Trang chủ Khám phá Trợ giúp
Đăng ký Đăng nhập
Apq
/
MoeClub-Note
mirror of https://github.com/MoeClub/Note.git
1
0
Fork 0
Các tập tin Các vấn đề 0 Wiki
Tree: c6bad313ac
Branches Tags
MoeClub-Note
/
AnyConnect
/
build
/
ctl.sh

ctl.sh 4.4 KB
Lịch sử Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101 
  1. #!/bin/bash
    2. 

  2. 

  3. ARG=`echo "$1" |sed 's/^\s$//' |sed 's/[a-z]/\u&/g'`
    4. 

  4. 

  5. ConfigPath="$(dirname `readlink -f "$0"`)"
    6. 

  6. Config="${ConfigPath}/ocserv.conf"
    7. 

  7. [ -f "$Config" ] || exit 1
    8. 

  8. 

  9. TCP=`cat "${Config}" |grep '^#\?tcp-port' |cut -d"=" -f2 |grep -o '[0-9]*' |head -n1`
    10. 

  10. UDP=`cat "${Config}" |grep '^#\?udp-port' |cut -d"=" -f2 |grep -o '[0-9]*' |head -n1`
    11. 

  11. NET=`cat "${Config}" |grep '^ipv4-network' |cut -d"=" -f2 |grep -o '[0-9\.]*' |head -n1`
    12. 

  12. 

  13. function GetAddress(){
    14. 

  14.   echo `wget --no-check-certificate --timeout=3 --no-cache -4 -qO- "http://checkip.amazonaws.com" |grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' |head -n1`
    15. 

  15. }
    16. 

  16. 

  17. function IPTABLES(){
    18. 

  18.   RULE=`echo "$1" |sed 's/^\s*//' |sed 's/\s*$//'`
    19. 

  19.   echo "$RULE" |grep -q "^iptables "
    20. 

  20.   [ $? -eq 0 ] || return 1
    21. 

  21.   CHECK=`echo "$RULE" |sed 's/-I\|-A/-C/'`
    22. 

  22.   ${CHECK} >>/dev/null 2>&1
    23. 

  23.   [ $? -eq 1 ] && ${RULE} 
    24. 

  24.   return 0
    25. 

  25. }
    26. 

  26. 

  27. function GenPasswd(){
    28. 

  28.   echo -ne "\nUserName\tPassword\tGROUP\n\n"
    29. 

  29.   RawPasswd="${1:-MoeClub}"
    30. 

  30.   if [ `echo "${RawPasswd}" |grep -o ':' |grep -c ':'` == "2" ]; then
    31. 

  31.     echo "${RawPasswd}" |grep -q '^-' && echo -n >${ConfigPath}/ocpasswd
    32. 

  32.     User=`echo "${RawPasswd}"| cut -d':' -f1 |sed 's/[[:space:]]//g' |tr -d '-'`
    33. 

  33.     UserPasswd=`echo "${RawPasswd}"| cut -d':' -f2 |sed 's/[[:space:]]//g'`
    34. 

  34.     UserGroup=`echo "${RawPasswd}"| cut -d':' -f3 |sed 's/[[:space:]]//g'`
    35. 

  35.     [ -n "$User" ] && [ -n "$UserPasswd" ] && [ -n "$UserGroup" ] || { echo -ne "ERROR: Invalid ARG\n" && return 1; }
    36. 

  36.     [ -f "${ConfigPath}/group/${UserGroup}" ] || { echo -ne "ERROR: Invalid Group\n" && return 1; }
    37. 

  37.     SaltPasswd=`openssl passwd ${UserPasswd}`
    38. 

  38.     echo -ne "${User}\t\t${UserPasswd}\t\t${UserGroup}\n"
    39. 

  39.     echo -ne "${User}:${UserGroup}:${SaltPasswd}\n" >>${ConfigPath}/ocpasswd
    40. 

  40.   else
    41. 

  41.     echo -n >${ConfigPath}/ocpasswd
    42. 

  42.     UserPasswd=`openssl passwd ${RawPasswd}`
    43. 

  43.     for GroupName in `find "${ConfigPath}/group" -type f`
    44. 

  44.       do
    45. 

  45.         [ -n "$GroupName" ] || continue
    46. 

  46.         User=`basename "$GroupName"`
    47. 

  47.         [ -n "$User" ] || continue
    48. 

  48.         echo -ne "${User}\t\t${RawPasswd}\t\t${User}\n"
    49. 

  49.         echo -ne "${User}:${User}:${UserPasswd}\n" >>${ConfigPath}/ocpasswd
    50. 

