openconnect: allow processing multiple passwords from stdin

[feed/packages.git] / net / openconnect / files / openconnect.sh

diff --git a/net/openconnect/files/openconnect.sh b/net/openconnect/files/openconnect.sh
index 553a4ed51ac4a82fdae4413f42bad8e8f6489543..9b1e652bd7e12a3c81188718d055d9fa692c41e3 100755 (executable)
--- a/net/openconnect/files/openconnect.sh
+++ b/net/openconnect/files/openconnect.sh
@@ -10,6 +10,12 @@ proto_openconnect_init_config() {
        proto_config_add_string "serverhash"
        proto_config_add_string "authgroup"
        proto_config_add_string "password"
+       proto_config_add_string "password2"
+       proto_config_add_string "token_mode"
+       proto_config_add_string "token_secret"
+       proto_config_add_string "interface"
+       proto_config_add_string "os"
+       proto_config_add_string "csd_wrapper"
        no_device=1
        available=1
 }
@@ -17,14 +23,14 @@ proto_openconnect_init_config() {
 proto_openconnect_setup() {
        local config="$1"
 
-       json_get_vars server port username serverhash authgroup password vgroup token_mode token_secret
+       json_get_vars server port username serverhash authgroup password password2 interface token_mode token_secret os csd_wrapper
 
        grep -q tun /proc/modules || insmod tun
 
        logger -t openconnect "initializing..."
        serv_addr=
        for ip in $(resolveip -t 10 "$server"); do
-               ( proto_add_host_dependency "$config" "$ip" )
+               ( proto_add_host_dependency "$config" "$ip" $interface )
                serv_addr=1
        done
        [ -n "$serv_addr" ] || {
@@ -38,6 +44,11 @@ proto_openconnect_setup() {
 
        cmdline="$server$port -i vpn-$config --non-inter --syslog --script /lib/netifd/vpnc-script"
 
+       # migrate to standard config files
+       [ -f "/etc/config/openconnect-user-cert-vpn-$config.pem" ] && mv "/etc/config/openconnect-user-cert-vpn-$config.pem" "/etc/openconnect/user-cert-vpn-$config.pem"
+       [ -f "/etc/config/openconnect-user-key-vpn-$config.pem" ] && mv "/etc/config/openconnect-user-key-vpn-$config.pem" "/etc/openconnect/user-key-vpn-$config.pem"
+       [ -f "/etc/config/openconnect-ca-vpn-$config.pem" ] && mv "/etc/config/openconnect-ca-vpn-$config.pem" "/etc/openconnect/ca-vpn-$config.pem"
+
        [ -f /etc/openconnect/user-cert-vpn-$config.pem ] && append cmdline "-c /etc/openconnect/user-cert-vpn-$config.pem"
        [ -f /etc/openconnect/user-key-vpn-$config.pem ] && append cmdline "--sslkey /etc/openconnect/user-key-vpn-$config.pem"
        [ -f /etc/openconnect/ca-vpn-$config.pem ] && {
@@ -52,13 +63,17 @@ proto_openconnect_setup() {
        [ -n "$username" ] && append cmdline "-u $username"
        [ -n "$password" ] && {
                umask 077
-               pwfile="/var/run/openconnect-$config.passwd"
+               mkdir -p /var/etc
+               pwfile="/var/etc/openconnect-$config.passwd"
                echo "$password" > "$pwfile"
+               [ -n "$password2" ] && echo "$password2" >> "$pwfile"
                append cmdline "--passwd-on-stdin"
        }
 
        [ -n "$token_mode" ] && append cmdline "--token-mode=$token_mode"
        [ -n "$token_secret" ] && append cmdline "--token-secret=$token_secret"
+       [ -n "$os" ] && append cmdline "--os=$os"
+       [ -n "$csd_wrapper" ] && [ -x "$csd_wrapper" ] && append cmdline "--csd-wrapper=$csd_wrapper"
 
        proto_export INTERFACE="$config"
        logger -t openconnect "executing 'openconnect $cmdline'"
@@ -73,7 +88,7 @@ proto_openconnect_setup() {
 proto_openconnect_teardown() {
        local config="$1"
 
-       pwfile="/var/run/openconnect-$config.passwd"
+       pwfile="/var/etc/openconnect-$config.passwd"
 
        rm -f $pwfile
        logger -t openconnect "bringing down openconnect"