#!/bin/bash

# isgee-vpnc-connect - connect to the ETH VPN network
# Edited to unibe-vpnc-connect
# 2006-10-25, David Schweikert <dws@ee.ethz.ch>
# 2009-09-23, Tobias Schmid <schmid.tobias@students.unibe.ch

VPNC_CONFIG="/etc/vpnc/UniBe.conf"

prompt_password()
{
    unset USER
    unset PASS
    if [ -t 1 ]; then
        prompt_password_term
    else
        if [ -z "$DISPLAY" ]; then
            # is an X-server running and we don't have an interactive terminal?
            # force the DISPLAY to the user's X-session so that a popup
            # comes on an ifplugd/hotplug/networkmanager event
            export XAUTHORITY=`pgrep -l -u root -f '^/usr(/X11R6)?/bin/X' | \
                perl -n -e '/-auth (\S+)/ and print $1,"\n"'`
            [ -n "$XAUTHORITY" ] && export DISPLAY=:0
        fi

        if [ -z "$DISPLAY" ]; then
            echo "WARNING: unibe-vpnc-connect: can't prompt password: no terminal" >&2
            return 1
        fi

        prompt_password_xdialog
    fi

    return 0
}

prompt_password_term()
{
    echo
    echo "Please provide your login credentials to access the network."
    while [ -z "$USER" ]; do
        read -p "Campus Account user : " USER
    done
    while [ -z "$PASS" ]; do
        read -p "   password : " -s PASS
        echo
    done
}

prompt_password_xdialog()
{
    input=`Xdialog --stdout --title "VPN authentication" \
        --separator " " \
        --password \
        --left \
        --2inputsbox "Enter your Campus Account username and password\nto access the network.\n(It will be stored in $VPNC_CONFIG)" \
        0 0 Identity account-username Password ""`
    
    USER=`echo $input | cut -d \  -f 1`
    PASS=`echo $input | cut -d \  -f 2-`
}

save_password()
{
    [ -n "$USER" ] || return
    [ -n "$PASS" ] || return
    cat $VPNC_CONFIG | grep -v '^Xauth' >$VPNC_CONFIG.new
    chmod 600 $VPNC_CONFIG.new
    echo "Xauth username $USER" >>$VPNC_CONFIG.new
    echo "Xauth password $PASS" >>$VPNC_CONFIG.new
    mv $VPNC_CONFIG $VPNC_CONFIG.old
    mv $VPNC_CONFIG.new $VPNC_CONFIG
}

disconnect()
{
    pgrep -f 'vpnc-connect --non-inter UniBe' >/dev/null || return 1
    vpnc-disconnect
    return 0
}

cleanup_and_exit()
{
    rm -f /var/run/unibe-vpnc-connect.pid
    echo
    exit
}

kill_old_instances()
{
    # make sure that only one instance of this script is running
    if [ -f /var/run/unibe-vpnc-connect.pid ]; then
        kill `cat /var/run/unibe-vpnc-connect.pid`
        sleep 1
    fi

    echo $$ >/var/run/unibe-vpnc-connect.pid

    trap cleanup_and_exit EXIT
    trap cleanup_and_exit SIGTERM
    trap cleanup_and_exit SIGINT
}

DISCONNECT=$1

kill_old_instances

# disconnect argument
if [ "$DISCONNECT" = "disconnect" ]; then
    disconnect
    exit
fi

# terminate any running process
disconnect && sleep 2

# prompt password
if grep "Xauth password" $VPNC_CONFIG >/dev/null; then :
else
    prompt_password && save_password
fi

# find out what is now the default interface
DEFAULT_IFACE=`netstat -r|grep '^default'|awk '{print $8}'`

# try 3 times to login
for i in 1 2 3; do
    if vpnc-connect --non-inter UniBe; then
        # success
        # DHCP requests are sent to this special host and must not go through the VPN:
        for IFACE in eth0 wlan0 ath0; do
            if [ "$IFACE" = "$DEFAULT_IFACE" ]; then
                ip route add 10.1.6.1 dev $DEFAULT_IFACE
            fi
        done
        break
    fi
    prompt_password && save_password
done

# vim: et sw=4