From dcd45c563d4ae12fc8b2d1eafacde6416949df23 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mon, 21 Aug 2017 16:39:17 +0200 Subject: [PATCH] updated to latest upstream and use iproute Resolves: rhbz#1481164 --- vpnc-script | 153 ++++++++++++++++++++++++++++++++++------------- vpnc-script.spec | 11 ++-- 2 files changed, 120 insertions(+), 44 deletions(-) diff --git a/vpnc-script b/vpnc-script index cc49aed..6302987 100644 --- a/vpnc-script +++ b/vpnc-script @@ -121,7 +121,10 @@ if [ -r /etc/openwrt_release ] && [ -n "$OPENWRT_INTERFACE" ]; then include /lib/network MODIFYRESOLVCONF=modify_resolvconf_openwrt RESTORERESOLVCONF=restore_resolvconf_openwrt -elif [ -x /sbin/resolvconf ] && [ "$OS" != "FreeBSD" ]; then # Optional tool on Debian, Ubuntu, Gentoo - but not FreeBSD, it seems to work different +elif [ -x /usr/bin/busctl ]; then # For systemd-resolved (version 229 and above) + MODIFYRESOLVCONF=modify_resolved_manager + RESTORERESOLVCONF=restore_resolved_manager +elif [ -x /sbin/resolvconf ]; then # Optional tool on Debian, Ubuntu, Gentoo and FreeBSD MODIFYRESOLVCONF=modify_resolvconf_manager RESTORERESOLVCONF=restore_resolvconf_manager elif [ -x /sbin/netconfig ]; then # tool on Suse after 11.1 @@ -369,48 +372,31 @@ modify_resolvconf_generic() { # and will be overwritten by vpnc # as long as the above mark is intact" - # Remember the original value of CISCO_DEF_DOMAIN we need it later - CISCO_DEF_DOMAIN_ORIG="$CISCO_DEF_DOMAIN" - # Don't step on INTERNAL_IP4_DNS value, use a temporary variable - INTERNAL_IP4_DNS_TEMP="$INTERNAL_IP4_DNS" + DOMAINS="$CISCO_DEF_DOMAIN" + exec 6< "$RESOLV_CONF_BACKUP" while read LINE <&6 ; do case "$LINE" in - nameserver*) - if [ -n "$INTERNAL_IP4_DNS_TEMP" ]; then - read ONE_NAMESERVER INTERNAL_IP4_DNS_TEMP <<-EOF - $INTERNAL_IP4_DNS_TEMP -EOF - LINE="nameserver $ONE_NAMESERVER" - else - LINE="" - fi - ;; - search*) - if [ -n "$CISCO_DEF_DOMAIN" ]; then - LINE="$LINE $CISCO_DEF_DOMAIN" - CISCO_DEF_DOMAIN="" - fi - ;; - domain*) - if [ -n "$CISCO_DEF_DOMAIN" ]; then - LINE="domain $CISCO_DEF_DOMAIN" - CISCO_DEF_DOMAIN="" - fi - ;; + # omit; we will overwrite these + nameserver*) ;; + # extract listed domains and prepend to list + domain* | search*) DOMAINS="${LINE#* } $DOMAINS" ;; + # retain other lines + *) NEW_RESOLVCONF="$NEW_RESOLVCONF +$LINE" ;; esac - NEW_RESOLVCONF="$NEW_RESOLVCONF -$LINE" done exec 6<&- - for i in $INTERNAL_IP4_DNS_TEMP ; do + for i in $INTERNAL_IP4_DNS ; do NEW_RESOLVCONF="$NEW_RESOLVCONF nameserver $i" done - if [ -n "$CISCO_DEF_DOMAIN" ]; then + # note that "search" is mutually exclusive with "domain"; + # "search" allows multiple domains to be listed, so use that + if [ -n "$DOMAINS" ]; then NEW_RESOLVCONF="$NEW_RESOLVCONF -search $CISCO_DEF_DOMAIN" +search $DOMAINS" fi echo "$NEW_RESOLVCONF" > /etc/resolv.conf @@ -428,12 +414,31 @@ search $CISCO_DEF_DOMAIN" # Cannot use multiple DNS matching in this case OVERRIDE_PRIMARY='d.add OverridePrimary # 1' fi + # Overriding the default gateway breaks split routing + OVERRIDE_GATEWAY="" + # Not overriding the default gateway breaks usage of + # INTERNAL_IP4_DNS. Prepend INTERNAL_IP4_DNS to list + # of used DNS servers + SERVICE=`echo "show State:/Network/Global/IPv4" | scutil | grep -oE '[a-fA-F0-9]{8}-([a-fA-F0-9]{4}-){3}[a-fA-F0-9]{12}'` + SERVICE_DNS=`echo "show State:/Network/Service/$SERVICE/DNS" | scutil | grep -oE '([0-9]{1,3}[\.]){3}[0-9]{1,3}' | xargs` + if [ X"$SERVICE_DNS" != X"$INTERNAL_IP4_DNS" ]; then + scutil >/dev/null 2>&1 <<-EOF + open + get State:/Network/Service/$SERVICE/DNS + d.add ServerAddresses * $INTERNAL_IP4_DNS $SERVICE_DNS + set State:/Network/Service/$SERVICE/DNS + close + EOF + fi + else + # No split routing. Override default gateway + OVERRIDE_GATEWAY="d.add Router $INTERNAL_IP4_ADDRESS" fi # Uncomment the following if/fi pair to use multiple # DNS matching when available. When multiple DNS matching # is present, anything reading the /etc/resolv.conf file # directly will probably not work as intended. - #if [ -z "$CISCO_DEF_DOMAIN_ORIG" ]; then + #if [ -z "$CISCO_DEF_DOMAIN" ]; then # Cannot use multiple DNS matching without a domain OVERRIDE_PRIMARY='d.add OverridePrimary # 1' #fi @@ -443,8 +448,7 @@ search $CISCO_DEF_DOMAIN" d.add ServerAddresses * $INTERNAL_IP4_DNS set State:/Network/Service/$TUNDEV/DNS d.init - # next line overrides the default gateway and breaks split routing - # d.add Router $INTERNAL_IP4_ADDRESS + $OVERRIDE_GATEWAY d.add Addresses * $INTERNAL_IP4_ADDRESS d.add SubnetMasks * 255.255.255.255 d.add InterfaceName $TUNDEV @@ -452,13 +456,13 @@ search $CISCO_DEF_DOMAIN" set State:/Network/Service/$TUNDEV/IPv4 close EOF - if [ -n "$CISCO_DEF_DOMAIN_ORIG" ]; then + if [ -n "$CISCO_DEF_DOMAIN" ]; then scutil >/dev/null 2>&1 <<-EOF open get State:/Network/Service/$TUNDEV/DNS - d.add DomainName $CISCO_DEF_DOMAIN_ORIG - d.add SearchDomains * $CISCO_DEF_DOMAIN_ORIG - d.add SupplementalMatchDomains * $CISCO_DEF_DOMAIN_ORIG + d.add DomainName $CISCO_DEF_DOMAIN + d.add SearchDomains * $CISCO_DEF_DOMAIN + d.add SupplementalMatchDomains * $CISCO_DEF_DOMAIN set State:/Network/Service/$TUNDEV/DNS close EOF @@ -488,6 +492,21 @@ restore_resolvconf_generic() { remove State:/Network/Service/$TUNDEV/DNS close EOF + # Split routing required prepending of INTERNAL_IP4_DNS + # to list of used DNS servers + if [ -n "$CISCO_SPLIT_INC" ]; then + SERVICE=`echo "show State:/Network/Global/IPv4" | scutil | grep -oE '[a-fA-F0-9]{8}-([a-fA-F0-9]{4}-){3}[a-fA-F0-9]{12}'` + SERVICE_DNS=`echo "show State:/Network/Service/$SERVICE/DNS" | scutil | grep -oE '([0-9]{1,3}[\.]){3}[0-9]{1,3}' | xargs` + if [ X"$SERVICE_DNS" != X"$INTERNAL_IP4_DNS" ]; then + scutil >/dev/null 2>&1 <<-EOF + open + get State:/Network/Service/$SERVICE/DNS + d.add ServerAddresses * ${SERVICE_DNS##$INTERNAL_IP4_DNS} + set State:/Network/Service/$SERVICE/DNS + close + EOF + fi + fi ;; esac fi @@ -560,6 +579,60 @@ restore_resolvconf_manager() { /sbin/resolvconf -d $TUNDEV } +AF_INET=2 + +get_if_index() { + local link + link="$(ip link show dev "$1")" || return $? + echo ${link} | awk -F: '{print $1}' +} + +busctl_call() { + local dest node + dest=org.freedesktop.resolve1 + node=/org/freedesktop/resolve1 + busctl call "$dest" "${node}" "${dest}.Manager" "$@" +} + +busctl_set_nameservers() { + local if_index addresses args addr + if_index=$1 + shift + addresses="$@" + args="$if_index $#" + for addr in ${addresses}; do + args="$args ${AF_INET} 4 $(echo $addr | sed 's/[.]/ /g')" + done + busctl_call SetLinkDNS 'ia(iay)' ${args} +} + +busctl_set_search() { + local if_index domains args domain + if_index=$1 + shift + domains="$@" + args="$if_index $#" + for domain in ${domains}; do + args="$args ${domain} false" + done + busctl_call SetLinkDomains 'ia(sb)' ${args} +} + +modify_resolved_manager() { + local if_index + if_index=$(get_if_index $TUNDEV) + busctl_set_nameservers $if_index $INTERNAL_IP4_DNS + if [ -n "$CISCO_DEF_DOMAIN" ]; then + busctl_set_search $if_index $CISCO_DEF_DOMAIN + fi +} + +restore_resolved_manager() { + local if_index + if_index=$(get_if_index $TUNDEV) + busctl_call RevertLink 'i' $if_index +} + # === resolv.conf handling via unbound ========= modify_resolvconf_unbound() { @@ -593,7 +666,7 @@ kernel_is_2_6_or_above() { do_pre_init() { if [ "$OS" = "Linux" ]; then - if (exec 6<> /dev/net/tun) > /dev/null 2>&1 ; then + if (exec 6< /dev/net/tun) > /dev/null 2>&1 ; then : else # can't open /dev/net/tun test -e /proc/sys/kernel/modprobe && `cat /proc/sys/kernel/modprobe` tun 2>/dev/null diff --git a/vpnc-script.spec b/vpnc-script.spec index c2ae4fa..8eec548 100644 --- a/vpnc-script.spec +++ b/vpnc-script.spec @@ -1,14 +1,14 @@ -%global git_date 20140805 -%global git_commit_hash df5808b +%global git_date 20170821 +%global git_commit_hash 6f87b0f Name: vpnc-script Version: %{git_date} -Release: 6.git%{git_commit_hash}%{?dist} +Release: 1.git%{git_commit_hash}%{?dist} Summary: Routing setup script for vpnc and openconnect Group: Applications/Internet BuildArch: noarch -Requires: net-tools +Requires: iproute Requires: which License: GPLv2+ @@ -36,6 +36,9 @@ install -m 0755 vpnc-script \ %{_sysconfdir}/vpnc/vpnc-script %changelog +* Mon Aug 21 2017 Nikos Mavrogiannopoulos - 20170821-1.git6f87b0f +- new upstream release (#1481164) + * Thu Jul 27 2017 Fedora Release Engineering - 20140805-6.gitdf5808b - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild