Created
March 9, 2020 12:22
-
-
Save RichieB2B/29e751046703ba32aab206d4aa6bbe09 to your computer and use it in GitHub Desktop.
PIN inject script for openvpn PKCS11 smart cards
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| cd /etc/openvpn | |
| function waitforport { | |
| i=0 | |
| # Wait for openvpn management interface | |
| while ! timeout 1 bash -c 'cat < /dev/null > /dev/tcp/127.0.0.1/8888' 2> /dev/null; do | |
| i=$((i+1)) | |
| if [ $i -gt 10 ]; then | |
| echo "Timeout waiting for openvpn management interface" 1>&2 | |
| exit 1 | |
| fi | |
| sleep 1 | |
| done | |
| } | |
| function injectloop { | |
| PIN=$(head -1 pin.txt) | |
| exec 3<>/dev/tcp/127.0.0.1/8888 | |
| # Send management password | |
| head -1 management.pwd >&3 | |
| # read anything it sends | |
| while read -r -u 3; do | |
| # First, release hold | |
| if [[ $REPLY == ?HOLD:Waiting* ]]; then | |
| echo 'hold release' >&3 | |
| # if it asks for a password, then give it one | |
| elif [[ $REPLY == ?PASSWORD:Need* ]]; then | |
| PWTYPE=$(echo $REPLY | sed -e "s/^[^']*'//;s/'.*$//") | |
| echo 'Received password requested, injecting PIN' >&2 | |
| echo 'password "'$PWTYPE'" '"$PIN" >&3 | |
| elif [[ $REPLY == *"password entered, but not yet verified"* ]]; then | |
| echo "All done: $REPLY" >&2 | |
| echo "quit" >&3 | |
| else | |
| echo "Ignoring message: $REPLY" >&2 | |
| fi | |
| done | |
| } | |
| ( | |
| # wait for lock on /run/lock/inject-pin (fd 200) for 10 seconds | |
| flock -x -w 10 200 || exit 1 | |
| while [ 1 ]; do | |
| waitforport | |
| injectloop | |
| done | |
| ) 200>/run/lock/inject-pin |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment