OpenConnect FreeBSD rc script

openconnect

#!/bin/sh
# $Id$
#
# $FreeBSD$
#
# PROVIDE: openconnect
# REQUIRE: NETWORKING
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf to enable openconnect
# openconnect_enable (bool):          Set to "NO" by default.
#                                     Set it to "YES" to enable openconnect.
# openconnect_services (str):         Space separated list of VPN services
# openconnect_startup (str):          Space separated list of VPN services
#                                     established on startup
# openconnect_<service>_host (str):   VPN service host name
# openconnect_<service>_user (str):   User account to run with.
# openconnect_<service>_args (str):   Additional flags for openconnect.
# openconnect_<service>_cmd  (str):   Command to fetch second password (aka OTP)
#
# Passwords must be specified into /usr/local/etc/openconnect/pwd_<service> file
#

. /etc/rc.subr

name="openconnect"
rcvar="openconnect_enable"

extra_commands="status"
pidbase="/var/run/openconnect"
passwdbase="/usr/local/etc/openconnect/pwd"
daemon_cmd="/usr/sbin/daemon"
exec_cmd="/usr/local/sbin/openconnect"

start_cmd="openconnect_start"
status_cmd="openconnect_status"
stop_cmd="openconnect_stop"

openconnect_start()
{
	local host user args vpnservice daemonpid vpnservicepid pwdfile
	for vpnservice in ${openconnect_startup}; do
		daemonpid="${pidbase}_${vpnservice}_daemon.pid"
		vpnservicepid="${pidbase}_${vpnservice}.pid"
		pwdfile="${passwdbase}_${vpnservice}"
		chmod 600 ${pwdfile}
		eval host="\${openconnect_${vpnservice}_host:-${openconnect_host}}"
                eval user="\${openconnect_${vpnservice}_user:-${openconnect_user}}"
		eval args="\${openconnect_${vpnservice}_args:-${openconnect_args}}"
		eval pwdcmd="\${openconnect_${vpnservice}_cmd:-${openconnect_pwdcmd}}"
		
		${daemon_cmd} -t ${vpnservice} -R 15 -f -P ${daemonpid} -p ${vpnservicepid} /bin/sh -c "(/bin/cat ${pwdfile}; ${pwdcmd}) | ${exec_cmd} -vl -u ${user} ${args} ${host} --passwd-on-stdin "
	done
}

openconnect_status()
{
	local vpnservice pid daemonpid vpnservicepid
	/usr/bin/printf "%25s %s\n" "VPN service" "Status"
	/usr/bin/printf "%25s %s\n" "------------------------" "------------"
	for vpnservice in ${openconnect_services}; do
		daemonpid="${pidbase}_${vpnservice}_daemon.pid"
		vpnservicepid="${pidbase}_${vpnservice}.pid"
		pid=$(check_pidfile $daemonpid $daemon_cmd)
		if [ -n "${pid}" ]; then
			/usr/bin/printf "%25s %s\n" "${vpnservice}" "Running ${pid}"
		else 
			/usr/bin/printf "%25s %s\n" "${vpnservice}" "Stopped"
		fi
	done
}

openconnect_stop() 
{
	local vpnservice pid daemonpid vpnservicepid
	for vpnservice in ${openconnect_services}; do
		daemonpid="${pidbase}_${vpnservice}_daemon.pid"
		vpnservicepid="${pidbase}_${vpnservice}.pid"
		pid=$(check_pidfile $daemonpid $daemon_cmd)
		if [ -n "${pid}" ]; then
			kill ${pid}
		fi
		pid=$(check_pidfile $vpnservicepid $exec_cmd)
		if [ -n "${pid}" ]; then
			kill ${pid}
		fi
	done
}

load_rc_config $name
: ${openconnect_enable="NO"}
: ${openconnect_services=""}
: ${openconnect_startup=""}

cmd_arg="$1" ; shift

if [ -n "$*" ]; then
    openconnect_startup="$*"
    openconnect_services="$*"
fi

run_rc_command "${cmd_arg}"