summaryrefslogtreecommitdiff
path: root/pkg/osx/install
diff options
context:
space:
mode:
authorKali Kaneko <kali@leap.se>2016-01-29 13:18:36 -0800
committerKali Kaneko <kali@leap.se>2016-04-18 16:15:21 -0400
commite9e9abc4ec26be29b3a6b09e6a0b67786269183b (patch)
tree698ffd51104e6d391957ba25e31e88a2bbced38a /pkg/osx/install
parent0bd65c1d3e6c5ee1d861122ec2cd617ad026de43 (diff)
[feature] privileged bitmask helper
This is still quite untested, and a bit hacky, but the main idea behind let us have a daemonized bitmask helper, that should be installed by the Bitmask installer. Its responsibilities are to launch the vpn process as a privileged user, and start/stop the firewall.
Diffstat (limited to 'pkg/osx/install')
-rw-r--r--pkg/osx/install/ProcessNetworkChanges.plist.template16
-rwxr-xr-xpkg/osx/install/client.down.sh148
-rwxr-xr-xpkg/osx/install/client.up.sh599
-rwxr-xr-xpkg/osx/install/install-leapc.sh42
-rw-r--r--pkg/osx/install/leap-installer.platypus90
5 files changed, 0 insertions, 895 deletions
diff --git a/pkg/osx/install/ProcessNetworkChanges.plist.template b/pkg/osx/install/ProcessNetworkChanges.plist.template
deleted file mode 100644
index eaf54fcf..00000000
--- a/pkg/osx/install/ProcessNetworkChanges.plist.template
+++ /dev/null
@@ -1,16 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
- <dict>
- <key>Label</key>
- <string>se.leap.openvpn.process-network-changes</string>
- <key>ProgramArguments</key>
- <array>
- <string>${DIR}/process-network-changes</string>
- </array>
- <key>WatchPaths</key>
- <array>
- <string>/Library/Preferences/SystemConfiguration</string>
- </array>
- </dict>
-</plist>
diff --git a/pkg/osx/install/client.down.sh b/pkg/osx/install/client.down.sh
deleted file mode 100755
index 52ba4de6..00000000
--- a/pkg/osx/install/client.down.sh
+++ /dev/null
@@ -1,148 +0,0 @@
-#!/bin/bash -e
-# Note: must be bash; uses bash-specific tricks
-#
-# ******************************************************************************************************************
-# Based on the Tunnelblick script that just "does everything!"
-# It handles TUN and TAP interfaces,
-# pushed configurations and DHCP leases. :)
-#
-# This is the "Down" version of the script, executed after the connection is
-# closed.
-#
-# Created by: Nick Williams (using original code and parts of old Tblk scripts)
-#
-# ******************************************************************************************************************
-# TODO: review and adapt version 3 of the clientX.down.sh
-
-trap "" TSTP
-trap "" HUP
-trap "" INT
-export PATH="/bin:/sbin:/usr/sbin:/usr/bin"
-
-readonly LOG_MESSAGE_COMMAND=$(basename "${0}")
-
-# Quick check - is the configuration there?
-if ! scutil -w State:/Network/OpenVPN &>/dev/null -t 1 ; then
- # Configuration isn't there, so we forget it
- echo "$(date '+%a %b %e %T %Y') *LEAPClient $LOG_MESSAGE_COMMAND: WARNING: No existing OpenVPN DNS configuration found; not tearing down anything; exiting."
- exit 0
-fi
-
-# NOTE: This script does not use any arguments passed to it by OpenVPN, so it doesn't shift LEAPClient options out of the argument list
-
-# Get info saved by the up script
-LEAPCLIENT_CONFIG="$(/usr/sbin/scutil <<-EOF
- open
- show State:/Network/OpenVPN
- quit
-EOF)"
-
-ARG_MONITOR_NETWORK_CONFIGURATION="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*MonitorNetwork :' | sed -e 's/^.*: //g')"
-LEASEWATCHER_PLIST_PATH="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*LeaseWatcherPlistPath :' | sed -e 's/^.*: //g')"
-PSID="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*Service :' | sed -e 's/^.*: //g')"
-SCRIPT_LOG_FILE="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*ScriptLogFile :' | sed -e 's/^.*: //g')"
-# Don't need: ARG_RESTORE_ON_DNS_RESET="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*RestoreOnDNSReset :' | sed -e 's/^.*: //g')"
-# Don't need: ARG_RESTORE_ON_WINS_RESET="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*RestoreOnWINSReset :' | sed -e 's/^.*: //g')"
-# Don't need: PROCESS="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*PID :' | sed -e 's/^.*: //g')"
-# Don't need: ARG_IGNORE_OPTION_FLAGS="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*IgnoreOptionFlags :' | sed -e 's/^.*: //g')"
-ARG_TAP="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*IsTapInterface :' | sed -e 's/^.*: //g')"
-bRouteGatewayIsDhcp="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*RouteGatewayIsDhcp :' | sed -e 's/^.*: //g')"
-
-# @param String message - The message to log
-logMessage()
-{
- echo "$(date '+%a %b %e %T %Y') *LEAP CLient $LOG_MESSAGE_COMMAND: "${@} >> "${SCRIPT_LOG_FILE}"
-}
-
-trim()
-{
- echo ${@}
-}
-
-if ${ARG_TAP} ; then
- if [ "$bRouteGatewayIsDhcp" == "true" ]; then
- if [ -z "$dev" ]; then
- logMessage "Cannot configure TAP interface for DHCP without \$dev being defined. Device may not have disconnected properly."
