diff options
| author | Gavin Ni <gisngy@gmail.com> | 2017-11-28 15:04:31 +0800 |
|---|---|---|
| committer | Yousong Zhou <yszhou4tech@gmail.com> | 2017-12-04 16:00:46 +0800 |
| commit | ede858fb5d7ba27818cea7bde76188a1afe27c1a (patch) | |
| tree | ef50927f75c52f1cd8c49a33be5b941d1f4ebe36 /net/openconnect | |
| parent | a13715ea3927643d0280b3f8cbbe1b802e25739d (diff) | |
openconnect: support reading password from script
"token_mode" add support for "script", which execute "token_script" to
get the password. Some token is not supported by OpenConnect natively,
e.g. "MobilePass" or "Softoken II" used in Cisco VPN
Signed-off-by: Gavin Ni <gisngy@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Diffstat (limited to 'net/openconnect')
| -rw-r--r-- | net/openconnect/Makefile | 2 | ||||
| -rw-r--r-- | net/openconnect/README | 4 | ||||
| -rwxr-xr-x | net/openconnect/files/openconnect.sh | 19 |
3 files changed, 19 insertions, 6 deletions
diff --git a/net/openconnect/Makefile b/net/openconnect/Makefile index a9c66fad7..4e70f5a5e 100644 --- a/net/openconnect/Makefile +++ b/net/openconnect/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openconnect PKG_VERSION:=7.08 -PKG_RELEASE:=6 +PKG_RELEASE:=7 PKG_USE_MIPS16:=0 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz diff --git a/net/openconnect/README b/net/openconnect/README index 1a7b798d5..050c75c02 100644 --- a/net/openconnect/README +++ b/net/openconnect/README @@ -26,6 +26,10 @@ config interface 'MYVPN' #option token_mode 'hotp' #option token_secret '00' + # tokens from script + #option token_mode 'script' + #option token_script '/lib/custom/getocpass.sh' + # Juniper vpn support #option juniper '1' diff --git a/net/openconnect/files/openconnect.sh b/net/openconnect/files/openconnect.sh index 7683eca8b..dc1d42b80 100755 --- a/net/openconnect/files/openconnect.sh +++ b/net/openconnect/files/openconnect.sh @@ -16,6 +16,7 @@ proto_openconnect_init_config() { proto_config_add_string "password2" proto_config_add_string "token_mode" proto_config_add_string "token_secret" + proto_config_add_string "token_script" proto_config_add_string "os" proto_config_add_string "csd_wrapper" no_device=1 @@ -25,7 +26,7 @@ proto_openconnect_init_config() { proto_openconnect_setup() { local config="$1" - json_get_vars server port interface username serverhash authgroup password password2 token_mode token_secret os csd_wrapper mtu juniper + json_get_vars server port interface username serverhash authgroup password password2 token_mode token_secret token_script os csd_wrapper mtu juniper grep -q tun /proc/modules || insmod tun ifname="vpn-$config" @@ -65,16 +66,24 @@ proto_openconnect_setup() { } [ -n "$authgroup" ] && append cmdline "--authgroup $authgroup" [ -n "$username" ] && append cmdline "-u $username" - [ -n "$password" ] && { + [ -n "$password" ] || [ "$token_mode" = "script" ] && { umask 077 mkdir -p /var/etc pwfile="/var/etc/openconnect-$config.passwd" - echo "$password" > "$pwfile" - [ -n "$password2" ] && echo "$password2" >> "$pwfile" + [ -n "$password" ] && { + echo "$password" > "$pwfile" + [ -n "$password2" ] && echo "$password2" >> "$pwfile" + } + [ "$token_mode" = "script" ] && { + $token_script > "$pwfile" 2> /dev/null || { + logger -t openconenct "Cannot get password from script '$token_script'" + proto_setup_failed "$config" + } + } append cmdline "--passwd-on-stdin" } - [ -n "$token_mode" ] && append cmdline "--token-mode=$token_mode" + [ -n "$token_mode" -a "$token_mode" != "script" ] && append cmdline "--token-mode=$token_mode" [ -n "$token_secret" ] && append cmdline "--token-secret=$token_secret" [ -n "$os" ] && append cmdline "--os=$os" [ -n "$csd_wrapper" ] && [ -x "$csd_wrapper" ] && append cmdline "--csd-wrapper=$csd_wrapper" |