Compare commits

...

2 Commits

Author SHA1 Message Date
Thomas Schmauder
95479bf28c running config 2023-02-24 15:21:55 +01:00
Thomas Schmauder
253b5867ea Kommentare sollten gelöscht werden 2023-02-24 14:05:40 +01:00
2 changed files with 49 additions and 48 deletions

View File

@ -1,2 +1,2 @@
#Name,E-Mail,Host,ServerFingerprint #Name,E-Mail,Host,ServerFingerprint # Zeile muss gelöscht werden
bib,vorname.nachname@bib.de,vpn.bib.de,pin-sha265:asdasdasdasdasdasdasdasdasdasdadasd bib,vorname.nachname@bib.de,vpn.bib.de,pin-sha265:asdasdasdasdasdasdasdasdasdasdadasd

View File

@ -14,45 +14,44 @@
# <xbar.desc>Displays status of a VPN interface with option to connect/disconnect.</xbar.desc> # <xbar.desc>Displays status of a VPN interface with option to connect/disconnect.</xbar.desc>
# <xbar.image>http://i.imgur.com/RkmptwO.png</xbar.image> # <xbar.image>http://i.imgur.com/RkmptwO.png</xbar.image>
mkdir -p "/Users/$USER/.log/" #### Variables ####
logfile="/Users/$USER/.log/bibVPN.log" #DIR="/Users/$USER/Library/Preferences/openconnect"
echo -e "\nRun $0 , $(date)" >>$logfile WORKDIR="/Users/$USER/.openconnect"
mkdir -p $WORKDIR
logfile="$WORKDIR/bibVPN.log"
echo -e "\nStart: $(date)" >>$logfile
echo "Run $0 $@" >> $logfile
PATH=$PATH:/usr/local/bin PATH=$PATH:/usr/local/bin
VPN_EXECUTABLE=$(which openconnect) VPN_EXECUTABLE=$(which openconnect)
OC_PIDFILE="$WORKDIR/vpn.bib.de.pid"
SETTINGSFILE="$WORKDIR/settings.csv"
ACCOUNTFILE="$WORKDIR/accounts.csv"
VPN_HOST="$3" VPN_HOST="$3"
VPN_USERNAME="$2" VPN_USERNAME="$2"
#DIR=$(dirname "${BASH_SOURCE[0]}") #### Settings ####
DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" SHOW_SETTINGS='OFF'
OC_PIDFILE="/var/run/openconnect/vpn.bib.de.pid"
SETTINGSFILE="$DIR/settings.csv"
ACCOUNTFILE="$DIR/accounts.csv"
SHOW_SETTINGS='ON'
SET_ICONS='no' SET_ICONS='no'
NET_FILTER='172.[123][0-9].1[67][80].' NET_FILTER='inet 172.[123][0-9].1[67][80].'
FONT=( 'size=14' 'font=UbuntuMono' ) FONT=( 'size=14' 'font=UbuntuMono' )
# Icons #### Icons ####
ICON_connected="iVBORw0KGgoAAAANSUhEUgAAABgAAAAWCAYAAAGtemweAAAACXBIWXMAAAsSAAALEgHS3X78AAAA+klEQVR4nNRUwQ2DMAzMKy8WYIZOwb8LtUtAJSZp34zBCn3y4Y3cWLEr13KSllKhnnRKcvHZ4AScS6BJbUSMgRCncfJcaBG0KMcvMIj83ircWcUh9VTI46onO1A75sC2FIjpT0qHwMUy4AZSzuU6a7D2smDzLRu1Fi11aKRGJOHVyzKHlGExXu5MmlkJ6HpfRHbWx5SBR+tMtjNYOuQMfGV5Lecm8HSLQf8BH9iLC2BxoRiM/Qi9SnSlS1MRG9VLIM/bH4NM7Cgp/rImYkeaU4XQW8QsDBVpk9GeSRRnDb1FyCSWVtovYpcCtZG83rLALzwvuKskSNT2xwMAAP//L6vzxgAAAAJJREFUAwBX1u55AAAAAElFTkSuQmCC" ICON_connected="iVBORw0KGgoAAAANSUhEUgAAABgAAAAWCAYAAAGtemweAAAACXBIWXMAAAsSAAALEgHS3X78AAAA+klEQVR4nNRUwQ2DMAzMKy8WYIZOwb8LtUtAJSZp34zBCn3y4Y3cWLEr13KSllKhnnRKcvHZ4AScS6BJbUSMgRCncfJcaBG0KMcvMIj83ircWcUh9VTI46onO1A75sC2FIjpT0qHwMUy4AZSzuU6a7D2smDzLRu1Fi11aKRGJOHVyzKHlGExXu5MmlkJ6HpfRHbWx5SBR+tMtjNYOuQMfGV5Lecm8HSLQf8BH9iLC2BxoRiM/Qi9SnSlS1MRG9VLIM/bH4NM7Cgp/rImYkeaU4XQW8QsDBVpk9GeSRRnDb1FyCSWVtovYpcCtZG83rLALzwvuKskSNT2xwMAAP//L6vzxgAAAAJJREFUAwBX1u55AAAAAElFTkSuQmCC"
