From: Nikos Mavrogiannopoulos Date: Fri, 1 May 2020 17:38:22 +0000 (+0200) Subject: openconnect: updated to 8.09 X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=1d5350fb48bf4a26a785dd5dd914065fc672c90f;p=feed%2Fpackages.git openconnect: updated to 8.09 Signed-off-by: Nikos Mavrogiannopoulos --- diff --git a/net/openconnect/Makefile b/net/openconnect/Makefile index f7b3b496b5..996edaa8ae 100644 --- a/net/openconnect/Makefile +++ b/net/openconnect/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openconnect -PKG_VERSION:=8.05 +PKG_VERSION:=8.09 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=ftp://ftp.infradead.org/pub/openconnect/ -PKG_HASH:=335c2952d0cb36822acb112eaaf5e3b4acffc6874985fb614fec0b76c4c12992 +PKG_HASH:=f39802be4c3a099b211ee4cc3318b3a9a195075deab0b4c1c5880c69340ce9a6 PKG_LICENSE:=LGPL-2.1-or-later PKG_LICENSE_FILES:=COPYING.LGPL diff --git a/net/openconnect/README b/net/openconnect/README index 29c8074907..7ab2a69cd9 100644 --- a/net/openconnect/README +++ b/net/openconnect/README @@ -12,6 +12,8 @@ config interface 'MYVPN' option serverhash 'AE7FF6A0426F0A0CD0A02EB9EC3C5066FAEB0B25' option defaultroute '0' option authgroup 'DEFAULT' + # usergroup option, if required by some servers + # option usergroup 'USERGROUP' # For second factor auth: diff --git a/net/openconnect/files/openconnect.sh b/net/openconnect/files/openconnect.sh index 15bd3b5a5c..0efa444186 100755 --- a/net/openconnect/files/openconnect.sh +++ b/net/openconnect/files/openconnect.sh @@ -3,6 +3,13 @@ . ../netifd-proto.sh init_proto "$@" +append_args() { + while [ $# -gt 0 ]; do + append cmdline "'${1//\'/\'\\\'\'}'" + shift + done +} + proto_openconnect_init_config() { proto_config_add_string "server" proto_config_add_int "port" @@ -12,6 +19,7 @@ proto_openconnect_init_config() { proto_config_add_string "username" proto_config_add_string "serverhash" proto_config_add_string "authgroup" + proto_config_add_string "usergroup" proto_config_add_string "password" proto_config_add_string "password2" proto_config_add_string "token_mode" @@ -25,13 +33,13 @@ proto_openconnect_init_config() { } proto_openconnect_add_form_entry() { - [ -n "$1" ] && append cmdline "--form-entry $1" + [ -n "$1" ] && append_args --form-entry "$1" } proto_openconnect_setup() { local config="$1" - json_get_vars server port interface username serverhash authgroup password password2 token_mode token_secret token_script os csd_wrapper mtu juniper form_entry + json_get_vars server port interface username serverhash authgroup usergroup password password2 token_mode token_secret token_script os csd_wrapper mtu juniper form_entry grep -q tun /proc/modules || insmod tun ifname="vpn-$config" @@ -46,31 +54,32 @@ proto_openconnect_setup() { [ -n "$port" ] && port=":$port" - cmdline="$server$port -i "$ifname" --non-inter --syslog --script /lib/netifd/vpnc-script" - [ -n "$mtu" ] && cmdline="$cmdline --mtu $mtu" + append_args "$server$port" -i "$ifname" --non-inter --syslog --script /lib/netifd/vpnc-script + [ -n "$mtu" ] && append_args --mtu "$mtu" # migrate to standard config files [ -f "/etc/config/openconnect-user-cert-vpn-$config.pem" ] && mv "/etc/config/openconnect-user-cert-vpn-$config.pem" "/etc/openconnect/user-cert-vpn-$config.pem" [ -f "/etc/config/openconnect-user-key-vpn-$config.pem" ] && mv "/etc/config/openconnect-user-key-vpn-$config.pem" "/etc/openconnect/user-key-vpn-$config.pem" [ -f "/etc/config/openconnect-ca-vpn-$config.pem" ] && mv "/etc/config/openconnect-ca-vpn-$config.pem" "/etc/openconnect/ca-vpn-$config.pem" - [ -f /etc/openconnect/user-cert-vpn-$config.pem ] && append cmdline "-c /etc/openconnect/user-cert-vpn-$config.pem" - [ -f /etc/openconnect/user-key-vpn-$config.pem ] && append cmdline "--sslkey /etc/openconnect/user-key-vpn-$config.pem" + [ -f /etc/openconnect/user-cert-vpn-$config.pem ] && append_args -c "/etc/openconnect/user-cert-vpn-$config.pem" + [ -f /etc/openconnect/user-key-vpn-$config.pem ] && append_args --sslkey "/etc/openconnect/user-key-vpn-$config.pem" [ -f /etc/openconnect/ca-vpn-$config.pem ] && { - append cmdline "--cafile /etc/openconnect/ca-vpn-$config.pem" - append cmdline "--no-system-trust" + append_args --cafile "/etc/openconnect/ca-vpn-$config.pem" + append_args --no-system-trust } if [ "${juniper:-0}" -gt 0 ]; then - append cmdline "--juniper" + append_args --juniper fi [ -n "$serverhash" ] && { - append cmdline " --servercert=$serverhash" - append cmdline "--no-system-trust" + append_args "--servercert=$serverhash" + append_args --no-system-trust } - [ -n "$authgroup" ] && append cmdline "--authgroup $authgroup" - [ -n "$username" ] && append cmdline "-u $username" + [ -n "$authgroup" ] && append_args --authgroup "$authgroup" + [ -n "$usergroup" ] && append_args --usergroup "$usergroup" + [ -n "$username" ] && append_args -u "$username" [ -n "$password" ] || [ "$token_mode" = "script" ] && { umask 077 mkdir -p /var/etc @@ -85,13 +94,13 @@ proto_openconnect_setup() { proto_setup_failed "$config" } } - append cmdline "--passwd-on-stdin" + append_args --passwd-on-stdin } - [ -n "$token_mode" -a "$token_mode" != "script" ] && append cmdline "--token-mode=$token_mode" - [ -n "$token_secret" ] && append cmdline "--token-secret=$token_secret" - [ -n "$os" ] && append cmdline "--os=$os" - [ -n "$csd_wrapper" ] && [ -x "$csd_wrapper" ] && append cmdline "--csd-wrapper=$csd_wrapper" + [ -n "$token_mode" -a "$token_mode" != "script" ] && append_args "--token-mode=$token_mode" + [ -n "$token_secret" ] && append_args "--token-secret=$token_secret" + [ -n "$os" ] && append_args "--os=$os" + [ -n "$csd_wrapper" ] && [ -x "$csd_wrapper" ] && append_args "--csd-wrapper=$csd_wrapper" json_for_each_item proto_openconnect_add_form_entry form_entry @@ -99,9 +108,9 @@ proto_openconnect_setup() { logger -t openconnect "executing 'openconnect $cmdline'" if [ -f "$pwfile" ]; then - proto_run_command "$config" /usr/sbin/openconnect-wrapper $pwfile $cmdline + eval "proto_run_command '$config' /usr/sbin/openconnect-wrapper '$pwfile' $cmdline" else - proto_run_command "$config" /usr/sbin/openconnect $cmdline + eval "proto_run_command '$config' /usr/sbin/openconnect $cmdline" fi }