summaryrefslogtreecommitdiffhomepage
path: root/protocols/luci-proto-openconnect/root/usr
diff options
context:
space:
mode:
Diffstat (limited to 'protocols/luci-proto-openconnect/root/usr')
-rwxr-xr-xprotocols/luci-proto-openconnect/root/usr/libexec/rpcd/luci.openconnect78
-rw-r--r--protocols/luci-proto-openconnect/root/usr/share/rpcd/acl.d/luci-openconnect.json17
2 files changed, 95 insertions, 0 deletions
diff --git a/protocols/luci-proto-openconnect/root/usr/libexec/rpcd/luci.openconnect b/protocols/luci-proto-openconnect/root/usr/libexec/rpcd/luci.openconnect
new file mode 100755
index 0000000000..9378cc518b
--- /dev/null
+++ b/protocols/luci-proto-openconnect/root/usr/libexec/rpcd/luci.openconnect
@@ -0,0 +1,78 @@
+#!/usr/bin/env lua
+
+local json = require "luci.jsonc"
+local fs = require "nixio.fs"
+
+local function readfile(path)
+ local s = fs.readfile(path)
+ return s and (s:gsub("^%s+", ""):gsub("%s+$", ""))
+end
+
+local function writefile(path, data)
+ local n = fs.writefile(path, data)
+ return (n == #data)
+end
+
+local function parseInput()
+ local parse = json.new()
+ local done, err
+
+ while true do
+ local chunk = io.read(4096)
+ if not chunk then
+ break
+ elseif not done and not err then
+ done, err = parse:parse(chunk)
+ end
+ end
+
+ if not done then
+ print(json.stringify({ error = err or "Incomplete input" }))
+ os.exit(1)
+ end
+
+ return parse:get()
+end
+
+if arg[1] == "list" then
+ print(json.stringify({
+ getCertificates = {
+ interface = "interface"
+ },
+ setCertificates = {
+ interface = "interface",
+ user_certificate = "PEM file data",
+ user_privatekey = "PEM file data",
+ ca_certificate = "PEM file data"
+ }
+ }))
+elseif arg[1] == "call" then
+ local args = parseInput()
+
+ if not args.interface or
+ type(args.interface) ~= "string" or
+ not args.interface:match("^[a-zA-Z0-9_]+$")
+ then
+ print(json.stringify({ error = "Invalid interface name" }))
+ os.exit(1)
+ end
+
+ if arg[2] == "getCertificates" then
+ print(json.stringify({
+ user_certificate = readfile(string.format("/etc/openconnect/user-cert-%s.pem", args.interface)),
+ user_privatekey = readfile(string.format("/etc/openconnect/user-key-%s.pem", args.interface)),
+ ca_certificate = readfile(string.format("/etc/openconnect/ca-%s.pem", args.interface))
+ }))
+ elseif arg[2] == "setCertificates" then
+ if args.user_certificate then
+ writefile(string.format("/etc/openconnect/user-cert-%s.pem", args.interface), args.user_certificate)
+ end
+ if args.user_privatekey then
+ writefile(string.format("/etc/openconnect/user-key-%s.pem", args.interface), args.user_privatekey)
+ end
+ if args.ca_certificate then
+ writefile(string.format("/etc/openconnect/ca-%s.pem", args.interface), args.ca_certificate)
+ end
+ print(json.stringify({ result = true }))
+ end
+end
diff --git a/protocols/luci-proto-openconnect/root/usr/share/rpcd/acl.d/luci-openconnect.json b/protocols/luci-proto-openconnect/root/usr/share/rpcd/acl.d/luci-openconnect.json
new file mode 100644
index 0000000000..66bc5ac24f
--- /dev/null
+++ b/protocols/luci-proto-openconnect/root/usr/share/rpcd/acl.d/luci-openconnect.json
@@ -0,0 +1,17 @@
+{
+ "luci-proto-openconnect": {
+ "description": "Grant access to LuCI OpenConnect procedures",
+ "read": {
+ "ubus": {
+ "luci.openconnect": [ "getCertificates" ]
+ },
+ "uci": [ "network" ]
+ },
+ "write": {
+ "ubus": {
+ "luci.openconnect": [ "setCertificates" ]
+ },
+ "uci": [ "network" ]
+ }
+ }
+}