added spec entry

check if resolved is enabled prior to using it
fixed spec update message
2017-10-05 08:11:24 +02:00 · 2017-10-04 11:50:22 +02:00 · 2017-08-21 16:53:20 +02:00 · 2017-08-21 16:46:35 +02:00
2 changed files with 131 additions and 44 deletions
--- a/160
+++ b/160
@ -116,12 +116,22 @@ else
 	ifconfig_syntax_ptpv6=""
 fi

+grep ^hosts /etc/nsswitch.conf|grep resolve >/dev/null 2>&1
+if [ $? = 0 ];then
+	RESOLVEDENABLED=1
+else
+	RESOLVEDENABLED=0
+fi
+
 if [ -r /etc/openwrt_release ] && [ -n "$OPENWRT_INTERFACE" ]; then
        . /etc/functions.sh
 	include /lib/network
 	MODIFYRESOLVCONF=modify_resolvconf_openwrt
 	RESTORERESOLVCONF=restore_resolvconf_openwrt
-elif [ -x /sbin/resolvconf ] && [ "$OS" != "FreeBSD" ]; then # Optional tool on Debian, Ubuntu, Gentoo - but not FreeBSD, it seems to work different
+elif [ -x /usr/bin/busctl ] && [ ${RESOLVEDENABLED} = 1 ]; then  # For systemd-resolved (version 229 and above)
+	MODIFYRESOLVCONF=modify_resolved_manager
+	RESTORERESOLVCONF=restore_resolved_manager
+elif [ -x /sbin/resolvconf ]; then # Optional tool on Debian, Ubuntu, Gentoo and FreeBSD
 	MODIFYRESOLVCONF=modify_resolvconf_manager
 	RESTORERESOLVCONF=restore_resolvconf_manager
 elif [ -x /sbin/netconfig ]; then # tool on Suse after 11.1
@ -369,48 +379,31 @@ modify_resolvconf_generic() {
 # and will be overwritten by vpnc
 # as long as the above mark is intact"

-	# Remember the original value of CISCO_DEF_DOMAIN we need it later
-	CISCO_DEF_DOMAIN_ORIG="$CISCO_DEF_DOMAIN"
-	# Don't step on INTERNAL_IP4_DNS value, use a temporary variable
-	INTERNAL_IP4_DNS_TEMP="$INTERNAL_IP4_DNS"
+	DOMAINS="$CISCO_DEF_DOMAIN"
+
 	exec 6< "$RESOLV_CONF_BACKUP"
 	while read LINE <&6 ; do
 		case "$LINE" in
-			nameserver*)
-				if [ -n "$INTERNAL_IP4_DNS_TEMP" ]; then
-					read ONE_NAMESERVER INTERNAL_IP4_DNS_TEMP <<-EOF
-	$INTERNAL_IP4_DNS_TEMP
-EOF
-					LINE="nameserver $ONE_NAMESERVER"
-				else
-					LINE=""
-				fi
-				;;
-			search*)
-				if [ -n "$CISCO_DEF_DOMAIN" ]; then
-					LINE="$LINE $CISCO_DEF_DOMAIN"
-					CISCO_DEF_DOMAIN=""
-				fi
-				;;
-			domain*)
-				if [ -n "$CISCO_DEF_DOMAIN" ]; then
-					LINE="domain $CISCO_DEF_DOMAIN"
-					CISCO_DEF_DOMAIN=""
-				fi
-				;;
+			# omit; we will overwrite these
+			nameserver*) ;;
+			# extract listed domains and prepend to list
+			domain* | search*) DOMAINS="${LINE#* } $DOMAINS" ;;
+			# retain other lines
+			*) NEW_RESOLVCONF="$NEW_RESOLVCONF
+$LINE" ;;
 		esac
-		NEW_RESOLVCONF="$NEW_RESOLVCONF
-$LINE"
 	done
 	exec 6<&-

-	for i in $INTERNAL_IP4_DNS_TEMP ; do
+	for i in $INTERNAL_IP4_DNS ; do
 		NEW_RESOLVCONF="$NEW_RESOLVCONF
 nameserver $i"
 	done
-	if [ -n "$CISCO_DEF_DOMAIN" ]; then
+	# note that "search" is mutually exclusive with "domain";
+	# "search" allows multiple domains to be listed, so use that
+	if [ -n "$DOMAINS" ]; then
 		NEW_RESOLVCONF="$NEW_RESOLVCONF
-search $CISCO_DEF_DOMAIN"
+search $DOMAINS"
 	fi
 	echo "$NEW_RESOLVCONF" > /etc/resolv.conf

