configuration-templates – Diff between revs 23 and 24

Subversion Repositories:
Rev:
Only display areas with differencesIgnore whitespace
Rev 23 Rev 24
1 #!/bin/sh 1 #!/bin/sh
2 ########################################################################### 2 ###########################################################################
3 ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## 3 ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ##
4 ## Please see: http://www.gnu.org/licenses/gpl.html for legal details, ## 4 ## Please see: http://www.gnu.org/licenses/gpl.html for legal details, ##
5 ## rights of fair usage, the disclaimer and warranty conditions. ## 5 ## rights of fair usage, the disclaimer and warranty conditions. ##
6 ########################################################################### 6 ###########################################################################
7 # openvpn-osx-tuntap.sh # 7 # openvpn-osx-tuntap.sh #
8 # Up / Down script for OpenVPN running on OSX as a client. # 8 # Up / Down script for OpenVPN running on OSX as a client. #
9 # The OpenVPN server is expected to serve clients with IP addresses via # 9 # The OpenVPN server is expected to serve clients with IP addresses via #
10 # a previously configured DHCP server. # 10 # a previously configured DHCP server. #
11 # Note that this script does not replace the default route but instead # 11 # Note that this script does not replace the default route but instead #
12 # uses the Mac OS capability of using scoped DNS servers to make the # 12 # uses the Mac OS capability of using scoped DNS servers to make the #
13 # remote network available whilst preserving the default route. # 13 # remote network available whilst preserving the default route. #
14 # # 14 # #
15 # Based on: # 15 # Based on: #
16 # - 2006-09-21, Ben Low - original version # 16 # - 2006-09-21, Ben Low - original version #
17 # - Nick Williams - for TunnelBrick # 17 # - Nick Williams - for TunnelBrick #
18 # - Jonathan K. Bullard - additions for Mountain Lion # 18 # - Jonathan K. Bullard - additions for Mountain Lion #
19 ########################################################################### 19 ###########################################################################
20   20  
21 ########################################################################### 21 ###########################################################################
22 # CONFIGURATION # 22 # CONFIGURATION #
23 ########################################################################### 23 ###########################################################################
24 # A MAC address for the tunnel interface. 24 # A MAC address for the tunnel interface.
25 STATIC_TUNTAP_MAC_ADDRESS="42:75:e2:67:43:db" 25 STATIC_TUNTAP_MAC_ADDRESS="42:75:e2:67:43:db"
26 # Whether to prepend domain names instead of replacing the exiting ones. 26 # Whether to prepend domain names instead of replacing the exiting ones.
27 PREPEND_DOMAIN_NAME="false" 27 PREPEND_DOMAIN_NAME="false"
28   28  
29 ########################################################################### 29 ###########################################################################
30 # INTERNALS # 30 # INTERNALS #
31 ########################################################################### 31 ###########################################################################
32   32  
33 # Regular expression for matching IP addresses. 33 # Regular expression for matching IP addresses.
34 IPRX="(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" 34 IPRX="(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"
