Compare commits

..

No commits in common. "95479bf28c9bff07d25e4f3604fce95eba96bc1b" and "4dd92e34278cb9a8c7ecd82160308e81e0323c86" have entirely different histories.

2 changed files with 48 additions and 49 deletions

View File

@ -1,2 +1,2 @@
#Name,E-Mail,Host,ServerFingerprint # Zeile muss gelöscht werden #Name,E-Mail,Host,ServerFingerprint
bib,vorname.nachname@bib.de,vpn.bib.de,pin-sha265:asdasdasdasdasdasdasdasdasdasdadasd bib,vorname.nachname@bib.de,vpn.bib.de,pin-sha265:asdasdasdasdasdasdasdasdasdasdadasd

View File

@ -14,44 +14,45 @@
# <xbar.desc>Displays status of a VPN interface with option to connect/disconnect.</xbar.desc> # <xbar.desc>Displays status of a VPN interface with option to connect/disconnect.</xbar.desc>
# <xbar.image>http://i.imgur.com/RkmptwO.png</xbar.image> # <xbar.image>http://i.imgur.com/RkmptwO.png</xbar.image>
#### Variables #### mkdir -p "/Users/$USER/.log/"
#DIR="/Users/$USER/Library/Preferences/openconnect" logfile="/Users/$USER/.log/bibVPN.log"
WORKDIR="/Users/$USER/.openconnect" echo -e "\nRun $0 , $(date)" >>$logfile
mkdir -p $WORKDIR
logfile="$WORKDIR/bibVPN.log"
echo -e "\nStart: $(date)" >>$logfile
echo "Run $0 $@" >> $logfile
PATH=$PATH:/usr/local/bin PATH=$PATH:/usr/local/bin
VPN_EXECUTABLE=$(which openconnect) VPN_EXECUTABLE=$(which openconnect)
OC_PIDFILE="$WORKDIR/vpn.bib.de.pid"
SETTINGSFILE="$WORKDIR/settings.csv"
ACCOUNTFILE="$WORKDIR/accounts.csv"
VPN_HOST="$3" VPN_HOST="$3"
VPN_USERNAME="$2" VPN_USERNAME="$2"
#### Settings #### #DIR=$(dirname "${BASH_SOURCE[0]}")
SHOW_SETTINGS='OFF' DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
OC_PIDFILE="/var/run/openconnect/vpn.bib.de.pid"
SETTINGSFILE="$DIR/settings.csv"
ACCOUNTFILE="$DIR/accounts.csv"
SHOW_SETTINGS='ON'
SET_ICONS='no' SET_ICONS='no'
NET_FILTER='inet 172.[123][0-9].1[67][80].' NET_FILTER='172.[123][0-9].1[67][80].'
FONT=( 'size=14' 'font=UbuntuMono' ) FONT=( 'size=14' 'font=UbuntuMono' )
#### Icons #### # Icons
ICON_connected="iVBORw0KGgoAAAANSUhEUgAAABgAAAAWCAYAAAGtemweAAAACXBIWXMAAAsSAAALEgHS3X78AAAA+klEQVR4nNRUwQ2DMAzMKy8WYIZOwb8LtUtAJSZp34zBCn3y4Y3cWLEr13KSllKhnnRKcvHZ4AScS6BJbUSMgRCncfJcaBG0KMcvMIj83ircWcUh9VTI46onO1A75sC2FIjpT0qHwMUy4AZSzuU6a7D2smDzLRu1Fi11aKRGJOHVyzKHlGExXu5MmlkJ6HpfRHbWx5SBR+tMtjNYOuQMfGV5Lecm8HSLQf8BH9iLC2BxoRiM/Qi9SnSlS1MRG9VLIM/bH4NM7Cgp/rImYkeaU4XQW8QsDBVpk9GeSRRnDb1FyCSWVtovYpcCtZG83rLALzwvuKskSNT2xwMAAP//L6vzxgAAAAJJREFUAwBX1u55AAAAAElFTkSuQmCC" ICON_connected="iVBORw0KGgoAAAANSUhEUgAAABgAAAAWCAYAAAGtemweAAAACXBIWXMAAAsSAAALEgHS3X78AAAA+klEQVR4nNRUwQ2DMAzMKy8WYIZOwb8LtUtAJSZp34zBCn3y4Y3cWLEr13KSllKhnnRKcvHZ4AScS6BJbUSMgRCncfJcaBG0KMcvMIj83ircWcUh9VTI46onO1A75sC2FIjpT0qHwMUy4AZSzuU6a7D2smDzLRu1Fi11aKRGJOHVyzKHlGExXu5MmlkJ6HpfRHbWx5SBR+tMtjNYOuQMfGV5Lecm8HSLQf8BH9iLC2BxoRiM/Qi9SnSlS1MRG9VLIM/bH4NM7Cgp/rImYkeaU4XQW8QsDBVpk9GeSRRnDb1FyCSWVtovYpcCtZG83rLALzwvuKskSNT2xwMAAP//L6vzxgAAAAJJREFUAwBX1u55AAAAAElFTkSuQmCC"