@ -428,12 +421,31 @@ search $CISCO_DEF_DOMAIN"
 						# Cannot use multiple DNS matching in this case
 						OVERRIDE_PRIMARY='d.add OverridePrimary # 1'
 					fi
+					# Overriding the default gateway breaks split routing
+					OVERRIDE_GATEWAY=""
+					# Not overriding the default gateway breaks usage of
+					# INTERNAL_IP4_DNS. Prepend INTERNAL_IP4_DNS to list
+					# of used DNS servers
+					SERVICE=`echo "show State:/Network/Global/IPv4" | scutil | grep -oE '[a-fA-F0-9]{8}-([a-fA-F0-9]{4}-){3}[a-fA-F0-9]{12}'`
+					SERVICE_DNS=`echo "show State:/Network/Service/$SERVICE/DNS" | scutil | grep -oE '([0-9]{1,3}[\.]){3}[0-9]{1,3}' | xargs`
+					if [ X"$SERVICE_DNS" != X"$INTERNAL_IP4_DNS" ]; then
+						scutil >/dev/null 2>&1 <<-EOF
+							open
+							get State:/Network/Service/$SERVICE/DNS
+							d.add ServerAddresses * $INTERNAL_IP4_DNS $SERVICE_DNS
+							set State:/Network/Service/$SERVICE/DNS
+							close
+						EOF
+					fi
+				else
+					# No split routing. Override default gateway
+					OVERRIDE_GATEWAY="d.add Router $INTERNAL_IP4_ADDRESS"
 				fi
 				# Uncomment the following if/fi pair to use multiple
 				# DNS matching when available.  When multiple DNS matching
 				# is present, anything reading the /etc/resolv.conf file
 				# directly will probably not work as intended.
-				#if [ -z "$CISCO_DEF_DOMAIN_ORIG" ]; then
+				#if [ -z "$CISCO_DEF_DOMAIN" ]; then
 					# Cannot use multiple DNS matching without a domain
 					OVERRIDE_PRIMARY='d.add OverridePrimary # 1'
 				#fi
@ -443,8 +455,7 @@ search $CISCO_DEF_DOMAIN"
 					d.add ServerAddresses * $INTERNAL_IP4_DNS
 					set State:/Network/Service/$TUNDEV/DNS
 					d.init
-					# next line overrides the default gateway and breaks split routing
-					# d.add Router $INTERNAL_IP4_ADDRESS
+					$OVERRIDE_GATEWAY
 					d.add Addresses * $INTERNAL_IP4_ADDRESS
 					d.add SubnetMasks * 255.255.255.255
 					d.add InterfaceName $TUNDEV
@ -452,13 +463,13 @@ search $CISCO_DEF_DOMAIN"
 					set State:/Network/Service/$TUNDEV/IPv4
 					close
 				EOF
-				if [ -n "$CISCO_DEF_DOMAIN_ORIG" ]; then
+				if [ -n "$CISCO_DEF_DOMAIN" ]; then
 					scutil >/dev/null 2>&1 <<-EOF
 						open
 						get State:/Network/Service/$TUNDEV/DNS
-						d.add DomainName $CISCO_DEF_DOMAIN_ORIG
-						d.add SearchDomains * $CISCO_DEF_DOMAIN_ORIG
-						d.add SupplementalMatchDomains * $CISCO_DEF_DOMAIN_ORIG
+						d.add DomainName $CISCO_DEF_DOMAIN
+						d.add SearchDomains * $CISCO_DEF_DOMAIN
+						d.add SupplementalMatchDomains * $CISCO_DEF_DOMAIN
 						set State:/Network/Service/$TUNDEV/DNS
 						close
 					EOF
@ -488,6 +499,21 @@ restore_resolvconf_generic() {
 					remove State:/Network/Service/$TUNDEV/DNS
 					close
 				EOF
+				# Split routing required prepending of INTERNAL_IP4_DNS
+				# to list of used DNS servers
+				if [ -n "$CISCO_SPLIT_INC" ]; then
+					SERVICE=`echo "show State:/Network/Global/IPv4" | scutil | grep -oE '[a-fA-F0-9]{8}-([a-fA-F0-9]{4}-){3}[a-fA-F0-9]{12}'`
+					SERVICE_DNS=`echo "show State:/Network/Service/$SERVICE/DNS" | scutil | grep -oE '([0-9]{1,3}[\.]){3}[0-9]{1,3}' | xargs`
+					if [ X"$SERVICE_DNS" != X"$INTERNAL_IP4_DNS" ]; then
+						scutil >/dev/null 2>&1 <<-EOF
+							open
+							get State:/Network/Service/$SERVICE/DNS
+							d.add ServerAddresses * ${SERVICE_DNS##$INTERNAL_IP4_DNS}
+							set State:/Network/Service/$SERVICE/DNS
+							close
+						EOF
+					fi
+				fi
 				;;
 		esac
 	fi
@ -560,6 +586,60 @@ restore_resolvconf_manager() {
 	/sbin/resolvconf -d $TUNDEV
 }

