From ede858fb5d7ba27818cea7bde76188a1afe27c1a Mon Sep 17 00:00:00 2001 From: Gavin Ni Date: Tue, 28 Nov 2017 15:04:31 +0800 Subject: [PATCH] openconnect: support reading password from script "token_mode" add support for "script", which execute "token_script" to get the password. Some token is not supported by OpenConnect natively, e.g. "MobilePass" or "Softoken II" used in Cisco VPN Signed-off-by: Gavin Ni Signed-off-by: Yousong Zhou --- net/openconnect/Makefile | 2 +- net/openconnect/README | 4 ++++ net/openconnect/files/openconnect.sh | 19 ++++++++++++++----- 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/net/openconnect/Makefile b/net/openconnect/Makefile index a9c66fad77..4e70f5a5e8 100644 --- a/net/openconnect/Makefile +++ b/net/openconnect/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openconnect PKG_VERSION:=7.08 -PKG_RELEASE:=6 +PKG_RELEASE:=7 PKG_USE_MIPS16:=0 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz diff --git a/net/openconnect/README b/net/openconnect/README index 1a7b798d50..050c75c026 100644 --- a/net/openconnect/README +++ b/net/openconnect/README @@ -26,6 +26,10 @@ config interface 'MYVPN' #option token_mode 'hotp' #option token_secret '00' + # tokens from script + #option token_mode 'script' + #option token_script '/lib/custom/getocpass.sh' + # Juniper vpn support #option juniper '1' diff --git a/net/openconnect/files/openconnect.sh b/net/openconnect/files/openconnect.sh index 7683eca8bb..dc1d42b80f 100755 --- a/net/openconnect/files/openconnect.sh +++ b/net/openconnect/files/openconnect.sh @@ -16,6 +16,7 @@ proto_openconnect_init_config() { proto_config_add_string "password2" proto_config_add_string "token_mode" proto_config_add_string "token_secret" + proto_config_add_string "token_script" proto_config_add_string "os" proto_config_add_string "csd_wrapper" no_device=1 @@ -25,7 +26,7 @@ proto_openconnect_init_config() { proto_openconnect_setup() { local config="$1" - json_get_vars server port interface username serverhash authgroup password password2 token_mode token_secret os csd_wrapper mtu juniper + json_get_vars server port interface username serverhash authgroup password password2 token_mode token_secret token_script os csd_wrapper mtu juniper grep -q tun /proc/modules || insmod tun ifname="vpn-$config" @@ -65,16 +66,24 @@ proto_openconnect_setup() { } [ -n "$authgroup" ] && append cmdline "--authgroup $authgroup" [ -n "$username" ] && append cmdline "-u $username" - [ -n "$password" ] && { + [ -n "$password" ] || [ "$token_mode" = "script" ] && { umask 077 mkdir -p /var/etc pwfile="/var/etc/openconnect-$config.passwd" - echo "$password" > "$pwfile" - [ -n "$password2" ] && echo "$password2" >> "$pwfile" + [ -n "$password" ] && { + echo "$password" > "$pwfile" + [ -n "$password2" ] && echo "$password2" >> "$pwfile" + } + [ "$token_mode" = "script" ] && { + $token_script > "$pwfile" 2> /dev/null || { + logger -t openconenct "Cannot get password from script '$token_script'" + proto_setup_failed "$config" + } + } append cmdline "--passwd-on-stdin" } - [ -n "$token_mode" ] && append cmdline "--token-mode=$token_mode" + [ -n "$token_mode" -a "$token_mode" != "script" ] && append cmdline "--token-mode=$token_mode" [ -n "$token_secret" ] && append cmdline "--token-secret=$token_secret" [ -n "$os" ] && append cmdline "--os=$os" [ -n "$csd_wrapper" ] && [ -x "$csd_wrapper" ] && append cmdline "--csd-wrapper=$csd_wrapper" -- 2.30.2