- else
- set +e
- ipconfig set "$dev" NONE 2>/dev/null
- set -e
- fi
- fi
-fi
-
-# Issue warning if the primary service ID has changed
-PSID_CURRENT="$( (scutil | grep Service | sed -e 's/.*Service : //')<<- EOF
- open
- show State:/Network/OpenVPN
- quit
-EOF)"
-if [ "${PSID}" != "${PSID_CURRENT}" ] ; then
- logMessage "Ignoring change of Network Primary Service from ${PSID} to ${PSID_CURRENT}"
-fi
-
-# Remove leasewatcher
-if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then
- launchctl unload "${LEASEWATCHER_PLIST_PATH}"
- logMessage "Cancelled monitoring of system configuration changes"
-fi
-
-# Restore configurations
-DNS_OLD="$(/usr/sbin/scutil <<-EOF
- open
- show State:/Network/OpenVPN/OldDNS
- quit
-EOF)"
-WINS_OLD="$(/usr/sbin/scutil <<-EOF
- open
- show State:/Network/OpenVPN/OldSMB
- quit
-EOF)"
-TB_NO_SUCH_KEY="<dictionary> {
- LEAPClientNoSuchKey : true
-}"
-
-if [ "${DNS_OLD}" = "${TB_NO_SUCH_KEY}" ] ; then
- scutil <<- EOF
- open
- remove State:/Network/Service/${PSID}/DNS
- quit
-EOF
-else
- scutil <<- EOF
- open
- get State:/Network/OpenVPN/OldDNS
- set State:/Network/Service/${PSID}/DNS
- quit
-EOF
-fi
-
-if [ "${WINS_OLD}" = "${TB_NO_SUCH_KEY}" ] ; then
- scutil <<- EOF
- open
- remove State:/Network/Service/${PSID}/SMB
- quit
-EOF
-else
- scutil <<- EOF
- open
- get State:/Network/OpenVPN/OldSMB
- set State:/Network/Service/${PSID}/SMB
- quit
-EOF
-fi
-
-logMessage "Restored the DNS and WINS configurations"
-
-# Remove our system configuration data
-scutil <<- EOF
- open
- remove State:/Network/OpenVPN/SMB
- remove State:/Network/OpenVPN/DNS
- remove State:/Network/OpenVPN/OldSMB
- remove State:/Network/OpenVPN/OldDNS
- remove State:/Network/OpenVPN
- quit
-EOF
-
-exit 0
diff --git a/pkg/osx/install/client.up.sh b/pkg/osx/install/client.up.sh
deleted file mode 100755
index be9814c2..00000000
--- a/pkg/osx/install/client.up.sh
+++ /dev/null
@@ -1,599 +0,0 @@
-#!/bin/bash -e
-# Note: must be bash; uses bash-specific tricks
-#
-# ******************************************************************************************************************
-# Taken from the Tunnelblick script that "just does everything!"
-# It handles TUN and TAP interfaces,
-# pushed configurations, DHCP with DNS and WINS, and renewed DHCP leases. :)
-#
-# This is the "Up" version of the script, executed after the interface is
-# initialized.
-#
-# Created by: Nick Williams (using original code and parts of old Tblk scripts)
-#
-# ******************************************************************************************************************
-# TODO: review and adapt revision 3 of the clientX-up.sh instead
-
-trap "" TSTP
-trap "" HUP
-trap "" INT
-export PATH="/bin:/sbin:/usr/sbin:/usr/bin"
-
-# Process optional arguments (if any) for the script
-# Each one begins with a "-"
-# They come from the leap-client invocation, and come first, before the OpenVPN arguments
-# So we set ARG_ script variables to their values and shift them out of the argument list
-# When we're done, only the OpenVPN arguments remain for the rest of the script to use
-ARG_MONITOR_NETWORK_CONFIGURATION="false"
-ARG_RESTORE_ON_DNS_RESET="false"
-ARG_RESTORE_ON_WINS_RESET="false"
-ARG_TAP="false"
-ARG_IGNORE_OPTION_FLAGS=""
-
-while [ {$#} ] ; do
- if [ "$1" = "-m" ] ; then # Handle the arguments we know about
- ARG_MONITOR_NETWORK_CONFIGURATION="true" # by setting ARG_ script variables to their values
- shift # Then shift them out
- elif [ "$1" = "-d" ] ; then
- ARG_RESTORE_ON_DNS_RESET="true"
- shift
- elif [ "$1" = "-w" ] ; then
- ARG_RESTORE_ON_WINS_RESET="true"
- shift
- elif [ "$1" = "-a" ] ; then
- ARG_TAP="true"
- shift
- elif [ "${1:0:2}" = "-i" ] ; then
- ARG_IGNORE_OPTION_FLAGS="${1}"
- shift
- elif [ "${1:0:2}" = "-a" ] ; then
- ARG_IGNORE_OPTION_FLAGS="${1}"
- shift
- else
- if [ "${1:0:1}" = "-" ] ; then # Shift out Tunnelblick arguments (they start with "-") that we don't understand
- shift # so the rest of the script sees only the OpenVPN arguments
- else
- break
- fi
- fi
-done
-
-readonly ARG_MONITOR_NETWORK_CONFIGURATION ARG_RESTORE_ON_DNS_RESET ARG_RESTORE_ON_WINS_RESET ARG_TAP ARG_IGNORE_OPTION_FLAGS
-
-# Note: The script log path name is constructed from the path of the regular config file, not the shadow copy
-# if the config is shadow copy, e.g. /Library/Application Support/Tunnelblick/Users/Jonathan/Folder/Subfolder/config.ovpn
-# then convert to regular config /Users/Jonathan/Library/Application Support/Tunnelblick/Configurations/Folder/Subfolder/config.ovpn
-# to get the script log path
-# Note: "/Users/..." works even if the home directory has a different path; it is used in the name of the log file, and is not used as a path to get to anything.
-readonly TBALTPREFIX="/Library/Application Support/LEAP Client/Users/"
-readonly TBALTPREFIXLEN="${#TBALTPREFIX}"
-readonly TBCONFIGSTART="${config:0:$TBALTPREFIXLEN}"
-if [ "$TBCONFIGSTART" = "$TBALTPREFIX" ] ; then
- readonly TBBASE="${config:$TBALTPREFIXLEN}"
- readonly TBSUFFIX="${TBBASE#*/}"
- readonly TBUSERNAME="${TBBASE%%/*}"
- readonly TBCONFIG="/Users/$TBUSERNAME/Library/Application Support/LEAP Client/Configurations/$TBSUFFIX"
-else
- readonly TBCONFIG="${config}"
-fi
-
-readonly CONFIG_PATH_DASHES_SLASHES="$(echo "${TBCONFIG}" | sed -e 's/-/--/g' | sed -e 's/\//-S/g')"
-
-# XXX PUT LOGS SOMEWHERE BETTER
-readonly SCRIPT_LOG_FILE="/Users/$LEAPUSER/.config/leap/logs/${CONFIG_PATH_DASHES_SLASHES}.script.log"
-readonly TB_RESOURCE_PATH=$(dirname "${0}")
-
-LEASEWATCHER_PLIST_PATH="/Users/$LEAPUSER/.config/leap/logs/LeaseWatch.plist"
-
-readonly OSVER="$(sw_vers | grep 'ProductVersion:' | grep -o '10\.[0-9]*')"
-
-readonly DEFAULT_DOMAIN_NAME="openvpn"
-
-bRouteGatewayIsDhcp="false"
-
-# @param String message - The message to log
-readonly LOG_MESSAGE_COMMAND=$(basename "${0}")
-logMessage()
-{
- echo "$(date '+%a %b %e %T %Y') *LEAP Client $LOG_MESSAGE_COMMAND: "${@} >> "${SCRIPT_LOG_FILE}"
-}
-
-# @param String string - Content to trim
-trim()
-{
- echo ${@}
-}
-
-# @param String[] dnsServers - The name servers to use
-# @param String domainName - The domain name to use
-# @param \optional String[] winsServers - The WINS servers to use
-setDnsServersAndDomainName()
-{
- declare -a vDNS=("${!1}")
- domain=$2
- declare -a vWINS=("${!3}")
-
- set +e # "grep" will return error status (1) if no matches are found, so don't fail on individual errors
-
- PSID=$( (scutil | grep PrimaryService | sed -e 's/.*PrimaryService : //')<<- EOF
- open
- show State:/Network/Global/IPv4
- quit
-EOF )
-
- STATIC_DNS_CONFIG="$( (scutil | sed -e 's/^[[:space:]]*[[:digit:]]* : //g' | tr '\n' ' ')<<- EOF
- open
- show Setup:/Network/Service/${PSID}/DNS
- quit
-EOF )"
- if echo "${STATIC_DNS_CONFIG}" | grep -q "ServerAddresses" ; then
- readonly STATIC_DNS="$(trim "$( echo "${STATIC_DNS_CONFIG}" | sed -e 's/^.*ServerAddresses[^{]*{[[:space:]]*\([^}]*\)[[:space:]]*}.*$/\1/g' )")"
- fi
- if echo "${STATIC_DNS_CONFIG}" | grep -q "SearchDomains" ; then
- readonly STATIC_SEARCH="$(trim "$( echo "${STATIC_DNS_CONFIG}" | sed -e 's/^.*SearchDomains[^{]*{[[:space:]]*\([^}]*\)[[:space:]]*}.*$/\1/g' )")"
- fi
-
- STATIC_WINS_CONFIG="$( (scutil | sed -e 's/^[[:space:]]*[[:digit:]]* : //g' | tr '\n' ' ')<<- EOF
- open
- show Setup:/Network/Service/${PSID}/SMB
- quit
-EOF )"
- STATIC_WINS_SERVERS=""
- STATIC_WORKGROUP=""
- STATIC_NETBIOSNAME=""
- if echo "${STATIC_WINS_CONFIG}" | grep -q "WINSAddresses" ; then
- STATIC_WINS_SERVERS="$(trim "$( echo "${STATIC_WINS_CONFIG}" | sed -e 's/^.*WINSAddresses[^{]*{[[:space:]]*\([^}]*\)[[:space:]]*}.*$/\1/g' )")"
- fi
- if echo "${STATIC_WINS_CONFIG}" | grep -q "Workgroup" ; then
- STATIC_WORKGROUP="$(trim "$( echo "${STATIC_WINS_CONFIG}" | sed -e 's/^.*Workgroup : \([^[:space:]]*\).*$/\1/g' )")"
- fi
- if echo "${STATIC_WINS_CONFIG}" | grep -q "NetBIOSName" ; then
- STATIC_NETBIOSNAME="$(trim "$( echo "${STATIC_WINS_CONFIG}" | sed -e 's/^.*NetBIOSName : \([^[:space:]]*\).*$/\1/g' )")"
- fi
- readonly STATIC_WINS_SERVERS STATIC_WORKGROUP STATIC_NETBIOSNAME
-
- if [ ${#vDNS[*]} -eq 0 ] ; then
- DYN_DNS="false"
- ALL_DNS="${STATIC_DNS}"
- elif [ -n "${STATIC_DNS}" ] ; then
- case "${OSVER}" in
- 10.6 | 10.7 )
