diff options
Diffstat (limited to 'kvpnc')
| -rwxr-xr-x | kvpnc | 220 |
1 files changed, 220 insertions, 0 deletions
diff --git a/kvpnc b/kvpnc new file mode 100755 index 000000000000..3c66cbf73a28 --- /dev/null +++ b/kvpnc @@ -0,0 +1,220 @@ +#!/bin/bash + +. /etc/conf.d/kvpnc.conf + +COMMAND_TIMEOUT=3 +NAME="kvpnc" +DESC="Kerio Control VPN client" + +dialogbox () { + dialog \ + --backtitle "$DAEMON_NAME configuration" \ + --stdout \ + $5 \ + --title "$2" \ + "$1" "\n$3" 9 78 $4 +} + +inputbox () { + dialogbox --inputbox "$1" "$2" "$3" +} + +passwordbox () { + # Insecure means that asterisks will be shown in the input field + dialogbox --passwordbox "$1" "$2" "$3" --insecure +} + +yesnobox () { + dialogbox --yesno "$1" "$2" "$3" + case "$?" in + 0) + echo yes + ;; + 1) + echo no + ;; + *) + ;; + esac +} + +messagebox () { + dialogbox --msgbox "$1" "$2" +} + +die () { + echo "Procedure aborted: $2" >&2 + exit $1 +} + +execute_with_timeout() { + local PID + local TIMEOUT + local ITERATION + TIMEOUT=$1 + shift + "$@" & + PID=$! + ITERATION=0 + while [ $ITERATION -lt $TIMEOUT ]; do + # Check if the PID is still running + [ ! -d "/proc/$PID" ] && return 0 + # Sleep 1 second for each iteration + sleep 1 + ((ITERATION++)) + done + # If the process is still running then try to kill it + [ -d "/proc/$PID" ] && killtree $PID 9 + return 1 +} + +killtree() { + # Kill a process and all its children (from children to parent) + local _CHILD + for _CHILD in $(ps -o pid --no-headers --ppid $1); do + killtree ${_CHILD} ${2-TERM} + done + kill -${2-TERM} $1 1>&2 2> /dev/null +} + +configure() { + local SERVER_NAME + local PORT_NUMBER + local SSL_REPLY + local AUTODETECT_FP + local DETECTED_FP + local ACCEPT_FP + local FINGERPRINT + local USER_NAME + local PASSWORD + local CONFIRM_PW + local XOR_PW + local ITERATION + + SERVER_NAME=$(inputbox \ + "Kerio VPN server address" \ + "Please enter the host name or IP address of your Kerio VPN server." \ + ) + [ -z "$SERVER_NAME" ] && die 2 "The Kerio VPN server address must be set." + + PORT_NUMBER=$(inputbox \ + "Kerio VPN server port number" \ + "Please enter the TCP port number of your Kerio VPN server." \ + "4090" \ + ) + [ -z "$PORT_NUMBER" ] && die 3 "The Kerio VPN server port number must be set." + + SSL_REPLY=$(execute_with_timeout $COMMAND_TIMEOUT bash -c "echo | \ + openssl s_client -connect $SERVER_NAME:$PORT_NUMBER 2> /dev/null" + ) + [ -z $SSL_REPLY ] && die 4 "Unable to connect to the Kerio VPN server" + + AUTODETECT_FP=$(yesnobox \ + "Autodetect fingerprint" \ + "Automaticaly detect fingerprint from the Kerio VPN server?" \ + ) + [ -z "$AUTODETECT_FP" ] && die 5 "The user has cancelled." + + if [ "$AUTODETECT_FP" = "yes" ] + then + # Detect the SSL server fingerprint + DETECTED_FP=$(echo "$SSL_REPLY" | \ + openssl x509 -fingerprint -md5 -noout | \ + sed s'/.*=//' + ) + # A fingerprint was detected? + if [ -z "$DETECTED_FP" ] + then + # Fingerprint not detected, ask for manual input + messagebox \ + "Automatic fingerprint detection failed" \ + "The Kerio VPN server fingerprint was not automatically detected." + AUTODETECT_FP="no" + else + # Accept the autodetected fingerprint? + ACCEPT_FP=$(yesnobox \ + "Accept detected fingerprint?" \ + "The automatically detected fingerprint is $DETECTED_FP.\n\n +Please check if the automaticaly detected fingerprint is correct." \ + ) + [ $ACCEPT_FP = "yes" ] && FINGERPRINT="$DETECTED_FP" + fi + fi + + if [ "$AUTODETECT_FP" = "no" ] + then + # Ask for SSL server fingerprint + FINGERPRINT=$(inputbox \ + "Kerio VPN server fingerprint" \ + "Enter the Kerio VPN server's fingerprint." + ) + fi + [ -z "$FINGERPRINT" ] && die 6 "The Kerio VPN server fingerprint must be set." + + USER_NAME=$(inputbox \ + "Kerio VPN server user name" \ + "Please enter the user name of your Kerio VPN server account." \ + ) + [ -z "$USER_NAME" ] && die 7 "User name must be set." + + PASSWORD=$(passwordbox \ + "Kerio VPN server password for user $USER_NAME" \ + "Please enter the password of your Kerio VPN server account." \ + ) + [ -z "$PASSWORD" ] && die 8 "Password must be set." + + CONFIRM_PW=$(passwordbox \ + "Kerio VPN server password for user $USER_NAME" \ + "Please confirm the previous password of your Kerio VPN server account." \ + ) + [ "$CONFIRM_PW" != "$PASSWORD" ] && die 9 "Confirmed password is different." + + for ITERATION in $(echo -n "$PASSWORD" | od -t d1 -A n) + do + XOR_PW=$(printf "%s%02x" "$XOR_PW" $((ITERATION ^ 85))) + done + cat > "$CFGFILE" << EOF +<config> + <connections> + <connection type="persistent"> + <server>${SERVER_NAME}</server> + <port>${PORT_NUMBER}</port> + <username>${USER_NAME}</username> + <password>XOR:${XOR_PW}</password> + <fingerprint>${FINGERPRINT}</fingerprint> + <active>1</active> + </connection> + </connections> +</config> +EOF + chmod 0600 "$CFGFILE" +} + +case "$1" in + start) + # Check and prepare environment + [ ! -f "$CFGFILE" ] && die 1 "Configuration file not found, configure with $0 configure" + [ ! -d "$LIBDIR" ] && mkdir -p "$LIBDIR" + [ ! -d "$LOGDIR" ] && mkdir -p "$LOGDIR" + [ ! -h "$LIBDIR/logs" ] && ln -s -f -n "$LOGDIR" "$LIBDIR/logs" + # Start the daemon and append the output to the system logger + "$BINSVC" "$LIBDIR" > /dev/null + # Get exit status of the first command BEFORE the pipe + RET=$? + if [ $RET -gt 0 ]; then + die 1 "The kvpnsvc daemon died with exit code $RET" + else + pidof -o %PPID kvpncsvc > "$PIDFILE" + fi + ;; + stop) + killall -q kvpncsvc + rm -f "$PIDFILE" + ;; + configure) + configure + ;; + *) + echo "usage: $0 {start|stop|configure}" + ;; +esac |