Bez popisu

openconnect.sh 3.2KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596
  1. #!/bin/sh
  2. . /lib/functions.sh
  3. . ../netifd-proto.sh
  4. init_proto "$@"
  5. proto_openconnect_init_config() {
  6. proto_config_add_string "server"
  7. proto_config_add_int "port"
  8. proto_config_add_string "username"
  9. proto_config_add_string "serverhash"
  10. proto_config_add_string "authgroup"
  11. proto_config_add_string "password"
  12. proto_config_add_string "token_mode"
  13. proto_config_add_string "token_secret"
  14. proto_config_add_string "interface"
  15. proto_config_add_string "os"
  16. proto_config_add_string "csd_wrapper"
  17. no_device=1
  18. available=1
  19. }
  20. proto_openconnect_setup() {
  21. local config="$1"
  22. json_get_vars server port username serverhash authgroup password interface token_mode token_secret os csd_wrapper
  23. grep -q tun /proc/modules || insmod tun
  24. logger -t openconnect "initializing..."
  25. serv_addr=
  26. for ip in $(resolveip -t 10 "$server"); do
  27. ( proto_add_host_dependency "$config" "$ip" $interface )
  28. serv_addr=1
  29. done
  30. [ -n "$serv_addr" ] || {
  31. logger -t openconnect "Could not resolve server address: '$server'"
  32. sleep 60
  33. proto_setup_failed "$config"
  34. exit 1
  35. }
  36. [ -n "$port" ] && port=":$port"
  37. cmdline="$server$port -i vpn-$config --non-inter --syslog --script /lib/netifd/vpnc-script"
  38. # migrate to standard config files
  39. [ -f "/etc/config/openconnect-user-cert-vpn-$config.pem" ] && mv "/etc/config/openconnect-user-cert-vpn-$config.pem" "/etc/openconnect/user-cert-vpn-$config.pem"
  40. [ -f "/etc/config/openconnect-user-key-vpn-$config.pem" ] && mv "/etc/config/openconnect-user-key-vpn-$config.pem" "/etc/openconnect/user-key-vpn-$config.pem"
  41. [ -f "/etc/config/openconnect-ca-vpn-$config.pem" ] && mv "/etc/config/openconnect-ca-vpn-$config.pem" "/etc/openconnect/ca-vpn-$config.pem"
  42. [ -f /etc/openconnect/user-cert-vpn-$config.pem ] && append cmdline "-c /etc/openconnect/user-cert-vpn-$config.pem"
  43. [ -f /etc/openconnect/user-key-vpn-$config.pem ] && append cmdline "--sslkey /etc/openconnect/user-key-vpn-$config.pem"
  44. [ -f /etc/openconnect/ca-vpn-$config.pem ] && {
  45. append cmdline "--cafile /etc/openconnect/ca-vpn-$config.pem"
  46. append cmdline "--no-system-trust"
  47. }
  48. [ -n "$serverhash" ] && {
  49. append cmdline " --servercert=$serverhash"
  50. append cmdline "--no-system-trust"
  51. }
  52. [ -n "$authgroup" ] && append cmdline "--authgroup $authgroup"
  53. [ -n "$username" ] && append cmdline "-u $username"
  54. [ -n "$password" ] && {
  55. umask 077
  56. mkdir -p /var/etc
  57. pwfile="/var/etc/openconnect-$config.passwd"
  58. echo "$password" > "$pwfile"
  59. append cmdline "--passwd-on-stdin"
  60. }
  61. [ -n "$token_mode" ] && append cmdline "--token-mode=$token_mode"
  62. [ -n "$token_secret" ] && append cmdline "--token-secret=$token_secret"
  63. [ -n "$os" ] && append cmdline "--os=$os"
  64. [ -n "$csd_wrapper" ] && [ -x "$csd_wrapper" ] && append cmdline "--csd-wrapper=$csd_wrapper"
  65. proto_export INTERFACE="$config"
  66. logger -t openconnect "executing 'openconnect $cmdline'"
  67. if [ -f "$pwfile" ]; then
  68. proto_run_command "$config" /usr/sbin/openconnect-wrapper $pwfile $cmdline
  69. else
  70. proto_run_command "$config" /usr/sbin/openconnect $cmdline
  71. fi
  72. }
  73. proto_openconnect_teardown() {
  74. local config="$1"
  75. pwfile="/var/etc/openconnect-$config.passwd"
  76. rm -f $pwfile
  77. logger -t openconnect "bringing down openconnect"
  78. proto_kill_command "$config" 2
  79. }
  80. add_protocol openconnect