Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

openconnect: support reading password from script

Browse source 
"token_mode" add support for "script", which execute "token_script" to
get the password.  Some token is not supported by OpenConnect natively,
e.g. "MobilePass" or "Softoken II" used in Cisco VPN

Signed-off-by: Gavin Ni <gisngy@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This commit is contained in:
Gavin Ni 2017-11-28 15:04:31 +08:00 committed by Yousong Zhou
parent a13715ea39
commit ede858fb5d
3 changed files with 19 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
net/openconnect/Makefile
View file

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=openconnect PKG_NAME:=openconnect
PKG_VERSION:=7.08 PKG_VERSION:=7.08
PKG_RELEASE:=6 PKG_RELEASE:=7
PKG_USE_MIPS16:=0 PKG_USE_MIPS16:=0
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz

4
net/openconnect/README
View file

@ -26,6 +26,10 @@ config interface 'MYVPN'
#option token_mode 'hotp' #option token_mode 'hotp'
#option token_secret '00' #option token_secret '00'
# tokens from script
#option token_mode 'script'
#option token_script '/lib/custom/getocpass.sh'
# Juniper vpn support # Juniper vpn support
#option juniper '1' #option juniper '1'

19
net/openconnect/files/openconnect.sh
View file

@ -16,6 +16,7 @@ proto_openconnect_init_config() {
proto_config_add_string "password2" proto_config_add_string "password2"
proto_config_add_string "token_mode" proto_config_add_string "token_mode"
proto_config_add_string "token_secret" proto_config_add_string "token_secret"
proto_config_add_string "token_script"
proto_config_add_string "os" proto_config_add_string "os"
proto_config_add_string "csd_wrapper" proto_config_add_string "csd_wrapper"
no_device=1 no_device=1
@ -25,7 +26,7 @@ proto_openconnect_init_config() {
proto_openconnect_setup() { proto_openconnect_setup() {
local config="$1" local config="$1"
json_get_vars server port interface username serverhash authgroup password password2 token_mode token_secret os csd_wrapper mtu juniper json_get_vars server port interface username serverhash authgroup password password2 token_mode token_secret token_script os csd_wrapper mtu juniper
grep -q tun /proc/modules || insmod tun grep -q tun /proc/modules || insmod tun
ifname="vpn-$config" ifname="vpn-$config"
@ -65,16 +66,24 @@ proto_openconnect_setup() {
} }
[ -n "$authgroup" ] && append cmdline "--authgroup $authgroup" [ -n "$authgroup" ] && append cmdline "--authgroup $authgroup"
[ -n "$username" ] && append cmdline "-u $username" [ -n "$username" ] && append cmdline "-u $username"
[ -n "$password" ] && { [ -n "$password" ] || [ "$token_mode" = "script" ] && {
umask 077 umask 077
mkdir -p /var/etc mkdir -p /var/etc
pwfile="/var/etc/openconnect-$config.passwd" pwfile="/var/etc/openconnect-$config.passwd"
echo "$password" > "$pwfile" [ -n "$password" ] && {
[ -n "$password2" ] && echo "$password2" >> "$pwfile" echo "$password" > "$pwfile"
[ -n "$password2" ] && echo "$password2" >> "$pwfile"
}
[ "$token_mode" = "script" ] && {
$token_script > "$pwfile" 2> /dev/null || {
logger -t openconenct "Cannot get password from script '$token_script'"
proto_setup_failed "$config"
}
}
append cmdline "--passwd-on-stdin" append cmdline "--passwd-on-stdin"
} }
[ -n "$token_mode" ] && append cmdline "--token-mode=$token_mode" [ -n "$token_mode" -a "$token_mode" != "script" ] && append cmdline "--token-mode=$token_mode"
[ -n "$token_secret" ] && append cmdline "--token-secret=$token_secret" [ -n "$token_secret" ] && append cmdline "--token-secret=$token_secret"
[ -n "$os" ] && append cmdline "--os=$os" [ -n "$os" ] && append cmdline "--os=$os"
[ -n "$csd_wrapper" ] && [ -x "$csd_wrapper" ] && append cmdline "--csd-wrapper=$csd_wrapper" [ -n "$csd_wrapper" ] && [ -x "$csd_wrapper" ] && append cmdline "--csd-wrapper=$csd_wrapper"