ICON_disconnected="iVBORw0KGgoAAAANSUhEUgAAABgAAAAWCAYAAAGtemweAAAACXBIWXMAAAsSAAALEgHS3X78AAAA2klEQVR4nNxTQQ6DMAyrqvGAXfeK7Uh5wHbgyhlxaP//hDXClbLOXUHqhDZLFsGJEzUUYwq4lBIrpsiwhirQEDHxRSw69mFU/a1OJNHh+ZYILMHibThjHUtkXyuU9tdMD5GeGSQh1LF+/2hguQPRY0MTFlGEzQ6bOJYMnhzuBo1OCrjejqx0KhnSk32TdgamhyaGP4SNHNQFYPSokdpdGLJGd1yaDpT4kdWIZ/PPoBsLTriRM+igmWyQeKtYlKGDNpP1iGZQkzTxVqGbMK2Wr+KQAU09Xx/wW3gCAAD//+SvwXMAAAACSURBVAMAV9bueQAAAABJRU5ErkJggg==" ICON_disconnected="iVBORw0KGgoAAAANSUhEUgAAABgAAAAWCAYAAAGtemweAAAACXBIWXMAAAsSAAALEgHS3X78AAAA2klEQVR4nNxTQQ6DMAyrqvGAXfeK7Uh5wHbgyhlxaP//hDXClbLOXUHqhDZLFsGJEzUUYwq4lBIrpsiwhirQEDHxRSw69mFU/a1OJNHh+ZYILMHibThjHUtkXyuU9tdMD5GeGSQh1LF+/2hguQPRY0MTFlGEzQ6bOJYMnhzuBo1OCrjejqx0KhnSk32TdgamhyaGP4SNHNQFYPSokdpdGLJGd1yaDpT4kdWIZ/PPoBsLTriRM+igmWyQeKtYlKGDNpP1iGZQkzTxVqGbMK2Wr+KQAU09Xx/wW3gCAAD//+SvwXMAAAACSURBVAMAV9bueQAAAABJRU5ErkJggg=="
# A command that will result in your VPN password. Recommend using # A command that will result in your VPN password. Recommend using
# "security find-generic-password -g -a foo" where foo is an account # "security find-generic-password -g -a foo" where foo is an account
# in your OSX Keychain, to avoid passwords stored in plain text # in your OSX Keychain, to avoid passwords stored in plain text
GET_VPN_PASSWORD="security find-generic-password -g -a $VPN_USERNAME 2>&1 >/dev/null | cut -d'\"' -f2" GET_VPN_PASSWORD="security find-generic-password -g -a $VPN_USERNAME 2>&1 >/dev/null | cut -d'\"' -f2"
if [[ -z $GET_VPN_PASSWORD ]] ; then
if $(read "Es wurde kein Passwort im Schlüsselbund gefunden. Soll dort eins hinterlegt werden? (ja/nein)") == '[Jj][aA]' ; then
local $keychainPW = $(read "Wie lautet das Password für den Benutzer $VPN_USERNAME ?")
security add-generic-password -a $VPN_USERNAME -s openconnect -w $keychainPW
fi
fi
# Command to determine if VPN is connected or disconnected # Command to determine if VPN is connected or disconnected
VPN_CONNECTED="ifconfig | egrep -A1 'inet $NET_FILTER' |cut -d' ' -f2" VPN_CONNECTED="ifconfig | egrep -A1 '$NET_FILTER' |cut -d' ' -f2"
# Command to run to disconnect VPN # Command to run to disconnect VPN
VPN_DISCONNECT_CMD="sudo killall -2 openconnect" VPN_DISCONNECT_CMD="sudo killall -2 openconnect"
# Get IP of Current VPN Tunnel # Get IP of Current VPN Tunnel
IP=$(ifconfig | egrep -A1 'inet $NET_FILTER' |cut -d' ' -f2) IP=$(ifconfig | egrep -A1 "$NET_FILTER" |cut -d' ' -f2)
function askForVPNName(){ #### Functions ####
results=$( /usr/bin/osascript -e 'display dialog "Wie lautet die E-Mail des Benutzers, der zum Verbinden verwendet werden soll?" default answer "vorname.nachname@bib.de" buttons {"Cancel","OK"} default button {"OK"} with title "Neuen User für das VPN anlegen"' ) function askFor(){
osascript=$1+' buttons {"Cancel","OK"} default button {"OK"} with title "Neuen User für das VPN anlegen"'
results=$( /usr/bin/osascript -e $osascript)
theButton=$( echo "$results" | /usr/bin/awk -F "button returned:|," '{print $2}' ) theButton=$( echo "$results" | /usr/bin/awk -F "button returned:|," '{print $2}' )
theText=$( echo "$results" | /usr/bin/awk -F "text returned:" '{print $2}' ) theText=$( echo "$results" | /usr/bin/awk -F "text returned:" '{print $2}' )
@ -62,17 +61,31 @@ function askForVPNName(){
fi fi
} }
function showSettings()
{
if [[ $SHOW_SETTINGS == "ON" ]]; then
echo "---"
echo "Settings"
echo "--$SETTINGSFILE"
