[people/stevee/network.git] / src / hooks / zones / pptp

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2013  IPFire Network Development Team                         #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

. /usr/lib/network/header-zone

HOOK_SETTINGS="HOOK AUTH INTERFACE_ADDRESS IPV6 MTU PASSWORD PEER_ADDRESS PORT"
HOOK_SETTINGS="${HOOK_SETTINGS} PREFIX PREFIX_DELEGATION REFUSED_AUTH_METHODS"
HOOK_SETTINGS="${HOOK_SETTINGS} USERNAME USE_DHCP"

# User credentials for the dialin.
USERNAME=""
PASSWORD=""

# The physical ethernet port the modem is connected to.
PORT=""

# The IPv4 address of the PPTP server to connect to.
PEER_ADDRESS=""

# Set the authentication mechanism.
AUTH=""

# Maximum Transmission Unit.
# 1492 is a very common value for that.
MTU="1492"

# This hook can work with all authentication methods supported by pppd.
PPP_SUPPORTED_AUTH_METHODS="${PPP_SUPPORTED_AUTH_METHODS}"

# Use DHCP to get a IPv4 Address for the interface.
USE_DHCP="false"

# Request an IPv6 address.
IPV6="true"

# Use IPv6 prefix delegation.
PREFIX_DELEGATION="false"

# A list of refused authentification methods.
REFUSED_AUTH_METHODS=""

function hook_check_settings() {
	assert isset USERNAME
	assert isset PASSWORD
	assert isset PEER_ADDRESS
	assert isset IPV6
	assert isset PREFIX_DELEGATION

	# Check for valid port and IP settings.
	if isset PORT; then
		assert isset DHCP

		# Check if port exists.
		assert port_exists ${PORT}

		# Check for valid interface address.
		assert isset INTERFACE_ADDRESS

		if ! ipv4_is_valid "${INTERFACE_ADDRESS}"; then
			log ERROR "Invalid interface address. Please use a valid IPv4 address."
			return ${EXIT_ERROR}
		fi

		# Check for a valid network prefix.
		assert isinteger PREFIX

		if [ ${PREFIX} -gt 30 ]; then
			error "PREFIX is greater than 30."
			exit ${EXIT_ERROR}
		fi
	fi

	# Check if the peer-address is valid.
	if ! ipv4_is_valid "${PEER_ADDRESS}"; then
		log ERROR "Invalid peer-address. Please use a valid IPv4 address."
		return ${EXIT_ERROR}
	fi

	# Check if a supported AUTH Mechanism has been given.
	isset AUTH && assert isoneof AUTH ${PPP_SUPPORTED_AUTH_METHODS}
}

function hook_parse_cmdline() {
	while [ $# -gt 0 ]; do
		case "${1}" in
			--auth=*)
				AUTH="$(cli_get_val ${1})"
				;;
			--interface-address=*)
				INTERFACE_ADDRESS="$(cli_get_val ${1})"
				;;
			--ipv6=*)
				local value="$(cli_get_val "${1}")"

				if enabled value; then
					IPV6="true"
				else
					IPV6="false"
				fi
				;;
			--mtu=*)
				MTU="$(cli_get_val ${1})"
				;;
			--password=*)
				PASSWORD="$(cli_get_val ${1})"
				;;
			--peer-address=*)
				PEER_ADDRESS="$(cli_get_val ${1})"
				;;
			--port=*)
				PORT="$(cli_get_val ${1})"
				;;
			--prefix=*)
				PREFIX="$(cli_get_val ${1})"
				;;
			--prefix-delegation=*)
				local value="$(cli_get_val "${1}")"

				if enabled value; then
					PREFIX_DELEGATION="true"
				else
					PREFIX_DELEGATION="false"
				fi
				;;
			--refuse-auth-methods=*)
				REFUSED_AUTH_METHODS="$(cli_get_val ${1})"
				;;
			--username=*)
				USERNAME="$(cli_get_val ${1})"
				;;
			--use-dhcp=*)
				local value="$(cli_get_val "${1}")"

				if enabled value; then
					USE_DHCP="true"
				else
					USE_DHCP="false"
				fi
				;;
			*)
				warning "Unknown argument: ${1}" >&2
				;;
		esac
		shift
	done
}

function hook_up() {
	local zone="${1}"
	assert isset zone

	zone_settings_read "${zone}"

	# Check if a port will be used.
	if isset PORT; then
		# Bring up the port.
		log DEBUG "Bringing up port '${PORT}'."
		port_up "${PORT}"

