Browse Source

openconnect: support reading password from script

"token_mode" add support for "script", which execute "token_script" to
get the password.  Some token is not supported by OpenConnect natively,
e.g. "MobilePass" or "Softoken II" used in Cisco VPN

Signed-off-by: Gavin Ni <gisngy@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
lilik-openwrt-22.03
Gavin Ni 7 years ago
committed by Yousong Zhou
parent
commit
ede858fb5d
3 changed files with 19 additions and 6 deletions
  1. +1
    -1
      net/openconnect/Makefile
  2. +4
    -0
      net/openconnect/README
  3. +14
    -5
      net/openconnect/files/openconnect.sh

+ 1
- 1
net/openconnect/Makefile View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=openconnect
PKG_VERSION:=7.08
PKG_RELEASE:=6
PKG_RELEASE:=7
PKG_USE_MIPS16:=0
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz


+ 4
- 0
net/openconnect/README View File

@ -26,6 +26,10 @@ config interface 'MYVPN'
#option token_mode 'hotp'
#option token_secret '00'
# tokens from script
#option token_mode 'script'
#option token_script '/lib/custom/getocpass.sh'
# Juniper vpn support
#option juniper '1'


+ 14
- 5
net/openconnect/files/openconnect.sh View File

@ -16,6 +16,7 @@ proto_openconnect_init_config() {
proto_config_add_string "password2"
proto_config_add_string "token_mode"
proto_config_add_string "token_secret"
proto_config_add_string "token_script"
proto_config_add_string "os"
proto_config_add_string "csd_wrapper"
no_device=1
@ -25,7 +26,7 @@ proto_openconnect_init_config() {
proto_openconnect_setup() {
local config="$1"
json_get_vars server port interface username serverhash authgroup password password2 token_mode token_secret os csd_wrapper mtu juniper
json_get_vars server port interface username serverhash authgroup password password2 token_mode token_secret token_script os csd_wrapper mtu juniper
grep -q tun /proc/modules || insmod tun
ifname="vpn-$config"
@ -65,16 +66,24 @@ proto_openconnect_setup() {
}
[ -n "$authgroup" ] && append cmdline "--authgroup $authgroup"
[ -n "$username" ] && append cmdline "-u $username"
[ -n "$password" ] && {
[ -n "$password" ] || [ "$token_mode" = "script" ] && {
umask 077
mkdir -p /var/etc
pwfile="/var/etc/openconnect-$config.passwd"
echo "$password" > "$pwfile"
[ -n "$password2" ] && echo "$password2" >> "$pwfile"
[ -n "$password" ] && {
echo "$password" > "$pwfile"
[ -n "$password2" ] && echo "$password2" >> "$pwfile"
}
[ "$token_mode" = "script" ] && {
$token_script > "$pwfile" 2> /dev/null || {
logger -t openconenct "Cannot get password from script '$token_script'"
proto_setup_failed "$config"
}
}
append cmdline "--passwd-on-stdin"
}
[ -n "$token_mode" ] && append cmdline "--token-mode=$token_mode"
[ -n "$token_mode" -a "$token_mode" != "script" ] && append cmdline "--token-mode=$token_mode"
[ -n "$token_secret" ] && append cmdline "--token-secret=$token_secret"
[ -n "$os" ] && append cmdline "--os=$os"
[ -n "$csd_wrapper" ] && [ -x "$csd_wrapper" ] && append cmdline "--csd-wrapper=$csd_wrapper"


Loading…
Cancel
Save