summaryrefslogtreecommitdiff
blob: 423c7e01b92ecce2e7d6c2a8b5948c14191969f7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
#!/sbin/runscript
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-misc/openconnect/files/openconnect.init.in-r3,v 1.1 2014/12/09 00:14:37 floppym Exp $

VPN="${RC_SVCNAME#*.}"
VPNLOG="/var/log/openconnect/${VPN}"
VPNLOGFILE="${VPNLOG}/openconnect.log"
VPNERRFILE="${VPNLOG}/openconnect.err"
VPNPID="/run/openconnect/${VPN}.pid"
VPNDIR="/etc/openconnect/${VPN}"
PREUPSCRIPT="${VPNDIR}/preup.sh"
PREDOWNSCRIPT="${VPNDIR}/predown.sh"
POSTUPSCRIPT="${VPNDIR}/postup.sh"
POSTDOWNSCRIPT="${VPNDIR}/postdown.sh"
SERVER="server_${VPN}"
PASSWORD="password_${VPN}"
VPNOPTS="vpnopts_${VPN}"

depend() {
	before netmount
}

checkconfig() {
	if [ $VPN = "openconnect" ]; then
		eerror "You cannot call openconnect directly. You must create a symbolic link to it with the vpn name:"
		echo
		eerror "ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0"
		echo
		eerror "And then call it instead:"
		echo
		eerror "/etc/init.d/openconnect.vpn0 start"
		return 1
	fi
}

checktuntap() {
	if [ $(uname -s) = "Linux" ] ; then
		if [ ! -e /dev/net/tun ]; then
			if ! modprobe tun ; then
				eerror "TUN/TAP support is not available in this kernel"
				return 1
			fi
		fi
		if [ -h /dev/net/tun ] && [ -c /dev/misc/net/tun ]; then
			ebegin "Detected broken /dev/net/tun symlink, fixing..."
			rm -f /dev/net/tun
			ln -s /dev/misc/net/tun /dev/net/tun
			eend $?
		fi
	fi
}

start() {
	ebegin "Starting OpenConnect: ${VPN}"

	local tmp_SERVER tmp_VPNOPTS tmp_PASSWORD
	eval tmp_SERVER="\${${SERVER}}"
	eval tmp_VPNOPTS="\${${VPNOPTS}}"
	eval tmp_PASSWORD="\${${PASSWORD}}"

	checkconfig || return 1

	checktuntap || return 1

	if [ "${tmp_SERVER}" = "vpn.server.tld" ]; then
		eend 1 "${VPN} not configured"
		return 1
	fi

	if [ ! -e "${VPNLOG}" ]; then
		mkdir -p "${VPNLOG}"
	fi

        local piddir="${VPNPID%/*}"
        if [ ! -d "$piddir" ] ; then
                mkdir -p "$piddir"
                if [ $? -ne 0 ]; then
                        eerror "Directory $piddir for pidfile does not exist and cannot be created"
                        return 1
                fi
        fi

	if [ -x "${PREUPSCRIPT}" ] ; then
		"${PREUPSCRIPT}"
	fi

	start-stop-daemon --start \
		--make-pidfile \
		--pidfile "${VPNPID}" \
		--stderr "${VPNERRFILE}" \
		--stdout "${VPNLOGFILE}" \
		--background \
		--exec /usr/sbin/openconnect -- \
			--interface="${VPN}" \
			--pid-file="${VPNPID}" \
			${tmp_VPNOPTS} \
			${tmp_SERVER} <<-E
			${tmp_PASSWORD}
			E

 	local retval=$?

 	if [ ! ${retval} -eq 0 ]; then
		eend ${retval}
		return ${retval}
 	fi

	if [ -x "${POSTUPSCRIPT}" ] ; then
		# wait until the interface is up and an ip address is set before running postup
		while true; do
			sleep 0.5
			if [ -n "$(ip addr show $VPN 2> /dev/null | grep inet)" ]; then
				"${POSTUPSCRIPT}"
				break
			fi
		done
	fi

	eend $?
}

stop() {
	ebegin "Stopping OpenConnect: ${VPN}"

	checkconfig || return 1

	if [ -x "${PREDOWNSCRIPT}" ] ; then
		"${PREDOWNSCRIPT}"
	fi

	start-stop-daemon --pidfile "${VPNPID}" --stop /usr/sbin/openconnect
 	local retval=$?

 	if [ ! ${retval} -eq 0 ]; then
		eend ${retval}
 		return ${retval}
 	fi


	if [ -x "${POSTDOWNSCRIPT}" ] ; then
		"${POSTDOWNSCRIPT}"
	fi
	eend $?
}