Add files via upload

AnyConnect/build/client.sh

@@ -7,7 +7,7 @@ cd `dirname "$0"`
 export OrgName
 export GroupName
 export PASSWORD
-export INIT="0"
+export INIT
 
 
 while [[ $# -ge 1 ]]; do
@@ -29,34 +29,54 @@ while [[ $# -ge 1 ]]; do
       ;;
     -i)
       shift
-      INIT="1"
+      INI_=`echo $1 |sed 's/\s//g'`
+      INIT="${INI_:-0.0.0.0}"
+      shift
       ;;
     *)
-      echo -e "Usage:\n\tbash $0 -o <OrgName> -g <GroupName> -p <PASSWORD>\n"
+      echo -e "Usage:\n\tbash $0 -o <OrgName> -g <GroupName> -p <PASSWORD> -i <CN>\n"
       exit 1;
       ;;
   esac
 done
 
-[ -n "${OrgName}" ] || OrgName="Haibara"
+
+[ -n "$INIT" ] && [ -f "./ca.cert.pem" ] && [ -n "${OrgName}" ] && rm -rf "./ca.cert.pem"
+[ -f "./ca.cert.pem" ] && OrgName=`openssl x509 -noout -in "./ca.cert.pem" -subject 2>/dev/null |sed 's/.*\s*O\s\+=\s\+\([^,\ ]\+\),.*/\1/'`
+
+[ -n "${OrgName}" ] || OrgName="MoeClub"
 [ -n "${GroupName}" ] || GroupName="Default"
 
 
-if [ ! -f ./ca.cert.pem -o ! -f ./ca.key.pem ]; then
-  openssl req -x509 -sha256 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -nodes -days 3650 -subj "/C=  /ST= /L= /O= /OU= /CN=${OrgName} CA" -addext "keyUsage=critical, keyCertSign, cRLSign" -outform PEM -keyout ./ca.key.pem -out ./ca.cert.pem  >/dev/null 2>&1
+if [ ! -f ./ca.cert.pem -o ! -f ./ca.key.pem ] || [ -n "$INIT" ] ; then
+  openssl req -x509 -sha256 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -nodes -days 3650 -subj "/C=/ST=/L=/OU=/O=${OrgName}/CN=${OrgName} CA" -addext "keyUsage=critical, keyCertSign, cRLSign" -rand /dev/urandom -outform PEM -keyout "./ca.key.pem" -out "./ca.cert.pem"  >/dev/null 2>&1
+
   [ $? -ne 0 ] && echo "Generating CA Fail" && exit 1
   cp -rf ./ca.cert.pem ../ca.cert.pem
+ 
+  openssl req -x509 -sha256 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -nodes -days 3650 -subj "/C=/ST=/L=/OU=/O=/CN=${INIT:-0.0.0.0}" -config <(echo -e "[ req ]\ndistinguished_name=req\n") -addext "basicConstraints=CA:FALSE" -addext "keyUsage=critical, digitalSignature, keyEncipherment" -addext "extendedKeyUsage=serverAuth, clientAuth" -rand /dev/urandom -outform PEM -keyout "../server.key.pem" -out "../server.cert.pem" >/dev/null 2>&1
+  [ $? -ne 0 ] && echo "Generating Server Cert Fail" && exit 1
+  
+  chmod -R 755 ../
 fi
 
-if [ "$INIT" == "1" ]; then
+if [ -n "$INIT" ]; then
   exit 0
 fi
 
-openssl req -x509 -sha256 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -nodes -days 3650 -subj "/C=  /ST= /L= /OU=${GroupName}/O= /CN=${OrgName}.${GroupName}" -addext "keyUsage=critical, digitalSignature" -outform PEM -keyout ./user.key.pem -out ./user.cert.pem  >/dev/null 2>&1
+
+openssl req -new -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -nodes -subj "/C=/ST=/L=/OU=${GroupName}/O=${OrgName}/CN=${OrgName}.${GroupName}" -rand /dev/urandom -outform PEM -keyout "./user.key.pem" -out "./user.csr.pem" >/dev/null 2>&1
+[ $? -ne 0 ] && echo "Generating CSR Fail" && exit 1
+
+openssl x509 -set_serial `printf "%04d" "$(($RANDOM % 10000))"` -CAform PEM -CA "./ca.cert.pem" -CAkey "./ca.key.pem" -req -sha256 -days 365 -in "./user.csr.pem" -outform PEM -out "./user.cert.pem" -extfile <(echo -e "basicConstraints=CA:FALSE\nkeyUsage=digitalSignature\nextendedKeyUsage=clientAuth\nsubjectKeyIdentifier=hash\nauthorityKeyIdentifier=keyid\n")
 [ $? -ne 0 ] && echo "Generating Cert Fail" && exit 1
 
