From 5ff29dc57e2877a14e705d09b7042cddf4165d0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Touceda?= Date: Wed, 6 Mar 2013 15:27:23 -0300 Subject: Remove everything to start from scratch --- .../install/ProcessNetworkChanges.plist.template | 16 - pkg/osx/install/client.down.sh | 146 ----- pkg/osx/install/client.up.sh | 596 --------------------- pkg/osx/install/install-leapc.sh | 17 - pkg/osx/install/leap-installer.platypus | 90 ---- 5 files changed, 865 deletions(-) delete mode 100644 pkg/osx/install/ProcessNetworkChanges.plist.template delete mode 100755 pkg/osx/install/client.down.sh delete mode 100755 pkg/osx/install/client.up.sh delete mode 100755 pkg/osx/install/install-leapc.sh delete mode 100644 pkg/osx/install/leap-installer.platypus (limited to 'pkg/osx/install') diff --git a/pkg/osx/install/ProcessNetworkChanges.plist.template b/pkg/osx/install/ProcessNetworkChanges.plist.template deleted file mode 100644 index faea8dee..00000000 --- a/pkg/osx/install/ProcessNetworkChanges.plist.template +++ /dev/null @@ -1,16 +0,0 @@ - - - - - Label - net.tunnelblick.openvpn.process-network-changes - ProgramArguments - - ${DIR}/process-network-changes - - WatchPaths - - /Library/Preferences/SystemConfiguration - - - diff --git a/pkg/osx/install/client.down.sh b/pkg/osx/install/client.down.sh deleted file mode 100755 index 47f00ed7..00000000 --- a/pkg/osx/install/client.down.sh +++ /dev/null @@ -1,146 +0,0 @@ -#!/bin/bash -e -# Note: must be bash; uses bash-specific tricks -# -# ****************************************************************************************************************** -# This Tunnelblick script does everything! It handles TUN and TAP interfaces, -# pushed configurations and DHCP leases. :) -# -# This is the "Down" version of the script, executed after the connection is -# closed. -# -# Created by: Nick Williams (using original code and parts of old Tblk scripts) -# -# ****************************************************************************************************************** - -trap "" TSTP -trap "" HUP -trap "" INT -export PATH="/bin:/sbin:/usr/sbin:/usr/bin" - -readonly LOG_MESSAGE_COMMAND=$(basename "${0}") - -# Quick check - is the configuration there? -if ! scutil -w State:/Network/OpenVPN &>/dev/null -t 1 ; then - # Configuration isn't there, so we forget it - echo "$(date '+%a %b %e %T %Y') *Tunnelblick $LOG_MESSAGE_COMMAND: WARNING: No existing OpenVPN DNS configuration found; not tearing down anything; exiting." - exit 0 -fi - -# NOTE: This script does not use any arguments passed to it by OpenVPN, so it doesn't shift Tunnelblick options out of the argument list - -# Get info saved by the up script -TUNNELBLICK_CONFIG="$(/usr/sbin/scutil <<-EOF - open - show State:/Network/OpenVPN - quit -EOF)" - -ARG_MONITOR_NETWORK_CONFIGURATION="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*MonitorNetwork :' | sed -e 's/^.*: //g')" -LEASEWATCHER_PLIST_PATH="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*LeaseWatcherPlistPath :' | sed -e 's/^.*: //g')" -PSID="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*Service :' | sed -e 's/^.*: //g')" -SCRIPT_LOG_FILE="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*ScriptLogFile :' | sed -e 's/^.*: //g')" -# Don't need: ARG_RESTORE_ON_DNS_RESET="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*RestoreOnDNSReset :' | sed -e 's/^.*: //g')" -# Don't need: ARG_RESTORE_ON_WINS_RESET="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*RestoreOnWINSReset :' | sed -e 's/^.*: //g')" -# Don't need: PROCESS="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*PID :' | sed -e 's/^.*: //g')" -# Don't need: ARG_IGNORE_OPTION_FLAGS="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*IgnoreOptionFlags :' | sed -e 's/^.*: //g')" -ARG_TAP="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*IsTapInterface :' | sed -e 's/^.*: //g')" -bRouteGatewayIsDhcp="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*RouteGatewayIsDhcp :' | sed -e 's/^.*: //g')" - -# @param String message - The message to log -logMessage() -{ - echo "$(date '+%a %b %e %T %Y') *Tunnelblick $LOG_MESSAGE_COMMAND: "${@} >> "${SCRIPT_LOG_FILE}" -} - -trim() -{ - echo ${@} -} - -if ${ARG_TAP} ; then - if [ "$bRouteGatewayIsDhcp" == "true" ]; then - if [ -z "$dev" ]; then - logMessage "Cannot configure TAP interface for DHCP without \$dev being defined. Device may not have disconnected properly." - else - set +e - ipconfig set "$dev" NONE 2>/dev/null - set -e - fi - fi -fi - -# Issue warning if the primary service ID has changed -PSID_CURRENT="$( (scutil | grep Service | sed -e 's/.*Service : //')<<- EOF - open - show State:/Network/OpenVPN - quit -EOF)" -if [ "${PSID}" != "${PSID_CURRENT}" ] ; then - logMessage "Ignoring change of Network Primary Service from ${PSID} to ${PSID_CURRENT}" -fi - -# Remove leasewatcher -if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then - launchctl unload "${LEASEWATCHER_PLIST_PATH}" - logMessage "Cancelled monitoring of system configuration changes" -fi - -# Restore configurations -DNS_OLD="$(/usr/sbin/scutil <<-EOF - open - show State:/Network/OpenVPN/OldDNS - quit -EOF)" -WINS_OLD="$(/usr/sbin/scutil <<-EOF - open - show State:/Network/OpenVPN/OldSMB - quit -EOF)" -TB_NO_SUCH_KEY=" { - TunnelblickNoSuchKey : true -}" - -if [ "${DNS_OLD}" = "${TB_NO_SUCH_KEY}" ] ; then - scutil <<- EOF - open - remove State:/Network/Service/${PSID}/DNS - quit -EOF -else - scutil <<- EOF - open - get State:/Network/OpenVPN/OldDNS - set State:/Network/Service/${PSID}/DNS - quit -EOF -fi - -if [ "${WINS_OLD}" = "${TB_NO_SUCH_KEY}" ] ; then - scutil <<- EOF - open - remove State:/Network/Service/${PSID}/SMB - quit -EOF -else - scutil <<- EOF - open - get State:/Network/OpenVPN/OldSMB - set State:/Network/Service/${PSID}/SMB - quit -EOF -fi - -logMessage "Restored the DNS and WINS configurations" - -# Remove our system configuration data -scutil <<- EOF - open - remove State:/Network/OpenVPN/SMB - remove State:/Network/OpenVPN/DNS - remove State:/Network/OpenVPN/OldSMB - remove State:/Network/OpenVPN/OldDNS - remove State:/Network/OpenVPN - quit -EOF - -exit 0 diff --git a/pkg/osx/install/client.up.sh b/pkg/osx/install/client.up.sh deleted file mode 100755 index fc7e341a..00000000 --- a/pkg/osx/install/client.up.sh +++ /dev/null @@ -1,596 +0,0 @@ -#!/bin/bash -e -# Note: must be bash; uses bash-specific tricks -# -# ****************************************************************************************************************** -# This Tunnelblick script does everything! It handles TUN and TAP interfaces, -# pushed configurations, DHCP with DNS and WINS, and renewed DHCP leases. :) -# -# This is the "Up" version of the script, executed after the interface is -# initialized. -# -# Created by: Nick Williams (using original code and parts of old Tblk scripts) -# -# ****************************************************************************************************************** - -trap "" TSTP -trap "" HUP -trap "" INT -export PATH="/bin:/sbin:/usr/sbin:/usr/bin" - -# Process optional arguments (if any) for the script -# Each one begins with a "-" -# They come from Tunnelblick, and come first, before the OpenVPN arguments -# So we set ARG_ script variables to their values and shift them out of the argument list -# When we're done, only the OpenVPN arguments remain for the rest of the script to use -ARG_MONITOR_NETWORK_CONFIGURATION="false" -ARG_RESTORE_ON_DNS_RESET="false" -ARG_RESTORE_ON_WINS_RESET="false" -ARG_TAP="false" -ARG_IGNORE_OPTION_FLAGS="" - -while [ {$#} ] ; do - if [ "$1" = "-m" ] ; then # Handle the arguments we know about - ARG_MONITOR_NETWORK_CONFIGURATION="true" # by setting ARG_ script variables to their values - shift # Then shift them out - elif [ "$1" = "-d" ] ; then - ARG_RESTORE_ON_DNS_RESET="true" - shift - elif [ "$1" = "-w" ] ; then - ARG_RESTORE_ON_WINS_RESET="true" - shift - elif [ "$1" = "-a" ] ; then - ARG_TAP="true" - shift - elif [ "${1:0:2}" = "-i" ] ; then - ARG_IGNORE_OPTION_FLAGS="${1}" - shift - elif [ "${1:0:2}" = "-a" ] ; then - ARG_IGNORE_OPTION_FLAGS="${1}" - shift - else - if [ "${1:0:1}" = "-" ] ; then # Shift out Tunnelblick arguments (they start with "-") that we don't understand - shift # so the rest of the script sees only the OpenVPN arguments - else - break - fi - fi -done - -readonly ARG_MONITOR_NETWORK_CONFIGURATION ARG_RESTORE_ON_DNS_RESET ARG_RESTORE_ON_WINS_RESET ARG_TAP ARG_IGNORE_OPTION_FLAGS - -# Note: The script log path name is constructed from the path of the regular config file, not the shadow copy -# if the config is shadow copy, e.g. /Library/Application Support/Tunnelblick/Users/Jonathan/Folder/Subfolder/config.ovpn -# then convert to regular config /Users/Jonathan/Library/Application Support/Tunnelblick/Configurations/Folder/Subfolder/config.ovpn -# to get the script log path -# Note: "/Users/..." works even if the home directory has a different path; it is used in the name of the log file, and is not used as a path to get to anything. -readonly TBALTPREFIX="/Library/Application Support/Tunnelblick/Users/" -readonly TBALTPREFIXLEN="${#TBALTPREFIX}" -readonly TBCONFIGSTART="${config:0:$TBALTPREFIXLEN}" -if [ "$TBCONFIGSTART" = "$TBALTPREFIX" ] ; then - readonly TBBASE="${config:$TBALTPREFIXLEN}" - readonly TBSUFFIX="${TBBASE#*/}" - readonly TBUSERNAME="${TBBASE%%/*}" - readonly TBCONFIG="/Users/$TBUSERNAME/Library/Application Support/Tunnelblick/Configurations/$TBSUFFIX" -else - readonly TBCONFIG="${config}" -fi - -readonly CONFIG_PATH_DASHES_SLASHES="$(echo "${TBCONFIG}" | sed -e 's/-/--/g' | sed -e 's/\//-S/g')" -readonly SCRIPT_LOG_FILE="/Library/Application Support/Tunnelblick/Logs/${CONFIG_PATH_DASHES_SLASHES}.script.log" - -readonly TB_RESOURCE_PATH=$(dirname "${0}") - -LEASEWATCHER_PLIST_PATH="/Library/Application Support/Tunnelblick/LeaseWatch.plist" - -readonly OSVER="$(sw_vers | grep 'ProductVersion:' | grep -o '10\.[0-9]*')" - -readonly DEFAULT_DOMAIN_NAME="openvpn" - -bRouteGatewayIsDhcp="false" - -# @param String message - The message to log -readonly LOG_MESSAGE_COMMAND=$(basename "${0}") -logMessage() -{ - echo "$(date '+%a %b %e %T %Y') *Tunnelblick $LOG_MESSAGE_COMMAND: "${@} >> "${SCRIPT_LOG_FILE}" -} - -# @param String string - Content to trim -trim() -{ - echo ${@} -} - -# @param String[] dnsServers - The name servers to use -# @param String domainName - The domain name to use -# @param \optional String[] winsServers - The WINS servers to use -setDnsServersAndDomainName() -{ - declare -a vDNS=("${!1}") - domain=$2 - declare -a vWINS=("${!3}") - - set +e # "grep" will return error status (1) if no matches are found, so don't fail on individual errors - - PSID=$( (scutil | grep PrimaryService | sed -e 's/.*PrimaryService : //')<<- EOF - open - show State:/Network/Global/IPv4 - quit -EOF ) - - STATIC_DNS_CONFIG="$( (scutil | sed -e 's/^[[:space:]]*[[:digit:]]* : //g' | tr '\n' ' ')<<- EOF - open - show Setup:/Network/Service/${PSID}/DNS - quit -EOF )" - if echo "${STATIC_DNS_CONFIG}" | grep -q "ServerAddresses" ; then - readonly STATIC_DNS="$(trim "$( echo "${STATIC_DNS_CONFIG}" | sed -e 's/^.*ServerAddresses[^{]*{[[:space:]]*\([^}]*\)[[:space:]]*}.*$/\1/g' )")" - fi - if echo "${STATIC_DNS_CONFIG}" | grep -q "SearchDomains" ; then - readonly STATIC_SEARCH="$(trim "$( echo "${STATIC_DNS_CONFIG}" | sed -e 's/^.*SearchDomains[^{]*{[[:space:]]*\([^}]*\)[[:space:]]*}.*$/\1/g' )")" - fi - - STATIC_WINS_CONFIG="$( (scutil | sed -e 's/^[[:space:]]*[[:digit:]]* : //g' | tr '\n' ' ')<<- EOF - open - show Setup:/Network/Service/${PSID}/SMB - quit -EOF )" - STATIC_WINS_SERVERS="" - STATIC_WORKGROUP="" - STATIC_NETBIOSNAME="" - if echo "${STATIC_WINS_CONFIG}" | grep -q "WINSAddresses" ; then - STATIC_WINS_SERVERS="$(trim "$( echo "${STATIC_WINS_CONFIG}" | sed -e 's/^.*WINSAddresses[^{]*{[[:space:]]*\([^}]*\)[[:space:]]*}.*$/\1/g' )")" - fi - if echo "${STATIC_WINS_CONFIG}" | grep -q "Workgroup" ; then - STATIC_WORKGROUP="$(trim "$( echo "${STATIC_WINS_CONFIG}" | sed -e 's/^.*Workgroup : \([^[:space:]]*\).*$/\1/g' )")" - fi - if echo "${STATIC_WINS_CONFIG}" | grep -q "NetBIOSName" ; then - STATIC_NETBIOSNAME="$(trim "$( echo "${STATIC_WINS_CONFIG}" | sed -e 's/^.*NetBIOSName : \([^[:space:]]*\).*$/\1/g' )")" - fi - readonly STATIC_WINS_SERVERS STATIC_WORKGROUP STATIC_NETBIOSNAME - - if [ ${#vDNS[*]} -eq 0 ] ; then - DYN_DNS="false" - ALL_DNS="${STATIC_DNS}" - elif [ -n "${STATIC_DNS}" ] ; then - case "${OSVER}" in - 10.6 | 10.7 ) - # Do nothing - in 10.6 we don't aggregate our configurations, apparently - DYN_DNS="false" - ALL_DNS="${STATIC_DNS}" - ;; - 10.4 | 10.5 ) - DYN_DNS="true" - # We need to remove duplicate DNS entries, so that our reference list matches MacOSX's - SDNS="$(echo "${STATIC_DNS}" | tr ' ' '\n')" - (( i=0 )) - for n in "${vDNS[@]}" ; do - if echo "${SDNS}" | grep -q "${n}" ; then - unset vDNS[${i}] - fi - (( i++ )) - done - if [ ${#vDNS[*]} -gt 0 ] ; then - ALL_DNS="$(trim "${STATIC_DNS}" "${vDNS[*]}")" - else - DYN_DNS="false" - ALL_DNS="${STATIC_DNS}" - fi - ;; - esac - else - DYN_DNS="true" - ALL_DNS="$(trim "${vDNS[*]}")" - fi - readonly DYN_DNS ALL_DNS - - if [ ${#vWINS[*]} -eq 0 ] ; then - DYN_WINS="false" - ALL_WINS_SERVERS="${STATIC_WINS_SERVERS}" - elif [ -n "${STATIC_WINS_SERVERS}" ] ; then - case "${OSVER}" in - 10.6 | 10.7 ) - # Do nothing - in 10.6 we don't aggregate our configurations, apparently - DYN_WINS="false" - ALL_WINS_SERVERS="${STATIC_WINS_SERVERS}" - ;; - 10.4 | 10.5 ) - DYN_WINS="true" - # We need to remove duplicate WINS entries, so that our reference list matches MacOSX's - SWINS="$(echo "${STATIC_WINS_SERVERS}" | tr ' ' '\n')" - (( i=0 )) - for n in "${vWINS[@]}" ; do - if echo "${SWINS}" | grep -q "${n}" ; then - unset vWINS[${i}] - fi - (( i++ )) - done - if [ ${#vWINS[*]} -gt 0 ] ; then - ALL_WINS_SERVERS="$(trim "${STATIC_WINS_SERVERS}" "${vWINS[*]}")" - else - DYN_WINS="false" - ALL_WINS_SERVERS="${STATIC_WINS_SERVERS}" - fi - ;; - esac - else - DYN_WINS="true" - ALL_WINS_SERVERS="$(trim "${vWINS[*]}")" - fi - readonly DYN_WINS ALL_WINS_SERVERS - - # We double-check that our search domain isn't already on the list - SEARCH_DOMAIN="${domain}" - case "${OSVER}" in - 10.6 | 10.7 ) - # Do nothing - in 10.6 we don't aggregate our configurations, apparently - if [ -n "${STATIC_SEARCH}" ] ; then - ALL_SEARCH="${STATIC_SEARCH}" - SEARCH_DOMAIN="" - else - ALL_SEARCH="${SEARCH_DOMAIN}" - fi - ;; - 10.4 | 10.5 ) - if echo "${STATIC_SEARCH}" | tr ' ' '\n' | grep -q "${SEARCH_DOMAIN}" ; then - SEARCH_DOMAIN="" - fi - if [ -z "${SEARCH_DOMAIN}" ] ; then - ALL_SEARCH="${STATIC_SEARCH}" - else - ALL_SEARCH="$(trim "${STATIC_SEARCH}" "${SEARCH_DOMAIN}")" - fi - ;; - esac - readonly SEARCH_DOMAIN ALL_SEARCH - - if ! ${DYN_DNS} ; then - NO_DNS="#" - fi - if ! ${DYN_WINS} ; then - NO_WS="#" - fi - if [ -z "${SEARCH_DOMAIN}" ] ; then - NO_SEARCH="#" - fi - if [ -z "${STATIC_WORKGROUP}" ] ; then - NO_WG="#" - fi - if [ -z "${STATIC_NETBIOSNAME}" ] ; then - NO_NB="#" - fi - if [ -z "${ALL_DNS}" ] ; then - AGG_DNS="#" - fi - if [ -z "${ALL_SEARCH}" ] ; then - AGG_SEARCH="#" - fi - if [ -z "${ALL_WINS_SERVERS}" ] ; then - AGG_WINS="#" - fi - - # Now, do the aggregation - # Save the openvpn process ID and the Network Primary Service ID, leasewather.plist path, logfile path, and optional arguments from Tunnelblick, - # then save old and new DNS and WINS settings - # PPID is a bash-script variable that contains the process ID of the parent of the process running the script (i.e., OpenVPN's process ID) - # config is an environmental variable set to the configuration path by OpenVPN prior to running this up script - logMessage "Up to two 'No such key' warnings are normal and may be ignored" - - # If DNS is manually set, it overrides the DHCP setting, which isn't reflected in 'State:/Network/Service/${PSID}/DNS' - if echo "${STATIC_DNS_CONFIG}" | grep -q "ServerAddresses" ; then - CORRECT_OLD_DNS_KEY="Setup:" - else - CORRECT_OLD_DNS_KEY="State:" - fi - - # If WINS is manually set, it overrides the DHCP setting, which isn't reflected in 'State:/Network/Service/${PSID}/DNS' - if echo "${STATIC_WINS_CONFIG}" | grep -q "WINSAddresses" ; then - CORRECT_OLD_WINS_KEY="Setup:" - else - CORRECT_OLD_WINS_KEY="State:" - fi - - # If we are not expecting any WINS value, add to the expected WINS setup - NO_NOSUCH_KEY_WINS="#" - if [ "${NO_NB}" = "#" -a "${AGG_WINS}" = "#" -a "${NO_WG}" = "#" ] ; then - NO_NOSUCH_KEY_WINS="" - fi - readonly NO_NOSUCH_KEY_WINS - - set -e # We instruct bash that it CAN again fail on errors - - scutil <<- EOF - open - d.init - d.add PID # ${PPID} - d.add Service ${PSID} - d.add LeaseWatcherPlistPath "${LEASEWATCHER_PLIST_PATH}" - d.add ScriptLogFile "${SCRIPT_LOG_FILE}" - d.add MonitorNetwork "${ARG_MONITOR_NETWORK_CONFIGURATION}" - d.add RestoreOnDNSReset "${ARG_RESTORE_ON_DNS_RESET}" - d.add RestoreOnWINSReset "${ARG_RESTORE_ON_WINS_RESET}" - d.add IgnoreOptionFlags "${ARG_IGNORE_OPTION_FLAGS}" - d.add IsTapInterface "${ARG_TAP}" - d.add RouteGatewayIsDhcp "${bRouteGatewayIsDhcp}" - set State:/Network/OpenVPN - - # First, back up the device's current DNS and WINS configurations - # Indicate 'no such key' by a dictionary with a single entry: "TunnelblickNoSuchKey : true" - d.init - d.add TunnelblickNoSuchKey true - get ${CORRECT_OLD_DNS_KEY}/Network/Service/${PSID}/DNS - set State:/Network/OpenVPN/OldDNS - - d.init - d.add TunnelblickNoSuchKey true - get ${CORRECT_OLD_WINS_KEY}/Network/Service/${PSID}/SMB - set State:/Network/OpenVPN/OldSMB - - # Second, initialize the new DNS map - d.init - ${NO_DNS}d.add ServerAddresses * ${vDNS[*]} - ${NO_SEARCH}d.add SearchDomains * ${SEARCH_DOMAIN} - d.add DomainName ${domain} - set State:/Network/Service/${PSID}/DNS - - # Third, initialize the WINS map - d.init - ${NO_NB}d.add NetBIOSName ${STATIC_NETBIOSNAME} - ${NO_WS}d.add WINSAddresses * ${vWINS[*]} - ${NO_WG}d.add Workgroup ${STATIC_WORKGROUP} - set State:/Network/Service/${PSID}/SMB - - # Now, initialize the maps that will be compared against the system-generated map - # which means that we will have to aggregate configurations of statically-configured - # nameservers, and statically-configured search domains - d.init - ${AGG_DNS}d.add ServerAddresses * ${ALL_DNS} - ${AGG_SEARCH}d.add SearchDomains * ${ALL_SEARCH} - d.add DomainName ${domain} - set State:/Network/OpenVPN/DNS - - d.init - ${NO_NB}d.add NetBIOSName ${STATIC_NETBIOSNAME} - ${AGG_WINS}d.add WINSAddresses * ${ALL_WINS_SERVERS} - ${NO_WG}d.add Workgroup ${STATIC_WORKGROUP} - ${NO_NOSUCH_KEY_WINS}d.add TunnelblickNoSuchKey true - set State:/Network/OpenVPN/SMB - - # We are done - quit -EOF - - logMessage "Saved the DNS and WINS configurations for later use" - - if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then - if [ "${ARG_IGNORE_OPTION_FLAGS:0:2}" = "-a" ] ; then - # Generate an updated plist with the path for process-network-changes - readonly LEASEWATCHER_TEMPLATE_PATH="$(dirname "${0}")/ProcessNetworkChanges.plist.template" - sed -e "s|\${DIR}|$(dirname "${0}")|g" "${LEASEWATCHER_TEMPLATE_PATH}" > "${LEASEWATCHER_PLIST_PATH}" - launchctl load "${LEASEWATCHER_PLIST_PATH}" - logMessage "Set up to monitor system configuration with process-network-changes" - else - # Generate an updated plist with the path for leasewatch - readonly LEASEWATCHER_TEMPLATE_PATH="$(dirname "${0}")/LeaseWatch.plist.template" - sed -e "s|\${DIR}|$(dirname "${0}")|g" "${LEASEWATCHER_TEMPLATE_PATH}" > "${LEASEWATCHER_PLIST_PATH}" - launchctl load "${LEASEWATCHER_PLIST_PATH}" - logMessage "Set up to monitor system configuration with leasewatch" - fi - fi -} - -configureDhcpDns() -{ - # whilst ipconfig will have created the neccessary Network Service keys, the DNS - # settings won't actually be used by OS X unless the SupplementalMatchDomains key - # is added - # ref. - # - is there a way to extract the domains from the SC dictionary and re-insert - # as SupplementalMatchDomains? i.e. not requiring the ipconfig domain_name call? - - # - wait until we get a lease before extracting the DNS domain name and merging into SC - # - despite it's name, ipconfig waitall doesn't (but maybe one day it will :-) - ipconfig waitall - - unset test_domain_name - unset test_name_server - - set +e # We instruct bash NOT to exit on individual command errors, because if we need to wait longer these commands will fail - - # usually takes at least a few seconds to get a DHCP lease - sleep 3 - n=0 - while [ -z "$test_domain_name" -a -z "$test_name_server" -a $n -lt 5 ] - do - logMessage "Sleeping for $n seconds to wait for DHCP to finish setup." - sleep $n - n=`expr $n + 1` - - if [ -z "$test_domain_name" ]; then - test_domain_name=`ipconfig getoption $dev domain_name 2>/dev/null` - fi - - if [ -z "$test_name_server" ]; then - test_name_server=`ipconfig getoption $dev domain_name_server 2>/dev/null` - fi - done - - sGetPacketOutput=`ipconfig getpacket $dev` - - set -e # We instruct bash that it CAN again fail on individual errors - - #echo "`date` test_domain_name = $test_domain_name, test_name_server = $test_name_server, sGetPacketOutput = $sGetPacketOutput" - - unset aNameServers - unset aWinsServers - - nNameServerIndex=1 - nWinsServerIndex=1 - - if [ "$sGetPacketOutput" ]; then - sGetPacketOutput_FirstLine=`echo "$sGetPacketOutput"|head -n 1` - #echo $sGetPacketOutput_FirstLine - - if [ "$sGetPacketOutput_FirstLine" == "op = BOOTREPLY" ]; then - set +e # "grep" will return error status (1) if no matches are found, so don't fail on individual errors - - for tNameServer in `echo "$sGetPacketOutput"|grep "domain_name_server"|grep -Eo "\{([0-9\.]+)(, [0-9\.]+)*\}"|grep -Eo "([0-9\.]+)"`; do - aNameServers[nNameServerIndex-1]="$(trim "$tNameServer")" - let nNameServerIndex++ - done - - for tWINSServer in `echo "$sGetPacketOutput"|grep "nb_over_tcpip_name_server"|grep -Eo "\{([0-9\.]+)(, [0-9\.]+)*\}"|grep -Eo "([0-9\.]+)"`; do - aWinsServers[nWinsServerIndex-1]="$(trim "$tWINSServer")" - let nWinsServerIndex++ - done - - sDomainName=`echo "$sGetPacketOutput"|grep "domain_name "|grep -Eo ": [-A-Za-z0-9\-\.]+"|grep -Eo "[-A-Za-z0-9\-\.]+"` - sDomainName="$(trim "$sDomainName")" - - if [ ${#aNameServers[*]} -gt 0 -a "$sDomainName" ]; then - logMessage "Retrieved name server(s) [ ${aNameServers[@]} ], domain name [ $sDomainName ], and WINS server(s) [ ${aWinsServers[@]} ]" - setDnsServersAndDomainName aNameServers[@] "$sDomainName" aWinsServers[@] - return 0 - elif [ ${#aNameServers[*]} -gt 0 ]; then - logMessage "Retrieved name server(s) [ ${aNameServers[@]} ] and WINS server(s) [ ${aWinsServers[@]} ] and using default domain name [ $DEFAULT_DOMAIN_NAME ]" - setDnsServersAndDomainName aNameServers[@] "$DEFAULT_DOMAIN_NAME" aWinsServers[@] - return 0 - else - # Should we return 1 here and indicate an error, or attempt the old method? - logMessage "No useful information extracted from DHCP/BOOTP packet. Attempting legacy configuration." - fi - - set -e # We instruct bash that it CAN again fail on errors - else - # Should we return 1 here and indicate an error, or attempt the old method? - logMessage "No DHCP/BOOTP packet found on interface. Attempting legacy configuration." - fi - fi - - unset sDomainName - unset sNameServer - unset aNameServers - - sDomainName=`ipconfig getoption $dev domain_name 2>/dev/null` - sNameServer=`ipconfig getoption $dev domain_name_server 2>/dev/null` - - sDomainName="$(trim "$sDomainName")" - sNameServer="$(trim "$sNameServer")" - - declare -a aWinsServers=( ) # Declare empty WINS array to avoid any useless error messages - - if [ "$sDomainName" -a "$sNameServer" ]; then - aNameServers[0]=$sNameServer - logMessage "Retrieved name server [ $sNameServer ], domain name [ $sDomainName ], and no WINS servers" - setDnsServersAndDomainName aNameServers[@] "$sDomainName" aWinsServers[@] - elif [ "$sNameServer" ]; then - aNameServers[0]=$sNameServer - logMessage "Retrieved name server [ $sNameServer ] and no WINS servers, and using default domain name [ $DEFAULT_DOMAIN_NAME ]" - setDnsServersAndDomainName aNameServers[@] "$DEFAULT_DOMAIN_NAME" aWinsServers[@] - elif [ "$sDomainName" ]; then - logMessage "WARNING: Retrieved domain name [ $sDomainName ] but no name servers from OpenVPN (DHCP), which is not sufficient to make network/DNS configuration changes." - if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then - logMessage "Will NOT monitor for other network configuration changes." - fi - else - logMessage "WARNING: No DNS information received from OpenVPN (DHCP), so no network/DNS configuration changes need to be made." - if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then - logMessage "Will NOT monitor for other network configuration changes." - fi - fi - - return 0 -} - -configureOpenVpnDns() -{ - unset vForOptions - unset vOptions - unset aNameServers - unset aWinsServers - - nOptionIndex=1 - nNameServerIndex=1 - nWinsServerIndex=1 - - while vForOptions=foreign_option_$nOptionIndex; [ -n "${!vForOptions}" ]; do - vOptions[nOptionIndex-1]=${!vForOptions} - case ${vOptions[nOptionIndex-1]} in - *DOMAIN* ) - sDomainName="$(trim "${vOptions[nOptionIndex-1]//dhcp-option DOMAIN /}")" - ;; - *DNS* ) - aNameServers[nNameServerIndex-1]="$(trim "${vOptions[nOptionIndex-1]//dhcp-option DNS /}")" - let nNameServerIndex++ - ;; - *WINS* ) - aWinsServers[nWinsServerIndex-1]="$(trim "${vOptions[nOptionIndex-1]//dhcp-option WINS /}")" - let nWinsServerIndex++ - ;; - * ) - logMessage "Unknown: 'foreign_option_${nOptionIndex}' = '${vOptions[nOptionIndex-1]}'" - ;; - esac - let nOptionIndex++ - done - - if [ ${#aNameServers[*]} -gt 0 -a "$sDomainName" ]; then - logMessage "Retrieved name server(s) [ ${aNameServers[@]} ], domain name [ $sDomainName ], and WINS server(s) [ ${aWinsServers[@]} ]" - setDnsServersAndDomainName aNameServers[@] "$sDomainName" aWinsServers[@] - elif [ ${#aNameServers[*]} -gt 0 ]; then - logMessage "Retrieved name server(s) [ ${aNameServers[@]} ] and WINS server(s) [ ${aWinsServers[@]} ] and using default domain name [ $DEFAULT_DOMAIN_NAME ]" - setDnsServersAndDomainName aNameServers[@] "$DEFAULT_DOMAIN_NAME" aWinsServers[@] - else - # Should we maybe just return 1 here to indicate an error? Does this mean that something bad has happened? - logMessage "No DNS information recieved from OpenVPN, so no network configuration changes need to be made." - if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then - logMessage "Will NOT monitor for other network configuration changes." - fi - fi - - return 0 -} - -# We sleep here to allow time for OS X to process network settings -sleep 2 - -EXIT_CODE=0 - -if ${ARG_TAP} ; then - # Still need to do: Look for route-gateway dhcp (TAP isn't always DHCP) - bRouteGatewayIsDhcp="false" - if [ -z "${route_vpn_gateway}" -o "$route_vpn_gateway" == "dhcp" -o "$route_vpn_gateway" == "DHCP" ]; then - bRouteGatewayIsDhcp="true" - fi - - if [ "$bRouteGatewayIsDhcp" == "true" ]; then - if [ -z "$dev" ]; then - logMessage "Cannot configure TAP interface for DHCP without \$dev being defined. Exiting." - exit 1 - fi - - ipconfig set "$dev" DHCP - - configureDhcpDns & - elif [ "$foreign_option_1" == "" ]; then - logMessage "No network configuration changes need to be made." - if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then - logMessage "Will NOT monitor for other network configuration changes." - fi - else - configureOpenVpnDns - EXIT_CODE=$? - fi -else - if [ "$foreign_option_1" == "" ]; then - logMessage "No network configuration changes need to be made." - if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then - logMessage "Will NOT monitor for other network configuration changes." - fi - else - configureOpenVpnDns - EXIT_CODE=$? - fi -fi - -exit $EXIT_CODE diff --git a/pkg/osx/install/install-leapc.sh b/pkg/osx/install/install-leapc.sh deleted file mode 100755 index 2ecfc08e..00000000 --- a/pkg/osx/install/install-leapc.