echo "--Farbige Icons aus"
echo "--Tunnelblick Icons aus"
echo "--Neuen User anlegen| shell='$0' param1=newuser terminal=false refresh=true"
fi
}
#### MAIN #####
case "$1" in case "$1" in
connect) connect)
VPN_PASSWORD=$(eval "$GET_VPN_PASSWORD") VPN_PASSWORD=$(eval "$GET_VPN_PASSWORD")
if [[ -z VPN_PASSWORDm ]]; then VPN_PASSWORD=$(askFor 'display dialog "Es ist kein Passwort im Schlüsselbund vorhanden. Wie lautet das Passwort? " default answer "vpn.bib.de"'); fi
#security add-generic-password -a $VPN_USERNAME -s openconnect -w $keychainPW
VPN_EXECUTABLE_PARAMS="--servercert $4 --protocol=fortinet" # Optional VPN_EXECUTABLE_PARAMS="--servercert $4 --protocol=fortinet" # Optional
# VPN connection command, should eventually result in $VPN_CONNECTED, # VPN connection command, should eventually result in $VPN_CONNECTED,
# may need to be modified for VPN clients other than openconnect # may need to be modified for VPN clients other than openconnect
echo "echo $VPN_PASSWORD | sudo $VPN_EXECUTABLE $VPN_EXECUTABLE_PARAMS --user $VPN_USERNAME --passwd-on-stdin $VPN_HOST --pid-file=$OC_PIDFILE --background" > $logfile 2>&1 echo "echo <pseudeoPW> | sudo $VPN_EXECUTABLE $VPN_EXECUTABLE_PARAMS --user $VPN_USERNAME --passwd-on-stdin $VPN_HOST --pid-file=$OC_PIDFILE --background" > $logfile 2>&1
echo "$VPN_PASSWORD" | sudo $VPN_EXECUTABLE $VPN_EXECUTABLE_PARAMS --user $VPN_USERNAME --passwd-on-stdin $VPN_HOST --pid-file=$OC_PIDFILE --background > $logfile 2>&1 echo "$VPN_PASSWORD" | sudo $VPN_EXECUTABLE $VPN_EXECUTABLE_PARAMS --user $VPN_USERNAME --passwd-on-stdin $VPN_HOST --pid-file=$OC_PIDFILE --background > $logfile 2>&1
IP=$(ifconfig | egrep -A1 "$NET_FILTER" |cut -d' ' -f2)
IP=$(ifconfig | egrep -A1 'inet $NET_FILTER' |cut -d' ' -f2) while [ -z $IP ]; do echo "noch keine IP" ; sleep 0.5 ; IP=$(ifconfig | egrep -A1 "$NET_FILTER"|cut -d' ' -f2) ; done
while [ -z $IP ]; do echo "noch keine IP" ; sleep 0.5 ; IP=$(ifconfig | egrep -A1 'inet $NET_FILTER' |cut -d' ' -f2) ; done
msg='display notification "Erfolgreich verbunden \nConnected User: '$VPN_USERNAME'" with title "OpenFortiVPN" subtitle "Deine IP lautet: '$IP'" sound name "Brise"' msg='display notification "Erfolgreich verbunden \nConnected User: '$VPN_USERNAME'" with title "OpenFortiVPN" subtitle "Deine IP lautet: '$IP'" sound name "Brise"'
errmsg='display notification "Verbindungsversuch nicht erfolgreich" with title "OpenFortiVPN" subtitle "Schade" sound name "Brise"' errmsg='display notification "Verbindungsversuch nicht erfolgreich" with title "OpenFortiVPN" subtitle "Schade" sound name "Brise"'
if [[ $IP =~ 172 ]] ; then osascript -e "$msg" ; else osascript -e "$errmsg" ; fi if [[ $IP =~ 172 ]] ; then osascript -e "$msg" ; else osascript -e "$errmsg" ; fi
@ -88,7 +101,8 @@ case "$1" in
newuser) newuser)
echo "Sie wollen einen weiteren Benutzer für das VPN anlegen. Geben Sie dazu die folgenden Dinge ein." echo "Sie wollen einen weiteren Benutzer für das VPN anlegen. Geben Sie dazu die folgenden Dinge ein."
#echo -n "Wie lautet der Name der neuen Verbindung? " ; read NEW_VPN_NAME #echo -n "Wie lautet der Name der neuen Verbindung? " ; read NEW_VPN_NAME
