ovpnmcgen.rb 0.3.0 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/.travis.yml +1 -1
- data/ChangeLog +4 -0
- data/README.md +7 -0
- data/bin/ovpnmcgen.rb +41 -18
- data/features/gen_basic.feature +4 -0
- data/features/gen_configfile.feature +129 -0
- data/features/step_definitions/env.rb +3 -0
- data/lib/ovpnmcgen.rb +8 -1
- data/lib/ovpnmcgen/config.rb +22 -0
- data/lib/ovpnmcgen/version.rb +1 -1
- data/ovpnmcgen.rb.gemspec +1 -0
- metadata +27 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 46fbf55958e663b0d989719e018d03c02e09a5ba
|
4
|
+
data.tar.gz: c8c37d5b2ed29586c50e35fbf4de216ec2a72d77
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1590088cd9aee76d9334e554d68aae6daafd97b0eb4d109403af03dbbf40972690c82fac0b30b15f7ed2942d382cf117f970b43f49622e00136ab5b5e6ae963e
|
7
|
+
data.tar.gz: a611b7db6ed827eca83605df6087bbcf1754b87865fbdd4eda0bf012ab42f5a7fe6c8b10e451e7c16873d699e1f04c7efb3687036ff26bb80d8082458709988c
|
data/.gitignore
CHANGED
data/.travis.yml
CHANGED
data/ChangeLog
CHANGED
@@ -1,3 +1,7 @@
|
|
1
|
+
= 0.4.0 / 2014-05-04
|
2
|
+
* VoD rules in `--[un]trusted-ssids` to also use `InterfaceTypeMatch`.
|
3
|
+
* Added support for configuration persistance, via ENV or ~/.ovpnmcgen.rb.yml or `--config` flag.
|
4
|
+
|
1
5
|
= 0.3.0 / 2014-05-04
|
2
6
|
* Documentation updates.
|
3
7
|
* Added support for `URLStringProbe`, via `--url-probe`.
|
data/README.md
CHANGED
@@ -44,6 +44,7 @@ Build and install the gem:
|
|
44
44
|
Usage: ovpnmcgen.rb generate [options] <user> <device>
|
45
45
|
|
46
46
|
Options:
|
47
|
+
-c, --config FILE Specify path to config file. [Default: .ovpnmcgen.rb.yml]
|
47
48
|
--cafile FILE Path to OpenVPN CA file. (Required)
|
48
49
|
--tafile FILE Path to TLS-Auth Key file.
|
49
50
|
--host HOSTNAME Hostname of OpenVPN server. (Required)
|
@@ -63,6 +64,12 @@ Usage: ovpnmcgen.rb generate [options] <user> <device>
|
|
63
64
|
-o, --output FILE Output to file. [Default: stdout]
|
64
65
|
```
|
65
66
|
|
67
|
+
### Configuration
|
68
|
+
|
69
|
+
Option flags can be set using environment variables or placed into a YAML formatted file. The default filename `.ovpnmcgen.rb.yml` will be searched for in `./`, and then `~/`.
|
70
|
+
|
71
|
+
Note: Only for YAML configuration files and environment variables, flags with hyphens (-) are replaced with underscores (_), i.e. `--trusted-ssids safe` should be `trusted_ssids: safe`.
|
72
|
+
|
66
73
|
### Security Levels
|
67
74
|
|
68
75
|
There are three different security levels to choose from, 'paranoid', 'high' (default), and 'medium'. The algorithm illustrated above is for 'high'.
|
data/bin/ovpnmcgen.rb
CHANGED
@@ -2,6 +2,7 @@
|
|
2
2
|
|
3
3
|
require 'ovpnmcgen'
|
4
4
|
require 'commander/import'
|
5
|
+
require 'ovpnmcgen/config'
|
5
6
|
|
6
7
|
program :version, Ovpnmcgen::VERSION
|
7
8
|
program :description, Ovpnmcgen::SUMMARY
|
@@ -9,7 +10,7 @@ program :help, 'Usage', 'ovpnmcgen.rb <command> [options] <args...>'
|
|
9
10
|
program :help_formatter, :compact
|
10
11
|
default_command :help
|
11
12
|
never_trace!