35 # Domain name regular expression. 35 # Domain name regular expression.
36 DOMRX="(?:[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]|[A-Za-z0-9])" 36 DOMRX="(?:[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]|[A-Za-z0-9])"
37   37  
38 ########################################################################### 38 ###########################################################################
39 # Utility function to flush the DNS cache on various Mac OS releases. # 39 # Utility function to flush the DNS cache on various Mac OS releases. #
40 ########################################################################### 40 ###########################################################################
41 flushDNSCache() 41 flushDNSCache()
42 { 42 {
43 if [ "${OSVER}" = "10.4" ] ; then 43 if [ "${OSVER}" = "10.4" ] ; then
44 if [ -f /usr/sbin/lookupd ] ; then 44 if [ -f /usr/sbin/lookupd ] ; then
45 set +e # we will catch errors from lookupd 45 set +e # we will catch errors from lookupd
46 /usr/sbin/lookupd -flushcache 46 /usr/sbin/lookupd -flushcache
47 set -e # bash should again fail on errors 47 set -e # bash should again fail on errors
48 fi 48 fi
49 else 49 else
50 if [ -f /usr/bin/dscacheutil ] ; then 50 if [ -f /usr/bin/dscacheutil ] ; then
51 set +e # we will catch errors from dscacheutil 51 set +e # we will catch errors from dscacheutil
52 /usr/bin/dscacheutil -flushcache 52 /usr/bin/dscacheutil -flushcache
53 set -e # bash should again fail on errors 53 set -e # bash should again fail on errors
54 fi 54 fi
55 if [ -f /usr/sbin/discoveryutil ] ; then 55 if [ -f /usr/sbin/discoveryutil ] ; then
56 set +e # we will catch errors from discoveryutil 56 set +e # we will catch errors from discoveryutil
57 /usr/sbin/discoveryutil udnsflushcaches 57 /usr/sbin/discoveryutil udnsflushcaches
58 /usr/sbin/discoveryutil mdnsflushcache 58 /usr/sbin/discoveryutil mdnsflushcache
59 set -e # bash should again fail on errors 59 set -e # bash should again fail on errors
60 fi 60 fi
61 set +e # "grep" will return error status (1) if no matches are found, so don't fail on individual errors 61 set +e # "grep" will return error status (1) if no matches are found, so don't fail on individual errors
62 hands_off_ps="$( ps -ax | grep HandsOffDaemon | grep -v grep.HandsOffDaemon )" 62 hands_off_ps="$( ps -ax | grep HandsOffDaemon | grep -v grep.HandsOffDaemon )"
63 set -e # We instruct bash that it CAN again fail on errors 63 set -e # We instruct bash that it CAN again fail on errors
64 if [ -z "${hands_off_ps}" ] ; then 64 if [ -z "${hands_off_ps}" ] ; then
65 if [ -f /usr/bin/killall ] ; then 65 if [ -f /usr/bin/killall ] ; then
66 set +e # ignore errors if mDNSResponder isn't currently running 66 set +e # ignore errors if mDNSResponder isn't currently running
67 /usr/bin/killall -HUP mDNSResponder 67 /usr/bin/killall -HUP mDNSResponder
68 set -e # bash should again fail on errors 68 set -e # bash should again fail on errors
69 fi 69 fi
70 fi 70 fi
71 fi 71 fi
72 } 72 }
73   73  
74 ########################################################################### 74 ###########################################################################
75 # Sets all dynamic DHCP options on the tuntap interface. # 75 # Sets all dynamic DHCP options on the tuntap interface. #
76 ########################################################################### 76 ###########################################################################
77 setDnsServersAndDomainName() 77 setDnsServersAndDomainName()
78 { 78 {
