external/subpack/net/openconnect/files/openconnect.sh - T108 - Gitiles

 #!/bin/sh
 . /lib/functions.sh
 . ../netifd-proto.sh
 init_proto "$@"

 append_args() {
 	while [ $# -gt 0 ]; do
 		append cmdline "'${1//\'/\'\\\'\'}'"
 		shift
 	done
 }

 proto_openconnect_init_config() {
 	proto_config_add_string "server"
 	proto_config_add_int "port"
 	proto_config_add_int "mtu"
 	proto_config_add_int "juniper"
 	proto_config_add_string "vpn_protocol"
 	proto_config_add_boolean "no_dtls"
 	proto_config_add_string "interface"
 	proto_config_add_string "username"
 	proto_config_add_string "serverhash"
 	proto_config_add_string "authgroup"
 	proto_config_add_string "usergroup"
 	proto_config_add_string "password"
 	proto_config_add_string "password2"
 	proto_config_add_string "token_mode"
 	proto_config_add_string "token_secret"
 	proto_config_add_string "token_script"
 	proto_config_add_string "os"
 	proto_config_add_string "csd_wrapper"
 	proto_config_add_array 'form_entry:regex("[^:]+:[^=]+=.*")'
 	no_device=1
 	available=1
 }

 proto_openconnect_add_form_entry() {
 	[ -n "$1" ] && append_args --form-entry "$1"
 }

 proto_openconnect_setup() {
 	local config="$1"

 	json_get_vars \
 		authgroup \
 		csd_wrapper \
 		form_entry \
 		interface \
 		juniper \
 		vpn_protocol \
 		mtu \
 		no_dtls \
 		os \
 		password \
 		password2 \
 		port \
 		server \
 		serverhash \
 		token_mode \
 		token_script \
 		token_secret \
 		usergroup \
 		username \

 	grep -q tun /proc/modules || insmod tun
 	ifname="vpn-$config"

 	logger -t openconnect "initializing..."

 	logger -t "openconnect" "adding host dependency for $server at $config"
 	for ip in $(resolveip -t 10 "$server"); do
 		logger -t "openconnect" "adding host dependency for $ip at $config"
 		proto_add_host_dependency "$config" "$ip" "$interface"
 	done

 	[ -n "$port" ] && port=":$port"

 	append_args "$server$port" -i "$ifname" --non-inter --syslog --script /lib/netifd/vpnc-script
 	[ "$no_dtls" = 1 ] && append_args --no-dtls
 	[ -n "$mtu" ] && append_args --mtu "$mtu"

 	# migrate to standard config files
 	[ -f "/etc/config/openconnect-user-cert-vpn-$config.pem" ] && mv "/etc/config/openconnect-user-cert-vpn-$config.pem" "/etc/openconnect/user-cert-vpn-$config.pem"
 	[ -f "/etc/config/openconnect-user-key-vpn-$config.pem" ] && mv "/etc/config/openconnect-user-key-vpn-$config.pem" "/etc/openconnect/user-key-vpn-$config.pem"
 	[ -f "/etc/config/openconnect-ca-vpn-$config.pem" ] && mv "/etc/config/openconnect-ca-vpn-$config.pem" "/etc/openconnect/ca-vpn-$config.pem"

 	[ -f /etc/openconnect/user-cert-vpn-$config.pem ] && append_args -c "/etc/openconnect/user-cert-vpn-$config.pem"
 	[ -f /etc/openconnect/user-key-vpn-$config.pem ] && append_args --sslkey "/etc/openconnect/user-key-vpn-$config.pem"
 	[ -f /etc/openconnect/ca-vpn-$config.pem ] && {
 		append_args --cafile "/etc/openconnect/ca-vpn-$config.pem"
 		append_args --no-system-trust
 	}

