]> git.ipfire.org Git - people/stevee/network.git/blob - src/hooks/zones/pptp
projects / people / stevee / network.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix hook settings writing and checking
[people/stevee/network.git] / src / hooks / zones / pptp
1 #!/bin/bash
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2013 IPFire Network Development Team #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 . /usr/lib/network/header-zone
23
24 HOOK_SETTINGS="HOOK AUTH INTERFACE_ADDRESS IPV6 MTU PASSWORD PEER_ADDRESS PORT"
25 HOOK_SETTINGS="${HOOK_SETTINGS} PREFIX PREFIX_DELEGATION REFUSED_AUTH_METHODS"
26 HOOK_SETTINGS="${HOOK_SETTINGS} USERNAME USE_DHCP"
27
28 # User credentials for the dialin.
29 USERNAME=""
30 PASSWORD=""
31
32 # The physical ethernet port the modem is connected to.
33 PORT=""
34
35 # The IPv4 address of the PPTP server to connect to.
36 PEER_ADDRESS=""
37
38 # Set the authentication mechanism.
39 AUTH=""
40
41 # Maximum Transmission Unit.
42 # 1492 is a very common value for that.
43 MTU="1492"
44
45 # This hook can work with all authentication methods supported by pppd.
46 PPP_SUPPORTED_AUTH_METHODS="${PPP_SUPPORTED_AUTH_METHODS}"
47
48 # Use DHCP to get a IPv4 Address for the interface.
49 USE_DHCP="false"
50
51 # Request an IPv6 address.
52 IPV6="true"
53
54 # Use IPv6 prefix delegation.
55 PREFIX_DELEGATION="false"
56
57 # A list of refused authentification methods.
58 REFUSED_AUTH_METHODS=""
59
60 function hook_check_settings() {
61 assert isset USERNAME
62 assert isset PASSWORD
63 assert isset PEER_ADDRESS
64 assert isset IPV6
65 assert isset PREFIX_DELEGATION
66
67 # Check for valid port and IP settings.
68 if isset PORT; then
69 assert isset DHCP
70
71 # Check if port exists.
72 assert port_exists ${PORT}
73
74 # Check for valid interface address.
75 assert isset INTERFACE_ADDRESS
76
77 if ! ipv4_is_valid "${INTERFACE_ADDRESS}"; then
78 log ERROR "Invalid interface address. Please use a valid IPv4 address."
79 return ${EXIT_ERROR}
80 fi
81
82 # Check for a valid network prefix.
83 assert isinteger PREFIX
84
85 if [ ${PREFIX} -gt 30 ]; then
86 error "PREFIX is greater than 30."
87 exit ${EXIT_ERROR}
88 fi
89 fi
90
91 # Check if the peer-address is valid.
92 if ! ipv4_is_valid "${PEER_ADDRESS}"; then
93 log ERROR "Invalid peer-address. Please use a valid IPv4 address."
94 return ${EXIT_ERROR}
95 fi
96
97 # Check if a supported AUTH Mechanism has been given.
98 isset AUTH && assert isoneof AUTH ${PPP_SUPPORTED_AUTH_METHODS}
99 }
100
101 function hook_parse_cmdline() {
102 while [ $# -gt 0 ]; do
103 case "${1}" in
104 --auth=*)
105 AUTH="$(cli_get_val ${1})"
106 ;;
107 --interface-address=*)
108 INTERFACE_ADDRESS="$(cli_get_val ${1})"
109 ;;
110 --ipv6=*)
111 local value="$(cli_get_val "${1}")"
112
113 if enabled value; then
114 IPV6="true"
115 else
116 IPV6="false"
117 fi
118 ;;
119 --mtu=*)
120 MTU="$(cli_get_val ${1})"
121 ;;
122 --password=*)
123 PASSWORD="$(cli_get_val ${1})"
124 ;;
125 --peer-address=*)
126 PEER_ADDRESS="$(cli_get_val ${1})"
127 ;;
128 --port=*)
129 PORT="$(cli_get_val ${1})"
130 ;;
131 --prefix=*)
132 PREFIX="$(cli_get_val ${1})"
133 ;;
134 --prefix-delegation=*)
135 local value="$(cli_get_val "${1}")"
136
137 if enabled value; then
138 PREFIX_DELEGATION="true"
139 else
140 PREFIX_DELEGATION="false"
141 fi
142 ;;
143 --refuse-auth-methods=*)
144 REFUSED_AUTH_METHODS="$(cli_get_val ${1})"
145 ;;
146 --username=*)
147 USERNAME="$(cli_get_val ${1})"
148 ;;
149 --use-dhcp=*)
150 local value="$(cli_get_val "${1}")"
151
152 if enabled value; then
153 USE_DHCP="true"
154 else
155 USE_DHCP="false"
156 fi
157 ;;
158 *)
159 warning "Unknown argument: ${1}" >&2
160 ;;
161 esac
162 shift
163 done
164 }
165
166 function hook_up() {
167 local zone="${1}"
168 assert isset zone
169
170 zone_settings_read "${zone}"
171
172 # Check if a port will be used.
173 if isset PORT; then
174 # Bring up the port.
175 log DEBUG "Bringing up port '${PORT}'."
176 port_up "${PORT}"
177
178 # Check if DHCP will be used, or a static IP has been configured.
179 if enabled USE_DHCP; then
180 # Start dhclient for IPv4 on this zone.
181 dhclient_start "${PORT}" "ipv4"
182 else
183 # Add ip address and network prefix.
184 ip_address_add "${PORT}" "${INTERFACE_ADDRESS}"/"${PREFIX}"
185 fi
186 fi
187
188 # Start the ppp daemon.
189 pppd_start "${zone}"
190
191 exit ${EXIT_OK}
192 }
193
194 function hook_down() {
195 local zone="${1}"
196 assert isset zone
197
198 zone_settings_read "${zone}"
199
200 # Stop the ppp daemon.
201 pppd_stop "${zone}"
202
203 # Check if a port has been used.
204 if isset PORT; then
205 # Stop DHCP-Client or remove static IP address.
206 if enabled USE_DHCP; then
207 # Stop dhclient for IPv4 on this zone.
208 dhclient_stop "${PORT}" "ipv4"
209 else
210 # Remove address from interface.
211 ip_address_del "${PORT}" "${INTERFACE_ADDRESS}"/"${PREFIX}"
212 fi
213
214 # Bring down the port.
215 log DEBUG "Bringing down port '${PORT}'."
216 port_down "${PORT}"
217 fi
218
219 exit ${EXIT_OK}
220 }
221
222 function hook_status() {
223 local zone="${1}"
224 assert isset zone
225
226 cli_device_headline "${zone}"
227
228 zone_settings_read "${zone}"
229
230 # Display port configuration if a port is used.
231 if isset PORT; then
232 cli_headline 2 "Configuration"
233 cli_print_fmt1 2 "IP Address" "${INTERFACE_ADDRESS}"/"${PREFIX}"
234 cli_print_fmt1 2 "Peer Address" "${PEER_ADDRESS}"
235 cli_print_fmt1 2 "Port" "${PORT}"
236 cli_space
237 fi
238
239 cli_headline 2 "Dialin Information"
240 cli_print_fmt1 2 "Username" "${USERNAME}"
241 cli_print_fmt1 2 "Password" "<hidden>"
242 cli_space
243
244 # Exit if zone is down
245 if ! zone_is_up ${zone}; then
246 echo # Empty line
247 exit ${EXIT_ERROR}
248 fi
249
250 cli_headline 2 "Point-to-Point-Tunneling protocol"
251 local proto
252 for proto in ${IP_SUPPORTED_PROTOCOLS}; do
253 routing_db_exists ${zone} ${proto} || continue
254
255 local headline
256 case "${proto}" in
257 ipv6)
258 headline="Internet Protocol Version 6"
259 ;;
260 ipv4)
261 headline="Internet Protocol Version 4"
262 ;;
263 *)
264 headline="Unkown protocol"
265 ;;
266 esac
267 cli_headline 3 "${headline}"
268
269 cli_print_fmt1 3 "IP address" "$(routing_db_get "${zone}" "${proto}" "local-ip-address")"
270 cli_print_fmt1 3 "Gateway" "$(routing_db_get "${zone}" "${proto}" "remote-ip-address")"
271 cli_print_fmt1 3 "DNS servers" "$(routing_db_get "${zone}" "${proto}" "dns")"
272 cli_space
273 done
274
275 exit ${EXIT_OK}
276 }
277
278 function hook_ppp_write_config() {
279 local zone="${1}"
280 assert isset zone
281
282 local file="${2}"
283 assert isset file
284
285 # Read in the configuration files.
286 zone_settings_read "${zone}"
287
288 # Prepare the command line options for the pptp plugin.
289 local pptp_commandline="pptp ${PEER_ADDRESS} --nolaunchpppd"
290
291 pppd_write_config ${file} \
292 --interface="${zone}" \
293 --username="${USERNAME}" \
294 --password="${PASSWORD}" \
295 --mtu="${MTU}" \
296 --auth="${AUTH}" \
297 --pty="${pptp_commandline}" \
298 --ipv6="${IPV6}" \
299 --refuse="${REFUSED_AUTH_METHODS}"
300
301 exit ${EXIT_OK}
302 }
Stevee's network tree.