79 readonly PSID="DHCP-$dev" 79 readonly PSID="DHCP-$dev"
80   80  
81 # Set up the DYN_* variables to contain what is asked for (dynamically, by a 'push' directive, for example) 81 # Set up the DYN_* variables to contain what is asked for (dynamically, by a 'push' directive, for example)
82 declare -a vDNS=("${!1}") 82 declare -a vDNS=("${!1}")
83 declare -a vSMB=("${!3}") 83 declare -a vSMB=("${!3}")
84 declare -a vSD=("${!4}") 84 declare -a vSD=("${!4}")
85   85  
86 if [ ${#vDNS[*]} -eq 0 ] ; then 86 if [ ${#vDNS[*]} -eq 0 ] ; then
87 readonly DYN_DNS_SA="" 87 readonly DYN_DNS_SA=""
88 else 88 else
89 readonly DYN_DNS_SA="${!1}" 89 readonly DYN_DNS_SA="${!1}"
90 fi 90 fi
91 91
92 if [ ${#vSMB[*]} -eq 0 ] ; then 92 if [ ${#vSMB[*]} -eq 0 ] ; then
93 readonly DYN_SMB_WA="" 93 readonly DYN_SMB_WA=""
94 else 94 else
95 readonly DYN_SMB_WA="${!3}" 95 readonly DYN_SMB_WA="${!3}"
96 fi 96 fi
97   97  
98 if [ ${#vSD[*]} -eq 0 ] ; then 98 if [ ${#vSD[*]} -eq 0 ] ; then
99 readonly DYN_DNS_SD="" 99 readonly DYN_DNS_SD=""
100 else 100 else
101 readonly DYN_DNS_SD="${!4}" 101 readonly DYN_DNS_SD="${!4}"
102 fi 102 fi
103 103
104 DYN_DNS_DN="$2" 104 DYN_DNS_DN="$2"
105 105
106 # set up the FIN_* variables with what we want to set things to 106 # set up the FIN_* variables with what we want to set things to
107 # Three FIN_* variables are simple -- no aggregation is done for them 107 # Three FIN_* variables are simple -- no aggregation is done for them
108 if [ ! -z "${DYN_DNS_DN}" ] ; then 108 if [ ! -z "${DYN_DNS_DN}" ] ; then
109 readonly FIN_DNS_DN="${DYN_DNS_DN}" 109 readonly FIN_DNS_DN="${DYN_DNS_DN}"
110 else 110 else
111 readonly FIN_DNS_DN="" 111 readonly FIN_DNS_DN=""
112 fi 112 fi
113 113
114 if [ ! -z "${DYN_SMB_NN}" ] ; then 114 if [ ! -z "${DYN_SMB_NN}" ] ; then
115 readonly FIN_SMB_NN="${DYN_SMB_NN}" 115 readonly FIN_SMB_NN="${DYN_SMB_NN}"
116 else 116 else
117 readonly FIN_SMB_NN="" 117 readonly FIN_SMB_NN=""
118 fi 118 fi
119 119
120 if [ ! -z "${DYN_SMB_WG}" ] ; then 120 if [ ! -z "${DYN_SMB_WG}" ] ; then
121 readonly FIN_SMB_WG="${DYN_SMB_WG}" 121 readonly FIN_SMB_WG="${DYN_SMB_WG}"
122 else 122 else
123 readonly FIN_SMB_WG="" 123 readonly FIN_SMB_WG=""
124 fi 124 fi
125   125  
126 # DNS ServerAddresses (FIN_DNS_SA) are aggregated for 10.4 and 10.5 126 # DNS ServerAddresses (FIN_DNS_SA) are aggregated for 10.4 and 10.5
127 if [ ${#vDNS[*]} -eq 0 ] ; then 127 if [ ${#vDNS[*]} -eq 0 ] ; then
128 readonly FIN_DNS_SA="" 128 readonly FIN_DNS_SA=""
129 else 129 else
130 case "${OSVER}" in 130 case "${OSVER}" in
131 10.4 | 10.5 ) 131 10.4 | 10.5 )
132 # We need to remove duplicate DNS entries, so that our reference list matches MacOSX's 132 # We need to remove duplicate DNS entries, so that our reference list matches MacOSX's
133 SDNS="$( echo -n "${DYN_DNS_SA}" | tr ' ' '\n' )" 133 SDNS="$( echo -n "${DYN_DNS_SA}" | tr ' ' '\n' )"
134 i=0 134 i=0
135 for n in "${vDNS[@]}" ; do 135 for n in "${vDNS[@]}" ; do
136 if echo -n "${SDNS}" | grep -q "${n}" ; then 136 if echo -n "${SDNS}" | grep -q "${n}" ; then
137 unset vDNS[${i}] 137 unset vDNS[${i}]
138 fi 138 fi
139 let i++ 139 let i++
140 done 140 done
141 if [ ${#vDNS[*]} -gt 0 ] ; then 141 if [ ${#vDNS[*]} -gt 0 ] ; then
142 readonly FIN_DNS_SA="$( echo -n "${DYN_DNS_SA}" | sed s/"${vDNS[*]}"//g )" 142 readonly FIN_DNS_SA="$( echo -n "${DYN_DNS_SA}" | sed s/"${vDNS[*]}"//g )"
143 else 143 else
144 readonly FIN_DNS_SA="${DYN_DNS_SA}" 144 readonly FIN_DNS_SA="${DYN_DNS_SA}"
145 fi 145 fi
146 ;; 146 ;;
147 * ) 147 * )