- # Do nothing - in 10.6 we don't aggregate our configurations, apparently
- DYN_DNS="false"
- ALL_DNS="${STATIC_DNS}"
- ;;
- 10.4 | 10.5 )
- DYN_DNS="true"
- # We need to remove duplicate DNS entries, so that our reference list matches MacOSX's
- SDNS="$(echo "${STATIC_DNS}" | tr ' ' '\n')"
- (( i=0 ))
- for n in "${vDNS[@]}" ; do
- if echo "${SDNS}" | grep -q "${n}" ; then
- unset vDNS[${i}]
- fi
- (( i++ ))
- done
- if [ ${#vDNS[*]} -gt 0 ] ; then
- ALL_DNS="$(trim "${STATIC_DNS}" "${vDNS[*]}")"
- else
- DYN_DNS="false"
- ALL_DNS="${STATIC_DNS}"
- fi
- ;;
- esac
- else
- DYN_DNS="true"
- ALL_DNS="$(trim "${vDNS[*]}")"
- fi
- readonly DYN_DNS ALL_DNS
-
- if [ ${#vWINS[*]} -eq 0 ] ; then
- DYN_WINS="false"
- ALL_WINS_SERVERS="${STATIC_WINS_SERVERS}"
- elif [ -n "${STATIC_WINS_SERVERS}" ] ; then
- case "${OSVER}" in
- 10.6 | 10.7 )
- # Do nothing - in 10.6 we don't aggregate our configurations, apparently
- DYN_WINS="false"
- ALL_WINS_SERVERS="${STATIC_WINS_SERVERS}"
- ;;
- 10.4 | 10.5 )
- DYN_WINS="true"
- # We need to remove duplicate WINS entries, so that our reference list matches MacOSX's
- SWINS="$(echo "${STATIC_WINS_SERVERS}" | tr ' ' '\n')"
- (( i=0 ))
- for n in "${vWINS[@]}" ; do
- if echo "${SWINS}" | grep -q "${n}" ; then
- unset vWINS[${i}]
- fi
- (( i++ ))
- done
- if [ ${#vWINS[*]} -gt 0 ] ; then
- ALL_WINS_SERVERS="$(trim "${STATIC_WINS_SERVERS}" "${vWINS[*]}")"
- else
- DYN_WINS="false"
- ALL_WINS_SERVERS="${STATIC_WINS_SERVERS}"
- fi
- ;;
- esac
- else
- DYN_WINS="true"
- ALL_WINS_SERVERS="$(trim "${vWINS[*]}")"
- fi
- readonly DYN_WINS ALL_WINS_SERVERS
-
- # We double-check that our search domain isn't already on the list
- SEARCH_DOMAIN="${domain}"
- case "${OSVER}" in
- 10.6 | 10.7 )
- # Do nothing - in 10.6 we don't aggregate our configurations, apparently
- if [ -n "${STATIC_SEARCH}" ] ; then
- ALL_SEARCH="${STATIC_SEARCH}"
- SEARCH_DOMAIN=""
- else
- ALL_SEARCH="${SEARCH_DOMAIN}"
- fi
- ;;
- 10.4 | 10.5 )
- if echo "${STATIC_SEARCH}" | tr ' ' '\n' | grep -q "${SEARCH_DOMAIN}" ; then
- SEARCH_DOMAIN=""
- fi
- if [ -z "${SEARCH_DOMAIN}" ] ; then
- ALL_SEARCH="${STATIC_SEARCH}"
- else
- ALL_SEARCH="$(trim "${STATIC_SEARCH}" "${SEARCH_DOMAIN}")"
- fi
- ;;
- esac
- readonly SEARCH_DOMAIN ALL_SEARCH
-
- if ! ${DYN_DNS} ; then
- NO_DNS="#"
- fi
- if ! ${DYN_WINS} ; then
- NO_WS="#"
- fi
- if [ -z "${SEARCH_DOMAIN}" ] ; then
- NO_SEARCH="#"
- fi
- if [ -z "${STATIC_WORKGROUP}" ] ; then
- NO_WG="#"
- fi
- if [ -z "${STATIC_NETBIOSNAME}" ] ; then
- NO_NB="#"
- fi
- if [ -z "${ALL_DNS}" ] ; then
- AGG_DNS="#"
- fi
- if [ -z "${ALL_SEARCH}" ] ; then
- AGG_SEARCH="#"
- fi
- if [ -z "${ALL_WINS_SERVERS}" ] ; then
- AGG_WINS="#"
- fi
-
- # Now, do the aggregation
- # Save the openvpn process ID and the Network Primary Service ID, leasewather.plist path, logfile path, and optional arguments from LEAP Client,
- # then save old and new DNS and WINS settings
- # PPID is a bash-script variable that contains the process ID of the parent of the process running the script (i.e., OpenVPN's process ID)
- # config is an environmental variable set to the configuration path by OpenVPN prior to running this up script
- logMessage "Up to two 'No such key' warnings are normal and may be ignored"
-
- # If DNS is manually set, it overrides the DHCP setting, which isn't reflected in 'State:/Network/Service/${PSID}/DNS'
- if echo "${STATIC_DNS_CONFIG}" | grep -q "ServerAddresses" ; then
- CORRECT_OLD_DNS_KEY="Setup:"
- else