+AF_INET=2
+
+get_if_index() {
+	local link
+	link="$(ip link show dev "$1")" || return $?
+	echo ${link} | awk -F: '{print $1}'
+}
+
+busctl_call() {
+	local dest node
+	dest=org.freedesktop.resolve1
+	node=/org/freedesktop/resolve1
+	busctl call "$dest" "${node}" "${dest}.Manager" "$@"
+}
+
+busctl_set_nameservers() {
+	local if_index addresses args addr
+	if_index=$1
+	shift
+	addresses="$@"
+	args="$if_index $#"
+	for addr in ${addresses}; do
+		args="$args ${AF_INET} 4 $(echo $addr | sed 's/[.]/ /g')"
+	done
+	busctl_call SetLinkDNS 'ia(iay)' ${args}
+}
+
+busctl_set_search() {
+	local if_index domains args domain
+	if_index=$1
+	shift
+	domains="$@"
+	args="$if_index $#"
+	for domain in ${domains}; do
+		args="$args ${domain} false"
+	done
+	busctl_call SetLinkDomains 'ia(sb)' ${args}
+}
+
+modify_resolved_manager() {
+	local if_index
+	if_index=$(get_if_index $TUNDEV)
+	busctl_set_nameservers $if_index $INTERNAL_IP4_DNS
+	if [ -n "$CISCO_DEF_DOMAIN" ]; then
+		busctl_set_search $if_index $CISCO_DEF_DOMAIN
+	fi
+}
+
+restore_resolved_manager() {
+	local if_index
+	if_index=$(get_if_index $TUNDEV)
+	busctl_call RevertLink 'i' $if_index
+}
+
 # === resolv.conf handling via unbound =========

 modify_resolvconf_unbound() {
@ -593,7 +673,7 @@ kernel_is_2_6_or_above() {

 do_pre_init() {
 	if [ "$OS" = "Linux" ]; then
-		if (exec 6<> /dev/net/tun) > /dev/null 2>&1 ; then
+		if (exec 6< /dev/net/tun) > /dev/null 2>&1 ; then
 			:
 		else # can't open /dev/net/tun
 			test -e /proc/sys/kernel/modprobe && `cat /proc/sys/kernel/modprobe` tun 2>/dev/null
--- a/vpnc-script.spec
+++ b/vpnc-script.spec
@ -1,14 +1,14 @@
-%global git_date 20140805
-%global git_commit_hash df5808b
+%global git_date 20171004
+%global git_commit_hash 6f87b0f

 Name:		vpnc-script
 Version:	%{git_date}
-Release:	6.git%{git_commit_hash}%{?dist}
+Release:	1.git%{git_commit_hash}%{?dist}

 Summary:	Routing setup script for vpnc and openconnect
 Group:		Applications/Internet
 BuildArch:	noarch
-Requires:	net-tools
+Requires:	iproute
 Requires:	which

 License:	GPLv2+
@ -36,6 +36,13 @@ install -m 0755 vpnc-script \
 %{_sysconfdir}/vpnc/vpnc-script

 %changelog
+* Thu Oct  5 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20171004-1.git6f87b0f
+- Fixed issue with systemd-resolved (#1497750)
+
+* Mon Aug 21 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20170821-1.git6f87b0f
+- new upstream release
+- removed dependency on net-tools and added on iproute (#1481164)
+
 * Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 20140805-6.gitdf5808b
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
Author	SHA1	Message	Date
Nikos Mavrogiannopoulos	d2c923ef47	added spec entry	2017-10-05 08:11:24 +02:00
Nikos Mavrogiannopoulos	e879959877	check if resolved is enabled prior to using it	2017-10-04 11:50:22 +02:00
Nikos Mavrogiannopoulos	7600c8b793	fixed spec update message	2017-08-21 16:53:20 +02:00
Nikos Mavrogiannopoulos	0eff058daa	updated to latest upstream and use iproute Resolves: rhbz#1481164	2017-08-21 16:46:35 +02:00