148 # Do nothing - in 10.6 and higher -- we don't aggregate our configurations, apparently 148 # Do nothing - in 10.6 and higher -- we don't aggregate our configurations, apparently
149 readonly FIN_DNS_SA="${DYN_DNS_SA}" 149 readonly FIN_DNS_SA="${DYN_DNS_SA}"
150 ;; 150 ;;
151 esac 151 esac
152 fi 152 fi
153   153  
154 # SMB WINSAddresses (FIN_SMB_WA) are aggregated for 10.4 and 10.5 154 # SMB WINSAddresses (FIN_SMB_WA) are aggregated for 10.4 and 10.5
155 if [ ${#vSMB[*]} -eq 0 ] ; then 155 if [ ${#vSMB[*]} -eq 0 ] ; then
156 readonly FIN_SMB_WA="" 156 readonly FIN_SMB_WA=""
157 else 157 else
158 case "${OSVER}" in 158 case "${OSVER}" in
159 10.4 | 10.5 ) 159 10.4 | 10.5 )
160 # We need to remove duplicate SMB entries, so that our reference list matches MacOSX's 160 # We need to remove duplicate SMB entries, so that our reference list matches MacOSX's
161 SSMB="$( echo -n "${DYN_SMB_WA}" | tr ' ' '\n' )" 161 SSMB="$( echo -n "${DYN_SMB_WA}" | tr ' ' '\n' )"
162 i=0 162 i=0
163 for n in "${vSMB[@]}" ; do 163 for n in "${vSMB[@]}" ; do
164 if echo -n "${SSMB}" | grep -q "${n}" ; then 164 if echo -n "${SSMB}" | grep -q "${n}" ; then
165 unset vSMB[${i}] 165 unset vSMB[${i}]
166 fi 166 fi
167 let i++ 167 let i++
168 done 168 done
169 if [ ${#vSMB[*]} -gt 0 ] ; then 169 if [ ${#vSMB[*]} -gt 0 ] ; then
170 readonly FIN_SMB_WA="$( echo -n "${DYN_SMB_WA}" | sed s/"${vSMB[*]}"//g )" 170 readonly FIN_SMB_WA="$( echo -n "${DYN_SMB_WA}" | sed s/"${vSMB[*]}"//g )"
171 else 171 else
172 readonly FIN_SMB_WA="${DYN_SMB_WA}" 172 readonly FIN_SMB_WA="${DYN_SMB_WA}"
173 fi 173 fi
174 ;; 174 ;;
175 * ) 175 * )
176 # Do nothing - in 10.6 and higher -- we don't aggregate our configurations, apparently 176 # Do nothing - in 10.6 and higher -- we don't aggregate our configurations, apparently
177 readonly FIN_SMB_WA="${DYN_SMB_WA}" 177 readonly FIN_SMB_WA="${DYN_SMB_WA}"
178 ;; 178 ;;
179 esac 179 esac
180 fi 180 fi
181   181  
182 # DNS SearchDomains (FIN_DNS_SD) is treated specially 182 # DNS SearchDomains (FIN_DNS_SD) is treated specially
183 # 183 #
184 # OLD BEHAVIOR: 184 # OLD BEHAVIOR:
185 # if SearchDomains was not set manually, we set SearchDomains to the DomainName 185 # if SearchDomains was not set manually, we set SearchDomains to the DomainName
186 # else 186 # else
187 # In OS X 10.4-10.5, we add the DomainName to the end of any manual SearchDomains (unless it is already there) 187 # In OS X 10.4-10.5, we add the DomainName to the end of any manual SearchDomains (unless it is already there)
188 # In OS X 10.6+, if SearchDomains was entered manually, we ignore the DomainName 188 # In OS X 10.6+, if SearchDomains was entered manually, we ignore the DomainName
189 # else we set SearchDomains to the DomainName 189 # else we set SearchDomains to the DomainName
190 # 190 #
191 # NEW BEHAVIOR (done if ARG_PREPEND_DOMAIN_NAME is "true"): 191 # NEW BEHAVIOR (done if ARG_PREPEND_DOMAIN_NAME is "true"):
192 # 192 #
193 # if SearchDomains was entered manually, we do nothing 193 # if SearchDomains was entered manually, we do nothing
194 # else we PREpend new SearchDomains (if any) to the existing SearchDomains (NOT replacing them) 194 # else we PREpend new SearchDomains (if any) to the existing SearchDomains (NOT replacing them)
195 # and PREpend DomainName to that 195 # and PREpend DomainName to that
196 # 196 #
197 # (done if ARG_PREPEND_DOMAIN_NAME is "false" and there are new SearchDomains from DOMAIN-SEARCH): 197 # (done if ARG_PREPEND_DOMAIN_NAME is "false" and there are new SearchDomains from DOMAIN-SEARCH):
198 # 198 #
199 # if SearchDomains was entered manually, we do nothing 199 # if SearchDomains was entered manually, we do nothing