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh -echo "Installing LEAP Client in /Applications" -cp -r "LEAP Client.app" "/Applications" - -echo "Copying openvpn binary" -cp -r openvpn.leap /usr/bin - -echo "Installing tun/tap drivers" -cp -r Extensions/* /Library/Extensions -cp -r StartupItems/* /Library/StartupItems - -echo "Loading tun/tap kernel extension" -/Library/StartupItems/tun/tun start - -echo "Installation Finished!" - -ln -s /Applications/LEAP\ Client.app/ /Volumes/LEAP\ Client\ installer/ diff --git a/pkg/osx/install/leap-installer.platypus b/pkg/osx/install/leap-installer.platypus deleted file mode 100644 index 9150961e..00000000 --- a/pkg/osx/install/leap-installer.platypus +++ /dev/null @@ -1,90 +0,0 @@ - - - - - AcceptsFiles - - AcceptsText - - Authentication - - Author - Kali Yuga - BundledFiles - - Creator - Platypus-4.7 - DeclareService - - Destination - MyPlatypusApp.app - DestinationOverride - - DevelopmentVersion - - DocIcon - - Droppable - - ExecutablePath - /opt/local/share/platypus/ScriptExec - FileTypes - - **** - fold - - IconPath - - Identifier - se.leap.LEAPClientInstaller - Interpreter - /bin/sh - InterpreterArgs - - Name - LEAPClient Installer - NibPath - /opt/local/share/platypus/MainMenu.nib - OptimizeApplication - - Output - Progress Bar - RemainRunning - - Role - Viewer - ScriptArgs - - ScriptPath - ./install/install-leapc.sh - Secure - - ShowInDock - - StatusItemDisplayType - Text - StatusItemIcon - - - StatusItemTitle - MyPlatypusApp - Suffixes - - * - - TextBackground - #ffffff - TextEncoding - 4 - TextFont - Monaco - TextForeground - #000000 - TextSize - 10 - UseXMLPlistFormat - - Version - 1.0 - - -- cgit v1.2.3 From b6de685a52c2715adfc639925a9ddac364cd4f00 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Wed, 20 Mar 2013 21:05:01 +0900 Subject: re-add osx pyinstaller build scripts --- .../install/ProcessNetworkChanges.plist.template | 16 + pkg/osx/install/client.down.sh | 146 +++++ pkg/osx/install/client.up.sh | 596 +++++++++++++++++++++ pkg/osx/install/install-leapc.sh | 42 ++ pkg/osx/install/leap-installer.platypus | 90 ++++ pkg/osx/install/tun.kext/Info.plist | 36 ++ 6 files changed, 926 insertions(+) create mode 100644 pkg/osx/install/ProcessNetworkChanges.plist.template create mode 100755 pkg/osx/install/client.down.sh create mode 100755 pkg/osx/install/client.up.sh create mode 100755 pkg/osx/install/install-leapc.sh create mode 100644 pkg/osx/install/leap-installer.platypus create mode 100644 pkg/osx/install/tun.kext/Info.plist (limited to 'pkg/osx/install') diff --git a/pkg/osx/install/ProcessNetworkChanges.plist.template b/pkg/osx/install/ProcessNetworkChanges.plist.template new file mode 100644 index 00000000..eaf54fcf --- /dev/null +++ b/pkg/osx/install/ProcessNetworkChanges.plist.template @@ -0,0 +1,16 @@ + + + + + Label + se.leap.openvpn.process-network-changes + ProgramArguments + + ${DIR}/process-network-changes + + WatchPaths + + /Library/Preferences/SystemConfiguration + + + diff --git a/pkg/osx/install/client.down.sh b/pkg/osx/install/client.down.sh new file mode 100755 index 00000000..66467c08 --- /dev/null +++ b/pkg/osx/install/client.down.sh @@ -0,0 +1,146 @@ +#!/bin/bash -e +# Note: must be bash; uses bash-specific tricks +# +# ****************************************************************************************************************** +# This Tunnelblick script does everything! It handles TUN and TAP interfaces, +# pushed configurations and DHCP leases. :) +# +# This is the "Down" version of the script, executed after the connection is +# closed. +# +# Created by: Nick Williams (using original code and parts of old Tblk scripts) +# +# ****************************************************************************************************************** + +trap "" TSTP +trap "" HUP +trap "" INT +export PATH="/bin:/sbin:/usr/sbin:/usr/bin" + +readonly LOG_MESSAGE_COMMAND=$(basename "${0}") + +# Quick check - is the configuration there? +if ! scutil -w State:/Network/OpenVPN &>/dev/null -t 1 ; then + # Configuration isn't there, so we forget it + echo "$(date '+%a %b %e %T %Y') *LEAPClient $LOG_MESSAGE_COMMAND: WARNING: No existing OpenVPN DNS configuration found; not tearing down anything; exiting." + exit 0 +fi + +# NOTE: This script does not use any arguments passed to it by OpenVPN, so it doesn't shift Tunnelblick options out of the argument list + +# Get info saved by the up script +TUNNELBLICK_CONFIG="$(/usr/sbin/scutil <<-EOF + open + show State:/Network/OpenVPN + quit +EOF)" + +ARG_MONITOR_NETWORK_CONFIGURATION="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*MonitorNetwork :' | sed -e 's/^.*: //g')" +LEASEWATCHER_PLIST_PATH="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*LeaseWatcherPlistPath :' | sed -e 's/^.*: //g')" +PSID="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*Service :' | sed -e 's/^.*: //g')" +SCRIPT_LOG_FILE="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*ScriptLogFile :' | sed -e 's/^.*: //g')" +# Don't need: ARG_RESTORE_ON_DNS_RESET="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*RestoreOnDNSReset :' | sed -e 's/^.*: //g')" +# Don't need: ARG_RESTORE_ON_WINS_RESET="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*RestoreOnWINSReset :' | sed -e 's/^.*: //g')" +# Don't need: PROCESS="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*PID :' | sed -e 's/^.*: //g')" +# Don't need: ARG_IGNORE_OPTION_FLAGS="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*IgnoreOptionFlags :' | sed -e 's/^.*: //g')" +ARG_TAP="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*IsTapInterface :' | sed -e 's/^.*: //g')" +bRouteGatewayIsDhcp="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*RouteGatewayIsDhcp :' | sed -e 's/^.*: //g')" + +# @param String message - The message to log +logMessage() +{ + echo "$(date '+%a %b %e %T %Y') *Tunnelblick $LOG_MESSAGE_COMMAND: "${@} >> "${SCRIPT_LOG_FILE}" +} + +trim() +{ + echo ${@} +} + +if ${ARG_TAP} ; then + if [ "$bRouteGatewayIsDhcp" == "true" ]; then + if [ -z "$dev" ]; then + logMessage "Cannot configure TAP interface for DHCP without \$dev being defined. Device may not have disconnected properly." + else + set +e + ipconfig set "$dev" NONE 2>/dev/null + set -e + fi + fi +fi + +# Issue warning if the primary service ID has changed +PSID_CURRENT="$( (scutil | grep Service | sed -e 's/.*Service : //')<<- EOF + open + show State:/Network/OpenVPN + quit +EOF)" +if [ "${PSID}" != "${PSID_CURRENT}" ] ; then + logMessage "Ignoring change of Network Primary Service from ${PSID} to ${PSID_CURRENT}" +fi + +# Remove leasewatcher +if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then + launchctl unload "${LEASEWATCHER_PLIST_PATH}" + logMessage "Cancelled monitoring of system configuration changes" +fi + +# Restore configurations +DNS_OLD="$(/usr/sbin/scutil <<-EOF + open + show State:/Network/OpenVPN/OldDNS + quit +EOF)" +WINS_OLD="$(/usr/sbin/scutil <<-EOF + open + show State:/Network/OpenVPN/OldSMB + quit +EOF)" +TB_NO_SUCH_KEY=" { + TunnelblickNoSuchKey : true +}" + +if [ "${DNS_OLD}" = "${TB_NO_SUCH_KEY}" ] ; then + scutil <<- EOF + open + remove State:/Network/Service/${PSID}/DNS + quit +EOF +else + scutil <<- EOF + open + get State:/Network/OpenVPN/OldDNS + set State:/Network/Service/${PSID}/DNS + quit +EOF +fi + +if [ "${WINS_OLD}" = "${TB_NO_SUCH_KEY}" ] ; then + scutil <<- EOF + open + remove State:/Network/Service/${PSID}/SMB + quit +EOF +else + scutil <<- EOF + open + get State:/Network/OpenVPN/OldSMB + set State:/Network/Service/${PSID}/SMB + quit +EOF +fi + +logMessage "Restored the DNS and WINS configurations" + +# Remove our system configuration data +scutil <<- EOF + open + remove State:/Network/OpenVPN/SMB + remove State:/Network/OpenVPN/DNS + remove State:/Network/OpenVPN/OldSMB + remove State:/Network/OpenVPN/OldDNS + remove State:/Network/OpenVPN + quit +EOF + +exit 0 diff --git a/pkg/osx/install/client.up.sh b/pkg/osx/install/client.up.sh new file mode 100755 index 00000000..fc7e341a --- /dev/null +++ b/pkg/osx/install/client.up.sh @@ -0,0 +1,596 @@ +#!