initial commit

fhnw-vpn

@@ -0,0 +1,80 @@
+#!/usr/bin/env sh
+set -o errexit
+
+mode="fg"
+pid_path=""
+pass_path="accounts/fhnw/students.fhnw.ch"
+op_args=""
+
+display_help() {
+  echo "Usage: $0 [option...] " >&2
+  echo
+  echo "   -m,   vpn mode (one of \"fg\", \"bg\") [default: $mode]"
+  echo "   -t,   path to pid file if run in \"bg\" mode [default: mktemp]"
+  echo "   -p,   path for pass to get user and password information [default: $pass_path]"
+  echo "   -h,   display this help and exit"
+  echo
+}
+
+parse_args() {
+  while getopts ":hm:t:p:" opt; do
+    case $opt in
+    h)
+      display_help
+      exit 0
+      ;;
+    m)
+      mode=$OPTARG
+      ;;
+    t)
+      pid_path=$OPTARG
+      ;;
+    p)
+      pass_path=$OPTARG
+      ;;
+    \?)
+      echo "Invalid option: -$OPTARG" >&2
+      display_help
+      exit 1
+      ;;
+    :)
+      echo "Option -$OPTARG requires an argument." >&2
+      display_help
+      exit 1
+      ;;
+    esac
+  done
+}
+
+get_account_info() {
+  echo "getting password and token from pass..."
+  acc_info="$(pass "$pass_path")"
+  acc_pw="$(echo "$acc_info" | head -n 1)"
+  acc_user="$(echo "$acc_info" | awk -F ': ' '/^login:/ {print $2}')"
+  acc_token="$(echo "$acc_info" | awk -F ': ' '/^otp-secret:/ {print $2}')"
+}
+
+connect_vpn() {
+  if [ "$mode" != "fg" ]; then
+    if [ -z "$pid_path" ]; then
+      pid_file="$(SUDO_PROMPT="sudo pw for pid: " sudo mktemp)"
+    else
+      pid_file="$pid_path"
+    fi
+    echo "vpn-pid: $pid_file"
+    op_args=" --pid-file=$pid_file --background"
+  fi
+
+  echo "getting vpn cookie..."
+  eval "$(ocma -v -u "$acc_user" -p "$acc_pw" -m "$acc_token" --print-to-stdout)"
+
+  op_args="$op_args --cookie=$VPN_COOKIE"
+  cmd="openconnect$op_args $VPN_HOST"
+
+  # shellcheck disable=2086
+  SUDO_PROMPT="sudo pw for vpn connection: " sudo $cmd
+}
+
+parse_args "$@"
+get_account_info
+connect_vpn