200 # else we PREpend any new SearchDomains to the existing SearchDomains (NOT replacing them) 200 # else we PREpend any new SearchDomains to the existing SearchDomains (NOT replacing them)
201 # 201 #
202 # This behavior is meant to behave like Linux with Network Manager and Windows 202 # This behavior is meant to behave like Linux with Network Manager and Windows
203 if "${PREPEND_DOMAIN_NAME}" ; then 203 if "${PREPEND_DOMAIN_NAME}" ; then
204 if [ ! -z "${DYN_DNS_SD}" ] ; then 204 if [ ! -z "${DYN_DNS_SD}" ] ; then
205 readonly TMP_DNS_SD="${DYN_DNS_SD}" 205 readonly TMP_DNS_SD="${DYN_DNS_SD}"
206 if [ ! -z "${FIN_DNS_DN}" -a "${FIN_DNS_DN}" != "localdomain" ]; then 206 if [ ! -z "${FIN_DNS_DN}" -a "${FIN_DNS_DN}" != "localdomain" ]; then
207 if ! echo -n "${TMP_DNS_SD}" | tr ' ' '\n' | grep -q "${FIN_DNS_DN}" ; then 207 if ! echo -n "${TMP_DNS_SD}" | tr ' ' '\n' | grep -q "${FIN_DNS_DN}" ; then
208 readonly FIN_DNS_SD="$( echo -n "${FIN_DNS_DN}" | sed s/"${TMP_DNS_SD}"//g )" 208 readonly FIN_DNS_SD="$( echo -n "${FIN_DNS_DN}" | sed s/"${TMP_DNS_SD}"//g )"
209 else 209 else
210 readonly FIN_DNS_SD="${TMP_DNS_SD}" 210 readonly FIN_DNS_SD="${TMP_DNS_SD}"
211 fi 211 fi
212 else 212 else
213 readonly FIN_DNS_SD="${TMP_DNS_SD}" 213 readonly FIN_DNS_SD="${TMP_DNS_SD}"
214 fi 214 fi
215 else 215 else
216 readonly FIN_DNS_SD="${DYN_DNS_SD}" 216 readonly FIN_DNS_SD="${DYN_DNS_SD}"
217 fi 217 fi
218 else 218 else
219 if [ ! -z "${DYN_DNS_SD}" ] ; then 219 if [ ! -z "${DYN_DNS_SD}" ] ; then
220 readonly FIN_DNS_SD="${DYN_DNS_SD}" 220 readonly FIN_DNS_SD="${DYN_DNS_SD}"
221 else 221 else
222 if [ ! -z "${FIN_DNS_DN}" -a "${FIN_DNS_DN}" != "localdomain" ] ; then 222 if [ ! -z "${FIN_DNS_DN}" -a "${FIN_DNS_DN}" != "localdomain" ] ; then
223 case "${OSVER}" in 223 case "${OSVER}" in
224 10.4 | 10.5 ) 224 10.4 | 10.5 )
225 readonly FIN_DNS_SD="${FIN_DNS_DN}" 225 readonly FIN_DNS_SD="${FIN_DNS_DN}"
226 ;; 226 ;;
227 * ) 227 * )
228 readonly FIN_DNS_SD="${FIN_DNS_DN}" 228 readonly FIN_DNS_SD="${FIN_DNS_DN}"
229 ;; 229 ;;
230 esac 230 esac
231 else 231 else
232 readonly FIN_DNS_SD="" 232 readonly FIN_DNS_SD=""
233 fi 233 fi
234 fi 234 fi
235 fi 235 fi
236   236  
237 # Set up SKP_* variables to inhibit scutil from making some changes 237 # Set up SKP_* variables to inhibit scutil from making some changes
238 # SKP_DNS_* and SKP_SMB_* are used to comment out individual items 238 # SKP_DNS_* and SKP_SMB_* are used to comment out individual items
239 # that are not being set 239 # that are not being set
240 if [ -z "${FIN_DNS_DN}" ] ; then 240 if [ -z "${FIN_DNS_DN}" ] ; then
241 SKP_DNS_DN="#" 241 SKP_DNS_DN="#"
242 else 242 else
243 SKP_DNS_DN="" 243 SKP_DNS_DN=""
244 fi 244 fi
245 if [ -z "${FIN_DNS_SA}" ] ; then 245 if [ -z "${FIN_DNS_SA}" ] ; then
246 SKP_DNS_SA="#" 246 SKP_DNS_SA="#"
247 else 247 else
248 SKP_DNS_SA="" 248 SKP_DNS_SA=""
249 fi 249 fi
250 if [ -z "${FIN_DNS_SD}" ] ; then 250 if [ -z "${FIN_DNS_SD}" ] ; then
251 SKP_DNS_SD="#" 251 SKP_DNS_SD="#"
252 else 252 else
253 SKP_DNS_SD="" 253 SKP_DNS_SD=""
254 fi 254 fi
255 if [ -z "${FIN_SMB_NN}" ] ; then 255 if [ -z "${FIN_SMB_NN}" ] ; then
256 SKP_SMB_NN="#" 256 SKP_SMB_NN="#"
257 else 257 else
258 SKP_SMB_NN="" 258 SKP_SMB_NN=""
259 fi 259 fi
260 if [ -z "${FIN_SMB_WG}" ] ; then 260 if [ -z "${FIN_SMB_WG}" ] ; then
261 SKP_SMB_WG="#" 261 SKP_SMB_WG="#"
262 else 262 else
263 SKP_SMB_WG="" 263 SKP_SMB_WG=""
264 fi 264 fi
265 if [ -z "${FIN_SMB_WA}" ] ; then 265 if [ -z "${FIN_SMB_WA}" ] ; then
266 SKP_SMB_WA="#" 266 SKP_SMB_WA="#"
267 else 267 else
