shill/test-scripts/connect-vpn - mirrors/cros/chromiumos/platform2 - Git at Google

 #!/usr/bin/env python3
 # Copyright 2018 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 from __future__ import print_function

 import optparse
 import pprint
 import sys

 import dbus
 import flimflam


 def show_usage(parser, vpn_type):
     parser.error('Incorrect number of parameters provided for %s' % vpn_type)


 def main(argv):
     parser = optparse.OptionParser(
         '%prog [options]... (OpenVPN | L2TPIPSEC)\n'
         '\n'
         '   OpenVPN            := openvpn NetworkID Certificates\n'
         '\n'
         '   L2TPIPSEC          := (L2PSK | L2Cert)\n'
         '     L2Cert           := l2tpipsec-cert NetworkID '
         'CertificatesPkcs11 L2TPInfo\n'
         '     L2PSK            := l2tpipsec-psk NetworkID PSKInfo L2TPInfo\n'
         '\n'
         '   NetworkID          := <vpn-name> <remote-host-ip> <vpn-domain>\n'
         '   Certificates       := <ca-cert> <client-cert> <client-key>\n'
         '   CertificatesPkcs11 := <ca-nickname> <client-cert-slot> '
         '<client-cert-id> <user-PIN>\n'
         '   PSKInfo            := <psk>\n'
         '   L2TPInfo           := <chap-username> <chap-password>\n'
     )
     parser.add_option('--verbose',
                       action='store_true',
                       default=False,
                       help='Output diagnostic information during run.')
     parser.add_option('--complzo',
                       action='store_true',
                       default=True,
                       help="Enables the OpenVPN option 'complzo' (default).  "
                            "Ignored when not 'OpenVPN'.")
     parser.add_option('--no-complzo',
                       dest='complzo',
                       action='store_false',
                       help="Disables the OpenVPN option 'complzo'.  "
                            "Ignored when not 'OpenVPN'.")
     parser.add_option('--mgmtena',
                       action='store_true',
                       default=False,
                       help='Enable the OpenVPN management ctl channel '
                            '(default false).  '
                            "Ignored when not 'OpenVPN'.")
     parser.add_option('--remote-cert-tls',
                       action='store',
                       default='server',
                       type='string',
                       metavar='(server | client | none)',
                       help='This is passed through to OpenVPN when '
                            "not 'none'.  "
                            "Ignored when not 'OpenVPN'.")
     parser.add_option('--tunnel-group',
                       action='store',
                       default='',
                       help='Provide a tunnel group parameter to '
                             'l2tpipsec links.  '
                             "Ignored when not 'L2TPIPSec'.")

     (options, args) = parser.parse_args(argv[1:])

     if len(args) > 1:
         vpn_type = args[0]
         params = {'Type': 'vpn'}

         if vpn_type == 'openvpn':
             if len(args) == 7:
                 params['Provider.Type'] = 'openvpn'
                 params['Name'] = args[1]
                 params['Provider.Host'] = args[2]
                 params['VPN.Domain'] = args[3]
                 params['OpenVPN.CACert'] = args[4]
                 params['OpenVPN.Cert'] = args[5]
                 params['OpenVPN.Key'] = args[6]

                 if options.complzo:  # "complzo" can only be enabled.
                     params['OpenVPN.CompLZO'] = 'true'

                 if options.mgmtena:  # enable management control channel
                     params['OpenVPN.Mgmt.Enable'] = 'true'

                 if (options.remote_cert_tls != 'server' and
                     options.remote_cert_tls != 'client' and
                         options.remote_cert_tls != 'none'):
                     print("\n--remote-cert-tls argument ('%s') "
                           'is invalid.\n' % options.remote_cert_tls)
                     sys.exit(1)

