From e9e9abc4ec26be29b3a6b09e6a0b67786269183b Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Fri, 29 Jan 2016 13:18:36 -0800 Subject: [feature] privileged bitmask helper This is still quite untested, and a bit hacky, but the main idea behind let us have a daemonized bitmask helper, that should be installed by the Bitmask installer. Its responsibilities are to launch the vpn process as a privileged user, and start/stop the firewall. --- pkg/osx/install/client.down.sh | 148 ----------------------------------------- 1 file changed, 148 deletions(-) delete mode 100755 pkg/osx/install/client.down.sh (limited to 'pkg/osx/install/client.down.sh') diff --git a/pkg/osx/install/client.down.sh b/pkg/osx/install/client.down.sh deleted file mode 100755 index 52ba4de6..00000000 --- a/pkg/osx/install/client.down.sh +++ /dev/null @@ -1,148 +0,0 @@ -#!/bin/bash -e -# Note: must be bash; uses bash-specific tricks -# -# ****************************************************************************************************************** -# Based on the Tunnelblick script that just "does everything!" -# It handles TUN and TAP interfaces, -# pushed configurations and DHCP leases. :) -# -# This is the "Down" version of the script, executed after the connection is -# closed. -# -# Created by: Nick Williams (using original code and parts of old Tblk scripts) -# -# ****************************************************************************************************************** -# TODO: review and adapt version 3 of the clientX.down.sh - -trap "" TSTP -trap "" HUP -trap "" INT -export PATH="/bin:/sbin:/usr/sbin:/usr/bin" - -readonly LOG_MESSAGE_COMMAND=$(basename "${0}") - -# Quick check - is the configuration there? -if ! scutil -w State:/Network/OpenVPN &>/dev/null -t 1 ; then - # Configuration isn't there, so we forget it - echo "$(date '+%a %b %e %T %Y') *LEAPClient $LOG_MESSAGE_COMMAND: WARNING: No existing OpenVPN DNS configuration found; not tearing down anything; exiting." - exit 0 -fi - -# NOTE: This script does not use any arguments passed to it by OpenVPN, so it doesn't shift LEAPClient options out of the argument list - -# Get info saved by the up script -LEAPCLIENT_CONFIG="$(/usr/sbin/scutil <<-EOF - open - show State:/Network/OpenVPN - quit -EOF)" - -ARG_MONITOR_NETWORK_CONFIGURATION="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*MonitorNetwork :' | sed -e 's/^.*: //g')" -LEASEWATCHER_PLIST_PATH="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*LeaseWatcherPlistPath :' | sed -e 's/^.*: //g')" -PSID="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*Service :' | sed -e 's/^.*: //g')" -SCRIPT_LOG_FILE="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*ScriptLogFile :' | sed -e 's/^.*: //g')" -# Don't need: ARG_RESTORE_ON_DNS_RESET="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*RestoreOnDNSReset :' | sed -e 's/^.*: //g')" -# Don't need: ARG_RESTORE_ON_WINS_RESET="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*RestoreOnWINSReset :' | sed -e 's/^.*: //g')" -# Don't need: PROCESS="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*PID :' | sed -e 's/^.*: //g')" -# Don't need: ARG_IGNORE_OPTION_FLAGS="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*IgnoreOptionFlags :' | sed -e 's/^.*: //g')" -ARG_TAP="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*IsTapInterface :' | sed -e 's/^.*: //g')" -bRouteGatewayIsDhcp="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*RouteGatewayIsDhcp :' | sed -e 's/^.*: //g')" - -# @param String message - The message to log -logMessage() -{ - echo "$(date '+%a %b %e %T %Y') *LEAP CLient $LOG_MESSAGE_COMMAND: "${@} >> "${SCRIPT_LOG_FILE}" -} - -trim() -{ - echo ${@} -} - -if ${ARG_TAP} ; then - if [ "$bRouteGatewayIsDhcp" == "true" ]; then - if [ -z "$dev" ]; then - logMessage "Cannot configure TAP interface for DHCP without \$dev being defined. Device may not have disconnected properly." - else - set +e - ipconfig set "$dev" NONE 2>/dev/null - set -e - fi - fi -fi - -# Issue warning if the primary service ID has changed -PSID_CURRENT="$( (scutil | grep Service | sed -e 's/.*Service : //')<<- EOF - open - show State:/Network/OpenVPN - quit -EOF)" -if [ "${PSID}" != "${PSID_CURRENT}" ] ; then - logMessage "Ignoring change of Network Primary Service from ${PSID} to ${PSID_CURRENT}" -fi - -# Remove leasewatcher -if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then - launchctl unload "${LEASEWATCHER_PLIST_PATH}" - logMessage "Cancelled monitoring of system configuration changes" -fi - -# Restore configurations -DNS_OLD="$(/usr/sbin/scutil <<-EOF - open - show State:/Network/OpenVPN/OldDNS - quit -EOF)" -WINS_OLD="$(/usr/sbin/scutil <<-EOF - open - show State:/Network/OpenVPN/OldSMB - quit -EOF)" -TB_NO_SUCH_KEY=" { - LEAPClientNoSuchKey : true -}" - -if [ "${DNS_OLD}" = "${TB_NO_SUCH_KEY}" ] ; then - scutil <<- EOF - open - remove State:/Network/Service/${PSID}/DNS - quit -EOF -else - scutil <<- EOF - open - get State:/Network/OpenVPN/OldDNS - set State:/Network/Service/${PSID}/DNS - quit -EOF -fi - -if [ "${WINS_OLD}" = "${TB_NO_SUCH_KEY}" ] ; then - scutil <<- EOF - open - remove State:/Network/Service/${PSID}/SMB - quit -EOF -else - scutil <<- EOF - open - get State:/Network/OpenVPN/OldSMB - set State:/Network/Service/${PSID}/SMB - quit -EOF -fi - -logMessage "Restored the DNS and WINS configurations" - -# Remove our system configuration data -scutil <<- EOF - open - remove State:/Network/OpenVPN/SMB - remove State:/Network/OpenVPN/DNS - remove State:/Network/OpenVPN/OldSMB - remove State:/Network/OpenVPN/OldDNS - remove State:/Network/OpenVPN - quit -EOF - -exit 0 -- cgit v1.2.3