lucaspar · September 10, 2022 22:25
diff --git a/cisco_vpn_autoconnect.sh b/cisco_vpn_autoconnect.sh
 #!/bin/env bash
 # Script to automate VPN client start and entering credentials
 #   "xdotool key" and "xdotool type" commands were not working
 #   most of times when using the --window option, so the script
 #   uses the "wmctrl" to switch window focus before typing or
 #   pressing keys.
 # === BEFORE FIRST EXECUTION ===
 #   Set VPN_USERNAME below;
 #   Store the VPN password once with secret-tool:
 #       secret-tool store --label "Cisco VPN credentials" vpn_client "$VPN_USERNAME"

 # parameters that you might want to change:
 VPN_USERNAME=""
 VPN_ACCESS_URL="vpnaccess.nd.edu/go"
 CISCO_BIN_GUI=/opt/cisco/anyconnect/bin/vpnui
 CISCO_BIN_CLI=/opt/cisco/anyconnect/bin/vpn
 SCRIPT_TIMEOUT=15

 # if VPN_USERNAME is not set, then the script will ask for it
 if [ -z "$VPN_USERNAME" ]; then
    echo "VPN username not set. Please enter it now and set it in this script for future runs:"
    read -r VPN_USERNAME
 fi
 # check secret-tool, xdotool, and wmctrl are installed:
 exit_code=0
 if ! command -v secret-tool >/dev/null 2>&1; then
    echo "Program secret-tool is not installed. Please install it."
    exit_code=10
 fi
 if ! command -v xdotool >/dev/null 2>&1; then
    echo "Program xdotool is not installed. Please install it."
    exit_code=10
 fi
 if ! command -v wmctrl >/dev/null 2>&1; then
    echo "Program wmctrl is not installed. Please install it."
    exit_code=10
 fi
 if [ $exit_code -ne 0 ]; then
    exit $exit_code
 fi

 # check if vpn is already connected and disconnect it if it is:
 if ! "$CISCO_BIN_CLI" state | grep -i disconnected >/dev/null 2>&1; then
    echo "VPN is already connected, disconnecting it..."
    "$CISCO_BIN_CLI" disconnect
    # also close any GUI clients
    wmctrl -c "Cisco AnyConnect Secure Mobility Client"
    exit 0
 fi

 # general script timeout to break from loops
 start_time=$(date +%s)

 # Open main VPN client
 # check if the VPN client is running
 if ! pgrep -f "$CISCO_BIN_GUI" >/dev/null; then
    echo "Starting Cisco VPN client..."
    $CISCO_BIN_GUI &
 else
    echo "Cisco VPN client is already running, getting window ID..."
 fi
 WID_CISCO=''
 while [ -z "$WID_CISCO" ]; do
    if [ $(($(date +%s) - start_time)) -gt $SCRIPT_TIMEOUT ]; then
        echo "Timeout waiting for vpnui to start."
        exit 2
    fi
    WID_CISCO=$(xdotool search --name "Cisco AnyConnect Secure Mobility Client")
    sleep 1
 done
 echo "Detected vpnui window with ID $WID_CISCO"

 # Open Single Sign On page
 echo "Typing access URL..."
 wmctrl -R "Cisco AnyConnect Secure Mobility Client"
 # clear the text field before typing
 sleep 1
 xdotool key ctrl+a
 xdotool type --clearmodifiers "$VPN_ACCESS_URL"
 echo "Sending Return key to open SSO page (assuming the URL has already been entered)"
 xdotool key --delay 500 Return
 WID_SSO_LOGIN=''
 while [ -z "$WID_SSO_LOGIN" ]; do
    if [ $(($(date +%s) - start_time)) -gt $SCRIPT_TIMEOUT ]; then
        echo "Timeout waiting for SSO login page to open."
        exit 2
    fi
    WID_SSO_LOGIN=$(xdotool search --name "Cisco AnyConnect Login")
    sleep 1
 done
 echo "Detected SSO login window with ID $WID_SSO_LOGIN"

 # Enter VPN username (NetID)
 wmctrl -R "Cisco AnyConnect Login"
 sleep 4
 xdotool type "$VPN_USERNAME"
 # press tab + space to check "Keep me signed in", then tab + return to submit
 xdotool key --delay 200 Tab space Tab Return
 echo "Entered user; click next, please."
 sleep 3

 # Enter VPN password
 CISCO_VPN_PASS=$(secret-tool lookup vpn_client "$VPN_USERNAME")
 if [ -z "$CISCO_VPN_PASS" ]; then
    echo "No password found for user '${VPN_USERNAME}'. Store it with:"
    echo -e "\tsecret-tool store --label \"Cisco VPN credentials\" vpn_client $VPN_USERNAME\n"
    exit 3
 fi
 wmctrl -R "Cisco AnyConnect Login"
 xdotool type "$CISCO_VPN_PASS"
 sleep 1
 xdotool key --delay 200 Return
 sleep 3

