Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. vpnc>
  3. devel
[PATCH 2/5] allow overriding utilities and /var location
alon.barlev at gmail
Dec 15, 2013, 9:23 AM
Post #1 of 1 (913 views)
Permalink
This patch enables a wrapper to override the /sbin/ip and
/sbin/resolvconf utilities, and the /etc, /var locations.

The idea is to allow non-root execution of vpnc, as tun
can be used by unprivileged user.

A simple vpnc-script wrapper such as the following is doing
the work:
---
export HOOKS_DIR="/home/user/vpnc"
export VAR_RUN="/home/user/vpnc/run"
export IPROUTE="sudo /sbin/ip"
export RESOLVCONF="sudo /sbin/resolvconf"

exec /etc/vpnc/vpnc-script
---

Configuration:
---
Interface name vpn0
Local Port 0
Pidfile /home/user/vpnc/run/pid
Script /home/user/vpnc/vpnc-script
---

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
---
vpnc-disconnect | 3 ++-
vpnc-script | 21 ++++++++++++---------
2 files changed, 14 insertions(+), 10 deletions(-)
---
vpnc-disconnect | 3 ++-
vpnc-script | 23 +++++++++++++----------
2 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/vpnc-disconnect b/vpnc-disconnect
index 53fe129..c0c079a 100755
--- a/vpnc-disconnect
+++ b/vpnc-disconnect
@@ -1,6 +1,7 @@
#!/bin/sh

-pid=/var/run/vpnc.pid
+VAR_RUN="${VAR_RUN:-/var/run}"
+pid="${VAR_RUN}/vpnc.pid"

if [ $# -ne 0 ]; then
echo "Usage: $0" 1>&2
diff --git a/vpnc-script b/vpnc-script
index 5e9b00f..c8483ee 100755
--- a/vpnc-script
+++ b/vpnc-script
@@ -78,19 +78,20 @@ PATH=/sbin:/usr/sbin:$PATH

OS="`uname -s`"

-HOOKS_DIR=/etc/vpnc
-DEFAULT_ROUTE_FILE=/var/run/vpnc/defaultroute
-RESOLV_CONF_BACKUP=/var/run/vpnc/resolv.conf-backup
+HOOKS_DIR="${HOOKS_DIR:-/etc/vpnc}"
+VAR_RUN="${VAR_RUN:-/var/run/vpnc}"
+DEFAULT_ROUTE_FILE="${VAR_RUN}/defaultroute"
+RESOLV_CONF_BACKUP="${VAR_RUN}/resolv.conf-backup"
SCRIPTNAME=`basename $0`

# some systems, eg. Darwin & FreeBSD, prune /var/run on boot
-if [ ! -d "/var/run/vpnc" ]; then
- mkdir -p /var/run/vpnc
- [ -x /sbin/restorecon ] && /sbin/restorecon /var/run/vpnc
+if [ ! -d "${VAR_RUN}" ]; then
+ mkdir -p "${VAR_RUN}"
+ [ -x /sbin/restorecon ] && /sbin/restorecon "${VAR_RUN}"
fi

# stupid SunOS: no blubber in /usr/local/bin ... (on stdout)
-IPROUTE="`which ip 2> /dev/null | grep '^/'`"
+IPROUTE="${IPROUTE:-`which ip 2> /dev/null | grep '^/'`}"

if ifconfig --help 2>&1 | grep BusyBox > /dev/null; then
ifconfig_syntax_inet=""
@@ -122,7 +123,9 @@ if [ -r /etc/openwrt_release ] && [ -n "$OPENWRT_INTERFACE" ]; then
include /lib/network
MODIFYRESOLVCONF=modify_resolvconf_openwrt
RESTORERESOLVCONF=restore_resolvconf_openwrt
-elif [ -x /sbin/resolvconf ] && [ "$OS" != "FreeBSD" ]; then # Optional tool on Debian, Ubuntu, Gentoo - but not FreeBSD, it seems to work different
+elif [ -n "${RESOLVCONF}" ] || ( [ -x "${RESOLVCONF}" ] && [ "$OS" != "FreeBSD" ] ); then # Optional tool on Debian, Ubuntu, Gentoo - but not FreeBSD, it seems to work different
+ RESOLVCONF="${RESOLVCONF:-/sbin/resolvconf}"
+
MODIFYRESOLVCONF=modify_resolvconf_manager
RESTORERESOLVCONF=restore_resolvconf_manager
elif [ -x /sbin/netconfig ]; then # tool on Suse after 11.1
@@ -551,11 +554,11 @@ nameserver $i"
NEW_RESOLVCONF="$NEW_RESOLVCONF
domain $CISCO_DEF_DOMAIN"
fi
- echo "$NEW_RESOLVCONF" | /sbin/resolvconf -a $TUNDEV
+ echo "$NEW_RESOLVCONF" | ${RESOLVCONF} -a $TUNDEV
}

restore_resolvconf_manager() {
- /sbin/resolvconf -d $TUNDEV
+ ${RESOLVCONF} -d $TUNDEV
}

# ========= Toplevel state handling =======================================
--
1.8.3.2

_______________________________________________
vpnc-devel mailing list
vpnc-devel@unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal