-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathjunipervpn
executable file
·184 lines (147 loc) · 4.03 KB
/
junipervpn
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
#!/bin/bash
_jcpath=$HOME/.juniper_networks
_ncpath=$_jcpath/network_connect
_cfgfile=$HOME/.junipervpn.cfg
_logfile=$HOME/.junipervpn.log
_lockfile=$HOME/.junipervpn.lock
_ssl=$_ncpath/ssl.der
_title="juniperVPN"
log() {
# print line to logfile
echo "$*" >> $_logfile
}
die() {
# die with error message
log "ERROR: $*"
$_zenity --error --text "$*"
exit 1
}
msg() {
# print message for user
$_zenity --info --text "$*"
}
notif() {
# print message via notification deamon
$_notify -t 5000 "$*"
}
input() {
# get input from user
while [[ -n "$1" ]]; do
case "$1" in
(pass*) _zopts="$_zopts --hide-text";;
(entry) _zopts="$_zopts --entry-text $2"; shift ;;
(*) _text="$1";;
esac
shift
done
$_zenity --entry $_zopts --text "$_text"
}
setup() {
# install the binary
echo > /dev/null
}
configure() {
# configure the unconfigured
_REMOTE_HOST=$(input "Enter remote hostname")
_USERNAME=$(input entry "$USERNAME" "Enter username")
if [[ ! -x $_cfgfile ]]; then
echo "_REMOTE_HOST=\"$_REMOTE_HOST\"" > $_cfgfile
echo "_USERNAME=\"$_USERNAME\"" >> $_cfgfile
fi
}
fetch_ssl() {
# get ssl certificate
echo | openssl s_client -connect $_REMOTE_HOST:443 2>&1 | \
sed -ne '/-BEGIN CERTIFICATE-/,/-ENDCERTIFICATE-/p' |\
openssl x509 -outform der > $_ssl
}
fetch_dsid() {
# get dsid
local _result=$(
curl -k -v -s -c - -d username=$_USERNAME -d password=$_PASSWORD -d 'realm=Secure ID' \
-d 'btnSubmit=Sign In' https://$_REMOTE_HOST/dana-na/auth/url_default/login.cgi 2>&1 | \
egrep "(location:.*confirm|^$_REMOTE_HOST.*DSID)"
)
if [[ -n "$(echo $_result | grep 'location:.*confirm')" ]]; then
# Another session is already active
# give the user instructions how to end that one
_sessionurl="${_result#*:}"
# remove leading spaces
read -rd '' _sessionurl <<< "$_sessionurl"
# open url in default web browser
xdg-open "$_sessionurl"
msg "Another session was active, please close it. It should be opened in your browser."
else
local _DSID=$(echo $_result | awk '/DSID/ { print $7 }')
fi
echo $_DSID
}
start_vpn() {
# start the actual vpn client
(
touch $_lockfile
cd $_ncpath
echo $_PASSWORD | ./ncui -h $_REMOTE_HOST -u $_USERNAME -c DSID=$_DSID -f $_SSL_CERT
rm -f $_lockfile
) &
sleep 5
}
add_routes() {
# set additional routes
:
}
test_connection() {
# test the connection
:
}
set_lock() {
# set lockfile etc
:
}
remove_lock() {
# remove lock etc
:
}
main() {
# main part
_zenity=$(which zenity)
[[ -z $_zenity ]] && die "Could not find 'zenity' binary..."
_zenity="$_zenity --title $_title"
_notify=$(which notify-send)
[[ -z $_notify ]] && die "Could not find 'notify-send' binary..."
# vpn is active, remove lock on YES
if [[ -e $_lockfile ]]; then
if $_zenity --question --text "VPN active, kill it?"; then
rm -f $_lockfile
exit 0
else
exit 0
fi
fi
# restart myself in background
if [[ "x$1" != "x--" ]]; then
$0 -- >> $_logfile 2>&1 &
exit 0
fi
if [[ ! -d $_jcpath ]]; then
setup
exit 0
fi
# set default ssl certificate path, can be overridden in cfgfile
_SSL_CERT=$_ssl
[[ -r $_cfgfile ]] && . $_cfgfile
[[ ! $_REMOTE_HOST ]] || [[ ! $_USERNAME ]] && configure
[[ ! -r $_SSL_CERT ]] || [[ -z $_ssl ]] && fetch_ssl
_PASSWORD=$(input password "Enter PIN+SecureID")
[[ $_PASSWORD ]] || die "PIN+SecureID not specified"
_DSID=$(fetch_dsid)
[[ $_DSID ]] || die "Session ID not found"
start_vpn
# sleep until the lockfile has been removed, kill ncui if it was.
while [[ -e $_lockfile ]]; do
sleep 1
done
killall ncui > /dev/null 2>&1
notify "Juniper VPN client was killed"
}
main "$@"