|
12
|
-
|
13
|
+
global_option '-c', '--config FILE', 'Specify path to config file. [Default: .ovpnmcgen.rb.yml]'
|
13
14
|
|
14
15
|
command :generate do |c|
|
15
16
|
c.syntax = 'ovpnmcgen.rb generate [options] <user> <device>'
|
@@ -37,31 +38,53 @@ command :generate do |c|
|
|
37
38
|
c.option '-o', '--output FILE', 'Output to file. [Default: stdout]'
|
38
39
|
c.action do |args, options|
|
39
40
|
raise ArgumentError.new "Invalid arguments. Run '#{File.basename(__FILE__)} help generate' for guidance" if args.nil? or args.length < 2
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
41
|
+
|
42
|
+
# Set up configuration environment.
|
43
|
+
if options.config
|
44
|
+
Ovpnmcgen.configure(options.config)
|
45
|
+
else
|
46
|
+
Ovpnmcgen.configure
|
47
|
+
end
|
48
|
+
config = Ovpnmcgen.config
|
49
|
+
|
50
|
+
raise ArgumentError.new "Host is required" unless options.host or config.host
|
51
|
+
raise ArgumentError.new "cafile is required" unless options.cafile or config.cafile
|
52
|
+
raise ArgumentError.new "PKCS#12 file is required" unless options.p12file or config.p12file
|
53
|
+
|
54
|
+
options.default :vod => case
|
55
|
+
when config.vod == true || config.no_vod == false
|
56
|
+
true
|
57
|
+
when config.vod == false || config.no_vod == true
|
58
|
+
false
|
59
|
+
else # enabled by default
|
60
|
+
true
|
61
|
+
end,
|
62
|
+
:proto => (config.proto)? config.proto : 'udp',
|
63
|
+
:port => (config.port)? config.port : 1194,
|
64
|
+
:security_level => (config.security_level)? config.security_level : 'high'
|
65
|
+
|
66
|
+
user, device = args
|
67
|
+
|
45
68
|
inputs = {
|
46
69
|
:user => user,
|
47
70
|
:device => device,
|
48
|
-
:p12file => options.p12file,
|
49
|
-
:p12pass => options.p12pass,
|
50
|
-
:cafile => options.cafile,
|
51
|
-
:host => options.host,
|
71
|
+
:p12file => options.p12file || config.p12file,
|
72
|
+
:p12pass => options.p12pass || config.p12pass,
|
73
|
+
:cafile => options.cafile || config.cafile,
|
74
|
+
:host => options.host || config.host,
|
52
75
|
:proto => options.proto,
|
53
76
|
:port => options.port,
|
54
77
|
:enableVOD => options.vod,
|
55
|
-
:trusted_ssids => options.trusted_ssids,
|
56
|
-
:untrusted_ssids => options.untrusted_ssids,
|
57
|
-
:profile_uuid => options.profile_uuid,
|
58
|
-
:vpn_uuid => options.vpn_uuid,
|
59
|
-
:cert_uuid => options.cert_uuid,
|
78
|
+
:trusted_ssids => options.trusted_ssids || config.trusted_ssids,
|
79
|
+
:untrusted_ssids => options.untrusted_ssids || config.untrusted_ssids,
|
80
|
+
:profile_uuid => options.profile_uuid || config.profile_uuid,
|
81
|
+
:vpn_uuid => options.vpn_uuid || config.vpn_uuid,
|
82
|
+
:cert_uuid => options.cert_uuid || config.cert_uuid,
|
60
83
|
:security_level => options.security_level
|
61
84
|
}
|
62
|
-
inputs[:ovpnconfigfile] = options.ovpnconfigfile if options.ovpnconfigfile
|
63
|
-
inputs[:tafile] = options.tafile if options.tafile
|
64
|
-
inputs[:url_probe] = options.url_probe if options.url_probe
|
85
|
+
inputs[:ovpnconfigfile] = options.ovpnconfigfile || config.ovpnconfigfile if options.ovpnconfigfile or config.ovpnconfigfile
|
86
|
+
inputs[:tafile] = options.tafile || config.tafile if options.tafile or config.tafile
|
87
|
+
inputs[:url_probe] = options.url_probe || config.url_probe if options.url_probe or config.url_probe
|
65
88
|
|
66
89
|
unless options.output
|
67
90
