Merge pull request #595 from ffainelli/stoken

Add stoken and update openconnect to use it

net/openconnect/Config.in

@@ -15,4 +15,7 @@ config OPENCONNECT_OPENSSL
 
 endchoice
 
+config OPENCONNECT_STOKEN
+	bool "stoken support"
+
 endmenu

net/openconnect/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openconnect
 PKG_VERSION:=7.00
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=ftp://ftp.infradead.org/pub/openconnect/
@@ -29,7 +29,7 @@ endef
 define Package/openconnect
   SECTION:=net
   CATEGORY:=Network
-  DEPENDS:=+libxml2 +kmod-tun +resolveip +OPENCONNECT_OPENSSL:libopenssl +OPENCONNECT_GNUTLS:libgnutls
+  DEPENDS:=+libxml2 +kmod-tun +resolveip +OPENCONNECT_OPENSSL:libopenssl +OPENCONNECT_GNUTLS:libgnutls +OPENCONNECT_STOKEN:libstoken
   TITLE:=OpenConnect VPN client (Cisco AnyConnect compatible)
   MAINTAINER:=Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
   URL:=http://www.infradead.org/openconnect/
@@ -48,13 +48,19 @@ endef
 CONFIGURE_ARGS += \
 	--disable-shared \
 	--with-vpnc-script=/lib/netifd/vpnc-script \
-	--without-libpcsclite
+	--without-libpcsclite \
+	--without-stoken
 
 ifeq ($(CONFIG_OPENCONNECT_OPENSSL),y)
 CONFIGURE_ARGS += \
 	--without-gnutls
 endif
 
+ifeq ($(CONFIG_OPENCONNECT_STOKEN),y)
+CONFIGURE_ARGS += \
+	--with-stoken
+endif
+
 define Package/openconnect/install
 	$(INSTALL_DIR) $(1)/etc/openconnect/
 	$(INSTALL_DIR) $(1)/lib/netifd/proto

net/openconnect/README

@@ -11,6 +11,8 @@ config interface 'MYVPN'
         option username 'test'
         option password 'secret'
         option serverhash 'AE7FF6A0426F0A0CD0A02EB9EC3C5066FAEB0B25'
+        option token_mode 'rsa' # when built with stoken support
+        option token_secret 'secret' # when built with stoken support
 
 The additional files are also used:
 /etc/openconnect/user-cert-vpn-MYVPN.pem: The user certificate

net/openconnect/files/openconnect.sh

@@ -17,7 +17,7 @@ proto_openconnect_init_config() {
 proto_openconnect_setup() {
 	local config="$1"
 
-	json_get_vars server port username serverhash authgroup password vgroup
+	json_get_vars server port username serverhash authgroup password vgroup token_mode token_secret
 
 	grep -q tun /proc/modules || insmod tun
 
@@ -57,6 +57,9 @@ proto_openconnect_setup() {
 		append cmdline "--passwd-on-stdin"
 	}
 
+	[ -n "$token_mode" ] && append cmdline "--token-mode=$token_mode"
+	[ -n "$token_secret" ] && append cmdline "--token-secret=$token_secret"
+
 	proto_export INTERFACE="$config"
 	logger -t openconnect "executing 'openconnect $cmdline'"
 

utils/stoken/Makefile

@@ -0,0 +1,77 @@
+#
+# Copyright (C) 2014 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=stoken
+PKG_VERSION:=0.8
+PKG_REV:=c4d79ffbf5053e44be4b64da22b1b7fb6a51daf2
+PKG_RELEASE:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/cernekee/stoken.git
+
+PKG_SOURCE_VERSION:=$(PKG_REV)
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_REV).tar.gz
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_MAINTAINER:=Florian Fainelli <florian@openwrt.org>
+PKG_LICENSE:=LGPL-2.1
+PKG_INSTALL:=1
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_SOURCE_SUBDIR)
+
+PKG_FIXUP:=autoreconf
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/stoken/Default
+  TITLE:=stoken is a tokencode generator compatible with RSA SecurID 128-bit (AES)
+  URL:=http://sourceforge.net/p/stoken/
+  DEPENDS:= +libxml2 +libnettle
+endef
+
+define Package/stoken
+  $(call Package/stoken/Default)
+  SECTION:=utils
+  CATEGORY:=Utilities
+  DEPENDS:=+libstoken
+  MENU:=1
+endef
+
+define Package/stoken/description
+  stoken is a tokencode generator compatible with RSA SecurID 128-bit (AES). This package contains the cli
+endef
+
+define Package/libstoken
+  $(call Package/stoken/Default)
+  SECTION:=libs
+  CATEGORY:=Libraries
+endef
+
+CONFIGURE_ARGS += \
+	--with-nettle
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/usr/include $(1)/usr/lib/pkgconfig
+	$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libstoken*.{la,a,so*} $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/stoken.pc \
+		$(1)/usr/lib/pkgconfig/
+endef
+
+define Package/stoken/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/stoken $(1)/usr/bin/
+endef
+
+define Package/libstoken/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libstoken*.so* $(1)/usr/lib
+endef
+
+$(eval $(call BuildPackage,stoken))
+$(eval $(call BuildPackage,libstoken))