		# Check if DHCP will be used, or a static IP has been configured.
		if enabled USE_DHCP; then
			# Start dhclient for IPv4 on this zone.
			dhclient_start "${PORT}" "ipv4"
		else
			# Add ip address and network prefix.
			ip_address_add "${PORT}" "${INTERFACE_ADDRESS}"/"${PREFIX}"
		fi
	fi

	# Start the ppp daemon.
	pppd_start "${zone}"

	exit ${EXIT_OK}
}

function hook_down() {
	local zone="${1}"
	assert isset zone

	zone_settings_read "${zone}"

	# Stop the ppp daemon.
	pppd_stop "${zone}"

	# Check if a port has been used.
	if isset PORT; then
		# Stop DHCP-Client or remove static IP address.
		if enabled USE_DHCP; then
			# Stop dhclient for IPv4 on this zone.
			dhclient_stop "${PORT}" "ipv4"		
		else
			# Remove address from interface.
			ip_address_del "${PORT}" "${INTERFACE_ADDRESS}"/"${PREFIX}"
		fi

		# Bring down the port.
		log DEBUG "Bringing down port '${PORT}'."
		port_down "${PORT}"
	fi

	exit ${EXIT_OK}
}

function hook_status() {
	local zone="${1}"
	assert isset zone

	cli_device_headline "${zone}"

	zone_settings_read "${zone}"

	# Display port configuration if a port is used.
	if isset PORT; then
		cli_headline 2 "Configuration"
		cli_print_fmt1 2 "IP Address" "${INTERFACE_ADDRESS}"/"${PREFIX}"
		cli_print_fmt1 2 "Peer Address" "${PEER_ADDRESS}"
		cli_print_fmt1 2 "Port" "${PORT}"
		cli_space
	fi

	cli_headline 2 "Dialin Information"
	cli_print_fmt1 2 "Username" "${USERNAME}"
	cli_print_fmt1 2 "Password" "<hidden>"
	cli_space

	# Exit if zone is down
	if ! zone_is_up ${zone}; then
		echo # Empty line
		exit ${EXIT_ERROR}
	fi

	cli_headline 2 "Point-to-Point-Tunneling protocol"
	local proto
	for proto in ${IP_SUPPORTED_PROTOCOLS}; do
		routing_db_exists ${zone} ${proto} || continue

		local headline
		case "${proto}" in
			ipv6)
				headline="Internet Protocol Version 6"
				;;
			ipv4)
				headline="Internet Protocol Version 4"
				;;
			*)
				headline="Unkown protocol"
				;;
		esac
		cli_headline 3 "${headline}"

		cli_print_fmt1 3 "IP address"  "$(routing_db_get "${zone}" "${proto}" "local-ip-address")"
		cli_print_fmt1 3 "Gateway"     "$(routing_db_get "${zone}" "${proto}" "remote-ip-address")"
		cli_print_fmt1 3 "DNS servers" "$(routing_db_get "${zone}" "${proto}" "dns")"
		cli_space
	done

	exit ${EXIT_OK}
}

function hook_ppp_write_config() {
	local zone="${1}"
	assert isset zone

	local file="${2}"
	assert isset file

	# Read in the configuration files.
	zone_settings_read "${zone}"

	# Prepare the command line options for the pptp plugin.
	local pptp_commandline="pptp ${PEER_ADDRESS} --nolaunchpppd"

	pppd_write_config ${file} \
		--interface="${zone}" \
		--username="${USERNAME}" \
		--password="${PASSWORD}" \
		--mtu="${MTU}" \
		--auth="${AUTH}" \
		--pty="${pptp_commandline}" \
		--ipv6="${IPV6}" \
		--refuse="${REFUSED_AUTH_METHODS}"