|
puts Ovpnmcgen.generate(inputs)
|
data/features/gen_basic.feature
CHANGED
@@ -156,6 +156,8 @@ Feature: Basic Generate Functionality
|
|
156
156
|
Then the output should match:
|
157
157
|
"""
|
158
158
|
<string>Disconnect</string>
|
159
|
+
\s*<key>InterfaceTypeMatch</key>
|
160
|
+
\s*<string>WiFi</string>
|
159
161
|
\s*<key>SSIDMatch</key>
|
160
162
|
\s*<array>
|
161
163
|
\s*<string>trusted1</string>
|
@@ -165,6 +167,8 @@ Feature: Basic Generate Functionality
|
|
165
167
|
And the output should match:
|
166
168
|
"""
|
167
169
|
<string>Connect</string>
|
170
|
+
\s*<key>InterfaceTypeMatch</key>
|
171
|
+
\s*<string>WiFi</string>
|
168
172
|
\s*<key>SSIDMatch</key>
|
169
173
|
\s*<array>
|
170
174
|
\s*<string>evil3</string>
|
@@ -0,0 +1,129 @@
|
|
1
|
+
Feature: Generate Functionality with Configuration File
|
2
|
+
In order to generate a properly formatted plist mobileconfig with less typing
|
3
|
+
As a CLI
|
4
|
+
Some basic inputs are taken from a config file, if available
|
5
|
+
|
6
|
+
Background:
|
7
|
+
Given a file named "ca.crt" with:
|
8
|
+
"""
|
9
|
+
Contents of CA file
|
10
|
+
With newlines
|
11
|
+
And more newlines
|
12
|
+
That should appear as one line
|
13
|
+
"""
|
14
|
+
And a file named "p12file.p12" with:
|
15
|
+
"""
|
16
|
+
p12file that should appear
|
17
|
+
In base64 encoding as <data/>
|
18
|
+
"""
|
19
|
+
|
20
|
+
Scenario: A configuration file supplied should be read, without the need for required flags.
|
21
|
+
Given a file named ".ovpnmcgen.rb.yml" with:
|
22
|
+
"""
|
23
|
+
host: aruba.cucumber.org
|
24
|
+
"""
|
25
|
+
When I run `ovpnmcgen.rb g cucumber aruba`
|
26
|
+
Then the output should contain "error: "
|
27
|
+
And the output should not contain "error: Host"
|
28
|
+
|
29
|
+
Scenario: A custom configuration file supplied should be read, without the need for required flags.
|
30
|
+
Given a file named ".custom.yml" with:
|
31
|
+
"""
|
32
|
+
host: aruba.cucumber.org
|
33
|
+
"""
|
34
|
+
When I run `ovpnmcgen.rb g --config .custom.yml cucumber aruba`
|
35
|
+
Then the output should contain "error: "
|
36
|
+
And the output should not contain "error: Host"
|
37
|
+
|
38
|
+
Scenario: Flags should override configuration file options.
|
39
|
+
Given a file named ".ovpnmcgen.rb.yml" with:
|
40
|
+
"""
|
41
|
+
host: file.org
|
42
|
+
no_vod: true
|
43
|
+
"""
|
44
|
+
When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --vod --p12file p12file.p12 cucumber aruba`
|
45
|
+
Then the output should match:
|
46
|
+
"""
|
47
|
+
<key>remote</key>
|
48
|
+
\s*<string>aruba.cucumber.org 1194 udp</string>
|
49
|
+
"""
|
50
|
+
And the output should match:
|
51
|
+
"""
|
52
|
+
<key>OnDemandEnabled</key>
|
53
|
+
\s*<integer>1</integer>
|
54
|
+
"""
|
55
|
+
And the output should not match:
|
56
|
+
"""
|
57
|
+
<key>remote</key>
|
58
|
+
\s*<string>file.org 1194 udp</string>
|
59
|
+
"""
|
60
|
+
|
61
|
+
Scenario: Battle between no-vod in the configuration file and the vod flag default.
|
62
|
+
Given a file named ".ovpnmcgen.rb.yml" with:
|
63
|
+
"""
|
64
|
+
no_vod: false
|
65
|
+
"""
|
66
|
+
When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 cucumber aruba`
|
67
|
+
Then the output should match:
|
68
|
+
"""
|
69
|
+
<key>OnDemandEnabled</key>
|
70
|
+
\s*<integer>1</integer>
|
71
|
+
"""
|
72
|
+
|
73
|
+
Scenario: no_vod true in the configuration file.
|
74
|
+
Given a file named ".ovpnmcgen.rb.yml" with:
|
75
|
+
"""
|
76
|
+
no_vod: true
|
77
|
+
"""
|
78
|
+
When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 cucumber aruba`
|
79
|
+
Then the output should match:
|
80
|
+
"""
|
81
|
+
<key>OnDemandEnabled</key>
|
82
|
+
\s*<integer>0</integer>
|
83
|
+
"""
|
84
|
+
|
85
|
+
Scenario: ENV variables set here should work.
|
86
|
+
Given I set the environment variable "OG_HOST" to "env.org"
|
87
|
+
When I run `/usr/bin/env`
|
88
|
+
Then the output should contain "OG_HOST=env.org"
|
89
|
+
|
90
|
+
Scenario: ENV variables should override configuration file options.
|
91
|
+
Given a file named ".ovpnmcgen.rb.yml" with:
|
92
|
+
"""
|
93
|
+
host: file.org
|
94
|
+
"""
|
95
|
+
And I set the environment variable "OG_HOST" to "env.org"
|
96
|
+
When I run `ovpnmcgen.rb g --cafile ca.crt --p12file p12file.p12 cucumber aruba`
|
97
|
+
Then the output should match:
|
98
|
+
"""
|
99
|
+
<key>remote</key>
|
100
|
+
\s*<string>env.org 1194 udp</string>
|
101
|
+
"""
|
102
|
+
And the output should not match:
|
103
|
+
"""
|
104
|
+
<key>remote</key>
|
105
|
+
\s*<string>file.org 1194 udp</string>
|
106
|
+
"""
|
107
|
+
|
108
|
+
Scenario: Flags should overrride ENV variables, and should also override configuration file options.
|
109
|
+
Given a file named ".ovpnmcgen.rb.yml" with:
|
110
|
+
"""
|
111
|
+
host: file.org
|
112
|
+
"""
|
113
|
+
And I set the environment variable "OG_HOST" to "env.org"
|
114
|
+
When I run `ovpnmcgen.rb g --host aruba.cucumber.org --cafile ca.crt --p12file p12file.p12 cucumber aruba`
|
115
|
+
Then the output should match:
|
116
|
+
"""
|
117
|
+
<key>remote</key>
|
118
|
+
\s*<string>aruba.cucumber.org 1194 udp</string>
|
119
|
+
"""
|
120
|
+
And the output should not match:
|
121
|
+
"""
|
122
|
+
<key>remote</key>
|
123
|
+
\s*<string>env.org 1194 udp</string>
|
124
|
+
"""
|
125
|
+
And the output should not match:
|
126
|
+
"""
|
127
|
+
<key>remote</key>
|
128
|
+
\s*<string>file.org 1194 udp</string>
|
129
|
+
"""
|
data/lib/ovpnmcgen.rb
CHANGED
@@ -56,10 +56,12 @@ module Ovpnmcgen
|
|
56
56
|
|
57
57
|
vpnOnDemandRules = Array.new
|
58
58
|
vodTrusted = { # Trust only Wifi SSID
|
59
|
+
'InterfaceTypeMatch' => 'WiFi',
|
59
60
|
'SSIDMatch' => trusted_ssids,
|
60
61
|
'Action' => 'Disconnect'
|
61
62
|
}
|
62
63
|
vodUntrusted = { # Untrust Wifi
|
64
|
+
'InterfaceTypeMatch' => 'WiFi',
|
63
65
|
'SSIDMatch' => untrusted_ssids,
|
64
66
|
'Action' => 'Connect'
|
65
67
|
}
|
@@ -88,7 +90,12 @@ module Ovpnmcgen
|
|
88
90
|
}
|
89
91
|
|
90
92
|
# Insert URLStringProbe conditions when enabled with --url-probe
|
91
|
-
vodTrusted['URLStringProbe'] =
|
93
|
+
vodTrusted['URLStringProbe'] =
|
94
|
+
vodUntrusted['URLStringProbe'] =
|
95
|
+
vodWifiOnly['URLStringProbe'] =
|
96
|
+
vodCellularOnly['URLStringProbe'] =
|
97
|
+
vodDefault['URLStringProbe'] =
|
98
|
+
inputs[:url_probe] if inputs[:url_probe]
|
92
99
|
|
93
100
|
vpnOnDemandRules << vodTrusted if trusted_ssids
|
94
101
|
vpnOnDemandRules << vodUntrusted if untrusted_ssids
|