 # dismiss useless connection banner
 wmctrl -R "Cisco AnyConnect - Banner" && xdotool key --delay 200 Tab Return

 # if kdocker exists, dock the VPN client window
 #   (the Cisco client has a weird "minimize to tray" feature).
 if command -v kdocker >/dev/null 2>&1; then
    echo "Docking VPN client window..."
    kdocker -b -w "$(wmctrl -l | grep AnyConnect | awk '{print $1}')" &
    disown
 fi

 echo "Done!"
	#!/bin/env bash
	# Script to automate VPN client start and entering credentials
	# "xdotool key" and "xdotool type" commands were not working
	# most of times when using the --window option, so the script
	# uses the "wmctrl" to switch window focus before typing or
	# pressing keys.
	# === BEFORE FIRST EXECUTION ===
	# Set VPN_USERNAME below;
	# Store the VPN password once with secret-tool:
	# secret-tool store --label "Cisco VPN credentials" vpn_client "$VPN_USERNAME"

	# parameters that you might want to change:
	VPN_USERNAME=""
	VPN_ACCESS_URL="vpnaccess.nd.edu/go"
	CISCO_BIN_GUI=/opt/cisco/anyconnect/bin/vpnui
	CISCO_BIN_CLI=/opt/cisco/anyconnect/bin/vpn
	SCRIPT_TIMEOUT=15

	# if VPN_USERNAME is not set, then the script will ask for it
	if [ -z "$VPN_USERNAME" ]; then
	echo "VPN username not set. Please enter it now and set it in this script for future runs:"
	read -r VPN_USERNAME
	fi
	# check secret-tool, xdotool, and wmctrl are installed:
	exit_code=0
	if ! command -v secret-tool >/dev/null 2>&1; then
	echo "Program secret-tool is not installed. Please install it."
	exit_code=10
	fi
	if ! command -v xdotool >/dev/null 2>&1; then
	echo "Program xdotool is not installed. Please install it."
	exit_code=10
	fi
	if ! command -v wmctrl >/dev/null 2>&1; then
	echo "Program wmctrl is not installed. Please install it."
	exit_code=10
	fi
	if [ $exit_code -ne 0 ]; then
	exit $exit_code
	fi

	# check if vpn is already connected and disconnect it if it is:
	if ! "$CISCO_BIN_CLI" state \| grep -i disconnected >/dev/null 2>&1; then
	echo "VPN is already connected, disconnecting it..."
	"$CISCO_BIN_CLI" disconnect
	# also close any GUI clients
	wmctrl -c "Cisco AnyConnect Secure Mobility Client"
	exit 0
	fi

	# general script timeout to break from loops
	start_time=$(date +%s)

	# Open main VPN client
	# check if the VPN client is running
	if ! pgrep -f "$CISCO_BIN_GUI" >/dev/null; then
	echo "Starting Cisco VPN client..."
	$CISCO_BIN_GUI &
	else
	echo "Cisco VPN client is already running, getting window ID..."
	fi
	WID_CISCO=''
	while [ -z "$WID_CISCO" ]; do
	if [ $(($(date +%s) - start_time)) -gt $SCRIPT_TIMEOUT ]; then
	echo "Timeout waiting for vpnui to start."
	exit 2
	fi
	WID_CISCO=$(xdotool search --name "Cisco AnyConnect Secure Mobility Client")
	sleep 1
	done
	echo "Detected vpnui window with ID $WID_CISCO"

	# Open Single Sign On page
	echo "Typing access URL..."
	wmctrl -R "Cisco AnyConnect Secure Mobility Client"
	# clear the text field before typing
	sleep 1
	xdotool key ctrl+a
	xdotool type --clearmodifiers "$VPN_ACCESS_URL"
	echo "Sending Return key to open SSO page (assuming the URL has already been entered)"
	xdotool key --delay 500 Return
	WID_SSO_LOGIN=''
	while [ -z "$WID_SSO_LOGIN" ]; do
	if [ $(($(date +%s) - start_time)) -gt $SCRIPT_TIMEOUT ]; then
	echo "Timeout waiting for SSO login page to open."
	exit 2
	fi
	WID_SSO_LOGIN=$(xdotool search --name "Cisco AnyConnect Login")
	sleep 1
	done
	echo "Detected SSO login window with ID $WID_SSO_LOGIN"

	# Enter VPN username (NetID)
	wmctrl -R "Cisco AnyConnect Login"
	sleep 4
	xdotool type "$VPN_USERNAME"
	# press tab + space to check "Keep me signed in", then tab + return to submit
	xdotool key --delay 200 Tab space Tab Return
	echo "Entered user; click next, please."
	sleep 3

	# Enter VPN password
	CISCO_VPN_PASS=$(secret-tool lookup vpn_client "$VPN_USERNAME")
	if [ -z "$CISCO_VPN_PASS" ]; then
	echo "No password found for user '${VPN_USERNAME}'. Store it with:"
	echo -e "\tsecret-tool store --label \"Cisco VPN credentials\" vpn_client $VPN_USERNAME\n"
	exit 3
	fi
	wmctrl -R "Cisco AnyConnect Login"
	xdotool type "$CISCO_VPN_PASS"
	sleep 1
	xdotool key --delay 200 Return
	sleep 3

	# dismiss useless connection banner
	wmctrl -R "Cisco AnyConnect - Banner" && xdotool key --delay 200 Tab Return

	# if kdocker exists, dock the VPN client window
	# (the Cisco client has a weird "minimize to tray" feature).
	if command -v kdocker >/dev/null 2>&1; then
	echo "Docking VPN client window..."
	kdocker -b -w "$(wmctrl -l \| grep AnyConnect \| awk '{print $1}')" &
	disown
	fi

	echo "Done!"