- CORRECT_OLD_DNS_KEY="State:"
- fi
-
- # If WINS is manually set, it overrides the DHCP setting, which isn't reflected in 'State:/Network/Service/${PSID}/DNS'
- if echo "${STATIC_WINS_CONFIG}" | grep -q "WINSAddresses" ; then
- CORRECT_OLD_WINS_KEY="Setup:"
- else
- CORRECT_OLD_WINS_KEY="State:"
- fi
-
- # If we are not expecting any WINS value, add <LEAPClientNoSuchKey : true> to the expected WINS setup
- NO_NOSUCH_KEY_WINS="#"
- if [ "${NO_NB}" = "#" -a "${AGG_WINS}" = "#" -a "${NO_WG}" = "#" ] ; then
- NO_NOSUCH_KEY_WINS=""
- fi
- readonly NO_NOSUCH_KEY_WINS
-
- set -e # We instruct bash that it CAN again fail on errors
-
- scutil <<- EOF
- open
- d.init
- d.add PID # ${PPID}
- d.add Service ${PSID}
- d.add LeaseWatcherPlistPath "${LEASEWATCHER_PLIST_PATH}"
- d.add ScriptLogFile "${SCRIPT_LOG_FILE}"
- d.add MonitorNetwork "${ARG_MONITOR_NETWORK_CONFIGURATION}"
- d.add RestoreOnDNSReset "${ARG_RESTORE_ON_DNS_RESET}"
- d.add RestoreOnWINSReset "${ARG_RESTORE_ON_WINS_RESET}"
- d.add IgnoreOptionFlags "${ARG_IGNORE_OPTION_FLAGS}"
- d.add IsTapInterface "${ARG_TAP}"
- d.add RouteGatewayIsDhcp "${bRouteGatewayIsDhcp}"
- set State:/Network/OpenVPN
-
- # First, back up the device's current DNS and WINS configurations
- # Indicate 'no such key' by a dictionary with a single entry: "LEAPClientNoSuchKey : true"
- d.init
- d.add LEAPClientNoSuchKey true
- get ${CORRECT_OLD_DNS_KEY}/Network/Service/${PSID}/DNS
- set State:/Network/OpenVPN/OldDNS
-
- d.init
- d.add LEAPClientNoSuchKey true
- get ${CORRECT_OLD_WINS_KEY}/Network/Service/${PSID}/SMB
- set State:/Network/OpenVPN/OldSMB
-
- # Second, initialize the new DNS map
- d.init
- ${NO_DNS}d.add ServerAddresses * ${vDNS[*]}
- ${NO_SEARCH}d.add SearchDomains * ${SEARCH_DOMAIN}
- d.add DomainName ${domain}
- set State:/Network/Service/${PSID}/DNS
-
- # Third, initialize the WINS map
- d.init
- ${NO_NB}d.add NetBIOSName ${STATIC_NETBIOSNAME}
- ${NO_WS}d.add WINSAddresses * ${vWINS[*]}
- ${NO_WG}d.add Workgroup ${STATIC_WORKGROUP}
- set State:/Network/Service/${PSID}/SMB
-
- # Now, initialize the maps that will be compared against the system-generated map
- # which means that we will have to aggregate configurations of statically-configured
- # nameservers, and statically-configured search domains
- d.init
- ${AGG_DNS}d.add ServerAddresses * ${ALL_DNS}
- ${AGG_SEARCH}d.add SearchDomains * ${ALL_SEARCH}
- d.add DomainName ${domain}
- set State:/Network/OpenVPN/DNS
-
- d.init
- ${NO_NB}d.add NetBIOSName ${STATIC_NETBIOSNAME}
- ${AGG_WINS}d.add WINSAddresses * ${ALL_WINS_SERVERS}
- ${NO_WG}d.add Workgroup ${STATIC_WORKGROUP}
- ${NO_NOSUCH_KEY_WINS}d.add LEAPClientNoSuchKey true
- set State:/Network/OpenVPN/SMB
-
- # We are done
- quit
-EOF
-
- logMessage "Saved the DNS and WINS configurations for later use"
-
- if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then
- if [ "${ARG_IGNORE_OPTION_FLAGS:0:2}" = "-a" ] ; then
- # Generate an updated plist with the path for process-network-changes
- readonly LEASEWATCHER_TEMPLATE_PATH="$(dirname "${0}")/ProcessNetworkChanges.plist.template"
- sed -e "s|\${DIR}|$(dirname "${0}")|g" "${LEASEWATCHER_TEMPLATE_PATH}" > "${LEASEWATCHER_PLIST_PATH}"
- launchctl load "${LEASEWATCHER_PLIST_PATH}"
- logMessage "Set up to monitor system configuration with process-network-changes"
- else
- # Generate an updated plist with the path for leasewatch
- readonly LEASEWATCHER_TEMPLATE_PATH="$(dirname "${0}")/LeaseWatch.plist.template"
- sed -e "s|\${DIR}|$(dirname "${0}")|g" "${LEASEWATCHER_TEMPLATE_PATH}" > "${LEASEWATCHER_PLIST_PATH}"
- launchctl load "${LEASEWATCHER_PLIST_PATH}"
- logMessage "Set up to monitor system configuration with leasewatch"
- fi
- fi
-}
-
-configureDhcpDns()
-{
- # whilst ipconfig will have created the neccessary Network Service keys, the DNS
- # settings won't actually be used by OS X unless the SupplementalMatchDomains key
- # is added
- # ref. <http://lists.apple.com/archives/Macnetworkprog/2005/Jun/msg00011.html>
- # - is there a way to extract the domains from the SC dictionary and re-insert
- # as SupplementalMatchDomains? i.e. not requiring the ipconfig domain_name call?
-
- # - wait until we get a lease before extracting the DNS domain name and merging into SC
- # - despite it's name, ipconfig waitall doesn't (but maybe one day it will :-)
- ipconfig waitall
-
- unset test_domain_name
- unset test_name_server
-
- set +e # We instruct bash NOT to exit on individual command errors, because if we need to wait longer these commands will fail
-
- # usually takes at least a few seconds to get a DHCP lease
- sleep 3
- n=0
- while [ -z "$test_domain_name" -a -z "$test_name_server" -a $n -lt 5 ]
- do
- logMessage "Sleeping for $n seconds to wait for DHCP to finish setup."
- sleep $n
- n=`expr $n + 1`
-
- if [ -z "$test_domain_name" ]; then
- test_domain_name=`ipconfig getoption $dev domain_name 2>/dev/null`
- fi
-
- if [ -z "$test_name_server" ]; then
- test_name_server=`ipconfig getoption $dev domain_name_server 2>/dev/null`
- fi
- done
-
- sGetPacketOutput=`ipconfig getpacket $dev`
-
- set -e # We instruct bash that it CAN again fail on individual errors
-
- #echo "`date` test_domain_name = $test_domain_name, test_name_server = $test_name_server, sGetPacketOutput = $sGetPacketOutput"
-
- unset aNameServers
- unset aWinsServers
-
- nNameServerIndex=1
- nWinsServerIndex=1
-
- if [ "$sGetPacketOutput" ]; then
- sGetPacketOutput_FirstLine=`echo "$sGetPacketOutput"|head -n 1`
- #echo $sGetPacketOutput_FirstLine
-
- if [ "$sGetPacketOutput_FirstLine" == "op = BOOTREPLY" ]; then
- set +e # "grep" will return error status (1) if no matches are found, so don't fail on individual errors
-
- for tNameServer in `echo "$sGetPacketOutput"|grep "domain_name_server"|grep -Eo "\{([0-9\.]+)(, [0-9\.]+)*\}"|grep -Eo "([0-9\.]+)"`; do
- aNameServers[nNameServerIndex-1]="$(trim "$tNameServer")"
- let nNameServerIndex++
- done
-
- for tWINSServer in `echo "$sGetPacketOutput"|grep "nb_over_tcpip_name_server"|grep -Eo "\{([0-9\.]+)(, [0-9\.]+)*\}"|grep -Eo "([0-9\.]+)"`; do
- aWinsServers[nWinsServerIndex-1]="$(trim "$tWINSServer")"
- let nWinsServerIndex++
- done
-
- sDomainName=`echo "$sGetPacketOutput"|grep "domain_name "|grep -Eo ": [-A-Za-z0-9\-\.]+"|grep -Eo "[-A-Za-z0-9\-\.]+"`
- sDomainName="$(trim "$sDomainName")"
-
- if [ ${#aNameServers[*]} -gt 0 -a "$sDomainName" ]; then
- logMessage "Retrieved name server(s) [ ${aNameServers[@]} ], domain name [ $sDomainName ], and WINS server(s) [ ${aWinsServers[@]} ]"
- setDnsServersAndDomainName aNameServers[@] "$sDomainName" aWinsServers[@]
- return 0
- elif [ ${#aNameServers[*]} -gt 0 ]; then
- logMessage "Retrieved name server(s) [ ${aNameServers[@]} ] and WINS server(s) [ ${aWinsServers[@]} ] and using default domain name [ $DEFAULT_DOMAIN_NAME ]"
- setDnsServersAndDomainName aNameServers[@] "$DEFAULT_DOMAIN_NAME" aWinsServers[@]
- return 0
- else
- # Should we return 1 here and indicate an error, or attempt the old method?
