blob: a54802e3bfc9643ff05631f8c0d773a4deb95a61 (
plain)
| 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
 | #!/bin/bash
#
# Parses options from openvpn to update resolv.conf
#
# The only way to enforce that a linux system will not leak DNS
# queries is to replace /etc/resolv.conf with a file that only
# has the DNS resolver specified by the VPN.
#
# That is what this script does. This is what resolvconf is for,
# but sadly it does not always work.
#
# Example envs set from openvpn:
# foreign_option_1='dhcp-option DNS 193.43.27.132'
# foreign_option_2='dhcp-option DNS 193.43.27.133'
# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
#
function up() {
  comment=$(
cat <<SETVAR
#
# This is a temporary resolv.conf set by the LEAP Client in order to
# strictly enforce that DNS lookups are secured by the VPN.
#
# When the LEAP Client quits or the VPN connection it manages is dropped,
# this file will be replace with the regularly scheduled /etc/resolv.conf
#
# If you want custom entries to appear in this file while LEAP is running,
# put them in /etc/leap/resolv-head or /etc/leap/resolv-tail. These files
# should only be writable by root.
#
SETVAR
)
  if [ -f /etc/leap/resolv-head ] ; then
    custom_head=$(cat /etc/leap/resolv-head)
  else
    custom_head=""
  fi
  if [ -f /etc/leap/resolv-tail ] ; then
    custom_tail=$(cat /etc/leap/resolv-tail)
  else
    custom_tail=""
  fi
  for optionname in ${!foreign_option_*} ; do
    option="${!optionname}"
    echo $option
    part1=$(echo "$option" | cut -d " " -f 1)
    if [ "$part1" == "dhcp-option" ] ; then
      part2=$(echo "$option" | cut -d " " -f 2)
      part3=$(echo "$option" | cut -d " " -f 3)
      if [ "$part2" == "DNS" ] ; then
        IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
      fi
      if [ "$part2" == "DOMAIN" ] ; then
        IF_DNS_SEARCH="$IF_DNS_SEARCH $part3"
      fi
    fi
  done
  R=""
  for SS in $IF_DNS_SEARCH ; do
          R="${R}search $SS
"
  done
  for NS in $IF_DNS_NAMESERVERS ; do
          R="${R}nameserver $NS
"
  done
  mv /etc/resolv.conf /etc/resolv.conf.bak
  echo "$comment
$custom_head
$R
$custom_tail" > /etc/resolv.conf
}
function down() {
  if [ -f /etc/resolv.conf.bak ] ; then
    unlink /etc/resolv.conf
    mv /etc/resolv.conf.bak /etc/resolv.conf
  fi
}
case $script_type in
  up)   up   ;;
  down) down ;;
esac
 |