From a54d31ed3f3b165533994edb6567470825bea207 Mon Sep 17 00:00:00 2001 From: Florian Fainelli Date: Thu, 4 Dec 2014 22:51:45 -0800 Subject: [PATCH] openconnect: add an option to support stoken Add a new build configuration option for openconnect and let it link against libstoken if instructed to. Two new uci configuration variables are introduced: "token_mode" and "token_secret" to allow openconnect to use those. Signed-off-by: Florian Fainelli --- net/openconnect/Config.in | 3 +++ net/openconnect/Makefile | 12 +++++++++--- net/openconnect/README | 2 ++ net/openconnect/files/openconnect.sh | 5 ++++- 4 files changed, 18 insertions(+), 4 deletions(-) diff --git a/net/openconnect/Config.in b/net/openconnect/Config.in index 1daaeaa6a0..d73bd3a88d 100644 --- a/net/openconnect/Config.in +++ b/net/openconnect/Config.in @@ -15,4 +15,7 @@ config OPENCONNECT_OPENSSL endchoice +config OPENCONNECT_STOKEN + bool "stoken support" + endmenu diff --git a/net/openconnect/Makefile b/net/openconnect/Makefile index 7fe2b91e33..6bd402f34a 100644 --- a/net/openconnect/Makefile +++ b/net/openconnect/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openconnect PKG_VERSION:=7.00 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=ftp://ftp.infradead.org/pub/openconnect/ @@ -29,7 +29,7 @@ endef define Package/openconnect SECTION:=net CATEGORY:=Network - DEPENDS:=+libxml2 +kmod-tun +resolveip +OPENCONNECT_OPENSSL:libopenssl +OPENCONNECT_GNUTLS:libgnutls + DEPENDS:=+libxml2 +kmod-tun +resolveip +OPENCONNECT_OPENSSL:libopenssl +OPENCONNECT_GNUTLS:libgnutls +OPENCONNECT_STOKEN:libstoken TITLE:=OpenConnect VPN client (Cisco AnyConnect compatible) MAINTAINER:=Nikos Mavrogiannopoulos URL:=http://www.infradead.org/openconnect/ @@ -48,13 +48,19 @@ endef CONFIGURE_ARGS += \ --disable-shared \ --with-vpnc-script=/lib/netifd/vpnc-script \ - --without-libpcsclite + --without-libpcsclite \ + --without-stoken ifeq ($(CONFIG_OPENCONNECT_OPENSSL),y) CONFIGURE_ARGS += \ --without-gnutls endif +ifeq ($(CONFIG_OPENCONNECT_STOKEN),y) +CONFIGURE_ARGS += \ + --with-stoken +endif + define Package/openconnect/install $(INSTALL_DIR) $(1)/etc/openconnect/ $(INSTALL_DIR) $(1)/lib/netifd/proto diff --git a/net/openconnect/README b/net/openconnect/README index 53c6e701d2..57bde8d48c 100644 --- a/net/openconnect/README +++ b/net/openconnect/README @@ -11,6 +11,8 @@ config interface 'MYVPN' option username 'test' option password 'secret' option serverhash 'AE7FF6A0426F0A0CD0A02EB9EC3C5066FAEB0B25' + option token_mode 'rsa' # when built with stoken support + option token_secret 'secret' # when built with stoken support The additional files are also used: /etc/openconnect/user-cert-vpn-MYVPN.pem: The user certificate diff --git a/net/openconnect/files/openconnect.sh b/net/openconnect/files/openconnect.sh index ca8fff97d2..cdeac4061c 100755 --- a/net/openconnect/files/openconnect.sh +++ b/net/openconnect/files/openconnect.sh @@ -17,7 +17,7 @@ proto_openconnect_init_config() { proto_openconnect_setup() { local config="$1" - json_get_vars server port username serverhash authgroup password vgroup + json_get_vars server port username serverhash authgroup password vgroup token_mode token_secret grep -q tun /proc/modules || insmod tun @@ -57,6 +57,9 @@ proto_openconnect_setup() { append cmdline "--passwd-on-stdin" } + [ -n "$token_mode" ] && append cmdline "--token-mode=$token_mode" + [ -n "$token_secret" ] && append cmdline "--token-secret=$token_secret" + proto_export INTERFACE="$config" logger -t openconnect "executing 'openconnect $cmdline'" -- 2.30.2