From 2cf32806dcce2d41920be28bd0e7d12e5d049357 Mon Sep 17 00:00:00 2001 From: kali Date: Mon, 27 Jul 2020 18:18:38 +0200 Subject: [pkg] update build script for openvpn --- pkg/helper/args.go | 11 ++++++----- pkg/helper/darwin.go | 40 ++++++++++++++++++++++++++++------------ pkg/helper/linux.go | 9 ++++++--- pkg/helper/windows.go | 8 ++++++-- 4 files changed, 46 insertions(+), 22 deletions(-) (limited to 'pkg') diff --git a/pkg/helper/args.go b/pkg/helper/args.go index 1a5bd3b..5a7873f 100644 --- a/pkg/helper/args.go +++ b/pkg/helper/args.go @@ -6,6 +6,7 @@ import ( "os" "regexp" "strconv" + "path/filepath" ) const ( @@ -22,11 +23,11 @@ var ( "--tls-client", "--remote-cert-tls", "server", "--dhcp-option", "DNS", nameserver, - "--log", LogFolder + "openvpn.log", "--tls-version-min", "1.0", + "--log", filepath.Join(LogFolder, "openvpn-leap.log"), } - allowendArgs = map[string][]string{ + allowedArgs = map[string][]string{ "--remote": []string{"IP", "NUMBER", "PROTO"}, "--tls-cipher": []string{"CIPHER"}, "--cipher": []string{"CIPHER"}, @@ -44,7 +45,7 @@ var ( cipher = regexp.MustCompile("^[A-Z0-9-]+$") formats = map[string]func(s string) bool{ - "NUMBER": isNumber, + "NUMBER": isNumber, "PROTO": isProto, "IP": isIP, "CIPHER": cipher.MatchString, @@ -54,9 +55,9 @@ var ( func parseOpenvpnArgs(args []string) []string { newArgs := fixedArgs - newArgs = append(newArgs, platformOpenvpnFlags...) + newArgs = append(newArgs, getPlatformOpenvpnFlags()...) for i := 0; i < len(args); i++ { - params, ok := allowendArgs[args[i]] + params, ok := allowedArgs[args[i]] if !ok { log.Printf("Invalid openvpn arg: %s", args[i]) continue diff --git a/pkg/helper/darwin.go b/pkg/helper/darwin.go index 82becee..ae42646 100644 --- a/pkg/helper/darwin.go +++ b/pkg/helper/darwin.go @@ -1,5 +1,5 @@ // +build darwin -// Copyright (C) 2018 LEAP +// Copyright (C) 2018-2020 LEAP // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by @@ -29,6 +29,7 @@ package helper import ( "errors" "fmt" + "path/filepath" "log" "os" "os/exec" @@ -36,30 +37,39 @@ import ( "strconv" "strings" - "0xacab.org/leap/bitmask-vpn/pkg/config" "github.com/sevlyar/go-daemon" ) const ( - appPath = "/Applications/" + config.ApplicationName + ".app/" - helperPath = appPath + "Contents/helper/" - LogFolder = helperPath - openvpnPath = appPath + "Contents/Resources/openvpn.leap" - - rulefilePath = helperPath + "bitmask.pf.conf" bitmask_anchor = "com.apple/250.BitmaskFirewall" gateways_table = "bitmask_gateways" - pfctl = "/sbin/pfctl" + LogFolder = "/var/log/" ) -var ( - platformOpenvpnFlags = []string{ +func _getExecPath() string { + ex, err := os.Executable() + if err != nil { + log.Print("error while getting executable path!") + } + return filepath.Dir(ex) +} + +func getHelperPath() string { + execPath := _getExecPath() + hp := filepath.Join(execPath, "../../../", "bitmask-helper") + log.Println(">>> DEBUG: helper", hp) + return hp +} + +func getPlatformOpenvpnFlags() []string { + helperPath := getHelperPath() + return []string{ "--script-security", "2", "--up", helperPath + "client.up.sh", "--down", helperPath + "client.down.sh", } -) +} func parseCliArgs() { // OSX helper does not respond to arguments @@ -97,6 +107,9 @@ func runServer(preferredPort int) { } func getOpenvpnPath() string { + execPath := _getExecPath() + openvpnPath := filepath.Join(execPath, "../../../", "openvpn.leap") + log.Println(">>> DEBUG: openvpn", openvpnPath) return openvpnPath } @@ -190,6 +203,9 @@ func loadBitmaskAnchor() error { } func getRulefilePath() (string, error) { + rulefilePath := filepath.Join(getHelperPath(), "helper", "bitmask.pf.conf") + log.Println("DEBUG: rule file path", rulefilePath) + if _, err := os.Stat(rulefilePath); !os.IsNotExist(err) { return rulefilePath, nil } diff --git a/pkg/helper/linux.go b/pkg/helper/linux.go index f1e21c8..d6f30f2 100644 --- a/pkg/helper/linux.go +++ b/pkg/helper/linux.go @@ -1,5 +1,5 @@ // +build linux -// Copyright (C) 2018 LEAP +// Copyright (C) 2018, 2020 LEAP // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by @@ -34,12 +34,15 @@ const ( var ( snapOpenvpnPath = "/snap/bin/" + config.BinaryName + ".openvpn" - platformOpenvpnFlags = []string{ +) + +func getPlatformOpenvpnFlags() []string { + return []string{ "--script-security", "1", "--user", openvpnUser, "--group", openvpnGroup, } -) +} func parseCliArgs() { // linux helper does not reply to args diff --git a/pkg/helper/windows.go b/pkg/helper/windows.go index 44ac6f5..c33a4bc 100644 --- a/pkg/helper/windows.go +++ b/pkg/helper/windows.go @@ -40,11 +40,15 @@ var ( openvpnPath = path.Join(appPath, "openvpn.exe") chocoOpenvpnPath = `C:\Program Files\OpenVPN\bin\openvpn.exe` platformOpenvpnFlags = []string{ + httpServerConf = &httpConf{} +) + +func getPlatformOpenvpnFlags() []string { + return []string{ "--script-security", "1", "--block-outside-dns", } - httpServerConf = &httpConf{} -) +} func getExecDir() string { ex, err := os.Executable() -- cgit v1.2.3