+
 cat ./ca.cert.pem >>./user.cert.pem
-openssl pkcs12 -export -inkey ./user.key.pem -in ./user.cert.pem -name "${OrgName}.${GroupName}" -certfile ./ca.cert.pem -caname "${OrgName} CA" -out "./${GroupName}.p12" -passout pass:$PASSWORD
+openssl pkcs12 -export -inkey "./user.key.pem" -in "./user.cert.pem" -name "${OrgName}.${GroupName}" -certfile "./ca.cert.pem" -caname "${OrgName} CA" -out "./${GroupName}.p12" -passout "pass:$PASSWORD"
 
 [ $? -eq '0' ] && echo -e "\nSuccess! \nGROUP\t\tPASSWORD\n${GroupName}\t\t$PASSWORD\n" || echo -e "\nFail! \n";
-rm -rf ./user.cert.pem ./user.key.pem
+rm -rf ./user.csr.pem ./user.key.pem ./user.cert.pem
+# openssl x509 -noout -text -in ./ca.cert.pem
+
+exit 0

AnyConnect/build/ctl.sh

@@ -45,8 +45,10 @@ if [ "$ARG" == "CHECK" ]; then
   cat /proc/net/tcp |grep -q "^\s*[0-9]\+:\s*[0-9A-Za-z]\+:${TCPHEX}\s*[0-9A-Za-z]\+:[0-9A-Za-z]\+\s*0A\s*"
   [ "$?" -eq 0 ] && exit 0 || exit 1
 elif [ "$ARG" == "INIT" ]; then
-  openssl req -x509 -sha256 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -nodes -days 3650 -subj "/C=  /ST= /L= /O= /OU= /CN=0.0.0.0" -addext "keyUsage=critical, digitalSignature, keyEncipherment" -addext "extendedKeyUsage=serverAuth, clientAuth" -outform PEM -keyout "${ConfigPath}/server.key.pem" -out "${ConfigPath}/server.cert.pem" >/dev/null 2>&1
-  [ $? -ne 0 ] && echo "Generating Server Cert Fail" && exit 1
+	Address="$(GetAddress)"
+	[ -n "$Address" ] || Address="0.0.0.0"
+	bash "${ConfigPath}/template/client.sh" -i "$Address"
+	[ "$?" -eq 0 ] || exit 1
   chown -R root:root "${ConfigPath}"
   chmod -R 755 "${ConfigPath}"
   if [ -d "/etc/systemd/system" ] && [ -f "${ConfigPath}/ocserv.service" ]; then

AnyConnect/build/dnsmasq.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=dnsmasq
+Documentation=man:dnsmasq(8)
+After=network-online.target
+After=dbus.service
+
+[Service]
+Type=simple
+PrivateTmp=true
+ExecStart=/usr/sbin/dnsmasq -d
+RestartSec=3s
+Restart=always
+
+[Install]
+WantedBy=multi-user.target

AnyConnect/build/ocserv.service

@@ -7,14 +7,13 @@ After=dbus.service
 [Service]
 Type=simple
 PrivateTmp=true
-PIDFile=/var/run/ocserv.pid
 ExecStartPre=/bin/bash /etc/ocserv/ctl.sh
-ExecStart=/usr/sbin/ocserv --foreground --pid-file /var/run/ocserv.pid --config /etc/ocserv/ocserv.conf
+ExecStart=/usr/sbin/ocserv --foreground --config /etc/ocserv/ocserv.conf
 ExecStartPost=/bin/bash /etc/ocserv/ctl.sh CHECK
 ExecReload=/bin/kill -HUP $MAINPID
 ExecStop=/bin/kill -KILL $MAINPID
-RestartSec=5s
-Restart=on-failure
+RestartSec=3s
+Restart=always
 
 [Install]
 WantedBy=multi-user.target