openfortivpn: block restart after authentication failure

Block restart of the interface if the openfortivpn fails to authenticate.
Without this check, with a bad password, netifd will continually
hit the VPN endpoint with connection attempts

Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>

net/openfortivpn/files/openfortivpn-wrapper

@@ -4,10 +4,40 @@
 # file from cmd and to daemonize
 
 # $1 password file
-# $2... are passed to openconnect
+# $2 is the config name
+# $3... are passed to openconnect
 
 test -z "$1" && exit 1
 
-pwfile=$1
-shift
-exec /usr/sbin/openfortivpn "$@" < $pwfile
+pwfile=$1; shift
+config=$1; shift
+killed=0
+
+trap_with_arg() {
+    func="$1" ; shift
+    for sig ; do
+        trap "$func $sig" "$sig"
+    done
+}
+
+func_trap() {
+    logger "openfortivpn-wrapper[$$]" "sending signal ${1}"
+    killed=1
+    kill -${1} $child 2>/dev/null
+}
+
+trap_with_arg func_trap INT TERM KILL
+
+
+start_time=$(date '+%s')
+/usr/sbin/openfortivpn "$@" < $pwfile 2>/dev/null &
+child=$!
+wait $child || {
+    [ "$killed" = 1 ] && exit 0
+    current_time=$(date '+%s')
+    elapsed=$(($current_time-$start_time))
+    . /lib/netifd/netifd-proto.sh
+    proto_notify_error "$config" "Failed to connect after $elapsed seconds."
+    proto_block_restart "$config"
+    exit 1
+}

net/openfortivpn/files/openfortivpn.sh

@@ -137,7 +137,7 @@ mru 1354"  > $callfile
         proto_export INTERFACE="$ifname"
         logger -p 6 -t openfortivpn "$config: executing 'openfortivpn $cmdline'"
 
-        eval "proto_run_command '$config' /usr/sbin/openfortivpn-wrapper '$pwfile' $cmdline"
+        eval "proto_run_command '$config' /usr/sbin/openfortivpn-wrapper '$pwfile' '$config' $cmdline"
 
 }