/bin/bash -e +# Note: must be bash; uses bash-specific tricks +# +# ****************************************************************************************************************** +# This Tunnelblick script does everything! It handles TUN and TAP interfaces, +# pushed configurations, DHCP with DNS and WINS, and renewed DHCP leases. :) +# +# This is the "Up" version of the script, executed after the interface is +# initialized. +# +# Created by: Nick Williams (using original code and parts of old Tblk scripts) +# +# ****************************************************************************************************************** + +trap "" TSTP +trap "" HUP +trap "" INT +export PATH="/bin:/sbin:/usr/sbin:/usr/bin" + +# Process optional arguments (if any) for the script +# Each one begins with a "-" +# They come from Tunnelblick, and come first, before the OpenVPN arguments +# So we set ARG_ script variables to their values and shift them out of the argument list +# When we're done, only the OpenVPN arguments remain for the rest of the script to use +ARG_MONITOR_NETWORK_CONFIGURATION="false" +ARG_RESTORE_ON_DNS_RESET="false" +ARG_RESTORE_ON_WINS_RESET="false" +ARG_TAP="false" +ARG_IGNORE_OPTION_FLAGS="" + +while [ {$#} ] ; do + if [ "$1" = "-m" ] ; then # Handle the arguments we know about + ARG_MONITOR_NETWORK_CONFIGURATION="true" # by setting ARG_ script variables to their values + shift # Then shift them out + elif [ "$1" = "-d" ] ; then + ARG_RESTORE_ON_DNS_RESET="true" + shift + elif [ "$1" = "-w" ] ; then + ARG_RESTORE_ON_WINS_RESET="true" + shift + elif [ "$1" = "-a" ] ; then + ARG_TAP="true" + shift + elif [ "${1:0:2}" = "-i" ] ; then + ARG_IGNORE_OPTION_FLAGS="${1}" + shift + elif [ "${1:0:2}" = "-a" ] ; then + ARG_IGNORE_OPTION_FLAGS="${1}" + shift + else + if [ "${1:0:1}" = "-" ] ; then # Shift out Tunnelblick arguments (they start with "-") that we don't understand + shift # so the rest of the script sees only the OpenVPN arguments + else + break + fi + fi +done + +readonly ARG_MONITOR_NETWORK_CONFIGURATION ARG_RESTORE_ON_DNS_RESET ARG_RESTORE_ON_WINS_RESET ARG_TAP ARG_IGNORE_OPTION_FLAGS + +# Note: The script log path name is constructed from the path of the regular config file, not the shadow copy +# if the config is shadow copy, e.g. /Library/Application Support/Tunnelblick/Users/Jonathan/Folder/Subfolder/config.ovpn +# then convert to regular config /Users/Jonathan/Library/Application Support/Tunnelblick/Configurations/Folder/Subfolder/config.ovpn +# to get the script log path +# Note: "/Users/..." works even if the home directory has a different path; it is used in the name of the log file, and is not used as a path to get to anything. +readonly TBALTPREFIX="/Library/Application Support/Tunnelblick/Users/" +readonly TBALTPREFIXLEN="${#TBALTPREFIX}" +readonly TBCONFIGSTART="${config:0:$TBALTPREFIXLEN}" +if [ "$TBCONFIGSTART" = "$TBALTPREFIX" ] ; then + readonly TBBASE="${config:$TBALTPREFIXLEN}" + readonly TBSUFFIX="${TBBASE#*/}" + readonly TBUSERNAME="${TBBASE%%/*}" + readonly TBCONFIG="/Users/$TBUSERNAME/Library/Application Support/Tunnelblick/Configurations/$TBSUFFIX" +else + readonly TBCONFIG="${config}" +fi + +readonly CONFIG_PATH_DASHES_SLASHES="$(echo "${TBCONFIG}" | sed -e 's/-/--/g' | sed -e 's/\//-S/g')" +readonly SCRIPT_LOG_FILE="/Library/Application Support/Tunnelblick/Logs/${CONFIG_PATH_DASHES_SLASHES}.script.log" + +readonly TB_RESOURCE_PATH=$(dirname "${0}") + +LEASEWATCHER_PLIST_PATH="/Library/Application Support/Tunnelblick/LeaseWatch.plist" + +readonly OSVER="$(sw_vers | grep 'ProductVersion:' | grep -o '10\.[0-9]*')" + +readonly DEFAULT_DOMAIN_NAME="openvpn" + +bRouteGatewayIsDhcp="false" + +# @param String message - The message to log +readonly LOG_MESSAGE_COMMAND=$(basename "${0}") +logMessage() +{ + echo "$(date '+%a %b %e %T %Y') *Tunnelblick $LOG_MESSAGE_COMMAND: "${@} >> "${SCRIPT_LOG_FILE}" +} + +# @param String string - Content to trim +trim() +{ + echo ${@} +} + +# @param String[] dnsServers - The name servers to use +# @param String domainName - The domain name to use +# @param \optional String[] winsServers - The WINS servers to use +setDnsServersAndDomainName() +{ + declare -a vDNS=("${!1}") + domain=$2 + declare -a vWINS=("${!3}") + + set +e # "grep" will return error status (1) if no matches are found, so don't fail on individual errors + + PSID=$( (scutil | grep PrimaryService | sed -e 's/.*PrimaryService : //')<<- EOF + open + show State:/Network/Global/IPv4 + quit +EOF ) + + STATIC_DNS_CONFIG="$( (scutil | sed -e 's/^[[:space:]]*[[:digit:]]* : //g' | tr '\n' ' ')<<- EOF + open + show Setup:/Network/Service/${PSID}/DNS + quit +EOF )" + if echo "${STATIC_DNS_CONFIG}" | grep -q "ServerAddresses" ; then + readonly STATIC_DNS="$(trim "$( echo "${STATIC_DNS_CONFIG}" | sed -e 's/^.*ServerAddresses[^{]*{[[:space:]]*\([^}]*\)[[:space:]]*}.*$/\1/g' )")" + fi + if echo "${STATIC_DNS_CONFIG}" | grep -q "SearchDomains" ; then + readonly STATIC_SEARCH="$(trim "$( echo "${STATIC_DNS_CONFIG}" | sed -e 's/^.*SearchDomains[^{]*{[[:space:]]*\([^}]*\)[[:space:]]*}.*$/\1/g' )")" + fi + + STATIC_WINS_CONFIG="$( (scutil | sed -e 's/^[[:space:]]*[[:digit:]]* : //g' | tr '\n' ' ')<<- EOF + open + show Setup:/Network/Service/${PSID}/SMB + quit +EOF )" + STATIC_WINS_SERVERS="" + STATIC_WORKGROUP="" + STATIC_NETBIOSNAME="" + if echo "${STATIC_WINS_CONFIG}" | grep -q "WINSAddresses" ; then + STATIC_WINS_SERVERS="$(trim "$( echo "${STATIC_WINS_CONFIG}" | sed -e 's/^.*WINSAddresses[^{]*{[[:space:]]*\([^}]*\)[[:space:]]*}.*$/\1/g' )")" + fi + if echo "${STATIC_WINS_CONFIG}" | grep -q "Workgroup" ; then + STATIC_WORKGROUP="$(trim "$( echo "${STATIC_WINS_CONFIG}" | sed -e 's/^.*Workgroup : \([^[:space:]]*\).*$/\1/g' )")" + fi + if echo "${STATIC_WINS_CONFIG}" | grep -q "NetBIOSName" ; then + STATIC_NETBIOSNAME="$(trim "$( echo "${STATIC_WINS_CONFIG}" | sed -e 's/^.*NetBIOSName : \([^[:space:]]*\).*$/\1/g' )")" + fi + readonly STATIC_WINS_SERVERS STATIC_WORKGROUP STATIC_NETBIOSNAME + + if [ ${#vDNS[*]} -eq 0 ] ; then + DYN_DNS="false" + ALL_DNS="${STATIC_DNS}" + elif [ -n "${STATIC_DNS}" ] ; then + case "${OSVER}" in + 10.6 | 10.7 ) + # Do nothing - in 10.6 we don't aggregate our configurations, apparently + DYN_DNS="false" + ALL_DNS="${STATIC_DNS}" + ;; + 10.4 | 10.5 ) + DYN_DNS="true" + # We need to remove duplicate DNS entries, so that our reference list matches MacOSX's + SDNS="$(echo "${STATIC_DNS}" | tr ' ' '\n')" + (( i=0 )) + for n in "${vDNS[@]}" ; do + if echo "${SDNS}" | grep -q "${n}" ; then + unset vDNS[${i}] + fi + (( i++ )) + done + if [ ${#vDNS[*]} -gt 0 ] ; then + ALL_DNS="$(trim "${STATIC_DNS}" "${vDNS[*]}")" + else + DYN_DNS="false" + ALL_DNS="${STATIC_DNS}" + fi + ;; + esac + else + DYN_DNS="true" + ALL_DNS="$(trim "${vDNS[*]}")" + fi + readonly DYN_DNS ALL_DNS + + if [ ${#vWINS[*]} -eq 0 ] ; then + DYN_WINS="false" + ALL_WINS_SERVERS="${STATIC_WINS_SERVERS}" + elif [ -n "${STATIC_WINS_SERVERS}" ] ; then + case "${OSVER}" in + 10.6 | 10.7 ) + # Do nothing - in 10.6 we don't aggregate our configurations, apparently + DYN_WINS="false" + ALL_WINS_SERVERS="${STATIC_WINS_SERVERS}" + ;; + 10.4 | 10.5 ) + DYN_WINS="true" + # We need to remove duplicate WINS entries, so that our reference list matches MacOSX's + SWINS="$(echo "${STATIC_WINS_SERVERS}" | tr ' ' '\n')" + (( i=0 )) + for n in "${vWINS[@]}" ; do + if echo "${SWINS}" | grep -q "${n}" ; then + unset vWINS[${i}] + fi + (( i++ )) + done + if [ ${#vWINS[*]} -gt 0 ] ; then + ALL_WINS_SERVERS="$(trim "${STATIC_WINS_SERVERS}" "${vWINS[*]}")" + else + DYN_WINS="false" + ALL_WINS_SERVERS="${STATIC_WINS_SERVERS}" + fi + ;; + esac + else + DYN_WINS="true" + ALL_WINS_SERVERS="$(trim "${vWINS[*]}")" + fi + readonly DYN_WINS ALL_WINS_SERVERS + + # We double-check that our search domain isn't already on the list + SEARCH_DOMAIN="${domain}" + case "${OSVER}" in + 10.6 | 10.7 ) + # Do nothing - in 10.6 we don't aggregate our configurations, apparently + if [ -n "${STATIC_SEARCH}" ] ; then + ALL_SEARCH="${STATIC_SEARCH}" + SEARCH_DOMAIN="" + else + ALL_SEARCH="${SEARCH_DOMAIN}" + fi + ;; + 10.4 | 10.5 ) + if echo "${STATIC_SEARCH}" | tr ' ' '\n' | grep -q "${SEARCH_DOMAIN}" ; then + SEARCH_DOMAIN="" + fi + if [ -z "${SEARCH_DOMAIN}" ] ; then + ALL_SEARCH="${STATIC_SEARCH}" + else + ALL_SEARCH="$(trim "${STATIC_SEARCH}" "${SEARCH_DOMAIN}")" + fi + ;; + esac + readonly SEARCH_DOMAIN ALL_SEARCH + + if ! ${DYN_DNS} ; then + NO_DNS="#" + fi + if ! ${DYN_WINS} ; then + NO_WS="#" + fi + if [ -z "${SEARCH_DOMAIN}" ] ; then + NO_SEARCH="#" + fi + if [ -z "${STATIC_WORKGROUP}" ] ; then + NO_WG="#" + fi + if [ -z "${STATIC_NETBIOSNAME}" ] ; then + NO_NB="#" + fi + if [ -z "${ALL_DNS}" ] ; then + AGG_DNS="#" + fi + if [ -z "${ALL_SEARCH}" ] ; then + AGG_SEARCH="#" + fi + if [ -z "${ALL_WINS_SERVERS}" ] ; then + AGG_WINS="#" + fi + + # Now, do the aggregation + # Save the openvpn process ID and the Network Primary Service ID, leasewather.plist path, logfile path, and optional arguments from Tunnelblick, + # then save old and new DNS and WINS settings + # PPID is a bash-script variable that contains the process ID of the parent of the process running the script (i.e., OpenVPN's process ID) + # config is an environmental variable set to the configuration path by OpenVPN prior to running this up script + logMessage "Up to two 'No such key' warnings are normal and may be ignored" + + # If DNS is manually set, it overrides the DHCP setting, which isn't reflected in 'State:/Network/Service/${PSID}/DNS' + if echo "${STATIC_DNS_CONFIG}" | grep -q "ServerAddresses" ; then + CORRECT_OLD_DNS_KEY="Setup:" + else + CORRECT_OLD_DNS_KEY="State:" + fi + + # If WINS is manually set, it overrides the DHCP setting, which isn't reflected in 'State:/Network/Service/${PSID}/DNS' + if echo "${STATIC_WINS_CONFIG}" | grep -q "WINSAddresses" ; then + CORRECT_OLD_WINS_KEY="Setup:" + else + CORRECT_OLD_WINS_KEY="State:" + fi + + # If we are not expecting any WINS value, add to the expected WINS setup + NO_NOSUCH_KEY_WINS="#" + if [ "${NO_NB}" = "#" -a "${AGG_WINS}" = "#" -a "${NO_WG}" = "#" ] ; then + NO_NOSUCH_KEY_WINS="" + fi + readonly NO_NOSUCH_KEY_WINS + + set -e # We instruct bash that it CAN again fail on errors + + scutil <<- EOF + open + d.init + d.add PID # ${PPID} + d.add Service ${PSID} + d.add LeaseWatcherPlistPath "${LEASEWATCHER_PLIST_PATH}" + d.add ScriptLogFile "${SCRIPT_LOG_FILE}" + d.add MonitorNetwork "${ARG_MONITOR_NETWORK_CONFIGURATION}" + d.add RestoreOnDNSReset "${ARG_RESTORE_ON_DNS_RESET}" + d.add RestoreOnWINSReset "${ARG_RESTORE_ON_WINS_RESET}" + d.add IgnoreOptionFlags "${ARG_IGNORE_OPTION_FLAGS}" + d.add IsTapInterface "${ARG_TAP}" + d.add RouteGatewayIsDhcp "${bRouteGatewayIsDhcp}" + set State:/Network/OpenVPN + + # First, back up the device's current DNS and WINS configurations + # Indicate 'no such key' by a dictionary with a single entry: "TunnelblickNoSuchKey : true" + d.init + d.add TunnelblickNoSuchKey true + get ${CORRECT_OLD_DNS_KEY}/Network/Service/${PSID}/DNS + set State:/Network/OpenVPN/OldDNS + + d.init + d.add TunnelblickNoSuchKey true + get ${CORRECT_OLD_WINS_KEY}/Network/Service/${PSID}/SMB + set State:/Network/OpenVPN/OldSMB + + # Second, initialize the new DNS map + d.init + ${NO_DNS}d.add ServerAddresses * ${vDNS[*]} + ${NO_SEARCH}d.add SearchDomains * ${SEARCH_DOMAIN} + d.add DomainName ${domain} + set State:/Network/Service/${PSID}/DNS + + # Third, initialize the WINS map + d.init + ${NO_NB}d.add NetBIOSName ${STATIC_NETBIOSNAME} + ${NO_WS}d.add WINSAddresses * ${vWINS[*]} + ${NO_WG}d.add Workgroup ${STATIC_WORKGROUP} + set State:/Network/Service/${PSID}/SMB + + # Now, initialize the maps that will be compared against the system-generated map + # which means that we will have to aggregate configurations of statically-configured + # nameservers, and statically-configured search domains + d.init + ${AGG_DNS}d.add ServerAddresses * ${ALL_DNS} + ${AGG_SEARCH}d.add SearchDomains * ${ALL_SEARCH} + d.add DomainName ${domain} + set State:/Network/OpenVPN/DNS + + d.init + ${NO_NB}d.add NetBIOSName ${STATIC_NETBIOSNAME} + ${AGG_WINS}d.add WINSAddresses * ${ALL_WINS_SERVERS} + ${NO_WG}d.add Workgroup ${STATIC_WORKGROUP} + ${NO_NOSUCH_KEY_WINS}d.add TunnelblickNoSuchKey true + set State:/Network/OpenVPN/SMB + + # We are done + quit +EOF + + logMessage "Saved the DNS and WINS configurations for later use" + + if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then + if [ "${ARG_IGNORE_OPTION_FLAGS:0:2}" = "-a" ] ; then + # Generate an updated plist with the path for process-network-changes + readonly LEASEWATCHER_TEMPLATE_PATH="$(dirname "${0}")/ProcessNetworkChanges.plist.template" + sed -e "s|\${DIR}|$(dirname "${0}")|g" "${LEASEWATCHER_TEMPLATE_PATH}" > "${LEASEWATCHER_PLIST_PATH}" + launchctl load "${LEASEWATCHER_PLIST_PATH}" + logMessage "Set up to monitor system configuration with process-network-changes" + else + # Generate an updated plist with the path for leasewatch + readonly LEASEWATCHER_TEMPLATE_PATH="$(dirname "${0}")/LeaseWatch.plist.template" + sed -e "s|\${DIR}|$(dirname "${0}")|g" "${LEASEWATCHER_TEMPLATE_PATH}" > "${LEASEWATCHER_PLIST_PATH}" + launchctl load "${LEASEWATCHER_PLIST_PATH}" + logMessage "Set up to monitor system configuration with leasewatch" + fi + fi +} + +configureDhcpDns() +{ + # whilst ipconfig will have created the neccessary Network Service keys, the DNS + # settings won't actually be used by OS X unless the SupplementalMatchDomains key + # is added + # ref. + # - is there a way to extract the domains from the SC dictionary and re-insert + # as SupplementalMatchDomains? i.e. not requiring the ipconfig domain_name call? + + # - wait until we get a lease before extracting the DNS domain name and merging into SC + # - despite it's name, ipconfig waitall doesn't (but maybe one day it will :-) + ipconfig waitall + + unset test_domain_name + unset test_name_server + + set +e # We instruct bash NOT to exit on individual command errors, because if we need to wait longer these commands will fail + + # usually takes at least a few seconds to get a DHCP lease + sleep 3 + n=0 + while [ -z "$test_domain_name" -a -z "$test_name_server" -a $n -lt 5 ] + do + logMessage "Sleeping for $n seconds to wait for DHCP to finish setup." + sleep $n + n=`expr $n + 1` + + if [ -z "$test_domain_name" ]; then + test_domain_name=`ipconfig getoption $dev domain_name 2>/dev/null` + fi + + if [ -z "$test_name_server" ]; then + test_name_server=`ipconfig getoption $dev domain_name_server 2>/dev/null` + fi + done + + sGetPacketOutput=`ipconfig getpacket $dev` + + set -e # We instruct bash that it CAN again fail on individual errors + + #echo "`date` test_domain_name = $test_domain_name, test_name_server = $test_name_server, sGetPacketOutput = $sGetPacketOutput" + + unset aNameServers + unset aWinsServers + + nNameServerIndex=1 + nWinsServerIndex=1 + + if [ "$sGetPacketOutput" ]; then + sGetPacketOutput_FirstLine=`echo "$sGetPacketOutput"|head -n 1` + #echo $sGetPacketOutput_FirstLine + + if [ "$sGetPacketOutput_FirstLine" == "op = BOOTREPLY" ]; then + set +e # "grep" will return error status (1) if no matches are found, so don't fail on individual errors + + for tNameServer in `echo "$sGetPacketOutput"|grep "domain_name_server"|grep -Eo "\{([0-9\.]+)(, [0-9\.]+)*\}"|grep -Eo "([0-9\.]+)"`; do + aNameServers[nNameServerIndex-1]="$(trim "$tNameServer")" + let nNameServerIndex++ + done + + for tWINSServer in `echo "$sGetPacketOutput"|grep "nb_over_tcpip_name_server"|grep -Eo "\{([0-9\.]+)(, [0-9\.]+)*\}"|grep -Eo "([0-9\.]+)"`; do + aWinsServers[nWinsServerIndex-1]="$(trim "$tWINSServer")" + let nWinsServerIndex++ + done + + sDomainName=`echo "$sGetPacketOutput"|grep "domain_name "|grep -Eo ": [-A-Za-z0-9\-\.]+"|grep -Eo "[-A-Za-z0-9\-\.]+"` + sDomainName="$(trim "$sDomainName")" + + if [ ${#aNameServers[*]} -gt 0 -a "$sDomainName" ]; then + logMessage "Retrieved name server(s) [ ${aNameServers[@]} ], domain name [ $sDomainName ], and WINS server(s) [ ${aWinsServers[@]} ]" + setDnsServersAndDomainName aNameServers[@] "$sDomainName" aWinsServers[@] + return 0 + elif [ ${#aNameServers[*]} -gt 0 ]; then + logMessage "Retrieved name server(s) [ ${aNameServers[@]} ] and WINS server(s) [ ${aWinsServers[@]} ] and using default domain name [ $DEFAULT_DOMAIN_NAME ]" + setDnsServersAndDomainName aNameServers[@] "$DEFAULT_DOMAIN_NAME" aWinsServers[@] + return 0 + else + # Should we return 1 here and indicate an error, or attempt the old method? + logMessage "No useful information extracted from DHCP/BOOTP packet. Attempting legacy configuration." + fi + + set -e # We instruct bash that it CAN again fail on errors + else + # Should we return 1 here and indicate an error, or attempt the old method? + logMessage "No DHCP/BOOTP packet found on interface. Attempting legacy configuration." + fi + fi + + unset sDomainName + unset sNameServer + unset aNameServers + + sDomainName=`ipconfig getoption $dev domain_name 2>/dev/null` + sNameServer=`ipconfig getoption $dev domain_name_server 2>/dev/null` + + sDomainName="$(trim "$sDomainName")" + sNameServer="$(trim "$sNameServer")" + + declare -a aWinsServers=( ) # Declare empty WINS array to avoid any useless error messages + + if [ "$sDomainName" -a "$sNameServer" ]; then + aNameServers[0]=$sNameServer + logMessage "Retrieved name server [ $sNameServer ], domain name [ $sDomainName ], and no WINS servers" + setDnsServersAndDomainName aNameServers[@] "$sDomainName" aWinsServers[@] + elif [ "$sNameServer" ]; then + aNameServers[0]=$sNameServer + logMessage "Retrieved name server [ $sNameServer ] and no WINS servers, and using default domain name [ $DEFAULT_DOMAIN_NAME ]" + setDnsServersAndDomainName aNameServers[@] "$DEFAULT_DOMAIN_NAME" aWinsServers[@] + elif [ "$sDomainName" ]; then + logMessage "WARNING: Retrieved domain name [ $sDomainName ] but no name servers from OpenVPN (DHCP), which is not sufficient to make network/DNS configuration changes." + if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then + logMessage "Will NOT monitor for other network configuration changes." + fi + else + logMessage "WARNING: No DNS information received from OpenVPN (DHCP), so no network/DNS configuration changes need to be made." + if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then + logMessage "Will NOT monitor for other network configuration changes." + fi + fi + + return 0 +} + +configureOpenVpnDns() +{ + unset vForOptions + unset vOptions + unset aNameServers + unset aWinsServers + + nOptionIndex=1 + nNameServerIndex=1 + nWinsServerIndex=1 + + while vForOptions=foreign_option_$nOptionIndex; [ -n "${!vForOptions}" ]; do + vOptions[nOptionIndex-1]=${!vForOptions} + case ${vOptions[nOptionIndex-1]} in + *DOMAIN* ) + sDomainName="$(trim "${vOptions[nOptionIndex-1]//dhcp-option DOMAIN /}")" + ;; + *DNS* ) + aNameServers[nNameServerIndex-1]="$(trim "${vOptions[nOptionIndex-1]//dhcp-option DNS /}")" + let nNameServerIndex++ + ;; + *WINS* ) + aWinsServers[nWinsServerIndex-1]="$(trim "${vOptions[nOptionIndex-1]//dhcp-option WINS /}")" + let nWinsServerIndex++ + ;; + * ) + logMessage "Unknown: 'foreign_option_${nOptionIndex}' = '${vOptions[nOptionIndex-1]}'" + ;; + esac + let nOptionIndex++ + done + + if [ ${#aNameServers[*]} -gt 0 -a "$sDomainName" ]; then + logMessage "Retrieved name server(s) [ ${aNameServers[@]} ], domain name [ $sDomainName ], and WINS server(s) [ ${aWinsServers[@]} ]" + setDnsServersAndDomainName aNameServers[@] "$sDomainName" aWinsServers[@] + elif [ ${#aNameServers[*]} -gt 0 ]; then + logMessage "Retrieved name server(s) [ ${aNameServers[@]} ] and WINS server(s) [ ${aWinsServers[@]} ] and using default domain name [ $DEFAULT_DOMAIN_NAME ]" + setDnsServersAndDomainName aNameServers[@] "$DEFAULT_DOMAIN_NAME" aWinsServers[@] + else + # Should we maybe just return 1 here to indicate an error? Does this mean that something bad has happened? + logMessage "No DNS information recieved from OpenVPN, so no network configuration changes need to be made." + if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then + logMessage "Will NOT monitor for other network configuration changes." + fi + fi + + return 0 +} + +# We sleep here to allow time for OS X to process network settings +sleep 2 + +EXIT_CODE=0 + +if ${ARG_TAP} ; then + # Still need to do: Look for route-gateway dhcp (TAP isn't always DHCP) + bRouteGatewayIsDhcp="false" + if [ -z "${route_vpn_gateway}" -o "$route_vpn_gateway" == "dhcp" -o "$route_vpn_gateway" == "DHCP" ]; then + bRouteGatewayIsDhcp="true" + fi + + if [ "$bRouteGatewayIsDhcp" == "true" ]; then + if [ -z "$dev" ]; then + logMessage "Cannot configure TAP interface for DHCP without \$dev being defined. Exiting." + exit 1 + fi + + ipconfig set "$dev" DHCP + + configureDhcpDns & + elif [ "$foreign_option_1" == "" ]; then + logMessage "No network configuration changes need to be made." + if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then + logMessage "Will NOT monitor for other network configuration changes." + fi + else + configureOpenVpnDns + EXIT_CODE=$? + fi +else + if [ "$foreign_option_1" == "" ]; then + logMessage "No network configuration changes need to be made." + if ${ARG_MONITOR_NETWORK_CONFIGURATION} ; then + logMessage "Will NOT monitor for other network configuration changes." + fi + else + configureOpenVpnDns + EXIT_CODE=$? + fi +fi + +exit $EXIT_CODE diff --git a/pkg/osx/install/install-leapc.sh b/pkg/osx/install/install-leapc.sh new file mode 100755 index 00000000..ec3c2834 --- /dev/null +++ b/pkg/osx/install/install-leapc.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +# LEAP CLient Installer Script. +# +# Copyright (C) 2013 LEAP Encryption Access Project +# +# This file is part of LEAP Client, as +# available from http://leap.se/. This file is free software; +# you can redistribute it and/or modify it under the terms of the GNU +# General Public License (GPL) as published by the Free Software +# Foundation, in version 2 as it comes in the "COPYING" file of the +# LEAP Client distribution. LEAP Client is distributed in the +# hope that it will be useful, but WITHOUT ANY WARRANTY of any kind. +# + +set -e + +destlibs=/opt/local/lib +leapdir=/Applications/LEAP\ Client.app +leaplibs=${leapdir}/Contents/MacOS +tunstartup=/Library/StartupItems/tun/tun + +echo "Installing LEAP Client in /Applications..." +cp -r "LEAP Client.app" /Applications + +echo "Copying openvpn binary..." +cp -r openvpn.leap /usr/bin + +echo "Installing tun/tap drivers..." +test -f $tunstartup && $tunstartup stop + +test -d /Library/Extensions || mkdir -p /Library/Extensions +test -d /Library/StartupItems || mkdir -p /Library/StartupItems + +cp -r Extensions/* /Library/Extensions +cp -r StartupItems/* /Library/StartupItems + +echo "Loading tun/tap kernel extension..." + +$tunstartup start + +echo "Installation Finished!" diff --git a/pkg/osx/install/leap-installer.platypus b/pkg/osx/install/leap-installer.platypus new file mode 100644 index 00000000..9150961e --- /dev/null +++ b/pkg/osx/install/leap-installer.platypus @@ -0,0 +1,90 @@ + + + + + AcceptsFiles + + AcceptsText + + Authentication + + Author + Kali Yuga + BundledFiles + + Creator + Platypus-4.7 + DeclareService + + Destination + MyPlatypusApp.app + DestinationOverride + + DevelopmentVersion + + DocIcon + + Droppable + + ExecutablePath + /opt/local/share/platypus/ScriptExec + FileTypes + + **** + fold + + IconPath + + Identifier + se.leap.LEAPClientInstaller + Interpreter + /bin/sh + InterpreterArgs + + Name + LEAPClient Installer + NibPath + /opt/local/share/platypus/MainMenu.nib + OptimizeApplication + + Output + Progress Bar + RemainRunning + + Role + Viewer + ScriptArgs + + ScriptPath + ./install/install-leapc.sh + Secure + + ShowInDock + + StatusItemDisplayType + Text + StatusItemIcon + + + StatusItemTitle + MyPlatypusApp + Suffixes + + * + + TextBackground + #ffffff + TextEncoding + 4 + TextFont + Monaco + TextForeground + #000000 + TextSize + 10 + UseXMLPlistFormat + + Version + 1.0 + + diff --git a/pkg/osx/install/tun.kext/Info.plist b/pkg/osx/install/tun.kext/Info.plist new file mode 100644 index 00000000..fb69ba85 --- /dev/null +++ b/pkg/osx/install/tun.kext/Info.plist @@ -0,0 +1,36 @@ + + + + + CFBundleDevelopmentRegion + English + CFBundleExecutable + tun + CFBundleIdentifier + leap.tun + CFBundleInfoDictionaryVersion + 6.0 + CFBundleName + tun + CFBundlePackageType + KEXT + CFBundleShortVersionString + 20120120 + CFBundleSignature + ???? + CFBundleVersion + 1.0 + OSBundleLibraries + + com.apple.kpi.mach + 8.0 + com.apple.kpi.bsd + 8.0 + com.apple.kpi.libkern + 8.0 + com.apple.kpi.unsupported + 8.0 + + + + -- cgit v1.2.3 From c8b6c7c423febce9e6eaa17ece0fad047e6c1242 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Thu, 13 Jun 2013 01:27:43 +0900 Subject: add updown scripts --- pkg/osx/install/client.down.sh | 32 +++++++++++++++++--------------- pkg/osx/install/client.up.sh | 29 ++++++++++++++++------------- 2 files changed, 33 insertions(+), 28 deletions(-) (limited to 'pkg/osx/install') diff --git a/pkg/osx/install/client.down.sh b/pkg/osx/install/client.down.sh index 66467c08..52ba4de6 100755 --- a/pkg/osx/install/client.down.sh +++ b/pkg/osx/install/client.down.sh @@ -2,7 +2,8 @@ # Note: must be bash; uses bash-specific tricks # # ****************************************************************************************************************** -# This Tunnelblick script does everything! It handles TUN and TAP interfaces, +# Based on the Tunnelblick script that just "does everything!" +# It handles TUN and TAP interfaces, # pushed configurations and DHCP leases. :) # # This is the "Down" version of the script, executed after the connection is @@ -11,6 +12,7 @@ # Created by: Nick Williams (using original code and parts of old Tblk scripts) # # ****************************************************************************************************************** +# TODO: review and adapt version 3 of the clientX.down.sh trap "" TSTP trap "" HUP @@ -26,30 +28,30 @@ if ! scutil -w State:/Network/OpenVPN &>/dev/null -t 1 ; then exit 0 fi -# NOTE: This script does not use any arguments passed to it by OpenVPN, so it doesn't shift Tunnelblick options out of the argument list +# NOTE: This script does not use any arguments passed to it by OpenVPN, so it doesn't shift LEAPClient options out of the argument list # Get info saved by the up script -TUNNELBLICK_CONFIG="$(/usr/sbin/scutil <<-EOF +LEAPCLIENT_CONFIG="$(/usr/sbin/scutil <<-EOF open show State:/Network/OpenVPN quit EOF)" -ARG_MONITOR_NETWORK_CONFIGURATION="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*MonitorNetwork :' | sed -e 's/^.