ICON_disconnected="iVBORw0KGgoAAAANSUhEUgAAABgAAAAWCAYAAAGtemweAAAACXBIWXMAAAsSAAALEgHS3X78AAAA2klEQVR4nNxTQQ6DMAyrqvGAXfeK7Uh5wHbgyhlxaP//hDXClbLOXUHqhDZLFsGJEzUUYwq4lBIrpsiwhirQEDHxRSw69mFU/a1OJNHh+ZYILMHibThjHUtkXyuU9tdMD5GeGSQh1LF+/2hguQPRY0MTFlGEzQ6bOJYMnhzuBo1OCrjejqx0KhnSk32TdgamhyaGP4SNHNQFYPSokdpdGLJGd1yaDpT4kdWIZ/PPoBsLTriRM+igmWyQeKtYlKGDNpP1iGZQkzTxVqGbMK2Wr+KQAU09Xx/wW3gCAAD//+SvwXMAAAACSURBVAMAV9bueQAAAABJRU5ErkJggg==" ICON_disconnected="iVBORw0KGgoAAAANSUhEUgAAABgAAAAWCAYAAAGtemweAAAACXBIWXMAAAsSAAALEgHS3X78AAAA2klEQVR4nNxTQQ6DMAyrqvGAXfeK7Uh5wHbgyhlxaP//hDXClbLOXUHqhDZLFsGJEzUUYwq4lBIrpsiwhirQEDHxRSw69mFU/a1OJNHh+ZYILMHibThjHUtkXyuU9tdMD5GeGSQh1LF+/2hguQPRY0MTFlGEzQ6bOJYMnhzuBo1OCrjejqx0KhnSk32TdgamhyaGP4SNHNQFYPSokdpdGLJGd1yaDpT4kdWIZ/PPoBsLTriRM+igmWyQeKtYlKGDNpP1iGZQkzTxVqGbMK2Wr+KQAU09Xx/wW3gCAAD//+SvwXMAAAACSURBVAMAV9bueQAAAABJRU5ErkJggg=="
# A command that will result in your VPN password. Recommend using # A command that will result in your VPN password. Recommend using
# "security find-generic-password -g -a foo" where foo is an account # "security find-generic-password -g -a foo" where foo is an account
# in your OSX Keychain, to avoid passwords stored in plain text # in your OSX Keychain, to avoid passwords stored in plain text
GET_VPN_PASSWORD="security find-generic-password -g -a $VPN_USERNAME 2>&1 >/dev/null | cut -d'\"' -f2" GET_VPN_PASSWORD="security find-generic-password -g -a $VPN_USERNAME 2>&1 >/dev/null | cut -d'\"' -f2"
if [[ -z $GET_VPN_PASSWORD ]] ; then
if $(read "Es wurde kein Passwort im Schlüsselbund gefunden. Soll dort eins hinterlegt werden? (ja/nein)") == '[Jj][aA]' ; then
local $keychainPW = $(read "Wie lautet das Password für den Benutzer $VPN_USERNAME ?")
security add-generic-password -a $VPN_USERNAME -s openconnect -w $keychainPW
fi
fi
# Command to determine if VPN is connected or disconnected # Command to determine if VPN is connected or disconnected
VPN_CONNECTED="ifconfig | egrep -A1 '$NET_FILTER' |cut -d' ' -f2" VPN_CONNECTED="ifconfig | egrep -A1 'inet $NET_FILTER' |cut -d' ' -f2"
# Command to run to disconnect VPN # Command to run to disconnect VPN
VPN_DISCONNECT_CMD="sudo killall -2 openconnect" VPN_DISCONNECT_CMD="sudo killall -2 openconnect"
# Get IP of Current VPN Tunnel # Get IP of Current VPN Tunnel
IP=$(ifconfig | egrep -A1 "$NET_FILTER" |cut -d' ' -f2) IP=$(ifconfig | egrep -A1 'inet $NET_FILTER' |cut -d' ' -f2)
#### Functions #### function askForVPNName(){
function askFor(){ results=$( /usr/bin/osascript -e 'display dialog "Wie lautet die E-Mail des Benutzers, der zum Verbinden verwendet werden soll?" default answer "vorname.nachname@bib.de" buttons {"Cancel","OK"} default button {"OK"} with title "Neuen User für das VPN anlegen"' )
osascript=$1+' buttons {"Cancel","OK"} default button {"OK"} with title "Neuen User für das VPN anlegen"'
results=$( /usr/bin/osascript -e $osascript)
theButton=$( echo "$results" | /usr/bin/awk -F "button returned:|," '{print $2}' ) theButton=$( echo "$results" | /usr/bin/awk -F "button returned:|," '{print $2}' )
theText=$( echo "$results" | /usr/bin/awk -F "text returned:" '{print $2}' ) theText=$( echo "$results" | /usr/bin/awk -F "text returned:" '{print $2}' )
@ -61,31 +62,17 @@ function askFor(){
fi fi
} }
function showSettings()
{
if [[ $SHOW_SETTINGS == "ON" ]]; then
echo "---"
echo "Settings"
echo "--$SETTINGSFILE"
echo "--Farbige Icons aus"
echo "--Tunnelblick Icons aus"
echo "--Neuen User anlegen| shell='$0' param1=newuser terminal=false refresh=true"
fi
}
#### MAIN #####
case "$1" in case "$1" in
connect) connect)
VPN_PASSWORD=$(eval "$GET_VPN_PASSWORD") VPN_PASSWORD=$(eval "$GET_VPN_PASSWORD")
if [[ -z VPN_PASSWORDm ]]; then VPN_PASSWORD=$(askFor 'display dialog "Es ist kein Passwort im Schlüsselbund vorhanden. Wie lautet das Passwort? " default answer "vpn.bib.de"'); fi
#security add-generic-password -a $VPN_USERNAME -s openconnect -w $keychainPW
VPN_EXECUTABLE_PARAMS="--servercert $4 --protocol=fortinet" # Optional VPN_EXECUTABLE_PARAMS="--servercert $4 --protocol=fortinet" # Optional
# VPN connection command, should eventually result in $VPN_CONNECTED, # VPN connection command, should eventually result in $VPN_CONNECTED,
# may need to be modified for VPN clients other than openconnect # may need to be modified for VPN clients other than openconnect
echo "echo <pseudeoPW> | sudo $VPN_EXECUTABLE $VPN_EXECUTABLE_PARAMS --user $VPN_USERNAME --passwd-on-stdin $VPN_HOST --pid-file=$OC_PIDFILE --background" > $logfile 2>&1 echo "echo $VPN_PASSWORD | sudo $VPN_EXECUTABLE $VPN_EXECUTABLE_PARAMS --user $VPN_USERNAME --passwd-on-stdin $VPN_HOST --pid-file=$OC_PIDFILE --background" > $logfile 2>&1
echo "$VPN_PASSWORD" | sudo $VPN_EXECUTABLE $VPN_EXECUTABLE_PARAMS --user $VPN_USERNAME --passwd-on-stdin $VPN_HOST --pid-file=$OC_PIDFILE --background > $logfile 2>&1 echo "$VPN_PASSWORD" | sudo $VPN_EXECUTABLE $VPN_EXECUTABLE_PARAMS --user $VPN_USERNAME --passwd-on-stdin $VPN_HOST --pid-file=$OC_PIDFILE --background > $logfile 2>&1
IP=$(ifconfig | egrep -A1 "$NET_FILTER" |cut -d' ' -f2)
while [ -z $IP ]; do echo "noch keine IP" ; sleep 0.5 ; IP=$(ifconfig | egrep -A1 "$NET_FILTER"|cut -d' ' -f2) ; done IP=$(ifconfig | egrep -A1 'inet $NET_FILTER' |cut -d' ' -f2)
while [ -z $IP ]; do echo "noch keine IP" ; sleep 0.5 ; IP=$(ifconfig | egrep -A1 'inet $NET_FILTER' |cut -d' ' -f2) ; done
msg='display notification "Erfolgreich verbunden \nConnected User: '$VPN_USERNAME'" with title "OpenFortiVPN" subtitle "Deine IP lautet: '$IP'" sound name "Brise"' msg='display notification "Erfolgreich verbunden \nConnected User: '$VPN_USERNAME'" with title "OpenFortiVPN" subtitle "Deine IP lautet: '$IP'" sound name "Brise"'
errmsg='display notification "Verbindungsversuch nicht erfolgreich" with title "OpenFortiVPN" subtitle "Schade" sound name "Brise"' errmsg='display notification "Verbindungsversuch nicht erfolgreich" with title "OpenFortiVPN" subtitle "Schade" sound name "Brise"'
if [[ $IP =~ 172 ]] ; then osascript -e "$msg" ; else osascript -e "$errmsg" ; fi if [[ $IP =~ 172 ]] ; then osascript -e "$msg" ; else osascript -e "$errmsg" ; fi
@ -101,8 +88,7 @@ case "$1" in
newuser) newuser)
echo "Sie wollen einen weiteren Benutzer für das VPN anlegen. Geben Sie dazu die folgenden Dinge ein." echo "Sie wollen einen weiteren Benutzer für das VPN anlegen. Geben Sie dazu die folgenden Dinge ein."
#echo -n "Wie lautet der Name der neuen Verbindung? " ; read NEW_VPN_NAME #echo -n "Wie lautet der Name der neuen Verbindung? " ; read NEW_VPN_NAME
