Use dbus keyring
This commit is contained in:
47
run-vpn.sh
47
run-vpn.sh
@@ -8,6 +8,19 @@ if [[ "$OSTYPE" == "darwin"* ]]; then
|
||||
PASSWORD=$(security find-generic-password -l "Openconnect Account Password" -w)
|
||||
fi
|
||||
|
||||
if [[ "$OSTYPE" == "linux-gnu"* ]]; then
|
||||
|
||||
mkdir -p /run/oc-secret
|
||||
mount -t tmpfs -o size=1M,mode=700 tmpfs /run/oc-secret
|
||||
|
||||
SERVER=$(secret-tool lookup server openconnect | tr -d '\n')
|
||||
USERNAME=$(secret-tool lookup username openconnect | tr -d '\n')
|
||||
SEED=1
|
||||
secret-tool lookup seed openconnect > /run/oc-secret/seed
|
||||
PASSWORD=1
|
||||
secret-tool lookup password openconnect | tr -d '\n' > /run/oc-secret/password
|
||||
fi
|
||||
|
||||
# Allow reading from environment
|
||||
if [[ -z "$OC_SERVER" ]]; then :; else
|
||||
SERVER="$OC_SERVER"
|
||||
@@ -30,14 +43,15 @@ ROUTE_FILE=routes.txt
|
||||
trap ctrl_c INT
|
||||
|
||||
function ctrl_c() {
|
||||
killall openconnect
|
||||
killall -2 openconnect
|
||||
echo "Bye!"
|
||||
exit
|
||||
}
|
||||
|
||||
SCRIPT_INCLUDE=""
|
||||
LOGIN=""
|
||||
|
||||
while true; do
|
||||
#while true; do
|
||||
echo "Connecting to VPN"
|
||||
|
||||
if test -f "$ROUTE_FILE"; then
|
||||
@@ -47,33 +61,44 @@ while true; do
|
||||
# If yubikey is not used, use the TOTP seed
|
||||
if [[ -z "$OC_YUBIKEY" ]]; then
|
||||
|
||||
if [[ -z "$SEED" ]]; then :; else
|
||||
TOTP=$(oathtool --totp=sha1 -b "$SEED")
|
||||
PASSWORD="$PASSWORD\n$TOTP"
|
||||
if [[ -z "$SEED" ]]; then :; else
|
||||
if [[ "$OSTYPE" == "linux-gnu"* ]]; then
|
||||
TOTP=$(oathtool --totp=sha1 -b - < /run/oc-secret/seed)
|
||||
cat /run/oc-secret/password > /run/oc-secret/login && echo -e "\n$TOTP" >> /run/oc-secret/login
|
||||
rm /run/oc-secret/password
|
||||
rm /run/oc-secret/seed
|
||||
LOGIN='find /run/oc-secret/login -exec cat {} \; -exec rm {} \;'
|
||||
else
|
||||
TOTP=$(oathtool --totp=sha1 -b "$SEED")
|
||||
LOGIN='echo -e "$PASSWORD\n$TOTP'
|
||||
fi
|
||||
fi
|
||||
else
|
||||
YUBIKEY_TOTP="--token-mode=yubioath --token-secret=$OC_YUBIKEY"
|
||||
fi
|
||||
|
||||
if [ -z "$SEED" ] && [ -z "$OC_YUBIKEY" ]; then
|
||||
sudo openconnect \
|
||||
openconnect \
|
||||
--pid-file=PIDFILE \
|
||||
--csd-wrapper hostscan-bypass.sh \
|
||||
--os=mac-intel \
|
||||
--no-external-auth \
|
||||
$SCRIPT_INCLUDE \
|
||||
-u $USERNAME \
|
||||
$SERVER
|
||||
|
||||
else
|
||||
echo -e "$PASSWORD" | sudo openconnect \
|
||||
eval $LOGIN | openconnect \
|
||||
--pid-file=PIDFILE \
|
||||
--csd-wrapper hostscan-bypass.sh \
|
||||
--os=mac-intel \
|
||||
--no-external-auth \
|
||||
$YUBIKEY_TOTP \
|
||||
$SCRIPT_INCLUDE \
|
||||
-u $USERNAME \
|
||||
$SERVER
|
||||
fi
|
||||
|
||||
echo "Openconnect closed. Waiting 3 seconds."
|
||||
sleep 3
|
||||
# echo "Openconnect closed. Waiting 3 seconds."
|
||||
# sleep 3
|
||||
|
||||
done
|
||||
#done
|
||||
|
||||
Reference in New Issue
Block a user