                 params['OpenVPN.RemoteCertTLS'] = options.remote_cert_tls
             else:
                 show_usage(parser, vpn_type)
         elif (vpn_type == 'l2tpipsec-cert' or
               vpn_type == 'l2tpipsec-psk'):
             if len(args) > 4:
                 params['Provider.Type'] = 'l2tpipsec'
                 params['Name'] = args[1]
                 params['Provider.Host'] = args[2]
                 params['VPN.Domain'] = args[3]
                 if vpn_type == 'l2tpipsec-cert' and len(args) == 10:
                     params['L2TPIPsec.CACertPEM'] = [args[4]]
                     params['L2TPIPsec.ClientCertSlot'] = args[5]
                     params['L2TPIPsec.ClientCertID'] = args[6]
                     params['L2TPIPsec.PIN'] = args[7]
                     params['L2TPIPsec.PSK'] = ''
                     params['L2TPIPsec.User'] = args[8]
                     params['L2TPIPsec.Password'] = args[9]
                 elif vpn_type == 'l2tpipsec-psk' and len(args) == 7:
                     params['L2TPIPsec.CACertPEM'] = []
                     params['L2TPIPsec.ClientCertSlot'] = ''
                     params['L2TPIPsec.ClientCertID'] = ''
                     params['L2TPIPsec.PIN'] = ''
                     params['L2TPIPsec.PSK'] = args[4]
                     params['L2TPIPsec.User'] = args[5]
                     params['L2TPIPsec.Password'] = args[6]
                 else:
                     show_usage(parser, vpn_type)
                 params['L2TPIPsec.TunnelGroup'] = options.tunnel_group
             else:
                 show_usage(parser, vpn_type)
         else:
             print("Unknown VPN type: '%s'" % vpn_type)
             sys.exit(1)

         if options.verbose:
             print('\nVPN Startup Parameters:\n')
             for k, v in params.iteritems():
                 print("  %25s: '%s'" % (k, v))
             print('')

         flim = flimflam.FlimFlam(dbus.SystemBus())
         service = flim.GetService(params)

         if options.verbose == 'true':
             print('VPN is %s, connecting...' % service.object_path)

         (success, diagnostics) = flim.ConnectService(service_type='vpn',
                                                      service=service,
                                                      assoc_timeout=60)
         if not success or options.verbose:
             print('Success:', success)
             pprint.pprint(diagnostics)

         if not success:
             sys.exit(1)
     else:
         parser.print_help()
         sys.exit(1)


 if __name__ == '__main__':
     main(sys.argv)
	#!/usr/bin/env python3
	# Copyright 2018 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	from __future__ import print_function

	import optparse
	import pprint
	import sys

	import dbus
	import flimflam


	def show_usage(parser, vpn_type):
	parser.error('Incorrect number of parameters provided for %s' % vpn_type)


	def main(argv):
	parser = optparse.OptionParser(
	'%prog [options]... (OpenVPN \| L2TPIPSEC)\n'
	'\n'
	' OpenVPN := openvpn NetworkID Certificates\n'
	'\n'
	' L2TPIPSEC := (L2PSK \| L2Cert)\n'
	' L2Cert := l2tpipsec-cert NetworkID '
	'CertificatesPkcs11 L2TPInfo\n'
	' L2PSK := l2tpipsec-psk NetworkID PSKInfo L2TPInfo\n'
	'\n'
	' NetworkID := <vpn-name> <remote-host-ip> <vpn-domain>\n'
	' Certificates := <ca-cert> <client-cert> <client-key>\n'
	' CertificatesPkcs11 := <ca-nickname> <client-cert-slot> '
	'<client-cert-id> <user-PIN>\n'
	' PSKInfo := <psk>\n'
	' L2TPInfo := <chap-username> <chap-password>\n'
	)
	parser.add_option('--verbose',
	action='store_true',
	default=False,
	help='Output diagnostic information during run.')
	parser.add_option('--complzo',
	action='store_true',
	default=True,
	help="Enables the OpenVPN option 'complzo' (default). "
	"Ignored when not 'OpenVPN'.")
	parser.add_option('--no-complzo',
	dest='complzo',
	action='store_false',
	help="Disables the OpenVPN option 'complzo'. "
	"Ignored when not 'OpenVPN'.")
	parser.add_option('--mgmtena',
	action='store_true',
	default=False,
	help='Enable the OpenVPN management ctl channel '
	'(default false). '
	"Ignored when not 'OpenVPN'.")
	parser.add_option('--remote-cert-tls',
	action='store',
	default='server',
	type='string',
	metavar='(server \| client \| none)',
	help='This is passed through to OpenVPN when '
	"not 'none'. "
	"Ignored when not 'OpenVPN'.")
	parser.add_option('--tunnel-group',
	action='store',
	default='',
	help='Provide a tunnel group parameter to '
	'l2tpipsec links. '
	"Ignored when not 'L2TPIPSec'.")