 	if [ "${juniper:-0}" -gt 0 ]; then
 		append_args --juniper
 	fi

 	[ -n "$vpn_protocol" ] && {
 		append_args --protocol "$vpn_protocol"
 	}

 	[ -n "$serverhash" ] && {
 		append_args "--servercert=$serverhash"
 		append_args --no-system-trust
 	}
 	[ -n "$authgroup" ] && append_args --authgroup "$authgroup"
 	[ -n "$usergroup" ] && append_args --usergroup "$usergroup"
 	[ -n "$username" ] && append_args -u "$username"
 	[ -n "$password" ] || [ "$token_mode" = "script" ] && {
 		umask 077
 		mkdir -p /var/etc
 		pwfile="/var/etc/openconnect-$config.passwd"
 		[ -n "$password" ] && {
 			echo "$password" > "$pwfile"
 			[ -n "$password2" ] && echo "$password2" >> "$pwfile"
 		}
 		[ "$token_mode" = "script" ] && {
 			$token_script >> "$pwfile" 2> /dev/null || {
 				logger -t openconenct "Cannot get password from script '$token_script'"
 				proto_setup_failed "$config"
 			}
 		}
 		append_args --passwd-on-stdin
 	}

 	[ -n "$token_mode" -a "$token_mode" != "script" ] && append_args "--token-mode=$token_mode"
 	[ -n "$token_secret" ] && append_args "--token-secret=$token_secret"
 	[ -n "$os" ] && append_args "--os=$os"
 	[ -n "$csd_wrapper" ] && [ -x "$csd_wrapper" ] && append_args "--csd-wrapper=$csd_wrapper"

 	json_for_each_item proto_openconnect_add_form_entry form_entry

 	proto_export INTERFACE="$config"
 	logger -t openconnect "executing 'openconnect $cmdline'"

 	if [ -f "$pwfile" ]; then
 		eval "proto_run_command '$config' /usr/sbin/openconnect-wrapper '$pwfile' $cmdline"
 	else
 		eval "proto_run_command '$config' /usr/sbin/openconnect $cmdline"
 	fi
 }

 proto_openconnect_teardown() {
 	local config="$1"

 	pwfile="/var/etc/openconnect-$config.passwd"

 	rm -f $pwfile
 	logger -t openconnect "bringing down openconnect"
 	proto_kill_command "$config" 2
 }

 add_protocol openconnect
	#!/bin/sh
	. /lib/functions.sh
	. ../netifd-proto.sh
	init_proto "$@"

	append_args() {
	while [ $# -gt 0 ]; do
	append cmdline "'${1//\'/\'\\\'\'}'"
	shift
	done
	}

	proto_openconnect_init_config() {
	proto_config_add_string "server"
	proto_config_add_int "port"
	proto_config_add_int "mtu"
	proto_config_add_int "juniper"
	proto_config_add_string "vpn_protocol"
	proto_config_add_boolean "no_dtls"
	proto_config_add_string "interface"
	proto_config_add_string "username"
	proto_config_add_string "serverhash"
	proto_config_add_string "authgroup"
	proto_config_add_string "usergroup"
	proto_config_add_string "password"
	proto_config_add_string "password2"
	proto_config_add_string "token_mode"
	proto_config_add_string "token_secret"
	proto_config_add_string "token_script"
	proto_config_add_string "os"
	proto_config_add_string "csd_wrapper"
	proto_config_add_array 'form_entry:regex("[^:]+:[^=]+=.*")'
	no_device=1
	available=1
	}

	proto_openconnect_add_form_entry() {
	[ -n "$1" ] && append_args --form-entry "$1"
	}

	proto_openconnect_setup() {
	local config="$1"

	json_get_vars \
	authgroup \
	csd_wrapper \
	form_entry \
	interface \
	juniper \
	vpn_protocol \
	mtu \
	no_dtls \
	os \
	password \
	password2 \
	port \
	server \
	serverhash \
	token_mode \
	token_script \
	token_secret \
	usergroup \
	username \

	grep -q tun /proc/modules \|\| insmod tun
	ifname="vpn-$config"

	logger -t openconnect "initializing..."

	logger -t "openconnect" "adding host dependency for $server at $config"
	for ip in $(resolveip -t 10 "$server"); do
	logger -t "openconnect" "adding host dependency for $ip at $config"
	proto_add_host_dependency "$config" "$ip" "$interface"
	done

	[ -n "$port" ] && port=":$port"

	append_args "$server$port" -i "$ifname" --non-inter --syslog --script /lib/netifd/vpnc-script
	[ "$no_dtls" = 1 ] && append_args --no-dtls
	[ -n "$mtu" ] && append_args --mtu "$mtu"

	# migrate to standard config files
	[ -f "/etc/config/openconnect-user-cert-vpn-$config.pem" ] && mv "/etc/config/openconnect-user-cert-vpn-$config.pem" "/etc/openconnect/user-cert-vpn-$config.pem"
	[ -f "/etc/config/openconnect-user-key-vpn-$config.pem" ] && mv "/etc/config/openconnect-user-key-vpn-$config.pem" "/etc/openconnect/user-key-vpn-$config.pem"
	[ -f "/etc/config/openconnect-ca-vpn-$config.pem" ] && mv "/etc/config/openconnect-ca-vpn-$config.pem" "/etc/openconnect/ca-vpn-$config.pem"

	[ -f /etc/openconnect/user-cert-vpn-$config.pem ] && append_args -c "/etc/openconnect/user-cert-vpn-$config.pem"
	[ -f /etc/openconnect/user-key-vpn-$config.pem ] && append_args --sslkey "/etc/openconnect/user-key-vpn-$config.pem"
	[ -f /etc/openconnect/ca-vpn-$config.pem ] && {
	append_args --cafile "/etc/openconnect/ca-vpn-$config.pem"
	append_args --no-system-trust
	}

	if [ "${juniper:-0}" -gt 0 ]; then
	append_args --juniper
	fi

	[ -n "$vpn_protocol" ] && {
	append_args --protocol "$vpn_protocol"
	}

	[ -n "$serverhash" ] && {
	append_args "--servercert=$serverhash"
	append_args --no-system-trust
	}
	[ -n "$authgroup" ] && append_args --authgroup "$authgroup"
	[ -n "$usergroup" ] && append_args --usergroup "$usergroup"
	[ -n "$username" ] && append_args -u "$username"
	[ -n "$password" ] \|\| [ "$token_mode" = "script" ] && {
	umask 077
	mkdir -p /var/etc
	pwfile="/var/etc/openconnect-$config.passwd"
	[ -n "$password" ] && {
	echo "$password" > "$pwfile"
	[ -n "$password2" ] && echo "$password2" >> "$pwfile"
	}
	[ "$token_mode" = "script" ] && {
	$token_script >> "$pwfile" 2> /dev/null \|\| {
	logger -t openconenct "Cannot get password from script '$token_script'"
	proto_setup_failed "$config"
	}
	}
	append_args --passwd-on-stdin
	}

	[ -n "$token_mode" -a "$token_mode" != "script" ] && append_args "--token-mode=$token_mode"
	[ -n "$token_secret" ] && append_args "--token-secret=$token_secret"
	[ -n "$os" ] && append_args "--os=$os"
	[ -n "$csd_wrapper" ] && [ -x "$csd_wrapper" ] && append_args "--csd-wrapper=$csd_wrapper"

	json_for_each_item proto_openconnect_add_form_entry form_entry

	proto_export INTERFACE="$config"
	logger -t openconnect "executing 'openconnect $cmdline'"

	if [ -f "$pwfile" ]; then
	eval "proto_run_command '$config' /usr/sbin/openconnect-wrapper '$pwfile' $cmdline"
	else
	eval "proto_run_command '$config' /usr/sbin/openconnect $cmdline"
	fi
	}

	proto_openconnect_teardown() {
	local config="$1"

	pwfile="/var/etc/openconnect-$config.passwd"

	rm -f $pwfile
	logger -t openconnect "bringing down openconnect"
	proto_kill_command "$config" 2
	}

	add_protocol openconnect