diff options
author | Kali Kaneko <kali@leap.se> | 2016-01-29 13:18:36 -0800 |
---|---|---|
committer | Kali Kaneko <kali@leap.se> | 2016-04-18 16:15:21 -0400 |
commit | e9e9abc4ec26be29b3a6b09e6a0b67786269183b (patch) | |
tree | 698ffd51104e6d391957ba25e31e88a2bbced38a /pkg/osx/install | |
parent | 0bd65c1d3e6c5ee1d861122ec2cd617ad026de43 (diff) |
[feature] privileged bitmask helper
This is still quite untested, and a bit hacky, but the main idea behind
let us have a daemonized bitmask helper, that should be installed by the
Bitmask installer. Its responsibilities are to launch the vpn process as
a privileged user, and start/stop the firewall.
Diffstat (limited to 'pkg/osx/install')
-rw-r--r-- | pkg/osx/install/ProcessNetworkChanges.plist.template | 16 | ||||
-rwxr-xr-x | pkg/osx/install/client.down.sh | 148 | ||||
-rwxr-xr-x | pkg/osx/install/client.up.sh | 599 | ||||
-rwxr-xr-x | pkg/osx/install/install-leapc.sh | 42 | ||||
-rw-r--r-- | pkg/osx/install/leap-installer.platypus | 90 |
5 files changed, 0 insertions, 895 deletions
diff --git a/pkg/osx/install/ProcessNetworkChanges.plist.template b/pkg/osx/install/ProcessNetworkChanges.plist.template deleted file mode 100644 index eaf54fcf..00000000 --- a/pkg/osx/install/ProcessNetworkChanges.plist.template +++ /dev/null @@ -1,16 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> -<plist version="1.0"> - <dict> - <key>Label</key> - <string>se.leap.openvpn.process-network-changes</string> - <key>ProgramArguments</key> - <array> - <string>${DIR}/process-network-changes</string> - </array> - <key>WatchPaths</key> - <array> - <string>/Library/Preferences/SystemConfiguration</string> - </array> - </dict> -</plist> diff --git a/pkg/osx/install/client.down.sh b/pkg/osx/install/client.down.sh deleted file mode 100755 index 52ba4de6..00000000 --- a/pkg/osx/install/client.down.sh +++ /dev/null @@ -1,148 +0,0 @@ -#!/bin/bash -e -# Note: must be bash; uses bash-specific tricks -# -# ****************************************************************************************************************** -# Based on the Tunnelblick script that just "does everything!" -# It handles TUN and TAP interfaces, -# pushed configurations and DHCP leases. :) -# -# This is the "Down" version of the script, executed after the connection is -# closed. -# -# Created by: Nick Williams (using original code and parts of old Tblk scripts) -# -# ****************************************************************************************************************** -# TODO: review and adapt version 3 of the clientX.down.sh - -trap "" TSTP -trap "" HUP -trap "" INT -export PATH="/bin:/sbin:/usr/sbin:/usr/bin" - -readonly LOG_MESSAGE_COMMAND=$(basename "${0}") - -# Quick check - is the configuration there? -if ! scutil -w State:/Network/OpenVPN &>/dev/null -t 1 ; then - # Configuration isn't there, so we forget it - echo "$(date '+%a %b %e %T %Y') *LEAPClient $LOG_MESSAGE_COMMAND: WARNING: No existing OpenVPN DNS configuration found; not tearing down anything; exiting." - exit 0 -fi - -# NOTE: This script does not use any arguments passed to it by OpenVPN, so it doesn't shift LEAPClient options out of the argument list - -# Get info saved by the up script -LEAPCLIENT_CONFIG="$(/usr/sbin/scutil <<-EOF - open - show State:/Network/OpenVPN - quit -EOF)" - -ARG_MONITOR_NETWORK_CONFIGURATION="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*MonitorNetwork :' | sed -e 's/^.*: //g')" -LEASEWATCHER_PLIST_PATH="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*LeaseWatcherPlistPath :' | sed -e 's/^.*: //g')" -PSID="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*Service :' | sed -e 's/^.*: //g')" -SCRIPT_LOG_FILE="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*ScriptLogFile :' | sed -e 's/^.*: //g')" -# Don't need: ARG_RESTORE_ON_DNS_RESET="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*RestoreOnDNSReset :' | sed -e 's/^.*: //g')" -# Don't need: ARG_RESTORE_ON_WINS_RESET="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*RestoreOnWINSReset :' | sed -e 's/^.*: //g')" -# Don't need: PROCESS="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*PID :' | sed -e 's/^.*: //g')" -# Don't need: ARG_IGNORE_OPTION_FLAGS="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*IgnoreOptionFlags :' | sed -e 's/^.*: //g')" -ARG_TAP="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*IsTapInterface :' | sed -e 's/^.*: //g')" -bRouteGatewayIsDhcp="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*RouteGatewayIsDhcp :' | sed -e 's/^.*: //g')" - -# @param String message - The message to log -logMessage() -{ - echo "$(date '+%a %b %e %T %Y') *LEAP CLient $LOG_MESSAGE_COMMAND: "${@} >> "${SCRIPT_LOG_FILE}" -} - -trim() -{ - echo ${@} -} - -if ${ARG_TAP} ; then - if [ "$bRouteGatewayIsDhcp" == "true" ]; then - if [ -z "$dev" ]; then - logMessage "Cannot configure TAP interface for DHCP without \$dev being defined. Device may not have disconnected properly." - else - set +e - ipconfig set "$dev" NONE 2>/dev/null - set -e - fi - fi -fi - -# Issue warning if the primary service ID has changed -PSID_CURRENT="$( (scutil | grep Service | sed -e 's/.*Service : //')<<- EOF - open - show State:/Network/OpenVPN - quit -EOF)" -if [ "${PSID}" != "${PSID_CURRENT}" ] ; then - logMessage "Ignoring change of Network Primary Service from ${PSID} to ${PSID_CURRENT}" -fi - -# Remove leasewatcher -if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then - launchctl unload "${LEASEWATCHER_PLIST_PATH}" - logMessage "Cancelled monitoring of system configuration changes" -fi - -# Restore configurations -DNS_OLD="$(/usr/sbin/scutil <<-EOF - open - show State:/Network/OpenVPN/OldDNS - quit -EOF)" -WINS_OLD="$(/usr/sbin/scutil <<-EOF - open - show State:/Network/OpenVPN/OldSMB - quit -EOF)" -TB_NO_SUCH_KEY="<dictionary> { - LEAPClientNoSuchKey : true -}" - -if [ "${DNS_OLD}" = "${TB_NO_SUCH_KEY}" ] ; then - scutil <<- EOF - open - remove State:/Network/Service/${PSID}/DNS - quit -EOF -else - scutil <<- EOF - open - get State:/Network/OpenVPN/OldDNS - set State:/Network/Service/${PSID}/DNS - quit -EOF -fi - -if [ "${WINS_OLD}" = "${TB_NO_SUCH_KEY}" ] ; then - scutil <<- EOF - open - remove State:/Network/Service/${PSID}/SMB - quit -EOF -else - scutil <<- EOF - open - get State:/Network/OpenVPN/OldSMB - set State:/Network/Service/${PSID}/SMB - quit -EOF -fi - -logMessage "Restored the DNS and WINS configurations" - -# Remove our system configuration data -scutil <<- EOF - open - remove State:/Network/OpenVPN/SMB - remove State:/Network/OpenVPN/DNS - remove State:/Network/OpenVPN/OldSMB - remove State:/Network/OpenVPN/OldDNS - remove State:/Network/OpenVPN - quit -EOF - -exit 0 diff --git a/pkg/osx/install/client.up.sh b/pkg/osx/install/client.up.sh deleted file mode 100755 index be9814c2..00000000 --- a/pkg/osx/install/client.up.sh +++ /dev/null @@ -1,599 +0,0 @@ -#!/bin/bash -e -# Note: must be bash; uses bash-specific tricks -# -# ****************************************************************************************************************** -# Taken from the Tunnelblick script that "just does everything!" -# It handles TUN and TAP interfaces, -# pushed configurations, DHCP with DNS and WINS, and renewed DHCP leases. :) -# -# This is the "Up" version of the script, executed after the interface is -# initialized. -# -# Created by: Nick Williams (using original code and parts of old Tblk scripts) -# -# ****************************************************************************************************************** -# TODO: review and adapt revision 3 of the clientX-up.sh instead - -trap "" TSTP -trap "" HUP -trap "" INT -export PATH="/bin:/sbin:/usr/sbin:/usr/bin" - -# Process optional arguments (if any) for the script -# Each one begins with a "-" -# They come from the leap-client invocation, and come first, before the OpenVPN arguments -# So we set ARG_ script variables to their values and shift them out of the argument list -# When we're done, only the OpenVPN arguments remain for the rest of the script to use -ARG_MONITOR_NETWORK_CONFIGURATION="false" -ARG_RESTORE_ON_DNS_RESET="false" -ARG_RESTORE_ON_WINS_RESET="false" -ARG_TAP="false" -ARG_IGNORE_OPTION_FLAGS="" - -while [ {$#} ] ; do - if [ "$1" = "-m" ] ; then # Handle the arguments we know about - ARG_MONITOR_NETWORK_CONFIGURATION="true" # by setting ARG_ script variables to their values - shift # Then shift them out - elif [ "$1" = "-d" ] ; then - ARG_RESTORE_ON_DNS_RESET="true" - shift - elif [ "$1" = "-w" ] ; then - ARG_RESTORE_ON_WINS_RESET="true" - shift - elif [ "$1" = "-a" ] ; then - ARG_TAP="true" - shift - elif [ "${1:0:2}" = "-i" ] ; then - ARG_IGNORE_OPTION_FLAGS="${1}" - shift - elif [ "${1:0:2}" = "-a" ] ; then - ARG_IGNORE_OPTION_FLAGS="${1}" - shift - else - if [ "${1:0:1}" = "-" ] ; then # Shift out Tunnelblick arguments (they start with "-") that we don't understand - shift # so the rest of the script sees only the OpenVPN arguments - else - break - fi - fi -done - -readonly ARG_MONITOR_NETWORK_CONFIGURATION ARG_RESTORE_ON_DNS_RESET ARG_RESTORE_ON_WINS_RESET ARG_TAP ARG_IGNORE_OPTION_FLAGS - -# Note: The script log path name is constructed from the path of the regular config file, not the shadow copy -# if the config is shadow copy, e.g. /Library/Application Support/Tunnelblick/Users/Jonathan/Folder/Subfolder/config.ovpn -# then convert to regular config /Users/Jonathan/Library/Application Support/Tunnelblick/Configurations/Folder/Subfolder/config.ovpn -# to get the script log path -# Note: "/Users/..." works even if the home directory has a different path; it is used in the name of the log file, and is not used as a path to get to anything. -readonly TBALTPREFIX="/Library/Application Support/LEAP Client/Users/" -readonly TBALTPREFIXLEN="${#TBALTPREFIX}" -readonly TBCONFIGSTART="${config:0:$TBALTPREFIXLEN}" -if [ "$TBCONFIGSTART" = "$TBALTPREFIX" ] ; then - readonly TBBASE="${config:$TBALTPREFIXLEN}" - readonly TBSUFFIX="${TBBASE#*/}" - readonly TBUSERNAME="${TBBASE%%/*}" - readonly TBCONFIG="/Users/$TBUSERNAME/Library/Application Support/LEAP Client/Configurations/$TBSUFFIX" -else - readonly TBCONFIG="${config}" -fi - -readonly CONFIG_PATH_DASHES_SLASHES="$(echo "${TBCONFIG}" | sed -e 's/-/--/g' | sed -e 's/\//-S/g')" - -# XXX PUT LOGS SOMEWHERE BETTER -readonly SCRIPT_LOG_FILE="/Users/$LEAPUSER/.config/leap/logs/${CONFIG_PATH_DASHES_SLASHES}.script.log" -readonly TB_RESOURCE_PATH=$(dirname "${0}") - -LEASEWATCHER_PLIST_PATH="/Users/$LEAPUSER/.config/leap/logs/LeaseWatch.plist" - -readonly OSVER="$(sw_vers | grep 'ProductVersion:' | grep -o '10\.[0-9]*')" - -readonly DEFAULT_DOMAIN_NAME="openvpn" - -bRouteGatewayIsDhcp="false" - -# @param String message - The message to log -readonly LOG_MESSAGE_COMMAND=$(basename "${0}") -logMessage() -{ - echo "$(date '+%a %b %e %T %Y') *LEAP Client $LOG_MESSAGE_COMMAND: "${@} >> "${SCRIPT_LOG_FILE}" -} - -# @param String string - Content to trim -trim() -{ - echo ${@} -} - -# @param String[] dnsServers - The name servers to use -# @param String domainName - The domain name to use -# @param \optional String[] winsServers - The WINS servers to use -setDnsServersAndDomainName() -{ - declare -a vDNS=("${!1}") - domain=$2 - declare -a vWINS=("${!3}") - - set +e # "grep" will return error status (1) if no matches are found, so don't fail on individual errors - - PSID=$( (scutil | grep PrimaryService | sed -e 's/.*PrimaryService : //')<<- EOF - open - show State:/Network/Global/IPv4 - quit -EOF ) - - STATIC_DNS_CONFIG="$( (scutil | sed -e 's/^[[:space:]]*[[:digit:]]* : //g' | tr '\n' ' ')<<- EOF - open - show Setup:/Network/Service/${PSID}/DNS - quit -EOF )" - if echo "${STATIC_DNS_CONFIG}" | grep -q "ServerAddresses" ; then - readonly STATIC_DNS="$(trim "$( echo "${STATIC_DNS_CONFIG}" | sed -e 's/^.*ServerAddresses[^{]*{[[:space:]]*\([^}]*\)[[:space:]]*}.*$/\1/g' )")" - fi - if echo "${STATIC_DNS_CONFIG}" | grep -q "SearchDomains" ; then - readonly STATIC_SEARCH="$(trim "$( echo "${STATIC_DNS_CONFIG}" | sed -e 's/^.*SearchDomains[^{]*{[[:space:]]*\([^}]*\)[[:space:]]*}.