268 SKP_SMB_WA="" 268 SKP_SMB_WA=""
269 fi 269 fi
270 270
271 # if any DNS items should be set, set all that have values 271 # if any DNS items should be set, set all that have values
272 if [ "${SKP_DNS_DN}${SKP_DNS_SA}${SKP_DNS_SD}" = "###" ] ; then 272 if [ "${SKP_DNS_DN}${SKP_DNS_SA}${SKP_DNS_SD}" = "###" ] ; then
273 readonly SKP_DNS="#" 273 readonly SKP_DNS="#"
274 else 274 else
275 readonly SKP_DNS="" 275 readonly SKP_DNS=""
276 if [ ! -z "${FIN_DNS_DN}" ] ; then 276 if [ ! -z "${FIN_DNS_DN}" ] ; then
277 SKP_DNS_DN="" 277 SKP_DNS_DN=""
278 fi 278 fi
279 if [ ! -z "${FIN_DNS_SA}" ] ; then 279 if [ ! -z "${FIN_DNS_SA}" ] ; then
280 SKP_DNS_SA="" 280 SKP_DNS_SA=""
281 fi 281 fi
282 if [ ! -z "${FIN_DNS_SD}" ] ; then 282 if [ ! -z "${FIN_DNS_SD}" ] ; then
283 SKP_DNS_SD="" 283 SKP_DNS_SD=""
284 fi 284 fi
285 fi 285 fi
286   286  
287 # if any SMB items should be set, set all that have values 287 # if any SMB items should be set, set all that have values
288 if [ "${SKP_SMB_NN}${SKP_SMB_WG}${SKP_SMB_WA}" = "###" ] ; then 288 if [ "${SKP_SMB_NN}${SKP_SMB_WG}${SKP_SMB_WA}" = "###" ] ; then
289 readonly SKP_SMB="#" 289 readonly SKP_SMB="#"
290 else 290 else
291 readonly SKP_SMB="" 291 readonly SKP_SMB=""
292 if [ ! -z "${FIN_SMB_NN}" ] ; then 292 if [ ! -z "${FIN_SMB_NN}" ] ; then
293 SKP_SMB_NN="" 293 SKP_SMB_NN=""
294 fi 294 fi
295 if [ ! -z "${FIN_SMB_WG}" ] ; then 295 if [ ! -z "${FIN_SMB_WG}" ] ; then
296 SKP_SMB_WG="" 296 SKP_SMB_WG=""
297 fi 297 fi
298 if [ ! -z "${FIN_SMB_WA}" ] ; then 298 if [ ! -z "${FIN_SMB_WA}" ] ; then
299 SKP_SMB_WA="" 299 SKP_SMB_WA=""
300 fi 300 fi
301 fi 301 fi
302   302  
303 readonly SKP_DNS_SA SKP_DNS_SD SKP_DNS_DN 303 readonly SKP_DNS_SA SKP_DNS_SD SKP_DNS_DN
304 readonly SKP_SMB_NN SKP_SMB_WG SKP_SMB_WA 304 readonly SKP_SMB_NN SKP_SMB_WG SKP_SMB_WA
305 305
306 # special-case fiddling: 306 # special-case fiddling:
307 # 10.8+ : ServerAddresses and SearchDomains must be set via the Setup: 307 # 10.8+ : ServerAddresses and SearchDomains must be set via the Setup:
308 # key in addition to the State: key 308 # key in addition to the State: key
309 # 10.7 : if ServerAddresses or SearchDomains are manually set, 309 # 10.7 : if ServerAddresses or SearchDomains are manually set,
310 # ServerAddresses and SearchDomains must be similarly set with the 310 # ServerAddresses and SearchDomains must be similarly set with the
311 # Setup: key in addition to the State: key 311 # Setup: key in addition to the State: key
312 case "${OSVER}" in 312 case "${OSVER}" in
313 10.4 | 10.5 | 10.6 | 10.7 ) 313 10.4 | 10.5 | 10.6 | 10.7 )
314 readonly SKP_SETUP_DNS="#" 314 readonly SKP_SETUP_DNS="#"
315 ;; 315 ;;
316 * ) 316 * )
317 readonly SKP_SETUP_DNS="" 317 readonly SKP_SETUP_DNS=""
318 ;; 318 ;;
319 esac 319 esac
320 320
321 # Set all parameters. 321 # Set all parameters.
322 /usr/sbin/scutil >/dev/null 2>&1 <<-EOF 322 /usr/sbin/scutil >/dev/null 2>&1 <<-EOF
323 open 323 open
324 324
325 # Initialize the new DNS map via State: 325 # Initialize the new DNS map via State:
326 ${SKP_DNS}d.init 326 ${SKP_DNS}d.init
327 ${SKP_DNS}${SKP_DNS_SA}d.add ServerAddresses * ${FIN_DNS_SA} 327 ${SKP_DNS}${SKP_DNS_SA}d.add ServerAddresses * ${FIN_DNS_SA}
328 ${SKP_DNS}${SKP_DNS_SD}d.add SearchDomains * ${FIN_DNS_SD} 328 ${SKP_DNS}${SKP_DNS_SD}d.add SearchDomains * ${FIN_DNS_SD}
329 ${SKP_DNS}${SKP_DNS_DN}d.add DomainName ${FIN_DNS_DN} 329 ${SKP_DNS}${SKP_DNS_DN}d.add DomainName ${FIN_DNS_DN}
330 ${SKP_DNS}${SKP_DNS_DN}d.add SupplementalMatchDomains * ${FIN_DNS_DN} 330 ${SKP_DNS}${SKP_DNS_DN}d.add SupplementalMatchDomains * ${FIN_DNS_DN}