	exit ${EXIT_OK}
}
Commit	Line	Data
7649cf73 SS	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2013 IPFire Network Development Team #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
	22	. /usr/lib/network/header-zone
	23
	24	HOOK_SETTINGS="HOOK AUTH INTERFACE_ADDRESS IPV6 MTU PASSWORD PEER_ADDRESS PORT"
	25	HOOK_SETTINGS="${HOOK_SETTINGS} PREFIX PREFIX_DELEGATION REFUSED_AUTH_METHODS"
	26	HOOK_SETTINGS="${HOOK_SETTINGS} USERNAME USE_DHCP"
	27
	28	# User credentials for the dialin.
	29	USERNAME=""
	30	PASSWORD=""
	31
	32	# The physical ethernet port the modem is connected to.
	33	PORT=""
	34
	35	# The IPv4 address of the PPTP server to connect to.
	36	PEER_ADDRESS=""
	37
	38	# Set the authentication mechanism.
	39	AUTH=""
	40
	41	# Maximum Transmission Unit.
	42	# 1492 is a very common value for that.
	43	MTU="1492"
	44
	45	# This hook can work with all authentication methods supported by pppd.
	46	PPP_SUPPORTED_AUTH_METHODS="${PPP_SUPPORTED_AUTH_METHODS}"
	47
	48	# Use DHCP to get a IPv4 Address for the interface.
	49	USE_DHCP="false"
	50
	51	# Request an IPv6 address.
	52	IPV6="true"
	53
	54	# Use IPv6 prefix delegation.
	55	PREFIX_DELEGATION="false"
	56
	57	# A list of refused authentification methods.
	58	REFUSED_AUTH_METHODS=""
	59
1e6f187e	60	function hook_check_settings() {
7649cf73 SS	61	assert isset USERNAME
	62	assert isset PASSWORD
	63	assert isset PEER_ADDRESS
	64	assert isset IPV6
	65	assert isset PREFIX_DELEGATION
	66
	67	# Check for valid port and IP settings.
	68	if isset PORT; then
	69	assert isset DHCP
	70
	71	# Check if port exists.
	72	assert port_exists ${PORT}
	73
	74	# Check for valid interface address.
	75	assert isset INTERFACE_ADDRESS
	76
	77	if ! ipv4_is_valid "${INTERFACE_ADDRESS}"; then
	78	log ERROR "Invalid interface address. Please use a valid IPv4 address."
	79	return ${EXIT_ERROR}
	80	fi
	81
	82	# Check for a valid network prefix.
	83	assert isinteger PREFIX
	84
	85	if [ ${PREFIX} -gt 30 ]; then
	86	error "PREFIX is greater than 30."
	87	exit ${EXIT_ERROR}
	88	fi
e9df08ad	89	fi
7649cf73 SS	90
	91	# Check if the peer-address is valid.
	92	if ! ipv4_is_valid "${PEER_ADDRESS}"; then
	93	log ERROR "Invalid peer-address. Please use a valid IPv4 address."
	94	return ${EXIT_ERROR}
	95	fi
	96
	97	# Check if a supported AUTH Mechanism has been given.
	98	isset AUTH && assert isoneof AUTH ${PPP_SUPPORTED_AUTH_METHODS}
	99	}
	100
	101	function hook_parse_cmdline() {
	102	while [ $# -gt 0 ]; do
	103	case "${1}" in
	104	--auth=*)
	105	AUTH="$(cli_get_val ${1})"
	106	;;
	107	--interface-address=*)
	108	INTERFACE_ADDRESS="$(cli_get_val ${1})"
	109	;;
	110	--ipv6=*)
	111	local value="$(cli_get_val "${1}")"
	112
	113	if enabled value; then
	114	IPV6="true"
	115	else
	116	IPV6="false"
	117	fi
	118	;;
	119	--mtu=*)
	120	MTU="$(cli_get_val ${1})"
	121	;;
	122	--password=*)
	123	PASSWORD="$(cli_get_val ${1})"
	124	;;
	125	--peer-address=*)
	126	PEER_ADDRESS="$(cli_get_val ${1})"
	127	;;
	128	--port=*)
	129	PORT="$(cli_get_val ${1})"
	130	;;
	131	--prefix=*)
	132	PREFIX="$(cli_get_val ${1})"
	133	;;
	134	--prefix-delegation=*)
	135	local value="$(cli_get_val "${1}")"
	136
	137	if enabled value; then
	138	PREFIX_DELEGATION="true"
	139	else
	140	PREFIX_DELEGATION="false"
	141	fi
	142	;;
	143	--refuse-auth-methods=*)
	144	REFUSED_AUTH_METHODS="$(cli_get_val ${1})"
	145	;;
	146	--username=*)
	147	USERNAME="$(cli_get_val ${1})"
	148	;;
	149	--use-dhcp=*)
	150	local value="$(cli_get_val "${1}")"
	151
	152	if enabled value; then
	153	USE_DHCP="true"
154	else
155	USE_DHCP="false"
156	fi
157	;;
158	*)
159	warning "Unknown argument: ${1}" >&2
160	;;
161	esac
162	shift
163	done
164	}