- logMessage "No useful information extracted from DHCP/BOOTP packet. Attempting legacy configuration."
- fi
-
- set -e # We instruct bash that it CAN again fail on errors
- else
- # Should we return 1 here and indicate an error, or attempt the old method?
- logMessage "No DHCP/BOOTP packet found on interface. Attempting legacy configuration."
- fi
- fi
-
- unset sDomainName
- unset sNameServer
- unset aNameServers
-
- sDomainName=`ipconfig getoption $dev domain_name 2>/dev/null`
- sNameServer=`ipconfig getoption $dev domain_name_server 2>/dev/null`
-
- sDomainName="$(trim "$sDomainName")"
- sNameServer="$(trim "$sNameServer")"
-
- declare -a aWinsServers=( ) # Declare empty WINS array to avoid any useless error messages
-
- if [ "$sDomainName" -a "$sNameServer" ]; then
- aNameServers[0]=$sNameServer
- logMessage "Retrieved name server [ $sNameServer ], domain name [ $sDomainName ], and no WINS servers"
- setDnsServersAndDomainName aNameServers[@] "$sDomainName" aWinsServers[@]
- elif [ "$sNameServer" ]; then
- aNameServers[0]=$sNameServer
- logMessage "Retrieved name server [ $sNameServer ] and no WINS servers, and using default domain name [ $DEFAULT_DOMAIN_NAME ]"
- setDnsServersAndDomainName aNameServers[@] "$DEFAULT_DOMAIN_NAME" aWinsServers[@]
- elif [ "$sDomainName" ]; then
- logMessage "WARNING: Retrieved domain name [ $sDomainName ] but no name servers from OpenVPN (DHCP), which is not sufficient to make network/DNS configuration changes."
- if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then
- logMessage "Will NOT monitor for other network configuration changes."
- fi
- else
- logMessage "WARNING: No DNS information received from OpenVPN (DHCP), so no network/DNS configuration changes need to be made."
- if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then
- logMessage "Will NOT monitor for other network configuration changes."
- fi
- fi
-
- return 0
-}
-
-configureOpenVpnDns()
-{
- unset vForOptions
- unset vOptions
- unset aNameServers
- unset aWinsServers
-
- nOptionIndex=1
- nNameServerIndex=1
- nWinsServerIndex=1
-
- while vForOptions=foreign_option_$nOptionIndex; [ -n "${!vForOptions}" ]; do
- vOptions[nOptionIndex-1]=${!vForOptions}
- case ${vOptions[nOptionIndex-1]} in
- *DOMAIN* )
- sDomainName="$(trim "${vOptions[nOptionIndex-1]//dhcp-option DOMAIN /}")"
- ;;
- *DNS* )
- aNameServers[nNameServerIndex-1]="$(trim "${vOptions[nOptionIndex-1]//dhcp-option DNS /}")"
- let nNameServerIndex++
- ;;
- *WINS* )
- aWinsServers[nWinsServerIndex-1]="$(trim "${vOptions[nOptionIndex-1]//dhcp-option WINS /}")"
- let nWinsServerIndex++
- ;;
- * )
- logMessage "Unknown: 'foreign_option_${nOptionIndex}' = '${vOptions[nOptionIndex-1]}'"
- ;;
- esac
- let nOptionIndex++
- done
-
- if [ ${#aNameServers[*]} -gt 0 -a "$sDomainName" ]; then
- logMessage "Retrieved name server(s) [ ${aNameServers[@]} ], domain name [ $sDomainName ], and WINS server(s) [ ${aWinsServers[@]} ]"
- setDnsServersAndDomainName aNameServers[@] "$sDomainName" aWinsServers[@]
- elif [ ${#aNameServers[*]} -gt 0 ]; then
- logMessage "Retrieved name server(s) [ ${aNameServers[@]} ] and WINS server(s) [ ${aWinsServers[@]} ] and using default domain name [ $DEFAULT_DOMAIN_NAME ]"
- setDnsServersAndDomainName aNameServers[@] "$DEFAULT_DOMAIN_NAME" aWinsServers[@]
- else
- # Should we maybe just return 1 here to indicate an error? Does this mean that something bad has happened?
- logMessage "No DNS information recieved from OpenVPN, so no network configuration changes need to be made."
- if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then
- logMessage "Will NOT monitor for other network configuration changes."
- fi
- fi
-
- return 0
-}
-
-# We sleep here to allow time for OS X to process network settings
-sleep 2
-
-EXIT_CODE=0
-
-if ${ARG_TAP} ; then
- # Still need to do: Look for route-gateway dhcp (TAP isn't always DHCP)
- bRouteGatewayIsDhcp="false"
- if [ -z "${route_vpn_gateway}" -o "$route_vpn_gateway" == "dhcp" -o "$route_vpn_gateway" == "DHCP" ]; then
- bRouteGatewayIsDhcp="true"
- fi
-
- if [ "$bRouteGatewayIsDhcp" == "true" ]; then
- if [ -z "$dev" ]; then
- logMessage "Cannot configure TAP interface for DHCP without \$dev being defined. Exiting."
