net/openconnect/files/openconnect.sh

   1 #!/bin/sh
   2 . /lib/functions.sh
   3 . ../netifd-proto.sh
   4 init_proto "$@"
   5
   6 proto_openconnect_init_config() {
   7         proto_config_add_string "server"
   8         proto_config_add_int "port"
   9         proto_config_add_string "username"
  10         proto_config_add_string "serverhash"
  11         proto_config_add_string "authgroup"
  12         proto_config_add_string "password"
  13         no_device=1
  14         available=1
  15 }
  16
  17 proto_openconnect_setup() {
  18         local config="$1"
  19
  20         json_get_vars server port username serverhash authgroup password vgroup token_mode token_secret
  21
  22         grep -q tun /proc/modules || insmod tun
  23
  24         logger -t openconnect "initializing..."
  25         serv_addr=
  26         for ip in $(resolveip -t 10 "$server"); do
  27                 ( proto_add_host_dependency "$config" "$ip" )
  28                 serv_addr=1
  29         done
  30         [ -n "$serv_addr" ] || {
  31                 logger -t openconnect "Could not resolve server address: '$server'"
  32                 sleep 60
  33                 proto_setup_failed "$config"
  34                 exit 1
  35         }
  36
  37         [ -n "$port" ] && port=":$port"
  38
  39         cmdline="$server$port -i vpn-$config --non-inter --syslog --script /lib/netifd/vpnc-script"
  40
  41         # migrate to new config files
  42         [ -f /etc/openconnect/user-cert-vpn-$config.pem ] && mv "/etc/openconnect/user-cert-vpn-$config.pem" "/etc/config/openconnect-user-cert-vpn-$config.pem"
  43         [ -f /etc/openconnect/user-key-vpn-$config.pem ] && mv "/etc/openconnect/user-key-vpn-$config.pem" "/etc/config/openconnect-user-key-vpn-$config.pem"
  44         [ -f /etc/openconnect/ca-vpn-$config.pem ] && mv "/etc/openconnect/ca-vpn-$config.pem" "/etc/config/openconnect-ca-vpn-$config.pem"
  45
  46         # read new config files
  47         [ -f /etc/config/openconnect-user-cert-vpn-$config.pem ] && append cmdline "-c /etc/config/openconnect-user-cert-vpn-$config.pem"
  48         [ -f /etc/config/openconnect-user-key-vpn-$config.pem ] && append cmdline "--sslkey /etc/config/openconnect-user-key-vpn-$config.pem"
  49         [ -f /etc/config/openconnect-ca-vpn-$config.pem ] && {
  50                 append cmdline "--cafile /etc/openconnect/ca-vpn-$config.pem"
  51                 append cmdline "--no-system-trust"
  52         }
  53
  54         [ -n "$serverhash" ] && {
  55                 append cmdline " --servercert=$serverhash"
  56                 append cmdline "--no-system-trust"
  57         }
  58         [ -n "$authgroup" ] && append cmdline "--authgroup $authgroup"
  59         [ -n "$username" ] && append cmdline "-u $username"
  60         [ -n "$password" ] && {
  61                 umask 077
  62                 pwfile="/var/run/openconnect-$config.passwd"
  63                 echo "$password" > "$pwfile"
  64                 append cmdline "--passwd-on-stdin"
  65         }
  66
  67         [ -n "$token_mode" ] && append cmdline "--token-mode=$token_mode"
  68         [ -n "$token_secret" ] && append cmdline "--token-secret=$token_secret"
  69
  70         proto_export INTERFACE="$config"
  71         logger -t openconnect "executing 'openconnect $cmdline'"
  72
  73         if [ -f "$pwfile" ]; then
  74                 proto_run_command "$config" /usr/sbin/openconnect-wrapper $pwfile $cmdline
  75         else
  76                 proto_run_command "$config" /usr/sbin/openconnect $cmdline
  77         fi
  78 }
  79
  80 proto_openconnect_teardown() {
  81         local config="$1"
  82
  83         pwfile="/var/run/openconnect-$config.passwd"
  84
  85         rm -f $pwfile
  86         logger -t openconnect "bringing down openconnect"
  87         proto_kill_command "$config" 2
  88 }
  89
  90 add_protocol openconnect