331 ${SKP_DNS}set State:/Network/Service/${PSID}/DNS 331 ${SKP_DNS}set State:/Network/Service/${PSID}/DNS
332   332  
333 # If necessary, initialize the new DNS map via Setup: also 333 # If necessary, initialize the new DNS map via Setup: also
334 ${SKP_SETUP_DNS}${SKP_DNS}d.init 334 ${SKP_SETUP_DNS}${SKP_DNS}d.init
335 ${SKP_SETUP_DNS}${SKP_DNS}${SKP_DNS_SA}d.add ServerAddresses * ${FIN_DNS_SA} 335 ${SKP_SETUP_DNS}${SKP_DNS}${SKP_DNS_SA}d.add ServerAddresses * ${FIN_DNS_SA}
336 ${SKP_SETUP_DNS}${SKP_DNS}${SKP_DNS_SD}d.add SearchDomains * ${FIN_DNS_SD} 336 ${SKP_SETUP_DNS}${SKP_DNS}${SKP_DNS_SD}d.add SearchDomains * ${FIN_DNS_SD}
337 ${SKP_SETUP_DNS}${SKP_DNS}${SKP_DNS_DN}d.add DomainName ${FIN_DNS_DN} 337 ${SKP_SETUP_DNS}${SKP_DNS}${SKP_DNS_DN}d.add DomainName ${FIN_DNS_DN}
338 ${SKP_SETUP_DNS}${SKP_DNS}set Setup:/Network/Service/${PSID}/DNS 338 ${SKP_SETUP_DNS}${SKP_DNS}set Setup:/Network/Service/${PSID}/DNS
339   339  
340 # Initialize the SMB map 340 # Initialize the SMB map
341 ${SKP_SMB}d.init 341 ${SKP_SMB}d.init
342 ${SKP_SMB}${SKP_SMB_NN}d.add NetBIOSName ${FIN_SMB_NN} 342 ${SKP_SMB}${SKP_SMB_NN}d.add NetBIOSName ${FIN_SMB_NN}
343 ${SKP_SMB}${SKP_SMB_WG}d.add Workgroup ${FIN_SMB_WG} 343 ${SKP_SMB}${SKP_SMB_WG}d.add Workgroup ${FIN_SMB_WG}
344 ${SKP_SMB}${SKP_SMB_WA}d.add WINSAddresses * ${FIN_SMB_WA} 344 ${SKP_SMB}${SKP_SMB_WA}d.add WINSAddresses * ${FIN_SMB_WA}
345 ${SKP_SMB}set State:/Network/Service/${PSID}/SMB 345 ${SKP_SMB}set State:/Network/Service/${PSID}/SMB
346   346  
347 quit 347 quit
348 EOF 348 EOF
349   349  
350 } 350 }
351   351  
352 # If OpenVPN has not brought up the device, then terminate. 352 # If OpenVPN has not brought up the device, then terminate.
353 if [ -z "$dev" ]; then 353 if [ -z "$dev" ]; then
354 echo "$0: \$dev not defined, exiting"; 354 echo "$0: \$dev not defined, exiting";
355 exit 1; 355 exit 1;
356 fi 356 fi
357   357  
358 # OpenVPN passes $script_type set to the script method. 358 # OpenVPN passes $script_type set to the script method.
359 case "$script_type" in 359 case "$script_type" in
360 up) 360 up)
361   361  
362 # Set the MAC address for the tuntap device for static DHCP bindings 362 # Set the MAC address for the tuntap device for static DHCP bindings
363 /sbin/ifconfig "$dev" ether $STATIC_TUNTAP_MAC_ADDRESS 363 /sbin/ifconfig "$dev" ether $STATIC_TUNTAP_MAC_ADDRESS
364 # Set the interface to DHCP 364 # Set the interface to DHCP
365 /usr/sbin/ipconfig set "$dev" DHCP 365 /usr/sbin/ipconfig set "$dev" DHCP
366   366  
367 { 367 {
368 # Issue the waitall command - even if it does not wait. 368 # Issue the waitall command - even if it does not wait.
369 /usr/sbin/ipconfig waitall 369 /usr/sbin/ipconfig waitall
370 370
371 unset PACKET 371 unset PACKET
372 372
373 # Spin and check for packet from the tap device 373 # Spin and check for packet from the tap device
374 set +e 374 set +e
375 n=0 375 n=0
376 while [ -z "$PACKET" -a $n -lt 60 ] ; do 376 while [ -z "$PACKET" -a $n -lt 60 ] ; do
377 PACKET="$( /usr/sbin/ipconfig getpacket "$dev" )" 377 PACKET="$( /usr/sbin/ipconfig getpacket "$dev" )"
378 let n++ 378 let n++
379 sleep 1 379 sleep 1
380 done 380 done
381 set -e 381 set -e
382 382
383 # Get packet to set options 383 # Get packet to set options
384 if [ -z "$PACKET" ]; then 384 if [ -z "$PACKET" ]; then
385 exit 1 385 exit 1
386 fi 386 fi
387 387
388 unset DOMAIN_NAME 388 unset DOMAIN_NAME
389 unset DOMAIN_NAME_SERVERS 389 unset DOMAIN_NAME_SERVERS
390 unset SEARCH_DOMAINS 390 unset SEARCH_DOMAINS
391 unset WINS_SERVERS 391 unset WINS_SERVERS
392 392
393 set +e 393 set +e
