This repository has been archived by the owner on Aug 24, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
vpn-openconnect-adfs4
executable file
·96 lines (77 loc) · 2.77 KB
/
vpn-openconnect-adfs4
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
#!/bin/bash
# usage:
# ./vpn-openconnect-adfs4
# ./vpn-openconnect-adfs4 --mode full|split --protocol nc|pulse --browser chromium|firefox|webkit --headless true|false
# Sometimes, when the script is interrupted (ctrl+c), the python process still runs.
trap 'pkill -e -f vpn-adfs-cookie4.py' EXIT
SCRIPT_DIR=$(cd "$(dirname $0)" && pwd)
SERVER="https://some-vpn.example.com/pulse"
# https://unix.stackexchange.com/a/175109
pretty_time() {
local T=$1
local D=$((T / 60 / 60 / 24))
local H=$((T / 60 / 60 % 24))
local M=$((T / 60 % 60))
local S=$((T % 60))
if [[ ${D} != 0 ]]; then
printf '%d days %02d:%02d:%02d' $D $H $M $S
else
printf '%02d:%02d:%02d' $H $M $S
fi
}
SCRIPT_ARGS=("$@")
function get_named_argument() {
local ARG_NAME="$1"
local DEFAULT_VAL="${2:-}"
local SCRIPT_ARGS_LEN="${#SCRIPT_ARGS[@]}"
local i
for ((i = 0; i < SCRIPT_ARGS_LEN; i++)); do
if [[ "${SCRIPT_ARGS[i]}" == "--${ARG_NAME}" ]]; then
if [[ "${SCRIPT_ARGS[i + 1]:-}" != "--"* ]]; then
echo "${SCRIPT_ARGS[i + 1]:-$DEFAULT_VAL}"
return
fi
echo "$DEFAULT_VAL"
return
fi
done
echo "$DEFAULT_VAL"
}
ROOT_PASS=$(get_named_argument "root-pass" "0")
if [[ "${EUID}" -eq "0" ]] && [[ "${ROOT_PASS}" -ne "1" ]]; then
echo >&2 "err: do not run this as root"
exit 1
fi
if [[ "${EUID}" -ne "0" ]]; then
# vpn-adfs-cookie4.py must be run as a user.
# Get the cookie in a user mode, then switch from local user to root user.
# chromium tends to be the fastest and hassle free.
# '--browser firefox --headless false' sometime ends with an exception: https://github.com/microsoft/playwright/issues/5460
BROWSER=$(get_named_argument "browser" "chromium") # "chromium", "firefox", "webkit"
HEADLESS=$(get_named_argument "headless" "true")
pushd "${SCRIPT_DIR}" >/dev/null || exit 1
mkdir -p "secrets"
COOKIE=$(venv/bin/python3 "vpn-adfs-cookie4.py" --server "${SERVER}" --browser "${BROWSER}" --headless "${HEADLESS}")
popd >/dev/null || exit 1
sudo "$0" --root-pass 1 --cookie "$COOKIE" "$@"
exit $?
fi
COOKIE=$(get_named_argument "cookie" "")
MODE=$(get_named_argument "mode" "split")
PROTOCOL=$(get_named_argument "protocol" "nc")
if [[ "${COOKIE}" == "" ]]; then
echo >&2 "err: failed to get a cookie"
exit 1
fi
echo "mode: ${MODE}"
echo "protocol: ${PROTOCOL}"
echo "cookie: ${COOKIE:0:10}...${COOKIE: -5}"
ln -sfn "${SCRIPT_DIR}/vpn-set-routing-${MODE}" "/etc/vpnc/post-connect.d/set-routing.sh"
ln -sfn "${SCRIPT_DIR}/vpn-set-routing-${MODE}" "/etc/vpnc/reconnect.d/set-routing.sh"
SECONDS=0
trap 'echo "the end, the session lasted approx $(pretty_time "${SECONDS}")"' EXIT
openconnect \
--protocol "${PROTOCOL}" --no-dtls \
--server "${SERVER}" \
--script /usr/share/vpnc-scripts/vpnc-script \
--cookie "${COOKIE}" 2>&1