Bez popisu

openconnect.sh 2.1KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172
  1. #!/bin/sh
  2. . /lib/functions.sh
  3. . ../netifd-proto.sh
  4. init_proto "$@"
  5. proto_openconnect_init_config() {
  6. proto_config_add_string "server"
  7. proto_config_add_int "port"
  8. proto_config_add_string "username"
  9. proto_config_add_string "serverhash"
  10. proto_config_add_string "authgroup"
  11. proto_config_add_string "password"
  12. no_device=1
  13. available=1
  14. }
  15. proto_openconnect_setup() {
  16. local config="$1"
  17. json_get_vars server port username serverhash authgroup password vgroup
  18. grep -q tun /proc/modules || insmod tun
  19. logger -t openconnect "initializing..."
  20. serv_addr=
  21. for ip in $(resolveip -t 10 "$server"); do
  22. ( proto_add_host_dependency "$config" "$ip" )
  23. serv_addr=1
  24. done
  25. [ -n "$serv_addr" ] || {
  26. logger -t openconnect "Could not resolve server address: '$server'"
  27. sleep 20
  28. proto_setup_failed "$config"
  29. exit 1
  30. }
  31. [ -n "$port" ] && port=":$port"
  32. cmdline="$server$port -i vpn-$config --non-inter --syslog --script /lib/netifd/vpnc-script"
  33. [ -f /etc/openconnect/ca-vpn-$config.pem ] && append cmdline "--cafile /etc/openconnect/ca-vpn-$config.pem"
  34. [ -f /etc/openconnect/user-cert-vpn-$config.pem ] && append cmdline "-c /etc/openconnect/user-cert-vpn-$config.pem"
  35. [ -f /etc/openconnect/user-key-vpn-$config.pem ] && append cmdline "--sslkey /etc/openconnect/user-key-vpn-$config.pem"
  36. [ -n "$serverhash" ] && append cmdline "--servercert=$serverhash"
  37. [ -n "$authgroup" ] && append cmdline "--authgroup $authgroup"
  38. [ -n "$username" ] && append cmdline "-u $username"
  39. [ -n "$password" ] && {
  40. umask 077
  41. pwfile="/var/run/openconnect-$config.passwd"
  42. echo "$password" > "$pwfile"
  43. append cmdline "--passwd-on-stdin"
  44. }
  45. proto_export INTERFACE="$config"
  46. logger -t openconnect "executing 'openconnect $cmdline'"
  47. if [ -f "$pwfile" ];then
  48. proto_run_command "$config" /usr/sbin/openconnect $cmdline <$pwfile
  49. else
  50. proto_run_command "$config" /usr/sbin/openconnect $cmdline
  51. fi
  52. }
  53. proto_openconnect_teardown() {
  54. pwfile="/var/run/openconnect-$config.passwd"
  55. rm -f $pwfile
  56. logger -t openconnect "bringing down openconnect"
  57. proto_kill_command "$config"
  58. }
  59. add_protocol openconnect