NEW_VPN_NAME=$(askForVPNName) NEW_VPN_NAME=$(askFor 'display dialog "Wie lautet die E-Mail des Benutzers, der zum Verbinden verwendet werden soll?" default answer "vorname.nachname@bib.de"' )
NEW_VPN_HOST=$(askFor 'display dialog "Wie lautet der Servername?" default answer "vpn.bib.de"')
echo -n "Wie lautet der VPN-Server? "; read NEW_VPN_HOST echo -n "Wie lautet der VPN-Server? "; read NEW_VPN_HOST
echo -n "Wie lautet die E-Mail des Benutzers? " ; read NEW_VPN_USERNAME echo -n "Wie lautet die E-Mail des Benutzers? " ; read NEW_VPN_USERNAME
NEW_VPN_PUBKEY=$(gnutls-cli --print-cert $NEW_VPN_HOST |grep -e 'pin-.*:'|awk '{$1=$1;print}') NEW_VPN_PUBKEY=$(gnutls-cli --print-cert $NEW_VPN_HOST |grep -e 'pin-.*:'|awk '{$1=$1;print}')
@ -106,40 +120,27 @@ esac
#if [ -n "$(eval "$VPN_CONNECTED")" ]; then #if [ -n "$(eval "$VPN_CONNECTED")" ]; then
if [ -f $OC_PIDFILE ]; then if [ -f $OC_PIDFILE ]; then
if [ $SET_ICONS == 'yes']; then echo "| templateImage=$ICON_connected" ; else echo "VPN ✔ |$FONT color=green" ; fi if [ $SET_ICONS == 'yes' ]; then echo "| templateImage=$ICON_connected" ; else echo "VPN ✔ |$FONT color=green" ; fi
#
echo '---' echo '---'
echo "Disconnect VPN | bash='$0' param1=disconnect terminal=false refresh=true" echo "Disconnect VPN | bash='$0' param1=disconnect terminal=false refresh=true"
echo "User: $(ps -ef | grep -e '--user\ ' | cut -d' ' -f 33)" aUser=$(ps -ef | grep -e '--user\ ' | cut -d' ' -f 32)
if [[ $aUser =~ .*@.* ]]; then echo "User: $aUser" ; fi
echo "IP: $IP" echo "IP: $IP"
echo "---" showSettings
echo "Settings"
echo "--Farbige Icons aus"
echo "--Tunnelblick Icons aus"
echo "--Neuen User anlegen| shell='/Users/$USER/Library/Application\ Support/xbar/plugins/$(basename $0)' param1=newuser terminal=true refresh=true"
exit exit
else else
if [ $SET_ICONS == 'yes' ] ; then echo "| templateImage=$ICON_disconnected" ; else echo "VPN ❌ | $FONT color=Crimson" ; fi if [ $SET_ICONS == 'yes' ] ; then echo "| templateImage=$ICON_disconnected" ; else echo "VPN ❌ | $FONT color=Crimson" ; fi
echo '---' echo '---'
# Alle User aus der accounts.csv auslesen und dann zur Auswahl anbieten. # Alle User aus der accounts.csv auslesen und dann zur Auswahl anbieten.
cat "$ACCOUNTFILE" | while IFS= read config; cat "$ACCOUNTFILE" | while IFS= read config;
do do
[[ $config =~ ^#.* ]] && continue
cfgName=$(echo $config|cut -d',' -f1) cfgName=$(echo $config|cut -d',' -f1)
cfgMail=$(echo $config|cut -d',' -f2) cfgMail=$(echo $config|cut -d',' -f2)
cfgHost=$(echo $config|cut -d',' -f3) cfgHost=$(echo $config|cut -d',' -f3)
cfgPubKey=$(echo $config|cut -d',' -f4) cfgPubKey=$(echo $config|cut -d',' -f4)
echo "Connect $cfgName VPN | shell='...$0' param1=connect param2=$cfgMail param3=$cfgHost param4=$cfgPubKey terminal=false refresh=true" echo "Connect $cfgName VPN | shell='$0' param1=connect param2=$cfgMail param3=$cfgHost param4=$cfgPubKey terminal=false refresh=true"
done done
showSettings
if [[ $SHOW_SETTINGS == "ON" ]]; then
echo "---"
echo "Settings"
echo "--$SETTINGSFILE"
echo "--Farbige Icons aus"
echo "--Tunnelblick Icons aus"
echo "--Neuen User anlegen| bash=$0 param1=newuser terminal=true refresh=true"
fi
exit exit
fi fi
#if [ -f $OC_PIDFILE ]; then