openconnect: add an option to support stoken

Add a new build configuration option for openconnect and let it link against libstoken if instructed to. Two new uci configuration variables are introduced: "token_mode" and "token_secret" to allow openconnect to use those. Signed-off-by: Florian Fainelli <florian@openwrt.org>
2014-12-04 22:51:45 -08:00 · 2014-12-04 22:51:45 -08:00 · a54d31ed3f
parent ebd0c44052
commit a54d31ed3f
4 changed files with 18 additions and 4 deletions
--- a/net/openconnect/Config.in
+++ b/net/openconnect/Config.in
@ -15,4 +15,7 @@ config OPENCONNECT_OPENSSL

 endchoice

+config OPENCONNECT_STOKEN
+	bool "stoken support"
+
 endmenu
--- a/net/openconnect/Makefile
+++ b/net/openconnect/Makefile
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=openconnect
 PKG_VERSION:=7.00
-PKG_RELEASE:=3
+PKG_RELEASE:=4

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=ftp://ftp.infradead.org/pub/openconnect/
@ -29,7 +29,7 @@ endef
 define Package/openconnect
  SECTION:=net
  CATEGORY:=Network
-  DEPENDS:=+libxml2 +kmod-tun +resolveip +OPENCONNECT_OPENSSL:libopenssl +OPENCONNECT_GNUTLS:libgnutls
+  DEPENDS:=+libxml2 +kmod-tun +resolveip +OPENCONNECT_OPENSSL:libopenssl +OPENCONNECT_GNUTLS:libgnutls +OPENCONNECT_STOKEN:libstoken
  TITLE:=OpenConnect VPN client (Cisco AnyConnect compatible)
  MAINTAINER:=Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
  URL:=http://www.infradead.org/openconnect/
@ -48,13 +48,19 @@ endef
 CONFIGURE_ARGS += \
 	--disable-shared \
 	--with-vpnc-script=/lib/netifd/vpnc-script \
-	--without-libpcsclite
+	--without-libpcsclite \
+	--without-stoken

 ifeq ($(CONFIG_OPENCONNECT_OPENSSL),y)
 CONFIGURE_ARGS += \
 	--without-gnutls
 endif

+ifeq ($(CONFIG_OPENCONNECT_STOKEN),y)
+CONFIGURE_ARGS += \
+	--with-stoken
+endif
+
 define Package/openconnect/install
 	$(INSTALL_DIR) $(1)/etc/openconnect/
 	$(INSTALL_DIR) $(1)/lib/netifd/proto
--- a/net/openconnect/README
+++ b/net/openconnect/README
@ -11,6 +11,8 @@ config interface 'MYVPN'
        option username 'test'
        option password 'secret'
        option serverhash 'AE7FF6A0426F0A0CD0A02EB9EC3C5066FAEB0B25'
+        option token_mode 'rsa' # when built with stoken support
+        option token_secret 'secret' # when built with stoken support

 The additional files are also used:
 /etc/openconnect/user-cert-vpn-MYVPN.pem: The user certificate
--- a/net/openconnect/files/openconnect.sh
+++ b/net/openconnect/files/openconnect.sh
@ -17,7 +17,7 @@ proto_openconnect_init_config() {
 proto_openconnect_setup() {
 	local config="$1"

-	json_get_vars server port username serverhash authgroup password vgroup
+	json_get_vars server port username serverhash authgroup password vgroup token_mode token_secret

 	grep -q tun /proc/modules || insmod tun

@ -57,6 +57,9 @@ proto_openconnect_setup() {
 		append cmdline "--passwd-on-stdin"
 	}

+	[ -n "$token_mode" ] && append cmdline "--token-mode=$token_mode"
+	[ -n "$token_secret" ] && append cmdline "--token-secret=$token_secret"
+
 	proto_export INTERFACE="$config"
 	logger -t openconnect "executing 'openconnect $cmdline'"