*: //g')" -LEASEWATCHER_PLIST_PATH="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*LeaseWatcherPlistPath :' | sed -e 's/^.*: //g')" -PSID="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*Service :' | sed -e 's/^.*: //g')" -SCRIPT_LOG_FILE="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*ScriptLogFile :' | sed -e 's/^.*: //g')" -# Don't need: ARG_RESTORE_ON_DNS_RESET="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*RestoreOnDNSReset :' | sed -e 's/^.*: //g')" -# Don't need: ARG_RESTORE_ON_WINS_RESET="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*RestoreOnWINSReset :' | sed -e 's/^.*: //g')" -# Don't need: PROCESS="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*PID :' | sed -e 's/^.*: //g')" -# Don't need: ARG_IGNORE_OPTION_FLAGS="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*IgnoreOptionFlags :' | sed -e 's/^.*: //g')" -ARG_TAP="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*IsTapInterface :' | sed -e 's/^.*: //g')" -bRouteGatewayIsDhcp="$(echo "${TUNNELBLICK_CONFIG}" | grep -i '^[[:space:]]*RouteGatewayIsDhcp :' | sed -e 's/^.*: //g')" +ARG_MONITOR_NETWORK_CONFIGURATION="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*MonitorNetwork :' | sed -e 's/^.*: //g')" +LEASEWATCHER_PLIST_PATH="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*LeaseWatcherPlistPath :' | sed -e 's/^.*: //g')" +PSID="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*Service :' | sed -e 's/^.*: //g')" +SCRIPT_LOG_FILE="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*ScriptLogFile :' | sed -e 's/^.*: //g')" +# Don't need: ARG_RESTORE_ON_DNS_RESET="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*RestoreOnDNSReset :' | sed -e 's/^.*: //g')" +# Don't need: ARG_RESTORE_ON_WINS_RESET="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*RestoreOnWINSReset :' | sed -e 's/^.*: //g')" +# Don't need: PROCESS="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*PID :' | sed -e 's/^.*: //g')" +# Don't need: ARG_IGNORE_OPTION_FLAGS="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*IgnoreOptionFlags :' | sed -e 's/^.*: //g')" +ARG_TAP="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*IsTapInterface :' | sed -e 's/^.*: //g')" +bRouteGatewayIsDhcp="$(echo "${LEAPCLIENT_CONFIG}" | grep -i '^[[:space:]]*RouteGatewayIsDhcp :' | sed -e 's/^.*: //g')" # @param String message - The message to log logMessage() { - echo "$(date '+%a %b %e %T %Y') *Tunnelblick $LOG_MESSAGE_COMMAND: "${@} >> "${SCRIPT_LOG_FILE}" + echo "$(date '+%a %b %e %T %Y') *LEAP CLient $LOG_MESSAGE_COMMAND: "${@} >> "${SCRIPT_LOG_FILE}" } trim() @@ -97,7 +99,7 @@ WINS_OLD="$(/usr/sbin/scutil <<-EOF quit EOF)" TB_NO_SUCH_KEY=" { - TunnelblickNoSuchKey : true + LEAPClientNoSuchKey : true }" if [ "${DNS_OLD}" = "${TB_NO_SUCH_KEY}" ] ; then diff --git a/pkg/osx/install/client.up.sh b/pkg/osx/install/client.up.sh index fc7e341a..be9814c2 100755 --- a/pkg/osx/install/client.up.sh +++ b/pkg/osx/install/client.up.sh @@ -2,7 +2,8 @@ # Note: must be bash; uses bash-specific tricks # # ****************************************************************************************************************** -# This Tunnelblick script does everything! It handles TUN and TAP interfaces, +# Taken from the Tunnelblick script that "just does everything!" +# It handles TUN and TAP interfaces, # pushed configurations, DHCP with DNS and WINS, and renewed DHCP leases. :) # # This is the "Up" version of the script, executed after the interface is @@ -11,6 +12,7 @@ # Created by: Nick Williams (using original code and parts of old Tblk scripts) # # ****************************************************************************************************************** +# TODO: review and adapt revision 3 of the clientX-up.sh instead trap "" TSTP trap "" HUP @@ -19,7 +21,7 @@ export PATH="/bin:/sbin:/usr/sbin:/usr/bin" # Process optional arguments (if any) for the script # Each one begins with a "-" -# They come from Tunnelblick, and come first, before the OpenVPN arguments +# They come from the leap-client invocation, and come first, before the OpenVPN arguments # So we set ARG_ script variables to their values and shift them out of the argument list # When we're done, only the OpenVPN arguments remain for the rest of the script to use ARG_MONITOR_NETWORK_CONFIGURATION="false" @@ -63,24 +65,25 @@ readonly ARG_MONITOR_NETWORK_CONFIGURATION ARG_RESTORE_ON_DNS_RESET ARG_RESTORE_ # then convert to regular config /Users/Jonathan/Library/Application Support/Tunnelblick/Configurations/Folder/Subfolder/config.ovpn # to get the script log path # Note: "/Users/..." works even if the home directory has a different path; it is used in the name of the log file, and is not used as a path to get to anything. -readonly TBALTPREFIX="/Library/Application Support/Tunnelblick/Users/" +readonly TBALTPREFIX="/Library/Application Support/LEAP Client/Users/" readonly TBALTPREFIXLEN="${#TBALTPREFIX}" readonly TBCONFIGSTART="${config:0:$TBALTPREFIXLEN}" if [ "$TBCONFIGSTART" = "$TBALTPREFIX" ] ; then readonly TBBASE="${config:$TBALTPREFIXLEN}" readonly TBSUFFIX="${TBBASE#*/}" readonly TBUSERNAME="${TBBASE%%/*}" - readonly TBCONFIG="/Users/$TBUSERNAME/Library/Application Support/Tunnelblick/Configurations/$TBSUFFIX" + readonly TBCONFIG="/Users/$TBUSERNAME/Library/Application Support/LEAP Client/Configurations/$TBSUFFIX" else readonly TBCONFIG="${config}" fi readonly CONFIG_PATH_DASHES_SLASHES="$(echo "${TBCONFIG}" | sed -e 's/-/--/g' | sed -e 's/\//-S/g')" -readonly SCRIPT_LOG_FILE="/Library/Application Support/Tunnelblick/Logs/${CONFIG_PATH_DASHES_SLASHES}.script.log" +# XXX PUT LOGS SOMEWHERE BETTER +readonly SCRIPT_LOG_FILE="/Users/$LEAPUSER/.config/leap/logs/${CONFIG_PATH_DASHES_SLASHES}.script.log" readonly TB_RESOURCE_PATH=$(dirname "${0}") -LEASEWATCHER_PLIST_PATH="/Library/Application Support/Tunnelblick/LeaseWatch.plist" +LEASEWATCHER_PLIST_PATH="/Users/$LEAPUSER/.config/leap/logs/LeaseWatch.plist" readonly OSVER="$(sw_vers | grep 'ProductVersion:' | grep -o '10\.[0-9]*')" @@ -92,7 +95,7 @@ bRouteGatewayIsDhcp="false" readonly LOG_MESSAGE_COMMAND=$(basename "${0}") logMessage() { - echo "$(date '+%a %b %e %T %Y') *Tunnelblick $LOG_MESSAGE_COMMAND: "${@} >> "${SCRIPT_LOG_FILE}" + echo "$(date '+%a %b %e %T %Y') *LEAP Client $LOG_MESSAGE_COMMAND: "${@} >> "${SCRIPT_LOG_FILE}" } # @param String string - Content to trim @@ -270,7 +273,7 @@ EOF )" fi # Now, do the aggregation - # Save the openvpn process ID and the Network Primary Service ID, leasewather.plist path, logfile path, and optional arguments from Tunnelblick, + # Save the openvpn process ID and the Network Primary Service ID, leasewather.plist path, logfile path, and optional arguments from LEAP Client, # then save old and new DNS and WINS settings # PPID is a bash-script variable that contains the process ID of the parent of the process running the script (i.e., OpenVPN's process ID) # config is an environmental variable set to the configuration path by OpenVPN prior to running this up script @@ -290,7 +293,7 @@ EOF )" CORRECT_OLD_WINS_KEY="State:" fi - # If we are not expecting any WINS value, add to the expected WINS setup + # If we are not expecting any WINS value, add to the expected WINS setup NO_NOSUCH_KEY_WINS="#" if [ "${NO_NB}" = "#" -a "${AGG_WINS}" = "#" -a "${NO_WG}" = "#" ] ; then NO_NOSUCH_KEY_WINS="" @@ -315,14 +318,14 @@ EOF )" set State:/Network/OpenVPN # First, back up the device's current DNS and WINS configurations - # Indicate 'no such key' by a dictionary with a single entry: "TunnelblickNoSuchKey : true" + # Indicate 'no such key' by a dictionary with a single entry: "LEAPClientNoSuchKey : true" d.init - d.add TunnelblickNoSuchKey true + d.add LEAPClientNoSuchKey true get ${CORRECT_OLD_DNS_KEY}/Network/Service/${PSID}/DNS set State:/Network/OpenVPN/OldDNS d.init - d.add TunnelblickNoSuchKey true + d.add LEAPClientNoSuchKey true get ${CORRECT_OLD_WINS_KEY}/Network/Service/${PSID}/SMB set State:/Network/OpenVPN/OldSMB @@ -353,7 +356,7 @@ EOF )" ${NO_NB}d.add NetBIOSName ${STATIC_NETBIOSNAME} ${AGG_WINS}d.add WINSAddresses * ${ALL_WINS_SERVERS} ${NO_WG}d.add Workgroup ${STATIC_WORKGROUP} - ${NO_NOSUCH_KEY_WINS}d.add TunnelblickNoSuchKey true + ${NO_NOSUCH_KEY_WINS}d.add LEAPClientNoSuchKey true set State:/Network/OpenVPN/SMB # We are done -- cgit v1.2.3