15 ($EUID, $UID) = ($UID, $EUID); # release ROOT, doesn't harm, if not suid |
15 ($EUID, $UID) = ($UID, $EUID); # release ROOT, doesn't harm, if not suid |
16 ($0) = ($0 =~ /([.\/\w-]+)/); # untaint $0 |
16 ($0) = ($0 =~ /([.\/\w-]+)/); # untaint $0 |
17 |
17 |
18 use constant ME => basename $0; |
18 use constant ME => basename $0; |
19 |
19 |
|
20 |
20 delete @ENV{ grep /PATH/, keys %ENV }; |
21 delete @ENV{ grep /PATH/, keys %ENV }; |
21 $ENV{PATH} = "/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/sbin:/bin"; |
22 $ENV{PATH} = "/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/sbin:/bin"; |
22 |
23 |
23 ### |
24 ### |
24 ### STEP 0 :: Verify that we have the necessary requirements. |
25 ### STEP 0 :: Verify that we have the necessary requirements. |
37 |
38 |
38 # Default values for the FQDN or IP of the FirePass we wish to connect to, the |
39 # Default values for the FQDN or IP of the FirePass we wish to connect to, the |
39 # name of our Network Access favorite, and our username/pasword. All of these |
40 # name of our Network Access favorite, and our username/pasword. All of these |
40 # can be passed as arguments, if desired. |
41 # can be passed as arguments, if desired. |
41 |
42 |
42 my $opt_user; |
43 my $opt_user = ""; |
43 my $opt_passcode; |
44 my $opt_passcode = ""; |
44 my $opt_host = 'connectwdf.sap.com'; |
45 my $opt_host = 'connectwdf.sap.com'; |
45 my $opt_name = 'SAP Network Access'; |
46 my $opt_name = 'SAP Network Access'; |
46 my $opt_linkname = basename $0; |
47 my $opt_linkname = basename $0; |
47 my $opt_help = 0; |
48 my $opt_help = 0; |
48 my $opt_man = 0; |
49 my $opt_man = 0; |
49 my @ppp_opts = (); |
50 my @ppp_opts = (); |
50 my $opt_debug = 0; |
51 my $opt_debug = 0; |
51 my $opt_verbose = 0; |
52 my $opt_verbose = 0; |
52 my $opt_script; |
53 my $opt_script = undef; |
53 my $opt_ppp = 1; |
54 my $opt_ppp = 1; |
54 my $opt_kill = 0; |
55 my $opt_kill = undef; |
55 |
56 |
56 sub untaint(;$) { |
57 sub untaint(;$) { |
57 my $ref = @_ ? \$_[0] : \$_; |
58 my $ref = @_ ? \$_[0] : \$_; |
|
59 return $$ref if not defined $$ref; |
58 my ($x) = ($$ref =~ /([\/\w.-]+)/i); |
60 my ($x) = ($$ref =~ /([\/\w.-]+)/i); |
59 return $$ref = $$ref eq $x ? $x : undef; |
61 return $$ref = (defined $x and $$ref eq $x) ? $x : undef; |
60 } |
62 } |
61 |
63 |
62 sub verbose(@) { print STDERR @_ if $opt_verbose } |
64 sub verbose(@) { print STDERR @_ if $opt_verbose } |
63 sub debug(@) { warn @_ if $opt_debug } |
65 sub debug(@) { warn @_ if $opt_debug } |
64 sub do_kill($); |
66 sub do_kill($); |
99 if not $EUID == 0 || $UID == 0; |
101 if not $EUID == 0 || $UID == 0; |
100 |
102 |
101 exit do_kill($opt_linkname) if $opt_kill; |
103 exit do_kill($opt_linkname) if $opt_kill; |
102 |
104 |
103 untaint($opt_user) |
105 untaint($opt_user) |
104 or die ME . ": username \"$opt_user\" didn't pass verification\n"; |
106 or die ME . ": username didn't pass verification\n"; |
105 |
107 |
106 if (not defined $opt_passcode) { |
108 if (not defined $opt_passcode) { |
107 chomp(my $settings = qx{stty "-g"}); |
109 chomp(my $settings = qx{stty "-g"}); |
108 open(IN, "/dev/tty") or die ME . ": Can't open /dev/tty: $!\n"; |
110 open(IN, "/dev/tty") or die ME . ": Can't open /dev/tty: $!\n"; |
109 print "Passcode for $opt_user: "; |
111 print "Passcode for $opt_user: "; |
298 =head1 SYNOPSIS |
300 =head1 SYNOPSIS |
299 |
301 |
300 sap-vpn [-d|--debug] [-v|--verbose] [--[no]ppp] |
302 sap-vpn [-d|--debug] [-v|--verbose] [--[no]ppp] |
301 [-o|--opt <ppp option>] |
303 [-o|--opt <ppp option>] |
302 [-l|--linkname <link name>] |
304 [-l|--linkname <link name>] |
303 [-u|--user <user>] [-p|--passcode <passcode>] |
|
304 [-H|--host <host>] |
305 [-H|--host <host>] |
305 [-s|--script <script>] |
306 [-s|--script <script>] |
|
307 -u|--user <user> -p|--passcode <passcode> |
306 |
308 |
307 sap-vpn [-l|--linkname <link name>] -k|--kill |
309 sap-vpn [-l|--linkname <link name>] -k|--kill |
308 |
310 |
309 sap-vpn [-h|--help] |
311 sap-vpn [-h|--help] |
310 sap-vpn [-m|--man] |
312 sap-vpn [-m|--man] |
361 B<Note:> The C<nodefaultroute> is set automatically. |
363 B<Note:> The C<nodefaultroute> is set automatically. |
362 |
364 |
363 =item B<-p>|B<--passcode> I<passcode> |
365 =item B<-p>|B<--passcode> I<passcode> |
364 |
366 |
365 Your passcode, if not supplied, F</dev/tty> is opened for reading |
367 Your passcode, if not supplied, F</dev/tty> is opened for reading |
366 the passcode. (no default) |
368 the passcode. Not really optional. (no default) |
367 |
369 |
368 =item B<--[no]ppp> |
370 =item B<--[no]ppp> |
369 |
371 |
370 Start (don't start) the PPP daemon. This option is for debugging purpose |
372 Start (don't start) the PPP daemon. This option is for debugging purpose |
371 only. (default: on) |
373 only. (default: on) |