#!/bin/sh
#
# Simple control script for Juniper Network Connect VPN clients
#
# Copyright 2008 Paul D. Smith <paul@mad-scientist.us>
# Version 1.3   (15 June 2008)
#
# Minor edits by Edward Harman (5 June 2009)
#
# This script is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free
# Software Foundation; either version 3 of the License, or (at your option)
# any later version.
#
# This script is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
# more details.
#
# Requires that 'zenity' be installed.
# Need sun-java6-jdk and sun-java6-plugin (or equivalent) for GUI mode.
#
# Default realm: view page source and look for:
#    <input ... name="realm" value="XXXX">
# and use "XXXX" (no quotes) as the realm value.

_vpntitle='Network Connect VPN'
_vpncfg="$HOME/.vpn.cfg"

_jpath="$HOME/.juniper_networks"
_ncpath="$_jpath/network_connect"
_jarfile="$_jpath/ncLinuxApp.jar"

_gui=true

JDK_HOME=/usr/lib/jvm/ia32-java-6-sun

# Try to find a program on PATH
findprog () {
    r=1
    _oldIFS="$IFS"
    IFS=:
    for d in $PATH; do
        case $d in '') d=. ;; esac
        if [ -f "$d/$1" ] && [ -x "$d/$1" ]; then
            r=0
            break
        fi
    done
    IFS="$_oldIFS"

    return $r
}

# If we don't have zenity, give up.  We could rewrite to fall back to
# echo etc.  Someday maybe.
if findprog zenity; then
    : found it
else
    echo "This script requires the program 'zenity'."
    echo "Please use your package manager to install it."
    exit 1
fi

# See if we have gksudo or kdesudo
_sudo=
if findprog gksudo; then
    _sudo=gksudo
elif findprog kdesudo; then
    _sudo=kdesudo
else
    _sudo=sudo
fi

_errlog="${TMPDIR:-/tmp}/junipernc.$$"

# Default config values
HOST=
: ${USER:=`id -u -n`}
CERT="$HOME/.vpn.crt"
REALM='Users'

die () {
    _loginfo=''
    [ -s "$_errlog" ] && _loginfo="

Check the error log file '$_errlog' for more information."
    if $_gui; then
        zenity --error --title="$_vpntitle" --text="$*$_loginfo"
    else
        echo "$*$_loginfo"
    fi
    exit 1
}

msg () {
    if $_gui; then
        zenity --info --title="$_vpntitle" --text="$*"
    else
        echo "$*"
    fi
}

log () {
    echo "$*" >> "$_errlog"
}

uninstall_nc () {
    zenity --question --title="$_vpntitle" --text='Are you sure you want to uninstall Juniper Network Connect?' \
        || exit 0

    rm -f "$_vpncfg" "$CERT" && rm -rf "$_jpath" && exit 0

    die 'Uninstall has failed!'
}


# Set up the Juniper app, if it's not done yet.
setup () {
    _svc="$_ncpath/ncsvc"
    # If ncsvc is not available, unpack it
    if [ ! -f "$_svc" ]; then
        (cd "$_ncpath" && jar xf "$_jarfile" && [ -f "$_svc" ]) >> "$_errlog" 2>&1 \
            || die "Could not unpack Juniper Network Connect!"
    fi

    # If the ownership or permissions are not correct, fix them
    if [ `stat -c '%u:%g:%a' "$_svc"` != 0:0:6711 ]; then
        msg "Initial setup requires administrator privileges.  Please enter your password."
        ( $_sudo chown 0:0 "$_svc" && $_sudo chmod 06711 "$_svc" ) >> "$_errlog" 2>&1 \
            || die "Failed to set permissions on '$_svc'!"
    fi
}

# Allow the user to customize the system
config () {
    # Get a hostname--needs to be valid
    err=''
    while true; do
        HOST=`zenity --entry --title="$_vpntitle" --text="${err}Enter the Network Connect server:" --entry-text="$HOST"` \
            || exit 1

        # Some folks enter the HTTP part; remove it.
        case $HOST in
            http://*)   HOST=${HOST#http://} ;;
            https://*)  HOST=${HOST#https://} ;;
        esac
        HOST=${HOST%%/*}

        # If it's a hostname, make sure we can look it up.
        case $HOST in
            *[^.0-9]*)
                host "$HOST" >/dev/null 2>&1 && break
                err="Cannot resolve hostname $HOST.  Please try again.

" ;;
        esac
    done

    USER=`zenity --entry --title="$_vpntitle" --text='Enter the VPN account username' --entry-text="$USER"` \
        || exit 1

    REALM=`zenity --entry --title="$_vpntitle" --text='Enter the VPN service realm' --entry-text="$REALM"` \
        || exit 1

    cat > "$_vpncfg" <<EOF
HOST="$HOST"
USER="$USER"
CERT="$CERT"
REALM="$REALM"
EOF
}

# Get the server certificate
getcert () {
    _certdir="$_ncpath"
    _clean=false

    if [ ! -x "$_certdir/getx509certificate.sh" ]; then
        _certdir="/tmp/.juniper_temp.$$"
        mkdir -p "$_certdir"
        ( cd "$_certdir" && jar xf "$_jarfile" ) \
            || die "Could not unpack certificate retrieval tool!"
        _clean=true
    fi

    (cd "$_certdir" \
        && /bin/bash ./getx509certificate.sh "$HOST" "$CERT" \
        && chmod 400 "$CERT"
    ) || die "Could not retrieve server certificate from $HOST!"

    $_clean && rm -rf "$_certdir"
}

# --------------- MAIN

# We _don't_ want to be root!
[ `id -u` -eq 0 ] && die "This script should NOT be run with sudo.
Please run it directly."

rm -rf "$_errlog"
touch "$_errlog"

[ -f "$_jarfile" ] \
    || die "Juniper Network Connect is not installed!"

# Read the custom file if it exists
if [ -f "$HOME/.vpn.cfg" ]; then
    log "Reading $HOME/.vpn.cfg..."
    . "$HOME/.vpn.cfg"
fi

# See if the user wants to use the GUI
log "Run as: $0 $*"
case $1 in
    -gui)   _gui=true; shift ;;
    -nogui) _gui=false; shift ;;
    -uninstall) uninstall_nc ;;
esac
case $DISPLAY in
    '') _gui=false ;;
esac

case $1 in
    '') : ok ;;
    *)  die "Invalid arguments: $*" ;;
esac

$_gui || _sudo=sudo

# Make sure the service is set up
setup

# If anything's missing, call the config function
case ":$HOST:$USER:$CERT:$REALM:" in
    *::*) config ;;
esac

[ -f "$CERT" ] || getcert

# Connect to the remote server and bring up the VPN
# This loop runs forever or until the user quits.
while true; do
    password=`zenity --entry --title="$_vpntitle" --text='Enter your Password' --hide-text` \
        || exit 0
    case $password in
        '') die 'Invalid password' ;;
    esac

    ok=true
    if $_gui; then
        java="${JDK_HOME:+$JDK_HOME/bin/}java"
        "$java" -jar "$_ncpath/NC.jar" -h "$HOST" -u "$USER" -p "$password" -f "$CERT" -r "$REALM" \
            || ok=false

    else
        "$_ncpath/ncsvc" -h "$HOST" -u "$USER" -p "$password" -r "$REALM" -f "$CERT" \
            || ok=false
    fi

    if $ok; then
        zenity --info --title="$_vpntitle" --text='VPN has exited successfully.'
    else
        zenity --error --title="$_vpntitle" --text='VPN has failed!'
    fi

    zenity --question --title="$_vpntitle" --text='Would you like to restart the VPN connection?' \
        || exit 0
done

# Should never get here
exit 1