projects / feed / packages.git / blob
? search:


d318b97e0d455cb8f5a0c7247e56b832380e17a4
[feed/packages.git] / net / openconnect / files / openconnect.sh
1 #!/bin/sh
2
3 [ -n "$INCLUDE_ONLY" ] || {
4 . /lib/functions.sh
5 . ../netifd-proto.sh
6 init_proto "$@"
7 }
8
9 append_args() {
10 while [ $# -gt 0 ]; do
11 append cmdline "'${1//\'/\'\\\'\'}'"
12 shift
13 done
14 }
15
16 proto_openconnect_init_config() {
17 proto_config_add_string "server"
18 proto_config_add_int "port"
19 proto_config_add_int "mtu"
20 proto_config_add_int "juniper"
21 proto_config_add_int "reconnect_timeout"
22 proto_config_add_string "vpn_protocol"
23 proto_config_add_boolean "pfs"
24 proto_config_add_boolean "no_dtls"
25 proto_config_add_string "interface"
26 proto_config_add_string "username"
27 proto_config_add_string "serverhash"
28 proto_config_add_string "authgroup"
29 proto_config_add_string "usergroup"
30 proto_config_add_string "password"
31 proto_config_add_string "password2"
32 proto_config_add_string "token_mode"
33 proto_config_add_string "token_secret"
34 proto_config_add_string "token_script"
35 proto_config_add_string "os"
36 proto_config_add_string "csd_wrapper"
37 proto_config_add_string "proxy"
38 proto_config_add_array 'form_entry:regex("[^:]+:[^=]+=.*")'
39 no_device=1
40 available=1
41 }
42
43 proto_openconnect_add_form_entry() {
44 [ -n "$1" ] && append_args --form-entry "$1"
45 }
46
47 proto_openconnect_setup() {
48 local config="$1"
49
50 json_get_vars \
51 authgroup \
52 csd_wrapper \
53 form_entry \
54 interface \
55 juniper \
56 vpn_protocol \
57 mtu \
58 no_dtls \
59 os \
60 password \
61 password2 \
62 pfs \
63 port \
64 proxy \
65 reconnect_timeout \
66 server \
67 serverhash \
68 token_mode \
69 token_script \
70 token_secret \
71 usergroup \
72 username \
73
74 ifname="vpn-$config"
75
76 logger -t openconnect "initializing..."
77
78 [ -n "$interface" ] && {
79 logger -t "openconnect" "adding host dependency for $server at $config"
80 for ip in $(resolveip -t 10 "$server"); do
81 logger -t "openconnect" "adding host dependency for $ip at $config"
82 proto_add_host_dependency "$config" "$ip" "$interface"
83 done
84 }
85
86 [ -n "$port" ] && port=":$port"
87
88 append_args "$server$port" -i "$ifname" --non-inter --syslog --script /lib/netifd/vpnc-script
89 [ "$pfs" = 1 ] && append_args --pfs
90 [ "$no_dtls" = 1 ] && append_args --no-dtls
91 [ -n "$mtu" ] && append_args --mtu "$mtu"
92
93 # migrate to standard config files
94 [ -f "/etc/config/openconnect-user-cert-vpn-$config.pem" ] && mv "/etc/config/openconnect-user-cert-vpn-$config.pem" "/etc/openconnect/user-cert-vpn-$config.pem"
95 [ -f "/etc/config/openconnect-user-key-vpn-$config.pem" ] && mv "/etc/config/openconnect-user-key-vpn-$config.pem" "/etc/openconnect/user-key-vpn-$config.pem"
96 [ -f "/etc/config/openconnect-ca-vpn-$config.pem" ] && mv "/etc/config/openconnect-ca-vpn-$config.pem" "/etc/openconnect/ca-vpn-$config.pem"
97
98 [ -f /etc/openconnect/user-cert-vpn-$config.pem ] && append_args -c "/etc/openconnect/user-cert-vpn-$config.pem"
99 [ -f /etc/openconnect/user-key-vpn-$config.pem ] && append_args --sslkey "/etc/openconnect/user-key-vpn-$config.pem"
100 [ -f /etc/openconnect/ca-vpn-$config.pem ] && {
101 append_args --cafile "/etc/openconnect/ca-vpn-$config.pem"
102 append_args --no-system-trust
103 }
104
105 [ "${juniper:-0}" -gt 0 ] && [ -z "$vpn_protocol" ] && {
106 vpn_protocol="nc"
107 }
108
109 [ -n "$vpn_protocol" ] && {
110 append_args --protocol "$vpn_protocol"
111 }
112
113 [ -n "$serverhash" ] && {
114 append_args "--servercert=$serverhash"
115 append_args --no-system-trust
116 }
117 [ -n "$authgroup" ] && append_args --authgroup "$authgroup"
118 [ -n "$usergroup" ] && append_args --usergroup "$usergroup"
119 [ -n "$username" ] && append_args -u "$username"
120 [ -n "$password" ] || [ "$token_mode" = "script" ] && {
121 umask 077
122 mkdir -p /var/etc
123 pwfile="/var/etc/openconnect-$config.passwd"
124 [ -n "$password" ] && {
125 echo "$password" > "$pwfile"
126 [ -n "$password2" ] && echo "$password2" >> "$pwfile"
127 }
128 [ "$token_mode" = "script" ] && {
129 $token_script >> "$pwfile" 2> /dev/null || {
130 logger -t openconenct "Cannot get password from script '$token_script'"
131 proto_setup_failed "$config"
132 }
133 }
134 append_args --passwd-on-stdin
135 }
136
137 [ -n "$token_mode" -a "$token_mode" != "script" ] && append_args "--token-mode=$token_mode"
138 [ -n "$token_secret" ] && append_args "--token-secret=$token_secret"
139 [ -n "$os" ] && append_args "--os=$os"
140 [ -n "$csd_wrapper" ] && [ -x "$csd_wrapper" ] && append_args "--csd-wrapper=$csd_wrapper"
141 [ -n "$proxy" ] && append_args "--proxy=$proxy"
142 [ -n "$reconnect_timeout" ] && append_args "--reconnect-timeout=$reconnect_timeout"
143
144 json_for_each_item proto_openconnect_add_form_entry form_entry
145
146 proto_export INTERFACE="$config"
147 logger -t openconnect "executing 'openconnect $cmdline'"
148
149 if [ -f "$pwfile" ]; then
150 eval "proto_run_command '$config' /usr/sbin/openconnect-wrapper '$pwfile' $cmdline"
151 else
152 eval "proto_run_command '$config' /usr/sbin/openconnect $cmdline"
153 fi
154 }
155
156 proto_openconnect_teardown() {
157 local config="$1"
158
159 pwfile="/var/etc/openconnect-$config.passwd"
160
161 rm -f $pwfile
162 logger -t openconnect "bringing down openconnect"
163 proto_kill_command "$config" 2
164 }
165
166 [ -n "$INCLUDE_ONLY" ] || {
167 add_protocol openconnect
168 }
Mirror of packages feed