394 # Get domain name 394 # Get domain name
395 DOMAIN_NAME="$( echo -n "$PACKET" | grep "domain_name " | grep -Eo ": $DOMRX" | grep -Eo "$DOMRX" | tr -d [:space:] )" 395 DOMAIN_NAME="$( echo -n "$PACKET" | grep "domain_name " | grep -Eo ": $DOMRX" | grep -Eo "$DOMRX" | tr -d [:space:] )"
396 396
397 # Get nameservers 397 # Get nameservers
398 DOMAIN_NAME_SERVERS_INDEX=1 398 DOMAIN_NAME_SERVERS_INDEX=1
399 for DOMAIN_NAME_SERVER in $( echo -n "$PACKET" | grep "domain_name_server" | grep -Eo "\{($IPRX)(, $IPRX)*\}" | grep -Eo "($IPRX)" ); do 399 for DOMAIN_NAME_SERVER in $( echo -n "$PACKET" | grep "domain_name_server" | grep -Eo "\{($IPRX)(, $IPRX)*\}" | grep -Eo "($IPRX)" ); do
400 DOMAIN_NAME_SERVERS[DOMAIN_NAME_SERVERS_INDEX-1]=$DOMAIN_NAME_SERVER 400 DOMAIN_NAME_SERVERS[DOMAIN_NAME_SERVERS_INDEX-1]=$DOMAIN_NAME_SERVER
401 let DOMAIN_NAME_SERVERS_INDEX++ 401 let DOMAIN_NAME_SERVERS_INDEX++
402 done 402 done
403 403
404 # Get search domains 404 # Get search domains
405 SEARCH_DOMAINS_INDEX=1 405 SEARCH_DOMAINS_INDEX=1
406 for SEARCH_DOMAIN in $( echo -n "$PACKET" | grep "search_domain" | grep -Eo "\{($DOMRX)(, $DOMRX)*\}" | grep -Eo "($DOMRX)" ); do 406 for SEARCH_DOMAIN in $( echo -n "$PACKET" | grep "search_domain" | grep -Eo "\{($DOMRX)(, $DOMRX)*\}" | grep -Eo "($DOMRX)" ); do
407 SEARCH_DOMAINS[SEARCH_DOMAINS_INDEX-1]=$SEARCH_DOMAIN 407 SEARCH_DOMAINS[SEARCH_DOMAINS_INDEX-1]=$SEARCH_DOMAIN
408 let SEARCH_DOMAINS_INDEX++ 408 let SEARCH_DOMAINS_INDEX++
409 done 409 done
410 410
411 # Get WINS servers 411 # Get WINS servers
412 WINS_SERVERS_INDEX=1 412 WINS_SERVERS_INDEX=1
413 for WINS_SERVER in $( echo -n "$PACKET" | grep "nb_over_tcpip_name_server" | grep -Eo "\{($IPRX)(, $IPRX)*\}" | grep -Eo "($IPRX)" ); do 413 for WINS_SERVER in $( echo -n "$PACKET" | grep "nb_over_tcpip_name_server" | grep -Eo "\{($IPRX)(, $IPRX)*\}" | grep -Eo "($IPRX)" ); do
414 WINS_SERVERS[WINS_SERVERS_INDEX-1]=$WINS_SERVER 414 WINS_SERVERS[WINS_SERVERS_INDEX-1]=$WINS_SERVER
415 let WINS_SERVERS_INDEX++ 415 let WINS_SERVERS_INDEX++
416 done 416 done
417 417
418 if [ ${#DOMAIN_NAME_SERVERS[*]} -gt 0 -a "$DOMAIN_NAME" ]; then 418 if [ ${#DOMAIN_NAME_SERVERS[*]} -gt 0 -a "$DOMAIN_NAME" ]; then
419 setDnsServersAndDomainName DOMAIN_NAME_SERVERS[@] "$DOMAIN_NAME" WINS_SERVERS[@] SEARCH_DOMAINS[@] 419 setDnsServersAndDomainName DOMAIN_NAME_SERVERS[@] "$DOMAIN_NAME" WINS_SERVERS[@] SEARCH_DOMAINS[@]
420 elif [ ${#DOMAIN_NAME_SERVERS[*]} -gt 0 ]; then 420 elif [ ${#DOMAIN_NAME_SERVERS[*]} -gt 0 ]; then
421 setDnsServersAndDomainName DOMAIN_NAME_SERVERS[@] "$DEFAULT_DOMAIN_NAME" WINS_SERVERS[@] SEARCH_DOMAINS[@] 421 setDnsServersAndDomainName DOMAIN_NAME_SERVERS[@] "$DEFAULT_DOMAIN_NAME" WINS_SERVERS[@] SEARCH_DOMAINS[@]
422 else 422 else
423 exit 1 423 exit 1
424 fi 424 fi
425 425
426 set -e 426 set -e
427 427
428 sleep 1 428 sleep 1
429 429
430 flushDNSCache 430 flushDNSCache
431 431
432 exit 0 432 exit 0
433 } & 433 } &
434 ;; 434 ;;
435 down) 435 down)
436 sleep 1 436 sleep 1
437 437
438 /usr/sbin/scutil >/dev/null 2>&1 <<-EOF 438 /usr/sbin/scutil >/dev/null 2>&1 <<-EOF
439 open 439 open
440 remove State:/Network/Service/DHCP-$dev/IPv4 440 remove State:/Network/Service/DHCP-$dev/IPv4
441 remove State:/Network/Service/DHCP-$dev/DNS 441 remove State:/Network/Service/DHCP-$dev/DNS
442 close 442 close
443 EOF 443 EOF
444 444
445 flushDNSCache 445 flushDNSCache
446 446
447 exit 0 447 exit 0
448 ;; 448 ;;
449 *) 449 *)
450 echo "$0: invalid script_type" && exit 1 450 echo "$0: invalid script_type" && exit 1
451 ;; 451 ;;
452 esac 452 esac
453   453  
454   454