summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJason A. Donenfeld <zx2c4@gentoo.org>2017-03-17 14:49:18 +0100
committerJason A. Donenfeld <zx2c4@gentoo.org>2017-03-17 14:56:14 +0100
commit7f68c86d93d5f69d775bceb3941b3a3b46672eb1 (patch)
treeb461a335b70f8d07bda55ab1e3cc54fbd568a097 /net-vpn/openconnect/files
parentdev-ruby/nexpose: Initial version (diff)
downloadgentoo-7f68c86d93d5f69d775bceb3941b3a3b46672eb1.tar.gz
gentoo-7f68c86d93d5f69d775bceb3941b3a3b46672eb1.tar.bz2
gentoo-7f68c86d93d5f69d775bceb3941b3a3b46672eb1.zip
Move VPN packages into net-vpn/
Diffstat (limited to 'net-vpn/openconnect/files')
-rw-r--r--net-vpn/openconnect/files/openconnect-7.07-libressl.patch77
-rw-r--r--net-vpn/openconnect/files/openconnect-7.07-mimic-pulse-client.patch38
-rw-r--r--net-vpn/openconnect/files/openconnect.conf.in26
-rw-r--r--net-vpn/openconnect/files/openconnect.init.in122
-rw-r--r--net-vpn/openconnect/files/openconnect.init.in-r488
-rw-r--r--net-vpn/openconnect/files/openconnect.logrotate8
6 files changed, 359 insertions, 0 deletions
diff --git a/net-vpn/openconnect/files/openconnect-7.07-libressl.patch b/net-vpn/openconnect/files/openconnect-7.07-libressl.patch
new file mode 100644
index 000000000000..4f9d34bceee1
--- /dev/null
+++ b/net-vpn/openconnect/files/openconnect-7.07-libressl.patch
@@ -0,0 +1,77 @@
+From d4a8afc2e8693628f2de554e717458e08bcc2fcf Mon Sep 17 00:00:00 2001
+From: Aric Belsito <lluixhi@gmail.com>
+Date: Thu, 3 Nov 2016 11:37:23 -0700
+Subject: [PATCH] Fix LibreSSL Build.
+
+From Voidlinux:
+
+From d51ab5615e11af4a2c160b2b8240e5d9f3c15422 Mon Sep 17 00:00:00 2001
+From: Duncaen <duncaen@voidlinux.eu>
+Date: Wed, 13 Jul 2016 15:21:16 +0200
+Subject: [PATCH] openconnect: update to 7.07.
+---
+ openssl-esp.c | 4 ++--
+ openssl.c | 8 ++++----
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/openssl-esp.c b/openssl-esp.c
+index 2c1aa49..bd4dce3 100644
+--- a/openssl-esp.c
++++ b/openssl-esp.c
+@@ -27,7 +27,7 @@
+ #include <openssl/evp.h>
+ #include <openssl/rand.h>
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+
+ #define EVP_CIPHER_CTX_free(c) do { \
+ EVP_CIPHER_CTX_cleanup(c); \
+@@ -85,7 +85,7 @@ static int init_esp_ciphers(struct openconnect_info *vpninfo, struct esp *esp,
+ }
+ EVP_CIPHER_CTX_set_padding(esp->cipher, 0);
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ esp->hmac = malloc(sizeof(*esp->hmac));
+ esp->pkt_hmac = malloc(sizeof(*esp->pkt_hmac));
+ if (!esp->hmac || &esp->pkt_hmac) {
+diff --git a/openssl.c b/openssl.c
+index 785fd2a..6007cef 100644
+--- a/openssl.c
++++ b/openssl.c
+@@ -36,11 +36,11 @@
+ #include <openssl/ui.h>
+ #include <openssl/rsa.h>
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define X509_up_ref(x) CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_X509)
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define EVP_MD_CTX_new EVP_MD_CTX_create
+ #define EVP_MD_CTX_free EVP_MD_CTX_destroy
+ #define X509_STORE_CTX_get0_chain(ctx) ((ctx)->chain)
+@@ -991,7 +991,7 @@ static int set_peer_cert_hash(struct openconnect_info *vpninfo)
+ return 0;
+ }
+
+-#if OPENSSL_VERSION_NUMBER < 0x10002000L
++#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
+ static int match_hostname_elem(const char *hostname, int helem_len,
+ const char *match, int melem_len)
+ {
+@@ -1653,7 +1653,7 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
+ * 4fcdd66fff5fea0cfa1055c6680a76a4303f28a2
+ * cd6bd5ffda616822b52104fee0c4c7d623fd4f53
+ */
+-#if OPENSSL_VERSION_NUMBER >= 0x10001070
++#if OPENSSL_VERSION_NUMBER >= 0x10001070 || defined(LIBRESSL_VERSION_NUMBER)
+ if (string_is_hostname(vpninfo->hostname))
+ SSL_set_tlsext_host_name(https_ssl, vpninfo->hostname);
+ #endif
+--
+2.10.2
+
diff --git a/net-vpn/openconnect/files/openconnect-7.07-mimic-pulse-client.patch b/net-vpn/openconnect/files/openconnect-7.07-mimic-pulse-client.patch
new file mode 100644
index 000000000000..5cfeca6ec52d
--- /dev/null
+++ b/net-vpn/openconnect/files/openconnect-7.07-mimic-pulse-client.patch
@@ -0,0 +1,38 @@
+From 4ce9c9241f5707917e87e93a055f757cea5fb84d Mon Sep 17 00:00:00 2001
+From: Jon DeVree <nuxi@vault24.org>
+Date: Mon, 19 Sep 2016 21:00:18 -0400
+Subject: [PATCH] Add Content-Length header to mimic official pulse client
+
+The official pulse client sends in a fixed "Content-Length: 256" header
+with these two HTTP requests. Some versions of the VPN server will
+reject requests with an HTTP 400 error if they do not have this header.
+
+Signed-off-by: Jon DeVree <nuxi@vault24.org>
+Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
+---
+ oncp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/oncp.c b/oncp.c
+index cc9a223..2bf1571 100644
+--- a/oncp.c
++++ b/oncp.c
+@@ -562,6 +562,7 @@ int oncp_connect(struct openconnect_info *vpninfo)
+
+ buf_append(reqbuf, "POST /dana/js?prot=1&svc=1 HTTP/1.1\r\n");
+ oncp_common_headers(vpninfo, reqbuf);
++ buf_append(reqbuf, "Content-Length: 256\r\n");
+ buf_append(reqbuf, "\r\n");
+
+ if (buf_error(reqbuf)) {
+@@ -606,6 +607,7 @@ int oncp_connect(struct openconnect_info *vpninfo)
+ buf_truncate(reqbuf);
+ buf_append(reqbuf, "POST /dana/js?prot=1&svc=4 HTTP/1.1\r\n");
+ oncp_common_headers(vpninfo, reqbuf);
++ buf_append(reqbuf, "Content-Length: 256\r\n");
+ buf_append(reqbuf, "\r\n");
+
+ if (buf_error(reqbuf)) {
+--
+2.7.3
+
diff --git a/net-vpn/openconnect/files/openconnect.conf.in b/net-vpn/openconnect/files/openconnect.conf.in
new file mode 100644
index 000000000000..53b14e61378e
--- /dev/null
+++ b/net-vpn/openconnect/files/openconnect.conf.in
@@ -0,0 +1,26 @@
+# Variables to configure vpn tunnels where "vpnname" is the name of your vpn tunnel:
+#
+# server_vpnname
+# password_vpnname
+# vpnopts_vpnname
+#
+# The tunnel will need to be started with a symbolic link to openconnect:
+#
+# ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpnname
+#
+# If you'd like to execute a script on preup, postup, predown and postdown of the vpn tunnel, you
