#!/bin/sh
#
# vpn - connect to $VPNSERVER
#
# $Id$

# originally by Guus Bertens

CACERT=/etc/ssl/certs/Comodo_AAA_Services_root.pem

PATH=/usr/sbin:/usr/bin:/bin
export PATH

me=`basename "$0"`

if [ -z "$VPNSERVER" ]
then
  VPNSERVER=vpn3.tue.nl
fi

if [ -z "$AUTHGROUP" ]
then
  AUTHGROUP='2: Tunnel TU/e traffic'
fi

SudoIfRequired()
{
  if [ ! -w /etc/passwd ]
  then
    sudo "$@"
  else
    "$@"
  fi
}

Warn() { echo $me: $@ >&2; }
Die() { Warn fatal error: $@, aborting; exit 1; }

DieIfMissing()
{
  for x in "$@"
  do
    type $x >/dev/null 2>/dev/null ||
      Die please install the $1 package
  done
}

IsRunning()
{
  [ -n "`pgrep -x $1`" ]
}

KillIfRunning()
{
  DieIfMissing pgrep pkill

  PID=`pgrep -x openconnect`

  if [ -z "$PID" ]
  then
    : # nothing to do
  elif SudoIfRequired kill -INT $PID
  then
    : # success
  else
    Die could not kill openconnect process
  fi
}

Status()
{
  if IsRunning openconnect
  then
    echo openconnect is running
  else
    echo openconnect is not running
    false
  fi
}

StopVpn()
{  
  KillIfRunning openconnect
}

StartVpn()
{
  if IsRunning openconnect
  then
    Die openconnect is running, try $me off first
  fi

  DieIfMissing openconnect

  eval `SudoIfRequired openconnect \
    --authgroup "$AUTHGROUP" \
    --authenticate \
    $VPNSERVER`

  if [ -n "$COOKIE" ]
  then
    echo $COOKIE |
    SudoIfRequired openconnect \
    --cookie-on-stdin \
    --servercert $FINGERPRINT \
    --cafile $CACERT \
    --background \
    $VPNSERVER
  else
    Die failed to authenticate, giving up
  fi
}

Help()
{
  cat >&2 <<ZZ
Usage:

  $me

    is a shorthand for $me restart

  $me status

    to report whether the openconnect process is running

  $me start
  $me on

    to start a VPN connection to \$VPNSERVER (default: vpn3.tue.nl);
    this requires sudo root permissions;
    first sudo will be invoked (usually asking you for your local password),
    then the VPN connection asks you for your TUE username and password.

  $me stop
  $me off

    to stop the existing VPN connection, if any

  $me restart
  $me offon

    to stop and start

Environment variable:

  \$VPNSERVER

    the VPN server to connect to; if not set, connect to $VPNSERVER
ZZ
}

case "$1" in
status) Status;;
stop|off) StopVpn;;
start|on) StartVpn;;
restart|offon|'') StopVpn; for s in 1 2 3 4 5; do IsRunning openconnect || break; done; StartVpn;;
help) Help;;
*) Warn Usage: $me '[start|stop|restart|status|help]';;
esac