NEW_VPN_NAME=$(askFor 'display dialog "Wie lautet die E-Mail des Benutzers, der zum Verbinden verwendet werden soll?" default answer "vorname.nachname@bib.de"' ) NEW_VPN_NAME=$(askForVPNName)
NEW_VPN_HOST=$(askFor 'display dialog "Wie lautet der Servername?" default answer "vpn.bib.de"')
echo -n "Wie lautet der VPN-Server? "; read NEW_VPN_HOST echo -n "Wie lautet der VPN-Server? "; read NEW_VPN_HOST
echo -n "Wie lautet die E-Mail des Benutzers? " ; read NEW_VPN_USERNAME echo -n "Wie lautet die E-Mail des Benutzers? " ; read NEW_VPN_USERNAME
NEW_VPN_PUBKEY=$(gnutls-cli --print-cert $NEW_VPN_HOST |grep -e 'pin-.*:'|awk '{$1=$1;print}') NEW_VPN_PUBKEY=$(gnutls-cli --print-cert $NEW_VPN_HOST |grep -e 'pin-.*:'|awk '{$1=$1;print}')
@ -120,13 +106,17 @@ esac
#if [ -n "$(eval "$VPN_CONNECTED")" ]; then #if [ -n "$(eval "$VPN_CONNECTED")" ]; then
if [ -f $OC_PIDFILE ]; then if [ -f $OC_PIDFILE ]; then
if [ $SET_ICONS == 'yes' ]; then echo "| templateImage=$ICON_connected" ; else echo "VPN ✔ |$FONT color=green" ; fi if [ $SET_ICONS == 'yes']; then echo "| templateImage=$ICON_connected" ; else echo "VPN ✔ |$FONT color=green" ; fi
#
echo '---' echo '---'
echo "Disconnect VPN | bash='$0' param1=disconnect terminal=false refresh=true" echo "Disconnect VPN | bash='$0' param1=disconnect terminal=false refresh=true"
aUser=$(ps -ef | grep -e '--user\ ' | cut -d' ' -f 32) echo "User: $(ps -ef | grep -e '--user\ ' | cut -d' ' -f 33)"
if [[ $aUser =~ .*@.* ]]; then echo "User: $aUser" ; fi
echo "IP: $IP" echo "IP: $IP"
showSettings echo "---"
echo "Settings"
echo "--Farbige Icons aus"
echo "--Tunnelblick Icons aus"
echo "--Neuen User anlegen| shell='/Users/$USER/Library/Application\ Support/xbar/plugins/$(basename $0)' param1=newuser terminal=true refresh=true"
exit exit
else else
if [ $SET_ICONS == 'yes' ] ; then echo "| templateImage=$ICON_disconnected" ; else echo "VPN ❌ | $FONT color=Crimson" ; fi if [ $SET_ICONS == 'yes' ] ; then echo "| templateImage=$ICON_disconnected" ; else echo "VPN ❌ | $FONT color=Crimson" ; fi
@ -134,13 +124,22 @@ else
# Alle User aus der accounts.csv auslesen und dann zur Auswahl anbieten. # Alle User aus der accounts.csv auslesen und dann zur Auswahl anbieten.
cat "$ACCOUNTFILE" | while IFS= read config; cat "$ACCOUNTFILE" | while IFS= read config;
do do
[[ $config =~ ^#.* ]] && continue
cfgName=$(echo $config|cut -d',' -f1) cfgName=$(echo $config|cut -d',' -f1)
cfgMail=$(echo $config|cut -d',' -f2) cfgMail=$(echo $config|cut -d',' -f2)
cfgHost=$(echo $config|cut -d',' -f3) cfgHost=$(echo $config|cut -d',' -f3)
cfgPubKey=$(echo $config|cut -d',' -f4) cfgPubKey=$(echo $config|cut -d',' -f4)
echo "Connect $cfgName VPN | shell='$0' param1=connect param2=$cfgMail param3=$cfgHost param4=$cfgPubKey terminal=false refresh=true" echo "Connect $cfgName VPN | shell='...$0' param1=connect param2=$cfgMail param3=$cfgHost param4=$cfgPubKey terminal=false refresh=true"
done done
showSettings
if [[ $SHOW_SETTINGS == "ON" ]]; then
echo "---"
echo "Settings"
echo "--$SETTINGSFILE"
echo "--Farbige Icons aus"
echo "--Tunnelblick Icons aus"
echo "--Neuen User anlegen| bash=$0 param1=newuser terminal=true refresh=true"
fi
exit exit
fi fi
#if [ -f $OC_PIDFILE ]; then