Ingen beskrivning

openconnect.sh 3.3KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
  1. #!/bin/sh
  2. . /lib/functions.sh
  3. . ../netifd-proto.sh
  4. init_proto "$@"
  5. proto_openconnect_init_config() {
  6. proto_config_add_string "server"
  7. proto_config_add_int "port"
  8. proto_config_add_string "username"
  9. proto_config_add_string "serverhash"
  10. proto_config_add_string "authgroup"
  11. proto_config_add_string "password"
  12. proto_config_add_string "password2"
  13. proto_config_add_string "token_mode"
  14. proto_config_add_string "token_secret"
  15. proto_config_add_string "interface"
  16. proto_config_add_string "os"
  17. proto_config_add_string "csd_wrapper"
  18. no_device=1
  19. available=1
  20. }
  21. proto_openconnect_setup() {
  22. local config="$1"
  23. json_get_vars server port username serverhash authgroup password password2 interface token_mode token_secret os csd_wrapper
  24. grep -q tun /proc/modules || insmod tun
  25. ifname="vpn-$config"
  26. logger -t openconnect "initializing..."
  27. # serv_addr=
  28. # for ip in $(resolveip -t 10 "$server"); do
  29. # ( proto_add_host_dependency "$interface" "$ip" "$ifname" )
  30. # serv_addr=1
  31. # done
  32. # [ -n "$serv_addr" ] || {
  33. # logger -t openconnect "Could not resolve server address: '$server'"
  34. # sleep 5
  35. # proto_setup_failed "$config"
  36. # exit 1
  37. # }
  38. [ -n "$port" ] && port=":$port"
  39. cmdline="$server$port -i "$ifname" --non-inter --syslog --script /lib/netifd/vpnc-script"
  40. # migrate to standard config files
  41. [ -f "/etc/config/openconnect-user-cert-vpn-$config.pem" ] && mv "/etc/config/openconnect-user-cert-vpn-$config.pem" "/etc/openconnect/user-cert-vpn-$config.pem"
  42. [ -f "/etc/config/openconnect-user-key-vpn-$config.pem" ] && mv "/etc/config/openconnect-user-key-vpn-$config.pem" "/etc/openconnect/user-key-vpn-$config.pem"
  43. [ -f "/etc/config/openconnect-ca-vpn-$config.pem" ] && mv "/etc/config/openconnect-ca-vpn-$config.pem" "/etc/openconnect/ca-vpn-$config.pem"
  44. [ -f /etc/openconnect/user-cert-vpn-$config.pem ] && append cmdline "-c /etc/openconnect/user-cert-vpn-$config.pem"
  45. [ -f /etc/openconnect/user-key-vpn-$config.pem ] && append cmdline "--sslkey /etc/openconnect/user-key-vpn-$config.pem"
  46. [ -f /etc/openconnect/ca-vpn-$config.pem ] && {
  47. append cmdline "--cafile /etc/openconnect/ca-vpn-$config.pem"
  48. append cmdline "--no-system-trust"
  49. }
  50. [ -n "$serverhash" ] && {
  51. append cmdline " --servercert=$serverhash"
  52. append cmdline "--no-system-trust"
  53. }
  54. [ -n "$authgroup" ] && append cmdline "--authgroup $authgroup"
  55. [ -n "$username" ] && append cmdline "-u $username"
  56. [ -n "$password" ] && {
  57. umask 077
  58. mkdir -p /var/etc
  59. pwfile="/var/etc/openconnect-$config.passwd"
  60. echo "$password" > "$pwfile"
  61. [ -n "$password2" ] && echo "$password2" >> "$pwfile"
  62. append cmdline "--passwd-on-stdin"
  63. }
  64. [ -n "$token_mode" ] && append cmdline "--token-mode=$token_mode"
  65. [ -n "$token_secret" ] && append cmdline "--token-secret=$token_secret"
  66. [ -n "$os" ] && append cmdline "--os=$os"
  67. [ -n "$csd_wrapper" ] && [ -x "$csd_wrapper" ] && append cmdline "--csd-wrapper=$csd_wrapper"
  68. proto_export INTERFACE="$config"
  69. logger -t openconnect "executing 'openconnect $cmdline'"
  70. if [ -f "$pwfile" ]; then
  71. proto_run_command "$config" /usr/sbin/openconnect-wrapper $pwfile $cmdline
  72. else
  73. proto_run_command "$config" /usr/sbin/openconnect $cmdline
  74. fi
  75. }
  76. proto_openconnect_teardown() {
  77. local config="$1"
  78. pwfile="/var/etc/openconnect-$config.passwd"
  79. rm -f $pwfile
  80. logger -t openconnect "bringing down openconnect"
  81. proto_kill_command "$config" 2
  82. }
  83. add_protocol openconnect