From ebd0c440523c11f4b70fe82843af1908d00d6f61 Mon Sep 17 00:00:00 2001 From: Florian Fainelli Date: Thu, 27 Nov 2014 16:13:19 -0800 Subject: [PATCH 1/2] utils: add stoken stoken is a tokencode generator compatible with RSA SecurID 128-bit (AES). stoken supports libtomcrypt and libnettle, we build against nettle by default since tomcrypt is not packaged by OpenWrt Signed-off-by: Florian Fainelli --- utils/stoken/Makefile | 77 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 utils/stoken/Makefile diff --git a/utils/stoken/Makefile b/utils/stoken/Makefile new file mode 100644 index 000000000..7fcbdad7f --- /dev/null +++ b/utils/stoken/Makefile @@ -0,0 +1,77 @@ +# +# Copyright (C) 2014 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=stoken +PKG_VERSION:=0.8 +PKG_REV:=c4d79ffbf5053e44be4b64da22b1b7fb6a51daf2 +PKG_RELEASE:=1 + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://github.com/cernekee/stoken.git + +PKG_SOURCE_VERSION:=$(PKG_REV) +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_REV).tar.gz +PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) +PKG_MAINTAINER:=Florian Fainelli +PKG_LICENSE:=LGPL-2.1 +PKG_INSTALL:=1 + +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_SOURCE_SUBDIR) + +PKG_FIXUP:=autoreconf + +include $(INCLUDE_DIR)/package.mk + +define Package/stoken/Default + TITLE:=stoken is a tokencode generator compatible with RSA SecurID 128-bit (AES) + URL:=http://sourceforge.net/p/stoken/ + DEPENDS:= +libxml2 +libnettle +endef + +define Package/stoken + $(call Package/stoken/Default) + SECTION:=utils + CATEGORY:=Utilities + DEPENDS:=+libstoken + MENU:=1 +endef + +define Package/stoken/description + stoken is a tokencode generator compatible with RSA SecurID 128-bit (AES). This package contains the cli +endef + +define Package/libstoken + $(call Package/stoken/Default) + SECTION:=libs + CATEGORY:=Libraries +endef + +CONFIGURE_ARGS += \ + --with-nettle + +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/include $(1)/usr/lib/pkgconfig + $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libstoken*.{la,a,so*} $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/stoken.pc \ + $(1)/usr/lib/pkgconfig/ +endef + +define Package/stoken/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/stoken $(1)/usr/bin/ +endef + +define Package/libstoken/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libstoken*.so* $(1)/usr/lib +endef + +$(eval $(call BuildPackage,stoken)) +$(eval $(call BuildPackage,libstoken)) From a54d31ed3f3b165533994edb6567470825bea207 Mon Sep 17 00:00:00 2001 From: Florian Fainelli Date: Thu, 4 Dec 2014 22:51:45 -0800 Subject: [PATCH 2/2] openconnect: add an option to support stoken Add a new build configuration option for openconnect and let it link against libstoken if instructed to. Two new uci configuration variables are introduced: "token_mode" and "token_secret" to allow openconnect to use those. Signed-off-by: Florian Fainelli --- net/openconnect/Config.in | 3 +++ net/openconnect/Makefile | 12 +++++++++--- net/openconnect/README | 2 ++ net/openconnect/files/openconnect.sh | 5 ++++- 4 files changed, 18 insertions(+), 4 deletions(-) diff --git a/net/openconnect/Config.in b/net/openconnect/Config.in index 1daaeaa6a..d73bd3a88 100644 --- a/net/openconnect/Config.in +++ b/net/openconnect/Config.in @@ -15,4 +15,7 @@ config OPENCONNECT_OPENSSL endchoice +config OPENCONNECT_STOKEN + bool "stoken support" + endmenu diff --git a/net/openconnect/Makefile b/net/openconnect/Makefile index 7fe2b91e3..6bd402f34 100644 --- a/net/openconnect/Makefile +++ b/net/openconnect/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openconnect PKG_VERSION:=7.00 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=ftp://ftp.infradead.org/pub/openconnect/ @@ -29,7 +29,7 @@ endef define Package/openconnect SECTION:=net CATEGORY:=Network - DEPENDS:=+libxml2 +kmod-tun +resolveip +OPENCONNECT_OPENSSL:libopenssl +OPENCONNECT_GNUTLS:libgnutls + DEPENDS:=+libxml2 +kmod-tun +resolveip +OPENCONNECT_OPENSSL:libopenssl +OPENCONNECT_GNUTLS:libgnutls +OPENCONNECT_STOKEN:libstoken TITLE:=OpenConnect VPN client (Cisco AnyConnect compatible) MAINTAINER:=Nikos Mavrogiannopoulos URL:=http://www.infradead.org/openconnect/ @@ -48,13 +48,19 @@ endef CONFIGURE_ARGS += \ --disable-shared \ --with-vpnc-script=/lib/netifd/vpnc-script \ - --without-libpcsclite + --without-libpcsclite \ + --without-stoken ifeq ($(CONFIG_OPENCONNECT_OPENSSL),y) CONFIGURE_ARGS += \ --without-gnutls endif +ifeq ($(CONFIG_OPENCONNECT_STOKEN),y) +CONFIGURE_ARGS += \ + --with-stoken +endif + define Package/openconnect/install $(INSTALL_DIR) $(1)/etc/openconnect/ $(INSTALL_DIR) $(1)/lib/netifd/proto diff --git a/net/openconnect/README b/net/openconnect/README index 53c6e701d..57bde8d48 100644 --- a/net/openconnect/README +++ b/net/openconnect/README @@ -11,6 +11,8 @@ config interface 'MYVPN' option username 'test' option password 'secret' option serverhash 'AE7FF6A0426F0A0CD0A02EB9EC3C5066FAEB0B25' + option token_mode 'rsa' # when built with stoken support + option token_secret 'secret' # when built with stoken support The additional files are also used: /etc/openconnect/user-cert-vpn-MYVPN.pem: The user certificate diff --git a/net/openconnect/files/openconnect.sh b/net/openconnect/files/openconnect.sh index ca8fff97d..cdeac4061 100755 --- a/net/openconnect/files/openconnect.sh +++ b/net/openconnect/files/openconnect.sh @@ -17,7 +17,7 @@ proto_openconnect_init_config() { proto_openconnect_setup() { local config="$1" - json_get_vars server port username serverhash authgroup password vgroup + json_get_vars server port username serverhash authgroup password vgroup token_mode token_secret grep -q tun /proc/modules || insmod tun @@ -57,6 +57,9 @@ proto_openconnect_setup() { append cmdline "--passwd-on-stdin" } + [ -n "$token_mode" ] && append cmdline "--token-mode=$token_mode" + [ -n "$token_secret" ] && append cmdline "--token-secret=$token_secret" + proto_export INTERFACE="$config" logger -t openconnect "executing 'openconnect $cmdline'"