sap-vpn.pl
changeset 10 13b84a92a65a
parent 9 b8eabdc8e452
child 11 16e6b1683c63
equal deleted inserted replaced
9:b8eabdc8e452 10:13b84a92a65a
    15 ($EUID, $UID) = ($UID, $EUID);    # release ROOT, doesn't harm, if not suid
    15 ($EUID, $UID) = ($UID, $EUID);    # release ROOT, doesn't harm, if not suid
    16 ($0) = ($0 =~ /([.\/\w-]+)/);     # untaint $0
    16 ($0) = ($0 =~ /([.\/\w-]+)/);     # untaint $0
    17 
    17 
    18 use constant ME => basename $0;
    18 use constant ME => basename $0;
    19 
    19 
       
    20 
    20 delete @ENV{ grep /PATH/, keys %ENV };
    21 delete @ENV{ grep /PATH/, keys %ENV };
    21 $ENV{PATH} = "/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/sbin:/bin";
    22 $ENV{PATH} = "/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/sbin:/bin";
    22 
    23 
    23 ###
    24 ###
    24 ### STEP 0 :: Verify that we have the necessary requirements.
    25 ### STEP 0 :: Verify that we have the necessary requirements.
    37 
    38 
    38 # Default values for the FQDN or IP of the FirePass we wish to connect to, the
    39 # Default values for the FQDN or IP of the FirePass we wish to connect to, the
    39 # name of our Network Access favorite, and our username/pasword.  All of these
    40 # name of our Network Access favorite, and our username/pasword.  All of these
    40 # can be passed as arguments, if desired.
    41 # can be passed as arguments, if desired.
    41 
    42 
    42 my $opt_user;
    43 my $opt_user     = "";
    43 my $opt_passcode;
    44 my $opt_passcode = "";
    44 my $opt_host     = 'connectwdf.sap.com';
    45 my $opt_host     = 'connectwdf.sap.com';
    45 my $opt_name     = 'SAP Network Access';
    46 my $opt_name     = 'SAP Network Access';
    46 my $opt_linkname = basename $0;
    47 my $opt_linkname = basename $0;
    47 my $opt_help     = 0;
    48 my $opt_help     = 0;
    48 my $opt_man      = 0;
    49 my $opt_man      = 0;
    49 my @ppp_opts     = ();
    50 my @ppp_opts     = ();
    50 my $opt_debug    = 0;
    51 my $opt_debug    = 0;
    51 my $opt_verbose  = 0;
    52 my $opt_verbose  = 0;
    52 my $opt_script;
    53 my $opt_script   = undef;
    53 my $opt_ppp  = 1;
    54 my $opt_ppp      = 1;
    54 my $opt_kill = 0;
    55 my $opt_kill     = undef;
    55 
    56 
    56 sub untaint(;$) {
    57 sub untaint(;$) {
    57     my $ref = @_ ? \$_[0] : \$_;
    58     my $ref = @_ ? \$_[0] : \$_;
       
    59     return $$ref if not defined $$ref;
    58     my ($x) = ($$ref =~ /([\/\w.-]+)/i);
    60     my ($x) = ($$ref =~ /([\/\w.-]+)/i);
    59     return $$ref = $$ref eq $x ? $x : undef;
    61     return $$ref = (defined $x and $$ref eq $x) ? $x : undef;
    60 }
    62 }
    61 
    63 
    62 sub verbose(@) { print STDERR @_ if $opt_verbose }
    64 sub verbose(@) { print STDERR @_ if $opt_verbose }
    63 sub debug(@)   { warn @_         if $opt_debug }
    65 sub debug(@)   { warn @_         if $opt_debug }
    64 sub do_kill($);
    66 sub do_kill($);
    99       if not $EUID == 0 || $UID == 0;
   101       if not $EUID == 0 || $UID == 0;
   100 
   102 
   101     exit do_kill($opt_linkname) if $opt_kill;
   103     exit do_kill($opt_linkname) if $opt_kill;
   102 
   104 
   103     untaint($opt_user)
   105     untaint($opt_user)
   104       or die ME . ": username \"$opt_user\" didn't pass verification\n";
   106       or die ME . ": username didn't pass verification\n";
   105 
   107 
   106     if (not defined $opt_passcode) {
   108     if (not defined $opt_passcode) {
   107         chomp(my $settings = qx{stty "-g"});
   109         chomp(my $settings = qx{stty "-g"});
   108         open(IN, "/dev/tty") or die ME . ": Can't open /dev/tty: $!\n";
   110         open(IN, "/dev/tty") or die ME . ": Can't open /dev/tty: $!\n";
   109         print "Passcode for $opt_user: ";
   111         print "Passcode for $opt_user: ";
   298 =head1 SYNOPSIS
   300 =head1 SYNOPSIS
   299 
   301 
   300  sap-vpn [-d|--debug] [-v|--verbose] [--[no]ppp] 
   302  sap-vpn [-d|--debug] [-v|--verbose] [--[no]ppp] 
   301      [-o|--opt <ppp option>]
   303      [-o|--opt <ppp option>]
   302      [-l|--linkname <link name>]
   304      [-l|--linkname <link name>]
   303      [-u|--user <user>] [-p|--passcode <passcode>]
       
   304      [-H|--host <host>]
   305      [-H|--host <host>]
   305      [-s|--script <script>]
   306      [-s|--script <script>]
       
   307      -u|--user <user> -p|--passcode <passcode>
   306 
   308 
   307  sap-vpn [-l|--linkname <link name>] -k|--kill
   309  sap-vpn [-l|--linkname <link name>] -k|--kill
   308 
   310 
   309  sap-vpn [-h|--help]
   311  sap-vpn [-h|--help]
   310  sap-vpn [-m|--man]
   312  sap-vpn [-m|--man]
   361 B<Note:> The C<nodefaultroute> is set automatically.
   363 B<Note:> The C<nodefaultroute> is set automatically.
   362 
   364 
   363 =item B<-p>|B<--passcode> I<passcode>
   365 =item B<-p>|B<--passcode> I<passcode>
   364 
   366 
   365 Your passcode, if not supplied, F</dev/tty> is opened for reading
   367 Your passcode, if not supplied, F</dev/tty> is opened for reading
   366 the passcode. (no default)
   368 the passcode. Not really optional. (no default)
   367 
   369 
   368 =item B<--[no]ppp>
   370 =item B<--[no]ppp>
   369 
   371 
   370 Start (don't start) the PPP daemon. This option is for debugging purpose
   372 Start (don't start) the PPP daemon. This option is for debugging purpose
   371 only. (default: on)
   373 only. (default: on)