Use dbus keyring
This commit is contained in:
parent
7a66600eee
commit
22d503d390
47
run-vpn.sh
47
run-vpn.sh
@ -8,6 +8,19 @@ if [[ "$OSTYPE" == "darwin"* ]]; then
|
|||||||
PASSWORD=$(security find-generic-password -l "Openconnect Account Password" -w)
|
PASSWORD=$(security find-generic-password -l "Openconnect Account Password" -w)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [[ "$OSTYPE" == "linux-gnu"* ]]; then
|
||||||
|
|
||||||
|
mkdir -p /run/oc-secret
|
||||||
|
mount -t tmpfs -o size=1M,mode=700 tmpfs /run/oc-secret
|
||||||
|
|
||||||
|
SERVER=$(secret-tool lookup server openconnect | tr -d '\n')
|
||||||
|
USERNAME=$(secret-tool lookup username openconnect | tr -d '\n')
|
||||||
|
SEED=1
|
||||||
|
secret-tool lookup seed openconnect > /run/oc-secret/seed
|
||||||
|
PASSWORD=1
|
||||||
|
secret-tool lookup password openconnect | tr -d '\n' > /run/oc-secret/password
|
||||||
|
fi
|
||||||
|
|
||||||
# Allow reading from environment
|
# Allow reading from environment
|
||||||
if [[ -z "$OC_SERVER" ]]; then :; else
|
if [[ -z "$OC_SERVER" ]]; then :; else
|
||||||
SERVER="$OC_SERVER"
|
SERVER="$OC_SERVER"
|
||||||
@ -30,14 +43,15 @@ ROUTE_FILE=routes.txt
|
|||||||
trap ctrl_c INT
|
trap ctrl_c INT
|
||||||
|
|
||||||
function ctrl_c() {
|
function ctrl_c() {
|
||||||
killall openconnect
|
killall -2 openconnect
|
||||||
echo "Bye!"
|
echo "Bye!"
|
||||||
exit
|
exit
|
||||||
}
|
}
|
||||||
|
|
||||||
SCRIPT_INCLUDE=""
|
SCRIPT_INCLUDE=""
|
||||||
|
LOGIN=""
|
||||||
|
|
||||||
while true; do
|
#while true; do
|
||||||
echo "Connecting to VPN"
|
echo "Connecting to VPN"
|
||||||
|
|
||||||
if test -f "$ROUTE_FILE"; then
|
if test -f "$ROUTE_FILE"; then
|
||||||
@ -47,33 +61,44 @@ while true; do
|
|||||||
# If yubikey is not used, use the TOTP seed
|
# If yubikey is not used, use the TOTP seed
|
||||||
if [[ -z "$OC_YUBIKEY" ]]; then
|
if [[ -z "$OC_YUBIKEY" ]]; then
|
||||||
|
|
||||||
if [[ -z "$SEED" ]]; then :; else
|
if [[ -z "$SEED" ]]; then :; else
|
||||||
TOTP=$(oathtool --totp=sha1 -b "$SEED")
|
if [[ "$OSTYPE" == "linux-gnu"* ]]; then
|
||||||
PASSWORD="$PASSWORD\n$TOTP"
|
TOTP=$(oathtool --totp=sha1 -b - < /run/oc-secret/seed)
|
||||||
|
cat /run/oc-secret/password > /run/oc-secret/login && echo -e "\n$TOTP" >> /run/oc-secret/login
|
||||||
|
rm /run/oc-secret/password
|
||||||
|
rm /run/oc-secret/seed
|
||||||
|
LOGIN='find /run/oc-secret/login -exec cat {} \; -exec rm {} \;'
|
||||||
|
else
|
||||||
|
TOTP=$(oathtool --totp=sha1 -b "$SEED")
|
||||||
|
LOGIN='echo -e "$PASSWORD\n$TOTP'
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
YUBIKEY_TOTP="--token-mode=yubioath --token-secret=$OC_YUBIKEY"
|
YUBIKEY_TOTP="--token-mode=yubioath --token-secret=$OC_YUBIKEY"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "$SEED" ] && [ -z "$OC_YUBIKEY" ]; then
|
if [ -z "$SEED" ] && [ -z "$OC_YUBIKEY" ]; then
|
||||||
sudo openconnect \
|
openconnect \
|
||||||
|
--pid-file=PIDFILE \
|
||||||
--csd-wrapper hostscan-bypass.sh \
|
--csd-wrapper hostscan-bypass.sh \
|
||||||
--os=mac-intel \
|
--os=mac-intel \
|
||||||
|
--no-external-auth \
|
||||||
$SCRIPT_INCLUDE \
|
$SCRIPT_INCLUDE \
|
||||||
-u $USERNAME \
|
-u $USERNAME \
|
||||||
$SERVER
|
$SERVER
|
||||||
|
|
||||||
else
|
else
|
||||||
echo -e "$PASSWORD" | sudo openconnect \
|
eval $LOGIN | openconnect \
|
||||||
|
--pid-file=PIDFILE \
|
||||||
--csd-wrapper hostscan-bypass.sh \
|
--csd-wrapper hostscan-bypass.sh \
|
||||||
--os=mac-intel \
|
--os=mac-intel \
|
||||||
|
--no-external-auth \
|
||||||
$YUBIKEY_TOTP \
|
$YUBIKEY_TOTP \
|
||||||
$SCRIPT_INCLUDE \
|
$SCRIPT_INCLUDE \
|
||||||
-u $USERNAME \
|
-u $USERNAME \
|
||||||
$SERVER
|
$SERVER
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Openconnect closed. Waiting 3 seconds."
|
# echo "Openconnect closed. Waiting 3 seconds."
|
||||||
sleep 3
|
# sleep 3
|
||||||
|
|
||||||
done
|
#done
|
||||||
|
Loading…
Reference in New Issue
Block a user