*$/\1/g' )")" - fi - - STATIC_WINS_CONFIG="$( (scutil | sed -e 's/^[[:space:]]*[[:digit:]]* : //g' | tr '\n' ' ')<<- EOF - open - show Setup:/Network/Service/${PSID}/SMB - quit -EOF )" - STATIC_WINS_SERVERS="" - STATIC_WORKGROUP="" - STATIC_NETBIOSNAME="" - if echo "${STATIC_WINS_CONFIG}" | grep -q "WINSAddresses" ; then - STATIC_WINS_SERVERS="$(trim "$( echo "${STATIC_WINS_CONFIG}" | sed -e 's/^.*WINSAddresses[^{]*{[[:space:]]*\([^}]*\)[[:space:]]*}.*$/\1/g' )")" - fi - if echo "${STATIC_WINS_CONFIG}" | grep -q "Workgroup" ; then - STATIC_WORKGROUP="$(trim "$( echo "${STATIC_WINS_CONFIG}" | sed -e 's/^.*Workgroup : \([^[:space:]]*\).*$/\1/g' )")" - fi - if echo "${STATIC_WINS_CONFIG}" | grep -q "NetBIOSName" ; then - STATIC_NETBIOSNAME="$(trim "$( echo "${STATIC_WINS_CONFIG}" | sed -e 's/^.*NetBIOSName : \([^[:space:]]*\).*$/\1/g' )")" - fi - readonly STATIC_WINS_SERVERS STATIC_WORKGROUP STATIC_NETBIOSNAME - - if [ ${#vDNS[*]} -eq 0 ] ; then - DYN_DNS="false" - ALL_DNS="${STATIC_DNS}" - elif [ -n "${STATIC_DNS}" ] ; then - case "${OSVER}" in - 10.6 | 10.7 ) - # Do nothing - in 10.6 we don't aggregate our configurations, apparently - DYN_DNS="false" - ALL_DNS="${STATIC_DNS}" - ;; - 10.4 | 10.5 ) - DYN_DNS="true" - # We need to remove duplicate DNS entries, so that our reference list matches MacOSX's - SDNS="$(echo "${STATIC_DNS}" | tr ' ' '\n')" - (( i=0 )) - for n in "${vDNS[@]}" ; do - if echo "${SDNS}" | grep -q "${n}" ; then - unset vDNS[${i}] - fi - (( i++ )) - done - if [ ${#vDNS[*]} -gt 0 ] ; then - ALL_DNS="$(trim "${STATIC_DNS}" "${vDNS[*]}")" - else - DYN_DNS="false" - ALL_DNS="${STATIC_DNS}" - fi - ;; - esac - else - DYN_DNS="true" - ALL_DNS="$(trim "${vDNS[*]}")" - fi - readonly DYN_DNS ALL_DNS - - if [ ${#vWINS[*]} -eq 0 ] ; then - DYN_WINS="false" - ALL_WINS_SERVERS="${STATIC_WINS_SERVERS}" - elif [ -n "${STATIC_WINS_SERVERS}" ] ; then - case "${OSVER}" in - 10.6 | 10.7 ) - # Do nothing - in 10.6 we don't aggregate our configurations, apparently - DYN_WINS="false" - ALL_WINS_SERVERS="${STATIC_WINS_SERVERS}" - ;; - 10.4 | 10.5 ) - DYN_WINS="true" - # We need to remove duplicate WINS entries, so that our reference list matches MacOSX's - SWINS="$(echo "${STATIC_WINS_SERVERS}" | tr ' ' '\n')" - (( i=0 )) - for n in "${vWINS[@]}" ; do - if echo "${SWINS}" | grep -q "${n}" ; then - unset vWINS[${i}] - fi - (( i++ )) - done - if [ ${#vWINS[*]} -gt 0 ] ; then - ALL_WINS_SERVERS="$(trim "${STATIC_WINS_SERVERS}" "${vWINS[*]}")" - else - DYN_WINS="false" - ALL_WINS_SERVERS="${STATIC_WINS_SERVERS}" - fi - ;; - esac - else - DYN_WINS="true" - ALL_WINS_SERVERS="$(trim "${vWINS[*]}")" - fi - readonly DYN_WINS ALL_WINS_SERVERS - - # We double-check that our search domain isn't already on the list - SEARCH_DOMAIN="${domain}" - case "${OSVER}" in - 10.6 | 10.7 ) - # Do nothing - in 10.6 we don't aggregate our configurations, apparently - if [ -n "${STATIC_SEARCH}" ] ; then - ALL_SEARCH="${STATIC_SEARCH}" - SEARCH_DOMAIN="" - else - ALL_SEARCH="${SEARCH_DOMAIN}" - fi - ;; - 10.4 | 10.5 ) - if echo "${STATIC_SEARCH}" | tr ' ' '\n' | grep -q "${SEARCH_DOMAIN}" ; then - SEARCH_DOMAIN="" - fi - if [ -z "${SEARCH_DOMAIN}" ] ; then - ALL_SEARCH="${STATIC_SEARCH}" - else - ALL_SEARCH="$(trim "${STATIC_SEARCH}" "${SEARCH_DOMAIN}")" - fi - ;; - esac - readonly SEARCH_DOMAIN ALL_SEARCH - - if ! ${DYN_DNS} ; then - NO_DNS="#" - fi - if ! ${DYN_WINS} ; then - NO_WS="#" - fi - if [ -z "${SEARCH_DOMAIN}" ] ; then - NO_SEARCH="#" - fi - if [ -z "${STATIC_WORKGROUP}" ] ; then - NO_WG="#" - fi - if [ -z "${STATIC_NETBIOSNAME}" ] ; then - NO_NB="#" - fi - if [ -z "${ALL_DNS}" ] ; then - AGG_DNS="#" - fi - if [ -z "${ALL_SEARCH}" ] ; then - AGG_SEARCH="#" - fi - if [ -z "${ALL_WINS_SERVERS}" ] ; then - AGG_WINS="#" - fi - - # Now, do the aggregation - # Save the openvpn process ID and the Network Primary Service ID, leasewather.plist path, logfile path, and optional arguments from LEAP Client, - # then save old and new DNS and WINS settings - # PPID is a bash-script variable that contains the process ID of the parent of the process running the script (i.e., OpenVPN's process ID) - # config is an environmental variable set to the configuration path by OpenVPN prior to running this up script - logMessage "Up to two 'No such key' warnings are normal and may be ignored" - - # If DNS is manually set, it overrides the DHCP setting, which isn't reflected in 'State:/Network/Service/${PSID}/DNS' - if echo "${STATIC_DNS_CONFIG}" | grep -q "ServerAddresses" ; then - CORRECT_OLD_DNS_KEY="Setup:" - else - CORRECT_OLD_DNS_KEY="State:" - fi - - # If WINS is manually set, it overrides the DHCP setting, which isn't reflected in 'State:/Network/Service/${PSID}/DNS' - if echo "${STATIC_WINS_CONFIG}" | grep -q "WINSAddresses" ; then - CORRECT_OLD_WINS_KEY="Setup:" - else - CORRECT_OLD_WINS_KEY="State:" - fi - - # If we are not expecting any WINS value, add <LEAPClientNoSuchKey : true> to the expected WINS setup - NO_NOSUCH_KEY_WINS="#" - if [ "${NO_NB}" = "#" -a "${AGG_WINS}" = "#" -a "${NO_WG}" = "#" ] ; then - NO_NOSUCH_KEY_WINS="" - fi - readonly NO_NOSUCH_KEY_WINS - - set -e # We instruct bash that it CAN again fail on errors - - scutil <<- EOF - open - d.init - d.add PID # ${PPID} - d.add Service ${PSID} - d.add LeaseWatcherPlistPath "${LEASEWATCHER_PLIST_PATH}" - d.add ScriptLogFile "${SCRIPT_LOG_FILE}" - d.add MonitorNetwork "${ARG_MONITOR_NETWORK_CONFIGURATION}" - d.add RestoreOnDNSReset "${ARG_RESTORE_ON_DNS_RESET}" - d.add RestoreOnWINSReset "${ARG_RESTORE_ON_WINS_RESET}" - d.add IgnoreOptionFlags "${ARG_IGNORE_OPTION_FLAGS}" - d.add IsTapInterface "${ARG_TAP}" - d.add RouteGatewayIsDhcp "${bRouteGatewayIsDhcp}" - set State:/Network/OpenVPN - - # First, back up the device's current DNS and WINS configurations - # Indicate 'no such key' by a dictionary with a single entry: "LEAPClientNoSuchKey : true" - d.init - d.add LEAPClientNoSuchKey true - get ${CORRECT_OLD_DNS_KEY}/Network/Service/${PSID}/DNS - set State:/Network/OpenVPN/OldDNS - - d.init - d.add LEAPClientNoSuchKey true - get ${CORRECT_OLD_WINS_KEY}/Network/Service/${PSID}/SMB - set State:/Network/OpenVPN/OldSMB - - # Second, initialize the new DNS map - d.init - ${NO_DNS}d.add ServerAddresses * ${vDNS[*]} - ${NO_SEARCH}d.add SearchDomains * ${SEARCH_DOMAIN} - d.add DomainName ${domain} - set State:/Network/Service/${PSID}/DNS - - # Third, initialize the WINS map - d.init - ${NO_NB}d.add NetBIOSName ${STATIC_NETBIOSNAME} - ${NO_WS}d.add WINSAddresses * ${vWINS[*]} - ${NO_WG}d.add Workgroup ${STATIC_WORKGROUP} - set State:/Network/Service/${PSID}/SMB - - # Now, initialize the maps that will be compared against the system-generated map - # which means that we will have to aggregate configurations of statically-configured - # nameservers, and statically-configured search domains - d.init - ${AGG_DNS}d.add ServerAddresses * ${ALL_DNS} - ${AGG_SEARCH}d.add SearchDomains * ${ALL_SEARCH} - d.add DomainName ${domain} - set State:/Network/OpenVPN/DNS - - d.init - ${NO_NB}d.add NetBIOSName ${STATIC_NETBIOSNAME} - ${AGG_WINS}d.add WINSAddresses * ${ALL_WINS_SERVERS} - ${NO_WG}d.add Workgroup ${STATIC_WORKGROUP} - ${NO_NOSUCH_KEY_WINS}d.add LEAPClientNoSuchKey true - set State:/Network/OpenVPN/SMB - - # We are done - quit -EOF - - logMessage "Saved the DNS and WINS configurations for later use" - - if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then - if [ "${ARG_IGNORE_OPTION_FLAGS:0:2}" = "-a" ] ; then - # Generate an updated plist with the path for process-network-changes - readonly LEASEWATCHER_TEMPLATE_PATH="$(dirname "${0}")/ProcessNetworkChanges.plist.template" - sed -e "s|\${DIR}|$(dirname "${0}")|g" "${LEASEWATCHER_TEMPLATE_PATH}" > "${LEASEWATCHER_PLIST_PATH}" - launchctl load "${LEASEWATCHER_PLIST_PATH}" - logMessage "Set up to monitor system configuration with process-network-changes" - else - # Generate an updated plist with the path for leasewatch - readonly LEASEWATCHER_TEMPLATE_PATH="$(dirname "${0}")/LeaseWatch.plist.template" - sed -e "s|\${DIR}|$(dirname "${0}")|g" "${LEASEWATCHER_TEMPLATE_PATH}" > "${LEASEWATCHER_PLIST_PATH}" - launchctl load "${LEASEWATCHER_PLIST_PATH}" - logMessage "Set up to monitor system configuration with leasewatch" - fi - fi -} - -configureDhcpDns() -{ - # whilst ipconfig will have created the neccessary Network Service keys, the DNS - # settings won't actually be used by OS X unless the SupplementalMatchDomains key - # is added - # ref. <http://lists.apple.com/archives/Macnetworkprog/2005/Jun/msg00011.html> - # - is there a way to extract the domains from the SC dictionary and re-insert - # as SupplementalMatchDomains? i.e. not requiring the ipconfig domain_name call? - - # - wait until we get a lease before extracting the DNS domain name and merging into SC - # - despite it's name, ipconfig waitall doesn't (but maybe one day it will :-) - ipconfig waitall - - unset test_domain_name - unset test_name_server - - set +e # We instruct bash NOT to exit on individual command errors, because if we need to wait longer these commands will fail - - # usually takes at least a few seconds to get a DHCP lease - sleep 3 - n=0 - while [ -z "$test_domain_name" -a -z "$test_name_server" -a $n -lt 5 ] - do - logMessage "Sleeping for $n seconds to wait for DHCP to finish setup." - sleep $n - n=`expr $n + 1` - - if [ -z "$test_domain_name" ]; then - test_domain_name=`ipconfig getoption $dev domain_name 2>/dev/null` - fi - - if [ -z "$test_name_server" ]; then - test_name_server=`ipconfig getoption $dev domain_name_server 2>/dev/null` - fi - done - - sGetPacketOutput=`ipconfig getpacket $dev` - - set -e # We instruct bash that it CAN again fail on individual errors - - #echo "`date` test_domain_name = $test_domain_name, test_name_server = $test_name_server, sGetPacketOutput = $sGetPacketOutput" - - unset aNameServers - unset aWinsServers - - nNameServerIndex=1 - nWinsServerIndex=1 - - if [ "$sGetPacketOutput" ]; then - sGetPacketOutput_FirstLine=`echo "$sGetPacketOutput"|head -n 1` - #echo $sGetPacketOutput_FirstLine - - if [ "$sGetPacketOutput_FirstLine" == "op = BOOTREPLY" ]; then - set +e # "grep" will return error status (1) if no matches are found, so don't fail on individual errors - - for tNameServer in `echo "$sGetPacketOutput"|grep "domain_name_server"|grep -Eo "\{([0-9\.]+)(, [0-9\.]+)*\}"|grep -Eo "([0-9\.]+)"`; do - aNameServers[nNameServerIndex-1]="$(trim "$tNameServer")" - let nNameServerIndex++ - done - - for tWINSServer in `echo "$sGetPacketOutput"|grep "nb_over_tcpip_name_server"|grep -Eo "\{([0-9\.]+)(, [0-9\.]+)*\}"|grep -Eo "([0-9\.]+)"`; do - aWinsServers[nWinsServerIndex-1]="$(trim "$tWINSServer")" - let nWinsServerIndex++ - done - - sDomainName=`echo "$sGetPacketOutput"|grep "domain_name "|grep -Eo ": [-A-Za-z0-9\-\.]+"|grep -Eo "[-A-Za-z0-9\-\.]+"` - sDomainName="$(trim "$sDomainName")" - - if [ ${#aNameServers[*]} -gt 0 -a "$sDomainName" ]; then - logMessage "Retrieved name server(s) [ ${aNameServers[@]} ], domain name [ $sDomainName ], and WINS server(s) [ ${aWinsServers[@]} ]" - setDnsServersAndDomainName aNameServers[@] "$sDomainName" aWinsServers[@] - return 0 - elif [ ${#aNameServers[*]} -gt 0 ]; then - logMessage "Retrieved name server(s) [ ${aNameServers[@]} ] and WINS server(s) [ ${aWinsServers[@]} ] and using default domain name [ $DEFAULT_DOMAIN_NAME ]" - setDnsServersAndDomainName aNameServers[@] "$DEFAULT_DOMAIN_NAME" aWinsServers[@] - return 0 - else - # Should we return 1 here and indicate an error, or attempt the old method? - logMessage "No useful information extracted from DHCP/BOOTP packet. Attempting legacy configuration." - fi - - set -e # We instruct bash that it CAN again fail on errors - else - # Should we return 1 here and indicate an error, or attempt the old method? - logMessage "No DHCP/BOOTP packet found on interface. Attempting legacy configuration." - fi - fi - - unset sDomainName - unset sNameServer - unset aNameServers - - sDomainName=`ipconfig getoption $dev domain_name 2>/dev/null` - sNameServer=`ipconfig getoption $dev domain_name_server 2>/dev/null` - - sDomainName="$(trim "$sDomainName")" - sNameServer="$(trim "$sNameServer")" - - declare -a aWinsServers=( ) # Declare empty WINS array to avoid any useless error messages - - if [ "$sDomainName" -a "$sNameServer" ]; then - aNameServers[0]=$sNameServer - logMessage "Retrieved name server [ $sNameServer ], domain name [ $sDomainName ], and no WINS servers" - setDnsServersAndDomainName aNameServers[@] "$sDomainName" aWinsServers[@] - elif [ "$sNameServer" ]; then - aNameServers[0]=$sNameServer - logMessage "Retrieved name server [ $sNameServer ] and no WINS servers, and using default domain name [ $DEFAULT_DOMAIN_NAME ]" - setDnsServersAndDomainName aNameServers[@] "$DEFAULT_DOMAIN_NAME" aWinsServers[@] - elif [ "$sDomainName" ]; then - logMessage "WARNING: Retrieved domain name [ $sDomainName ] but no name servers from OpenVPN (DHCP), which is not sufficient to make network/DNS configuration changes." - if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then - logMessage "Will NOT monitor for other network configuration changes." - fi - else - logMessage "WARNING: No DNS information received from OpenVPN (DHCP), so no network/DNS configuration changes need to be made." - if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then - logMessage "Will NOT monitor for other network configuration changes." - fi - fi - - return 0 -} - -configureOpenVpnDns() -{ - unset vForOptions - unset vOptions - unset aNameServers - unset aWinsServers - - nOptionIndex=1 - nNameServerIndex=1 - nWinsServerIndex=1 - - while vForOptions=foreign_option_$nOptionIndex; [ -n "${!vForOptions}" ]; do - vOptions[nOptionIndex-1]=${!vForOptions} - case ${vOptions[nOptionIndex-1]} in - *DOMAIN* ) - sDomainName="$(trim "${vOptions[nOptionIndex-1]//dhcp-option DOMAIN /}")" - ;; - *DNS* ) - aNameServers[nNameServerIndex-1]="$(trim "${vOptions[nOptionIndex-1]//dhcp-option DNS /}")" - let nNameServerIndex++ - ;; - *WINS* ) - aWinsServers[nWinsServerIndex-1]="$(trim "${vOptions[nOptionIndex-1]//dhcp-option WINS /}")" - let nWinsServerIndex++ - ;; - * ) - logMessage "Unknown: 'foreign_option_${nOptionIndex}' = '${vOptions[nOptionIndex-1]}'" - ;; - esac - let nOptionIndex++ - done - - if [ ${#aNameServers[*]} -gt 0 -a "$sDomainName" ]; then - logMessage "Retrieved name server(s) [ ${aNameServers[@]} ], domain name [ $sDomainName ], and WINS server(s) [ ${aWinsServers[@]} ]" - setDnsServersAndDomainName aNameServers[@] "$sDomainName" aWinsServers[@] - elif [ ${#aNameServers[*]} -gt 0 ]; then - logMessage "Retrieved name server(s) [ ${aNameServers[@]} ] and WINS server(s) [ ${aWinsServers[@]} ] and using default domain name [ $DEFAULT_DOMAIN_NAME ]" - setDnsServersAndDomainName aNameServers[@] "$DEFAULT_DOMAIN_NAME" aWinsServers[@] - else - # Should we maybe just return 1 here to indicate an error? Does this mean that something bad has happened? - logMessage "No DNS information recieved from OpenVPN, so no network configuration changes need to be made." - if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then - logMessage "Will NOT monitor for other network configuration changes." - fi - fi - - return 0 -} - -# We sleep here to allow time for OS X to process network settings -sleep 2 - -EXIT_CODE=0 - -if ${ARG_TAP} ; then - # Still need to do: Look for route-gateway dhcp (TAP isn't always DHCP) - bRouteGatewayIsDhcp="false" - if [ -z "${route_vpn_gateway}" -o "$route_vpn_gateway" == "dhcp" -o "$route_vpn_gateway" == "DHCP" ]; then - bRouteGatewayIsDhcp="true" - fi - - if [ "$bRouteGatewayIsDhcp" == "true" ]; then - if [ -z "$dev" ]; then - logMessage "Cannot configure TAP interface for DHCP without \$dev being defined. Exiting." - exit 1 - fi - - ipconfig set "$dev" DHCP - - configureDhcpDns & - elif [ "$foreign_option_1" == "" ]; then - logMessage "No network configuration changes need to be made." - if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then - logMessage "Will NOT monitor for other network configuration changes." - fi - else - configureOpenVpnDns - EXIT_CODE=$? - fi -else - if [ "$foreign_option_1" == "" ]; then - logMessage "No network configuration changes need to be made." - if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then - logMessage "Will NOT monitor for other network configuration changes." - fi - else - configureOpenVpnDns - EXIT_CODE=$? - fi -fi - -exit $EXIT_CODE diff --git a/pkg/osx/install/install-leapc.sh b/pkg/osx/install/install-leapc.sh deleted file mode 100755 index e47abb7c..00000000 --- a/pkg/osx/install/install-leapc.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash - -# Bitmask Installer Script. -# -# Copyright (C) 2013 LEAP Encryption Access Project -# -# This file is part of LEAP Client, as -# available from http://leap.se/. This file is free software; -# you can redistribute it and/or modify it under the terms of the GNU -# General Public License (GPL) as published by the Free Software -# Foundation, in version 2 as it comes in the "COPYING" file of the -# LEAP Client distribution. LEAP Client is distributed in the -# hope that it will be useful, but WITHOUT ANY WARRANTY of any kind. -# - -set -e - -destlibs=/opt/local/lib -leapdir=/Applications/LEAP\ Client.app -leaplibs=${leapdir}/Contents/MacOS -tunstartup=/Library/StartupItems/tun/tun - -echo "Installing Bitmask in /Applications..." -cp -r "LEAP Client.app" /Applications - -echo "Copying openvpn binary..." -cp -r openvpn.leap /usr/bin - -echo "Installing tun/tap drivers..." -test -f $tunstartup && $tunstartup stop - -test -d /Library/Extensions || mkdir -p /Library/Extensions -test -d /Library/StartupItems || mkdir -p /Library/StartupItems - -cp -r Extensions/* /Library/Extensions -cp -r StartupItems/* /Library/StartupItems - -echo "Loading tun/tap kernel extension..." - -$tunstartup start - -echo "Installation Finished!" diff --git a/pkg/osx/install/leap-installer.platypus b/pkg/osx/install/leap-installer.platypus deleted file mode 100644 index 9150961e..00000000 --- a/pkg/osx/install/leap-installer.platypus +++ /dev/null @@ -1,90 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> -<plist version="1.0"> -<dict> - <key>AcceptsFiles</key> - <true/> - <key>AcceptsText</key> - <false/> - <key>Authentication</key> - <true/> - <key>Author</key> - <string>Kali Yuga</string> - <key>BundledFiles</key> - <array/> - <key>Creator</key> - <string>Platypus-4.7</string> - <key>DeclareService</key> - <false/> - <key>Destination</key> - <string>MyPlatypusApp.app</string> - <key>DestinationOverride</key> - <false/> - <key>DevelopmentVersion</key> - <false/> - <key>DocIcon</key> - <string></string> - <key>Droppable</key> - <false/> - <key>ExecutablePath</key> - <string>/opt/local/share/platypus/ScriptExec</string> - <key>FileTypes</key> - <array> - <string>****</string> - <string>fold</string> - </array> - <key>IconPath</key> - <string></string> - <key>Identifier</key> - <string>se.leap.LEAPClientInstaller</string> - <key>Interpreter</key> - <string>/bin/sh</string> - <key>InterpreterArgs</key> - <array/> - <key>Name</key> - <string>LEAPClient Installer</string> - <key>NibPath</key> - <string>/opt/local/share/platypus/MainMenu.nib</string> - <key>OptimizeApplication</key> - <true/> - <key>Output</key> - <string>Progress Bar</string> - <key>RemainRunning</key> - <true/> - <key>Role</key> - <string>Viewer</string> - <key>ScriptArgs</key> - <array/> - <key>ScriptPath</key> - <string>./install/install-leapc.sh</string> - <key>Secure</key> - <false/> - <key>ShowInDock</key> - <false/> - <key>StatusItemDisplayType</key> - <string>Text</string> - <key>StatusItemIcon</key> - <data> - </data> - <key>StatusItemTitle</key> - <string>MyPlatypusApp</string> - <key>Suffixes</key> - <array> - <string>*</string> - </array> - <key>TextBackground</key> - <string>#ffffff</string> - <key>TextEncoding</key> - <integer>4</integer> - <key>TextFont</key> - <string>Monaco</string> - <key>TextForeground</key> - <string>#000000</string> - <key>TextSize</key> - <real>10</real> - <key>UseXMLPlistFormat</key> - <true/> - <key>Version</key> - <string>1.0</string> -</dict> -</plist> |