+# need to create executable scripts in a directory with the same name as
+# the vpn tunnel (vpn0 can be replaced with the vpn name):
+#
+# mkdir /etc/openconnect/vpn0
+# cd /etc/openconnect/vpn0"
+# echo '#!/bin/sh' > preup.sh"
+# cp preup.sh predown.sh"
+# cp preup.sh postup.sh"
+# cp preup.sh postdown.sh"
+# chmod 755 /etc/openconnect/vpn0/*"
+
+server_vpn0="vpn.server.tld"
+password_vpn0="YOUR_PASSWORD"
+# Any OPENCONNECT options my go here (see openconnect --help)
+vpnopts_vpn0="-l --passwd-on-stdin --user=YOUR_USERNAME --script=/etc/openconnect/openconnect.sh"
diff --git a/net-vpn/openconnect/files/openconnect.init.in b/net-vpn/openconnect/files/openconnect.init.in
new file mode 100644
index 000000000000..c4497956d8a3
--- /dev/null
+++ b/net-vpn/openconnect/files/openconnect.init.in
@@ -0,0 +1,122 @@
+#!/sbin/openrc-run
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+VPN="${RC_SVCNAME#*.}"
+VPNLOG="/var/log/openconnect/${VPN}"
+VPNLOGFILE="${VPNLOG}/openconnect.log"
+VPNERRFILE="${VPNLOG}/openconnect.err"
+VPNPID="/run/openconnect/${VPN}.pid"
+VPNDIR="/etc/openconnect/${VPN}"
+PREUPSCRIPT="${VPNDIR}/preup.sh"
+PREDOWNSCRIPT="${VPNDIR}/predown.sh"
+POSTUPSCRIPT="${VPNDIR}/postup.sh"
+POSTDOWNSCRIPT="${VPNDIR}/postdown.sh"
+SERVER="server_${VPN}"
+PASSWORD="password_${VPN}"
+VPNOPTS="vpnopts_${VPN}"
+
+depend() {
+ before netmount
+}
+
+checkconfig() {
+ if [ $VPN = "openconnect" ]; then
+ eerror "You cannot call openconnect directly. You must create a symbolic link to it with the vpn name:"
+ echo
+ eerror "ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0"
+ echo
+ eerror "And then call it instead:"
+ echo
+ eerror "/etc/init.d/openconnect.vpn0 start"
+ return 1
+ fi
+}
+
+checktuntap() {
+ if [ $(uname -s) = "Linux" ] ; then
+ if [ ! -e /dev/net/tun ]; then
+ if ! modprobe tun ; then
+ eerror "TUN/TAP support is not available in this kernel"
+ return 1
+ fi
+ fi
+ if [ -h /dev/net/tun ] && [ -c /dev/misc/net/tun ]; then
+ ebegin "Detected broken /dev/net/tun symlink, fixing..."
+ rm -f /dev/net/tun
+ ln -s /dev/misc/net/tun /dev/net/tun
+ eend $?
+ fi
+ fi
+}
+
+start() {
+ ebegin "Starting OpenConnect: ${VPN}"
+
+ checkconfig || return 1
+
+ checktuntap || return 1
+
+ if [ "${!SERVER}" == "vpn.server.tld" ]; then
+ eend 1 "${VPN} not configured"
+ return 1
+ fi
+
+ if [ ! -e "${VPNLOG}" ]; then
+ mkdir -p "${VPNLOG}"
+ fi
+
+ local piddir="${VPNPID%/*}"
+ if [ ! -d "$piddir" ] ; then
+ mkdir -p "$piddir"
+ if [ $? -ne 0 ]; then
+ eerror "Directory $piddir for pidfile does not exist and cannot be created"
+ return 1
+ fi
+ fi
+
+ if [ -x "${PREUPSCRIPT}" ] ; then
+ "${PREUPSCRIPT}"
+ fi
+
+ start-stop-daemon --start --make-pidfile --pidfile "${VPNPID}" --stderr "${VPNERRFILE}" --stdout "${VPNLOGFILE}" --background \
+ --exec /usr/sbin/openconnect \
+ -- --pid-file="${VPNPID}" ${!VPNOPTS} ${!SERVER} <<< ${!PASSWORD}
+
+ local retval=$?
