg"
+		proto_notify_error "$config" "$msg"
+		proto_block_restart "$config"
+		exit 1
+		}
+	}
 
-        server_ip=$(resolveip -t 10 "$server")
+	server_ip=$(resolveip -4 -t 10 "$server")
 
         [ $? -eq 0 ] || {
             msg="$config: failed to resolve server ip for $server"
@@ -81,7 +80,7 @@ proto_openfortivpn_setup() {
             }
 	}
 
-        for ip in $(resolveip -t 10 "$server"); do
+        for ip in $(resolveip -4 -t 10 "$server"); do
                 logger -p 6 -t "openfortivpn" "$config: adding host dependency for $ip on $iface_name at $config"
                 proto_add_host_dependency "$config" "$ip" "$iface_name"
         done
@@ -89,12 +88,10 @@ proto_openfortivpn_setup() {
 
 
         [ -n "$port" ] && port=":$port"
-	[ -z "$peerdns" ] && peerdns=1
-
         append_args "$server$port" --pppd-ifname="$ifname" --use-syslog  -c /dev/null
         append_args "--set-dns=0"
         append_args "--no-routes"
-        append_args "--pppd-use-peerdns=$peerdns"
+        append_args "--pppd-use-peerdns=1"
 
         [ -n "$iface_name" ] && {
             append_args "--ifname=$iface_device_name"
@@ -104,15 +101,15 @@ proto_openfortivpn_setup() {
         [ -n "$username" ] && append_args -u "$username"
         [ -n "$password" ] && {
                 umask 077
-                mkdir -p /var/etc
+                mkdir -p '/var/etc/openfortivpn'
                 pwfile="/var/etc/openfortivpn/$config.passwd"
                 echo "$password" > "$pwfile"
         }
 
-        [ -n "$local_ip" ] || local_ip=192.0.2.1
+        [ -n "$local_ip" ] || local_ip=$server_ip
         [ -e '/etc/ppp/peers' ] || mkdir -p '/etc/ppp/peers'
         [ -e '/etc/ppp/peers/openfortivpn' ] || {
-            ln -s -T '/var/etc/openfortivpn/peers' '/etc/ppp/peers/openfortivpn'
+            ln -s -T '/var/etc/openfortivpn/peers' '/etc/ppp/peers/openfortivpn' 2> /dev/null
             mkdir -p '/var/etc/openfortivpn/peers'
         }
 
@@ -125,7 +122,6 @@ noauth
 default-asyncmap
 nopcomp
 receive-all
-defaultroute
 nodetach
 ipparam $config
 lcp-max-configure 40
@@ -134,10 +130,8 @@ ip-down-script /lib/netifd/ppp-down
 mru 1354"  > $callfile
         append_args "--pppd-call=openfortivpn/$config"
 
-        proto_export INTERFACE="$ifname"
         logger -p 6 -t openfortivpn "$config: executing 'openfortivpn $cmdline'"
-
-        eval "proto_run_command '$config' /usr/sbin/openfortivpn-wrapper '$pwfile' $cmdline"
+        eval "proto_run_command '$config' /usr/sbin/openfortivpn-wrapper '$pwfile' '$config' $cmdline"
 
 }