- exit 1
- fi
-
- ipconfig set "$dev" DHCP
-
- configureDhcpDns &
- elif [ "$foreign_option_1" == "" ]; then
- logMessage "No network configuration changes need to be made."
- if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then
- logMessage "Will NOT monitor for other network configuration changes."
- fi
- else
- configureOpenVpnDns
- EXIT_CODE=$?
- fi
-else
- if [ "$foreign_option_1" == "" ]; then
- logMessage "No network configuration changes need to be made."
- if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then
- logMessage "Will NOT monitor for other network configuration changes."
- fi
- else
- configureOpenVpnDns
- EXIT_CODE=$?
- fi
-fi
-
-exit $EXIT_CODE
diff --git a/pkg/osx/install/install-leapc.sh b/pkg/osx/install/install-leapc.sh
deleted file mode 100755
index e47abb7c..00000000
--- a/pkg/osx/install/install-leapc.sh
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/bash
-
-# Bitmask Installer Script.
-#
-# Copyright (C) 2013 LEAP Encryption Access Project
-#
-# This file is part of LEAP Client, as
-# available from http://leap.se/. This file is free software;
-# you can redistribute it and/or modify it under the terms of the GNU
-# General Public License (GPL) as published by the Free Software
-# Foundation, in version 2 as it comes in the "COPYING" file of the
-# LEAP Client distribution. LEAP Client is distributed in the
-# hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
-#
-
-set -e
-
-destlibs=/opt/local/lib
-leapdir=/Applications/LEAP\ Client.app
-leaplibs=${leapdir}/Contents/MacOS
-tunstartup=/Library/StartupItems/tun/tun
-
-echo "Installing Bitmask in /Applications..."
-cp -r "LEAP Client.app" /Applications
-
-echo "Copying openvpn binary..."
-cp -r openvpn.leap /usr/bin
-
-echo "Installing tun/tap drivers..."
-test -f $tunstartup && $tunstartup stop
-
-test -d /Library/Extensions || mkdir -p /Library/Extensions
-test -d /Library/StartupItems || mkdir -p /Library/StartupItems
-
-cp -r Extensions/* /Library/Extensions
-cp -r StartupItems/* /Library/StartupItems
-
-echo "Loading tun/tap kernel extension..."
-
-$tunstartup start
-
-echo "Installation Finished!"
diff --git a/pkg/osx/install/leap-installer.platypus b/pkg/osx/install/leap-installer.platypus
deleted file mode 100644
index 9150961e..00000000
--- a/pkg/osx/install/leap-installer.platypus
+++ /dev/null
@@ -1,90 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
- <key>AcceptsFiles</key>
- <true/>
- <key>AcceptsText</key>
- <false/>
- <key>Authentication</key>
- <true/>
- <key>Author</key>
- <string>Kali Yuga</string>
- <key>BundledFiles</key>
- <array/>
- <key>Creator</key>
- <string>Platypus-4.7</string>
- <key>DeclareService</key>
- <false/>
- <key>Destination</key>
- <string>MyPlatypusApp.app</string>
- <key>DestinationOverride</key>
- <false/>
- <key>DevelopmentVersion</key>
- <false/>
- <key>DocIcon</key>
- <string></string>
- <key>Droppable</key>
- <false/>
- <key>ExecutablePath</key>
- <string>/opt/local/share/platypus/ScriptExec</string>
- <key>FileTypes</key>
- <array>
- <string>****</string>
- <string>fold</string>
- </array>
- <key>IconPath</key>
- <string></string>
- <key>Identifier</key>
- <string>se.leap.LEAPClientInstaller</string>
- <key>Interpreter</key>
- <string>/bin/sh</string>
- <key>InterpreterArgs</key>
- <array/>
- <key>Name</key>
- <string>LEAPClient Installer</string>
- <key>NibPath</key>
- <string>/opt/local/share/platypus/MainMenu.nib</string>
- <key>OptimizeApplication</key>
- <true/>
- <key>Output</key>
- <string>Progress Bar</string>
- <key>RemainRunning</key>
- <true/>
- <key>Role</key>
- <string>Viewer</string>
- <key>ScriptArgs</key>
- <array/>
- <key>ScriptPath</key>
- <string>./install/install-leapc.sh</string>
- <key>Secure</key>
- <false/>
- <key>ShowInDock</key>
- <false/>
- <key>StatusItemDisplayType</key>
- <string>Text</string>
- <key>StatusItemIcon</key>
- <data>
- </data>
- <key>StatusItemTitle</key>
- <string>MyPlatypusApp</string>
- <key>Suffixes</key>
- <array>
- <string>*</string>
- </array>
- <key>TextBackground</key>
- <string>#ffffff</string>
- <key>TextEncoding</key>
- <integer>4</integer>
- <key>TextFont</key>
- <string>Monaco</string>
- <key>TextForeground</key>
- <string>#000000</string>
- <key>TextSize</key>
- <real>10</real>
- <key>UseXMLPlistFormat</key>
- <true/>
- <key>Version</key>
- <string>1.0</string>
-</dict>
-</plist>