+
+ if [ ! ${retval} -eq 0 ]; then
+ eend ${retval}
+ return ${retval}
+ fi
+
+ if [ -x "${POSTUPSCRIPT}" ] ; then
+ "${POSTUPSCRIPT}"
+ fi
+
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping OpenConnect: ${VPN}"
+
+ checkconfig || return 1
+
+ if [ -x "${PREDOWNSCRIPT}" ] ; then
+ "${PREDOWNSCRIPT}"
+ fi
+
+ start-stop-daemon --pidfile "${VPNPID}" --stop /usr/sbin/openconnect
+ local retval=$?
+
+ if [ ! ${retval} -eq 0 ]; then
+ eend ${retval}
+ return ${retval}
+ fi
+
+
+ if [ -x "${POSTDOWNSCRIPT}" ] ; then
+ "${POSTDOWNSCRIPT}"
+ fi
+ eend $?
+}
diff --git a/net-vpn/openconnect/files/openconnect.init.in-r4 b/net-vpn/openconnect/files/openconnect.init.in-r4
new file mode 100644
index 000000000000..040edc76f637
--- /dev/null
+++ b/net-vpn/openconnect/files/openconnect.init.in-r4
@@ -0,0 +1,88 @@
+#!/sbin/openrc-run
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+VPN="${RC_SVCNAME#*.}"
+VPNDIR="/etc/openconnect/${VPN}"
+VPNLOG="/var/log/openconnect/${VPN}"
+VPNLOGFILE="${VPNLOG}/openconnect.log"
+VPNERRFILE="${VPNLOG}/openconnect.err"
+
+command="/usr/sbin/openconnect"
+name="OpenConnect: ${VPN}"
+pidfile="/run/openconnect/${VPN}.pid"
+stopsig="SIGINT"
+
+depend() {
+ before netmount
+}
+
+checkconfig() {
+ if [ $VPN = "openconnect" ]; then
+ eerror "You cannot call openconnect directly. You must create a symbolic link to it with the vpn name:"
+ eerror
+ eerror "ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0"
+ eerror
+ eerror "And then call it instead:"
+ eerror
+ eerror "/etc/init.d/openconnect.vpn0 start"
+ return 1
+ fi
+}
+
+checktuntap() {
+ if [ "$RC_UNAME" = "Linux" -a ! -e /dev/net/tun ] ; then
+ if ! modprobe tun ; then
+ eerror "TUN/TAP support is not available in this kernel"
+ return 1
+ fi
+ fi
+}
+
+run_hook() {
+ if [ -x "$1" ]; then
+ "$@"
+ fi
+}
+
+start_pre() {
+ checkconfig || return
+ checktuntap || return
+ checkpath -d "${VPNLOG}" || return
+ checkpath -d /run/openconnect || return
+ run_hook "${VPNDIR}/preup.sh"
+}
+
+start() {
+ local server vpnopts password
+ eval server=\$server_${VPN}
+ eval vpnopts=\$vpnopts_${VPN}
+ eval password=\$password_${VPN}
+
+ ebegin "Starting ${name}"
+ start-stop-daemon --start --exec "${command}" -- \
+ --background \
+ --interface="${VPN}" \
+ --pid-file="${pidfile}" \
+ ${vpnopts} \
+ "${server}" \
+ >> "${VPNLOGFILE}" \
+ 2>> "${VPNERRFILE}" \
+ <<EOF
+${password}
+EOF
+ eend $?
+}
+
+start_post() {
+ run_hook "${VPNDIR}/postup.sh"
+}
+
+stop_pre() {
+ checkconfig || return
+ run_hook "${VPNDIR}/predown.sh"
+}
+
+stop_post() {
+ run_hook "${VPNDIR}/postdown.sh"
+}
diff --git a/net-vpn/openconnect/files/openconnect.logrotate b/net-vpn/openconnect/files/openconnect.logrotate
new file mode 100644
index 000000000000..0455e6845b28
--- /dev/null
+++ b/net-vpn/openconnect/files/openconnect.logrotate
@@ -0,0 +1,8 @@
+# openconnect logrotate snipet for Gentoo Linux
+#
+/var/log/openconnect/*/* {
+ missingok
+ size 5M
+ notifempty
+}
+