  50.       done
    51. 

  51.   fi
    52. 

  52.   chmod 755 ${ConfigPath}/ocpasswd
    53. 

  53. }
    54. 

  54. 

  55. if [ "$ARG" == "CHECK" ]; then
    56. 

  56.   TCPHEX=`printf '%04X\n' "${TCP}"`
    57. 

  57.   cat /proc/net/tcp |grep -q "^\s*[0-9]\+:\s*[0-9A-Za-z]\+:${TCPHEX}\s*[0-9A-Za-z]\+:[0-9A-Za-z]\+\s*0A\s*"
    58. 

  58.   [ "$?" -eq 0 ] && exit 0 || exit 1
    59. 

  59. elif [ "$ARG" == "INIT" ]; then
    60. 

  60. 	Address="$(GetAddress)"
    61. 

  61. 	[ -n "$Address" ] || Address="0.0.0.0"
    62. 

  62. 	bash "${ConfigPath}/template/client.sh" -i "$Address"
    63. 

  63. 	[ "$?" -eq 0 ] || exit 1
    64. 

  64.   chown -R root:root "${ConfigPath}"
    65. 

  65.   chmod -R 755 "${ConfigPath}"
    66. 

  66.   if [ -d "/etc/systemd/system" ] && [ -f "${ConfigPath}/ocserv.service" ]; then
    67. 

  67.     systemctl stop ocserv.service >/dev/null 2>&1
    68. 

  68.     systemctl disable ocserv.service >/dev/null 2>&1
    69. 

  69.     cp -rf "${ConfigPath}/ocserv.service" "/etc/systemd/system/ocserv.service"
    70. 

  70.     chmod 755 "/etc/systemd/system/ocserv.service"
    71. 

  71.     systemctl daemon-reload >/dev/null 2>&1
    72. 

  72.     systemctl enable ocserv.service >/dev/null 2>&1
    73. 

  73.     systemctl start ocserv.service >/dev/null 2>&1
    74. 

  74.   fi
    75. 

  75.   GenPasswd;
    76. 

  76.   echo -e "\nPassword File: ${ConfigPath}/ocpasswd"
    77. 

  77.   echo -e "\nSet Password Command:\n\tbash ${ConfigPath}/ctl.sh passwd <PASSWORD>\n"
    78. 

  78.   echo -e "\nInitialization Complete! \n"
    79. 

  79.   exit 0
    80. 

  80. elif [ "$ARG" == "PASSWD" ]; then
    81. 

  81.   [ -n "$2" ] && GenPasswd "$2" && exit 0 || exit 1
    82. 

  82. fi
    83. 

  83. 

  84. Ether=`ip route show default |head -n1 |sed 's/.*dev\s*\([0-9a-zA-Z]\+\).*/\1/g'`
    85. 

  85. [ -n "$Ether" ] || exit 1
    86. 

  86. 

  87. [ -f "${ConfigPath}/group/NoRoute" ] && Address="$(GetAddress)" && [ -n "$Address" ] &&  sed -i "s/^no-route\s*=\s*.*\/255.255.255.255/no-route = ${Address}\/255.255.255.255/" "${ConfigPath}/group/NoRoute"
    88. 

  88. 

  89. IPTABLES "iptables -t nat -A POSTROUTING -o ${Ether} -j MASQUERADE"
    90. 

  90. [ -n "$NET" ] && IPTABLES "iptables -I FORWARD -d ${NET}/24 -j ACCEPT"
    91. 

  91. [ -n "$NET" ] && IPTABLES "iptables -I FORWARD -s ${NET}/24 -j ACCEPT"
    92. 

  92. IPTABLES "iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu"
    93. 

  93. [ -n "$NET" ] && IPTABLES "iptables -I OUTPUT -d ${NET}/24 -j ACCEPT"
    94. 

  94. [ -n "$NET" ] && IPTABLES "iptables -I INPUT -s ${NET}/24 -j ACCEPT"
    95. 

  95. [ -n "$TCP" ] && [ "$TCP" -gt "0" ] && IPTABLES "iptables -I INPUT -p tcp --dport ${TCP} -j ACCEPT"
    96. 

  96. [ -n "$UDP" ] && [ "$UDP" -gt "0" ] && IPTABLES "iptables -I INPUT -p udp --dport ${UDP} -j ACCEPT"
    97. 

  97. 

  98. 

  99. [ `cat /proc/sys/net/ipv4/ip_forward` != "1" ] && echo "1" >/proc/sys/net/ipv4/ip_forward
    100. 

  100. 

  101. exit 0
    102.