	(options, args) = parser.parse_args(argv[1:])

	if len(args) > 1:
	vpn_type = args[0]
	params = {'Type': 'vpn'}

	if vpn_type == 'openvpn':
	if len(args) == 7:
	params['Provider.Type'] = 'openvpn'
	params['Name'] = args[1]
	params['Provider.Host'] = args[2]
	params['VPN.Domain'] = args[3]
	params['OpenVPN.CACert'] = args[4]
	params['OpenVPN.Cert'] = args[5]
	params['OpenVPN.Key'] = args[6]

	if options.complzo: # "complzo" can only be enabled.
	params['OpenVPN.CompLZO'] = 'true'

	if options.mgmtena: # enable management control channel
	params['OpenVPN.Mgmt.Enable'] = 'true'

	if (options.remote_cert_tls != 'server' and
	options.remote_cert_tls != 'client' and
	options.remote_cert_tls != 'none'):
	print("\n--remote-cert-tls argument ('%s') "
	'is invalid.\n' % options.remote_cert_tls)
	sys.exit(1)

	params['OpenVPN.RemoteCertTLS'] = options.remote_cert_tls
	else:
	show_usage(parser, vpn_type)
	elif (vpn_type == 'l2tpipsec-cert' or
	vpn_type == 'l2tpipsec-psk'):
	if len(args) > 4:
	params['Provider.Type'] = 'l2tpipsec'
	params['Name'] = args[1]
	params['Provider.Host'] = args[2]
	params['VPN.Domain'] = args[3]
	if vpn_type == 'l2tpipsec-cert' and len(args) == 10:
	params['L2TPIPsec.CACertPEM'] = [args[4]]
	params['L2TPIPsec.ClientCertSlot'] = args[5]
	params['L2TPIPsec.ClientCertID'] = args[6]
	params['L2TPIPsec.PIN'] = args[7]
	params['L2TPIPsec.PSK'] = ''
	params['L2TPIPsec.User'] = args[8]
	params['L2TPIPsec.Password'] = args[9]
	elif vpn_type == 'l2tpipsec-psk' and len(args) == 7:
	params['L2TPIPsec.CACertPEM'] = []
	params['L2TPIPsec.ClientCertSlot'] = ''
	params['L2TPIPsec.ClientCertID'] = ''
	params['L2TPIPsec.PIN'] = ''
	params['L2TPIPsec.PSK'] = args[4]
	params['L2TPIPsec.User'] = args[5]
	params['L2TPIPsec.Password'] = args[6]
	else:
	show_usage(parser, vpn_type)
	params['L2TPIPsec.TunnelGroup'] = options.tunnel_group
	else:
	show_usage(parser, vpn_type)
	else:
	print("Unknown VPN type: '%s'" % vpn_type)
	sys.exit(1)

	if options.verbose:
	print('\nVPN Startup Parameters:\n')
	for k, v in params.iteritems():
	print(" %25s: '%s'" % (k, v))
	print('')

	flim = flimflam.FlimFlam(dbus.SystemBus())
	service = flim.GetService(params)

	if options.verbose == 'true':
	print('VPN is %s, connecting...' % service.object_path)

	(success, diagnostics) = flim.ConnectService(service_type='vpn',
	service=service,
	assoc_timeout=60)
	if not success or options.verbose:
	print('Success:', success)
	pprint.pprint(diagnostics)

	if not success:
	sys.exit(1)
	else:
	parser.print_help()
	sys.exit(1)


	if __name__ == '__main__':
	main(sys.argv)