Home | History | Annotate | Download | only in test-scripts
      1 #!/usr/bin/python
      2 #
      3 # Copyright (C) 2011 The Android Open Source Project
      4 #
      5 # Licensed under the Apache License, Version 2.0 (the "License");
      6 # you may not use this file except in compliance with the License.
      7 # You may obtain a copy of the License at
      8 #
      9 #      http://www.apache.org/licenses/LICENSE-2.0
     10 #
     11 # Unless required by applicable law or agreed to in writing, software
     12 # distributed under the License is distributed on an "AS IS" BASIS,
     13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     14 # See the License for the specific language governing permissions and
     15 # limitations under the License.
     16 #
     17 
     18 import optparse
     19 import pprint, sys
     20 import dbus, flimflam
     21 
     22 def show_usage(parser, vpn_type):
     23     parser.error("Incorrect number of parameters provided for %s" % vpn_type)
     24 
     25 def main(argv):
     26     parser = optparse.OptionParser(
     27         "%prog [options]... (OpenVPN | L2TPIPSEC)\n"
     28         "\n"
     29         "   OpenVPN            := openvpn NetworkID Certificates\n"
     30         "\n"
     31         "   L2TPIPSEC          := (L2PSK | L2Cert)\n"
     32         "     L2Cert           := l2tpipsec-cert NetworkID "
     33         "CertificatesPkcs11 L2TPInfo\n"
     34         "     L2PSK            := l2tpipsec-psk NetworkID PSKInfo L2TPInfo\n"
     35         "\n"
     36         "   NetworkID          := <vpn-name> <remote-host-ip> <vpn-domain>\n"
     37         "   Certificates       := <ca-cert> <client-cert> <client-key>\n"
     38         "   CertificatesPkcs11 := <ca-nickname> <client-cert-slot> "
     39         "<client-cert-id> <user-PIN>\n"
     40         "   PSKInfo            := <psk>\n"
     41         "   L2TPInfo           := <chap-username> <chap-password>\n"
     42         )
     43     parser.add_option("--verbose",
     44                       dest    = "verbose",
     45                       action  = "store_true",
     46                       default = False,
     47                       help    = "Output diagnostic information during run.")
     48     parser.add_option("--complzo",
     49                       dest    = "complzo",
     50                       action  = "store_true",
     51                       default = True,
     52                       help    = ("Enables the OpenVPN option 'complzo' "
     53                                  "(default).  "
     54                                  "Ignored when not 'OpenVPN'."))
     55     parser.add_option("--no-complzo",
     56                       dest    = "complzo",
     57                       action  = "store_false",
     58                       help    = ("Disables the OpenVPN option 'complzo'.  "
     59                                  "Ignored when not 'OpenVPN'."))
     60     parser.add_option("--mgmtena",
     61                       dest    = "mgmtena",
     62                       action  = "store_true",
     63                       default = False,
     64                       help    = ("Enable the OpenVPN management ctl channel "
     65                                  "(default false).  "
     66                                  "Ignored when not 'OpenVPN'."))
     67     parser.add_option("--remote-cert-tls",
     68                       dest    = "remote_cert_tls",
     69                       action  = "store",
     70                       default = "server",
     71                       type    = "string",
     72                       metavar = "(server | client | none)",
     73                       help    = ("This is passed through to OpenVPN when "
     74                                  "not 'none'.  "
     75                                  "Ignored when not 'OpenVPN'."))
     76     parser.add_option("--tunnel-group",
     77                       dest    = "tunnel_group",
     78                       action  = "store",
     79                       default = "",
     80                       help    = ("Provide a tunnel group parameter to "
     81                                  "l2tpipsec links.  "
     82                                  "Ignored when not 'L2TPIPSec'."))
