Created
October 8, 2019 12:57
-
-
Save jow-/f3d6687df398b5f3f472d5630356fff4 to your computer and use it in GitHub Desktop.
openconnect quoting fix
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/net/openconnect/files/openconnect.sh b/net/openconnect/files/openconnect.sh | |
| index 15bd3b5a5..1f0c7aeed 100755 | |
| --- a/net/openconnect/files/openconnect.sh | |
| +++ b/net/openconnect/files/openconnect.sh | |
| @@ -3,6 +3,13 @@ | |
| . ../netifd-proto.sh | |
| init_proto "$@" | |
| +append_args() { | |
| + while [ $# -gt 0 ]; do | |
| + append cmdline "'${1//\'/\'\\\'\'}'" | |
| + shift | |
| + done | |
| +} | |
| + | |
| proto_openconnect_init_config() { | |
| proto_config_add_string "server" | |
| proto_config_add_int "port" | |
| @@ -25,7 +32,7 @@ proto_openconnect_init_config() { | |
| } | |
| proto_openconnect_add_form_entry() { | |
| - [ -n "$1" ] && append cmdline "--form-entry $1" | |
| + [ -n "$1" ] && append_args --form-entry "$1" | |
| } | |
| proto_openconnect_setup() { | |
| @@ -46,31 +53,31 @@ proto_openconnect_setup() { | |
| [ -n "$port" ] && port=":$port" | |
| - cmdline="$server$port -i "$ifname" --non-inter --syslog --script /lib/netifd/vpnc-script" | |
| - [ -n "$mtu" ] && cmdline="$cmdline --mtu $mtu" | |
| + append_args "$server$port" -i "$ifname" --non-inter --syslog --script /lib/netifd/vpnc-script | |
| + [ -n "$mtu" ] && append_args --mtu "$mtu" | |
| # migrate to standard config files | |
| [ -f "/etc/config/openconnect-user-cert-vpn-$config.pem" ] && mv "/etc/config/openconnect-user-cert-vpn-$config.pem" "/etc/openconnect/user-cert-vpn-$config.pem" | |
| [ -f "/etc/config/openconnect-user-key-vpn-$config.pem" ] && mv "/etc/config/openconnect-user-key-vpn-$config.pem" "/etc/openconnect/user-key-vpn-$config.pem" | |
| [ -f "/etc/config/openconnect-ca-vpn-$config.pem" ] && mv "/etc/config/openconnect-ca-vpn-$config.pem" "/etc/openconnect/ca-vpn-$config.pem" | |
| - [ -f /etc/openconnect/user-cert-vpn-$config.pem ] && append cmdline "-c /etc/openconnect/user-cert-vpn-$config.pem" | |
| - [ -f /etc/openconnect/user-key-vpn-$config.pem ] && append cmdline "--sslkey /etc/openconnect/user-key-vpn-$config.pem" | |
| + [ -f /etc/openconnect/user-cert-vpn-$config.pem ] && append_args -c "/etc/openconnect/user-cert-vpn-$config.pem" | |
| + [ -f /etc/openconnect/user-key-vpn-$config.pem ] && append_args --sslkey "/etc/openconnect/user-key-vpn-$config.pem" | |
| [ -f /etc/openconnect/ca-vpn-$config.pem ] && { | |
| - append cmdline "--cafile /etc/openconnect/ca-vpn-$config.pem" | |
| - append cmdline "--no-system-trust" | |
| + append_args --cafile "/etc/openconnect/ca-vpn-$config.pem" | |
| + append_args --no-system-trust | |
| } | |
| if [ "${juniper:-0}" -gt 0 ]; then | |
| - append cmdline "--juniper" | |
| + append_args --juniper | |
| fi | |
| [ -n "$serverhash" ] && { | |
| - append cmdline " --servercert=$serverhash" | |
| - append cmdline "--no-system-trust" | |
| + append_args "--servercert=$serverhash" | |
| + append_args --no-system-trust | |
| } | |
| - [ -n "$authgroup" ] && append cmdline "--authgroup $authgroup" | |
| - [ -n "$username" ] && append cmdline "-u $username" | |
| + [ -n "$authgroup" ] && append_args --authgroup "$authgroup" | |
| + [ -n "$username" ] && append_args -u "$username" | |
| [ -n "$password" ] || [ "$token_mode" = "script" ] && { | |
| umask 077 | |
| mkdir -p /var/etc | |
| @@ -85,13 +92,13 @@ proto_openconnect_setup() { | |
| proto_setup_failed "$config" | |
| } | |
| } | |
| - append cmdline "--passwd-on-stdin" | |
| + append_args --passwd-on-stdin | |
| } | |
| - [ -n "$token_mode" -a "$token_mode" != "script" ] && append cmdline "--token-mode=$token_mode" | |
| - [ -n "$token_secret" ] && append cmdline "--token-secret=$token_secret" | |
| - [ -n "$os" ] && append cmdline "--os=$os" | |
| - [ -n "$csd_wrapper" ] && [ -x "$csd_wrapper" ] && append cmdline "--csd-wrapper=$csd_wrapper" | |
| + [ -n "$token_mode" -a "$token_mode" != "script" ] && append_args "--token-mode=$token_mode" | |
| + [ -n "$token_secret" ] && append_args "--token-secret=$token_secret" | |
| + [ -n "$os" ] && append_args "--os=$os" | |
| + [ -n "$csd_wrapper" ] && [ -x "$csd_wrapper" ] && append_args "--csd-wrapper=$csd_wrapper" | |
| json_for_each_item proto_openconnect_add_form_entry form_entry | |
| @@ -99,9 +106,9 @@ proto_openconnect_setup() { | |
| logger -t openconnect "executing 'openconnect $cmdline'" | |
| if [ -f "$pwfile" ]; then | |
| - proto_run_command "$config" /usr/sbin/openconnect-wrapper $pwfile $cmdline | |
| + eval "proto_run_command '$config' /usr/sbin/openconnect-wrapper '$pwfile' $cmdline" | |
| else | |
| - proto_run_command "$config" /usr/sbin/openconnect $cmdline | |
| + eval "proto_run_command '$config' /usr/sbin/openconnect $cmdline" | |
| fi | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment