openconnect: support reading password from script

author Gavin Ni <[email protected]>

Tue, 28 Nov 2017 07:04:31 +0000 (15:04 +0800)

committer Yousong Zhou <[email protected]>

Mon, 4 Dec 2017 08:00:46 +0000 (16:00 +0800)
author Gavin Ni <[email protected]>
Tue, 28 Nov 2017 07:04:31 +0000 (15:04 +0800)
committer Yousong Zhou <[email protected]>
Mon, 4 Dec 2017 08:00:46 +0000 (16:00 +0800)
diff --git a/net/openconnect/Makefile b/net/openconnect/Makefile

index a9c66fad77cc7959a4bd2d08ff0b18651ccfc840..4e70f5a5e85664b50d8fb8550de418fcf58b09c7 100644 (file)
--- a/net/openconnect/Makefile
+++ b/net/openconnect/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
  
  PKG_NAME:=openconnect
  PKG_VERSION:=7.08
-PKG_RELEASE:=6
+PKG_RELEASE:=7
  PKG_USE_MIPS16:=0
  
  PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
diff --git a/net/openconnect/README b/net/openconnect/README

index 1a7b798d50e4c637559117ab6ea2197302249341..050c75c026d0b07df2b25ace59e6c566056cf5d0 100644 (file)
--- a/net/openconnect/README
+++ b/net/openconnect/README
@@ -26,6 +26,10 @@ config interface 'MYVPN'
          #option token_mode 'hotp'
          #option token_secret '00'
  
+       # tokens from script
+       #option token_mode 'script'
+       #option token_script '/lib/custom/getocpass.sh'
+
         # Juniper vpn support
         #option juniper '1'
  
diff --git a/net/openconnect/files/openconnect.sh b/net/openconnect/files/openconnect.sh

index 7683eca8bbf01fdb565638113cc29d2916e4c62b..dc1d42b80fc0993713bc4024d0296cff60279c4f 100755 (executable)
--- a/net/openconnect/files/openconnect.sh
+++ b/net/openconnect/files/openconnect.sh
@@ -16,6 +16,7 @@ proto_openconnect_init_config() {
         proto_config_add_string "password2"
         proto_config_add_string "token_mode"
         proto_config_add_string "token_secret"
+       proto_config_add_string "token_script"
         proto_config_add_string "os"
         proto_config_add_string "csd_wrapper"
         no_device=1
@@ -25,7 +26,7 @@ proto_openconnect_init_config() {
  proto_openconnect_setup() {
         local config="$1"
  
-       json_get_vars server port interface username serverhash authgroup password password2 token_mode token_secret os csd_wrapper mtu juniper
+       json_get_vars server port interface username serverhash authgroup password password2 token_mode token_secret token_script os csd_wrapper mtu juniper
  
         grep -q tun /proc/modules || insmod tun
         ifname="vpn-$config"
@@ -65,16 +66,24 @@ proto_openconnect_setup() {
         }
         [ -n "$authgroup" ] && append cmdline "--authgroup $authgroup"
         [ -n "$username" ] && append cmdline "-u $username"
-       [ -n "$password" ] && {
+       [ -n "$password" ] || [ "$token_mode" = "script" ] && {
                 umask 077
                 mkdir -p /var/etc
                 pwfile="/var/etc/openconnect-$config.passwd"
-               echo "$password" > "$pwfile"
-               [ -n "$password2" ] && echo "$password2" >> "$pwfile"
+               [ -n "$password" ] && {
+                       echo "$password" > "$pwfile"
+                       [ -n "$password2" ] && echo "$password2" >> "$pwfile"
+               }
+               [ "$token_mode" = "script" ] && {
+                       $token_script > "$pwfile" 2> /dev/null || {
+                               logger -t openconenct "Cannot get password from script '$token_script'"
+                               proto_setup_failed "$config"
+                       }
+               }
                 append cmdline "--passwd-on-stdin"
         }
  
-       [ -n "$token_mode" ] && append cmdline "--token-mode=$token_mode"
+       [ -n "$token_mode" -a "$token_mode" != "script" ] && append cmdline "--token-mode=$token_mode"
         [ -n "$token_secret" ] && append cmdline "--token-secret=$token_secret"
         [ -n "$os" ] && append cmdline "--os=$os"
         [ -n "$csd_wrapper" ] && [ -x "$csd_wrapper" ] && append cmdline "--csd-wrapper=$csd_wrapper"
author	Gavin Ni <[email protected]>
	Tue, 28 Nov 2017 07:04:31 +0000 (15:04 +0800)
committer	Yousong Zhou <[email protected]>
	Mon, 4 Dec 2017 08:00:46 +0000 (16:00 +0800)
net/openconnect/Makefile		patch \| blob \| history
net/openconnect/README		patch \| blob \| history
net/openconnect/files/openconnect.sh		patch \| blob \| history