165
166	function hook_up() {
167	local zone="${1}"
168	assert isset zone
169
1e6f187e	170	zone_settings_read "${zone}"
7649cf73 SS	171
	172	# Check if a port will be used.
	173	if isset PORT; then
7649cf73 SS	174	# Bring up the port.
	175	log DEBUG "Bringing up port '${PORT}'."
	176	port_up "${PORT}"
	177
	178	# Check if DHCP will be used, or a static IP has been configured.
	179	if enabled USE_DHCP; then
	180	# Start dhclient for IPv4 on this zone.
	181	dhclient_start "${PORT}" "ipv4"
	182	else
	183	# Add ip address and network prefix.
	184	ip_address_add "${PORT}" "${INTERFACE_ADDRESS}"/"${PREFIX}"
	185	fi
	186	fi
	187
	188	# Start the ppp daemon.
	189	pppd_start "${zone}"
	190
	191	exit ${EXIT_OK}
	192	}
	193
	194	function hook_down() {
	195	local zone="${1}"
	196	assert isset zone
	197
1e6f187e	198	zone_settings_read "${zone}"
7649cf73 SS	199
	200	# Stop the ppp daemon.
	201	pppd_stop "${zone}"
	202
7649cf73 SS	203	# Check if a port has been used.
7649cf73 SS	204	if isset PORT; then
7649cf73 SS	205	# Stop DHCP-Client or remove static IP address.
	206	if enabled USE_DHCP; then
	207	# Stop dhclient for IPv4 on this zone.
	208	dhclient_stop "${PORT}" "ipv4"
	209	else
	210	# Remove address from interface.
	211	ip_address_del "${PORT}" "${INTERFACE_ADDRESS}"/"${PREFIX}"
	212	fi
	213
	214	# Bring down the port.
	215	log DEBUG "Bringing down port '${PORT}'."
	216	port_down "${PORT}"
	217	fi
	218
	219	exit ${EXIT_OK}
	220	}
	221
	222	function hook_status() {
	223	local zone="${1}"
	224	assert isset zone
	225
	226	cli_device_headline "${zone}"
	227
1e6f187e	228	zone_settings_read "${zone}"
7649cf73 SS	229
	230	# Display port configuration if a port is used.
	231	if isset PORT; then
	232	cli_headline 2 "Configuration"
	233	cli_print_fmt1 2 "IP Address" "${INTERFACE_ADDRESS}"/"${PREFIX}"
	234	cli_print_fmt1 2 "Peer Address" "${PEER_ADDRESS}"
	235	cli_print_fmt1 2 "Port" "${PORT}"
	236	cli_space
	237	fi
	238
	239	cli_headline 2 "Dialin Information"
	240	cli_print_fmt1 2 "Username" "${USERNAME}"
	241	cli_print_fmt1 2 "Password" "<hidden>"
	242	cli_space
	243
	244	# Exit if zone is down
	245	if ! zone_is_up ${zone}; then
	246	echo # Empty line
	247	exit ${EXIT_ERROR}
	248	fi
	249
	250	cli_headline 2 "Point-to-Point-Tunneling protocol"
	251	local proto
	252	for proto in ${IP_SUPPORTED_PROTOCOLS}; do
	253	routing_db_exists ${zone} ${proto} \|\| continue
	254
	255	local headline
	256	case "${proto}" in
	257	ipv6)
	258	headline="Internet Protocol Version 6"
	259	;;
	260	ipv4)
	261	headline="Internet Protocol Version 4"
	262	;;
	263	*)
	264	headline="Unkown protocol"
	265	;;
	266	esac
	267	cli_headline 3 "${headline}"
	268
	269	cli_print_fmt1 3 "IP address" "$(routing_db_get "${zone}" "${proto}" "local-ip-address")"
	270	cli_print_fmt1 3 "Gateway" "$(routing_db_get "${zone}" "${proto}" "remote-ip-address")"
	271	cli_print_fmt1 3 "DNS servers" "$(routing_db_get "${zone}" "${proto}" "dns")"
	272	cli_space
	273	done
	274
	275	exit ${EXIT_OK}
	276	}
	277
	278	function hook_ppp_write_config() {
	279	local zone="${1}"
	280	assert isset zone
	281
	282	local file="${2}"
	283	assert isset file
	284
	285	# Read in the configuration files.
1e6f187e	286	zone_settings_read "${zone}"
7649cf73 SS	287
	288	# Prepare the command line options for the pptp plugin.
	289	local pptp_commandline="pptp ${PEER_ADDRESS} --nolaunchpppd"
	290
	291	pppd_write_config ${file} \
	292	--interface="${zone}" \
	293	--username="${USERNAME}" \
	294	--password="${PASSWORD}" \
	295	--mtu="${MTU}" \
	296	--auth="${AUTH}" \
	297	--pty="${pptp_commandline}" \
	298	--ipv6="${IPV6}" \
	299	--refuse="${REFUSED_AUTH_METHODS}"
	300
	301	exit ${EXIT_OK}
	302	}