@@ -0,0 +1,22 @@
|
|
1
|
+
require 'app_configuration'
|
2
|
+
|
3
|
+
module Ovpnmcgen
|
4
|
+
@@config_file_name = '.ovpnmcgen.rb.yml'
|
5
|
+
|
6
|
+
# attr_accessor :config, :config_file_name
|
7
|
+
|
8
|
+
def configure(filename = @@config_file_name)
|
9
|
+
|
10
|
+
@@config = AppConfiguration.new filename do
|
11
|
+
prefix 'og'
|
12
|
+
end
|
13
|
+
|
14
|
+
# @@config = AppConfiguration[:ovpnmcgen]
|
15
|
+
end
|
16
|
+
|
17
|
+
def config
|
18
|
+
@@config
|
19
|
+
end
|
20
|
+
|
21
|
+
module_function :configure, :config
|
22
|
+
end
|
data/lib/ovpnmcgen/version.rb
CHANGED
data/ovpnmcgen.rb.gemspec
CHANGED
@@ -25,4 +25,5 @@ Gem::Specification.new do |spec|
|
|
25
25
|
spec.add_development_dependency "aruba", "~> 0.5", ">= 0.5.4"
|
26
26
|
spec.add_runtime_dependency "plist", "~> 3.1", ">= 3.1.0"
|
27
27
|
spec.add_runtime_dependency "commander", "~> 4.1", ">= 4.1.6"
|
28
|
+
spec.add_runtime_dependency "app_configuration", "~> 0.0", ">= 0.0.2"
|
28
29
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ovpnmcgen.rb
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ronald Ip
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-05-
|
11
|
+
date: 2014-05-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -98,6 +98,26 @@ dependencies:
|
|
98
98
|
- - ">="
|
99
99
|
- !ruby/object:Gem::Version
|
100
100
|
version: 4.1.6
|
101
|
+
- !ruby/object:Gem::Dependency
|
102
|
+
name: app_configuration
|
103
|
+
requirement: !ruby/object:Gem::Requirement
|
104
|
+
requirements:
|
105
|
+
- - "~>"
|
106
|
+
- !ruby/object:Gem::Version
|
107
|
+
version: '0.0'
|
108
|
+
- - ">="
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: 0.0.2
|
111
|
+
type: :runtime
|
112
|
+
prerelease: false
|
113
|
+
version_requirements: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - "~>"
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0.0'
|
118
|
+
- - ">="
|
119
|
+
- !ruby/object:Gem::Version
|
120
|
+
version: 0.0.2
|
101
121
|
description: Generates iOS configuration profiles (.mobileconfig) that configures
|
102
122
|
OpenVPN for use with VPN-on-Demand that are not accessible through the Apple Configurator
|
103
123
|
or the iPhone Configuration Utility.
|
@@ -117,9 +137,12 @@ files:
|
|
117
137
|
- Rakefile
|
118
138
|
- bin/ovpnmcgen.rb
|
119
139
|
- features/gen_basic.feature
|
140
|
+
- features/gen_configfile.feature
|
120
141
|
- features/gen_ovpnconfigfile_input.feature
|
142
|
+
- features/step_definitions/env.rb
|
121
143
|
- features/support/setup.rb
|
122
144
|
- lib/ovpnmcgen.rb
|
145
|
+
- lib/ovpnmcgen/config.rb
|
123
146
|
- lib/ovpnmcgen/ovpnconfig.rb
|
124
147
|
- lib/ovpnmcgen/stringdata.rb
|
125
148
|
- lib/ovpnmcgen/version.rb
|
@@ -150,5 +173,7 @@ specification_version: 4
|
|
150
173
|
summary: An OpenVPN iOS Configuration Profile (.mobileconfig) Utility
|
151
174
|
test_files:
|
152
175
|
- features/gen_basic.feature
|
176
|
+
- features/gen_configfile.feature
|
153
177
|
- features/gen_ovpnconfigfile_input.feature
|
178
|
+
- features/step_definitions/env.rb
|
154
179
|
- features/support/setup.rb
|