     83 
     84     (options, args) = parser.parse_args(argv[1:])
     85 
     86     if (len(args) > 1):
     87         vpn_type = args[0]
     88         params = { "Type" : "vpn" }
     89 
     90         if vpn_type == "openvpn":
     91             if (len(args) == 7):
     92                 params["Provider.Type"]  = "openvpn"
     93                 params["Name"]  = args[1]
     94                 params["Provider.Host"]  = args[2]
     95                 params["VPN.Domain"]     = args[3]
     96                 params["OpenVPN.CACert"] = args[4]
     97                 params["OpenVPN.Cert"]   = args[5]
     98                 params["OpenVPN.Key"]    = args[6]
     99 
    100                 if options.complzo: # "complzo" can only be enabled.
    101                     params["OpenVPN.CompLZO"] = "true"
    102 
    103                 if options.mgmtena: # enable management control channel
    104                     params["OpenVPN.Mgmt.Enable"] = "true"
    105 
    106                 if (options.remote_cert_tls != "server" and
    107                     options.remote_cert_tls != "client" and
    108                     options.remote_cert_tls != "none"):
    109                     print("\n--remote-cert-tls argument ('%s') "
    110                           "is invalid.\n" % options.remote_cert_tls)
    111                     sys.exit(1)
    112 
    113                 params["OpenVPN.RemoteCertTLS"] = options.remote_cert_tls
    114             else:
    115                 show_usage(parser, vpn_type)
    116         elif (vpn_type == "l2tpipsec-cert" or
    117               vpn_type == "l2tpipsec-psk"):
    118             if len(args) > 4:
    119                 params["Provider.Type"] = "l2tpipsec"
    120                 params["Name"] = args[1]
    121                 params["Provider.Host"] = args[2]
    122                 params["VPN.Domain"] = args[3]
    123                 if vpn_type == "l2tpipsec-cert" and len(args) == 10:
    124                     params["L2TPIPsec.CACertPEM"] = [ args[4] ]
    125                     params["L2TPIPsec.ClientCertSlot"] = args[5]
    126                     params["L2TPIPsec.ClientCertID"] = args[6]
    127                     params["L2TPIPsec.PIN"] = args[7]
    128                     params["L2TPIPsec.PSK"] = ""
    129                     params["L2TPIPsec.User"] = args[8]
    130                     params["L2TPIPsec.Password"] = args[9]
    131                 elif vpn_type == "l2tpipsec-psk" and len(args) == 7:
    132                     params["L2TPIPsec.CACertPEM"] = []
    133                     params["L2TPIPsec.ClientCertSlot"] = ""
    134                     params["L2TPIPsec.ClientCertID"] = ""
    135                     params["L2TPIPsec.PIN"] = ""
    136                     params["L2TPIPsec.PSK"] = args[4]
    137                     params["L2TPIPsec.User"] = args[5]
    138                     params["L2TPIPsec.Password"] = args[6]
    139                 else:
    140                     show_usage(parser, vpn_type)
    141                 params["L2TPIPsec.TunnelGroup"] = options.tunnel_group
    142             else:
    143                 show_usage(parser, vpn_type)
    144         else:
    145             print "Unknown VPN type: '%s'" % vpn_type
    146             sys.exit(1)
    147 
    148         if options.verbose:
    149             print "\nVPN Startup Parameters:\n"
    150             for k, v in params.iteritems():
    151                 print "  %25s: '%s'" % (k, v)
    152             print ""
    153 
    154         flim    = flimflam.FlimFlam(dbus.SystemBus())
    155         service = flim.GetService(params)
    156 
    157         if options.verbose == "true":
    158             print "VPN is %s, connecting..." % service.object_path
    159 
    160         (success, diagnostics) = flim.ConnectService(service_type = "vpn",
    161                                                      service = service,
    162                                                      assoc_timeout = 60)
    163         if not success or options.verbose:
    164             print "Success:", success
    165             pprint.pprint(diagnostics)
    166 
    167         if not success:
    168             sys.exit(1)
    169     else:
    170         parser.print_help()
    171         sys.exit(1)
    172 
    173 if __name__ == '__main__':
    174     main(sys.argv)
    175