summaryrefslogtreecommitdiff
path: root/pkg/linux/resolv-update
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2014-07-10 11:59:42 -0700
committerTomás Touceda <chiiph@leap.se>2014-07-21 12:03:36 -0300
commit2dd7e753ea6ba624ceb1ebad68a2e47e578aff80 (patch)
tree53a4f4a75553a4cd1350fe00bc905f8600af5432 /pkg/linux/resolv-update
parentd08a6963e2789eb869735785ff018ee9b670441c (diff)
bitmask-root: rip out all resolvconf code and simply rewrite all DNS packets to use the VPN nameserver.
Diffstat (limited to 'pkg/linux/resolv-update')
-rwxr-xr-xpkg/linux/resolv-update90
1 files changed, 0 insertions, 90 deletions
diff --git a/pkg/linux/resolv-update b/pkg/linux/resolv-update
deleted file mode 100755
index c308b788..00000000
--- a/pkg/linux/resolv-update
+++ /dev/null
@@ -1,90 +0,0 @@
-#!/bin/bash
-#
-# Parses options from openvpn to update resolv.conf
-#
-# The only way to enforce that a linux system will not leak DNS
-# queries is to replace /etc/resolv.conf with a file that only
-# has the DNS resolver specified by the VPN.
-#
-# That is what this script does. This is what resolvconf is for,
-# but sadly it does not always work.
-#
-# Example envs set from openvpn:
-# foreign_option_1='dhcp-option DNS 193.43.27.132'
-# foreign_option_2='dhcp-option DNS 193.43.27.133'
-# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
-#
-
-function up() {
-
- comment=$(
-cat <<SETVAR
-#
-# This is a temporary resolv.conf set by the Bitmask in order to
-# strictly enforce that DNS lookups are secured by the VPN.
-#
-# When Bitmask quits or the VPN connection it manages is dropped,
-# this file will be replace with the regularly scheduled /etc/resolv.conf
-#
-# If you want custom entries to appear in this file while Bitmask is running,
-# put them in /etc/leap/resolv-head or /etc/leap/resolv-tail. These files
-# should only be writable by root.
-#
-
-SETVAR
-)
-
- if [ -f /etc/leap/resolv-head ] ; then
- custom_head=$(cat /etc/leap/resolv-head)
- else
- custom_head=""
- fi
-
- if [ -f /etc/leap/resolv-tail ] ; then
- custom_tail=$(cat /etc/leap/resolv-tail)
- else
- custom_tail=""
- fi
-
- for optionname in ${!foreign_option_*} ; do
- option="${!optionname}"
- echo $option
- part1=$(echo "$option" | cut -d " " -f 1)
- if [ "$part1" == "dhcp-option" ] ; then
- part2=$(echo "$option" | cut -d " " -f 2)
- part3=$(echo "$option" | cut -d " " -f 3)
- if [ "$part2" == "DNS" ] ; then
- IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
- fi
- if [ "$part2" == "DOMAIN" ] ; then
- IF_DNS_SEARCH="$IF_DNS_SEARCH $part3"
- fi
- fi
- done
- R=""
- for SS in $IF_DNS_SEARCH ; do
- R="${R}search $SS
-"
- done
- for NS in $IF_DNS_NAMESERVERS ; do
- R="${R}nameserver $NS
-"
- done
- cp /etc/resolv.conf /etc/resolv.conf.bak
- echo "$comment
-$custom_head
-$R
-$custom_tail" > /etc/resolv.conf
-}
-
-function down() {
- if [ -f /etc/resolv.conf.bak ] ; then
- cat /etc/resolv.conf.bak > /etc/resolv.conf
- rm /etc/resolv.conf.bak
- fi
-}
-
-case $script_type in
- up) up ;;
- down) down ;;
-esac