openconnect: add an option to support stoken

Add a new build configuration option for openconnect and let it link
against libstoken if instructed to. Two new uci configuration variables
are introduced: "token_mode" and "token_secret" to allow openconnect to
use those.

Signed-off-by: Florian Fainelli <florian@openwrt.org>

diff --git a/net/openconnect/Config.in b/net/openconnect/Config.in
index 1daaeaa6a09724cf9cce2e113b43df5bd37e297b..d73bd3a88d08dec7084487a63da4f8445e5c4cf9 100644 (file)
--- a/net/openconnect/Config.in
+++ b/net/openconnect/Config.in
@@ -15,4 +15,7 @@ config OPENCONNECT_OPENSSL
 
 endchoice
 
+config OPENCONNECT_STOKEN
+       bool "stoken support"
+
 endmenu

diff --git a/net/openconnect/Makefile b/net/openconnect/Makefile
index 7fe2b91e334ea2e22f2b680f4b426b6c4ec226da..6bd402f34a5756b940ca70f5e24f945425138655 100644 (file)
--- a/net/openconnect/Makefile
+++ b/net/openconnect/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openconnect
 PKG_VERSION:=7.00
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=ftp://ftp.infradead.org/pub/openconnect/
@@ -29,7 +29,7 @@ endef
 define Package/openconnect
   SECTION:=net
   CATEGORY:=Network
-  DEPENDS:=+libxml2 +kmod-tun +resolveip +OPENCONNECT_OPENSSL:libopenssl +OPENCONNECT_GNUTLS:libgnutls
+  DEPENDS:=+libxml2 +kmod-tun +resolveip +OPENCONNECT_OPENSSL:libopenssl +OPENCONNECT_GNUTLS:libgnutls +OPENCONNECT_STOKEN:libstoken
   TITLE:=OpenConnect VPN client (Cisco AnyConnect compatible)
   MAINTAINER:=Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
   URL:=http://www.infradead.org/openconnect/
@@ -48,13 +48,19 @@ endef
 CONFIGURE_ARGS += \
        --disable-shared \
        --with-vpnc-script=/lib/netifd/vpnc-script \
-       --without-libpcsclite
+       --without-libpcsclite \
+       --without-stoken
 
 ifeq ($(CONFIG_OPENCONNECT_OPENSSL),y)
 CONFIGURE_ARGS += \
        --without-gnutls
 endif
 
+ifeq ($(CONFIG_OPENCONNECT_STOKEN),y)
+CONFIGURE_ARGS += \
+       --with-stoken
+endif
+
 define Package/openconnect/install
        $(INSTALL_DIR) $(1)/etc/openconnect/
        $(INSTALL_DIR) $(1)/lib/netifd/proto

diff --git a/net/openconnect/README b/net/openconnect/README
index 53c6e701d220b0a668f44765bba6ae6c5098e74d..57bde8d48c83a1ecb293a847fb742a0fb1678f19 100644 (file)
--- a/net/openconnect/README
+++ b/net/openconnect/README
@@ -11,6 +11,8 @@ config interface 'MYVPN'
         option username 'test'
         option password 'secret'
         option serverhash 'AE7FF6A0426F0A0CD0A02EB9EC3C5066FAEB0B25'
+        option token_mode 'rsa' # when built with stoken support
+        option token_secret 'secret' # when built with stoken support
 
 The additional files are also used:
 /etc/openconnect/user-cert-vpn-MYVPN.pem: The user certificate

diff --git a/net/openconnect/files/openconnect.sh b/net/openconnect/files/openconnect.sh
index ca8fff97d2bd09fe20a1360a01e7303f584a27c3..cdeac4061c9a85d7c33f6b1dcae6972be7d7baa8 100755 (executable)
--- a/net/openconnect/files/openconnect.sh
+++ b/net/openconnect/files/openconnect.sh
@@ -17,7 +17,7 @@ proto_openconnect_init_config() {
 proto_openconnect_setup() {
        local config="$1"
 
-       json_get_vars server port username serverhash authgroup password vgroup
+       json_get_vars server port username serverhash authgroup password vgroup token_mode token_secret
 
        grep -q tun /proc/modules || insmod tun
 
@@ -57,6 +57,9 @@ proto_openconnect_setup() {
                append cmdline "--passwd-on-stdin"
        }
 
+       [ -n "$token_mode" ] && append cmdline "--token-mode=$token_mode"
+       [ -n "$token_secret" ] && append cmdline "--token-secret=$token_secret"
+
        proto_export INTERFACE="$config"
        logger -t openconnect "executing 'openconnect $cmdline'"