diff --git a/CHANGELOG.md b/CHANGELOG.md index a1a17f6..c5ab12c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). +## [1.2.0] - 2024-01-18 +### Changed +- `main.go` rewrite secret at keyring if set by flag. +- `README.md` describe installation process. + ## [1.1.1] - 2023-07-27 ### Fixed - `nmcli.go` **nmcliConnectionActive** search of element in slice. diff --git a/README.md b/README.md index 0dbcc62..1cacf6b 100644 --- a/README.md +++ b/README.md @@ -9,3 +9,12 @@ Then you can start it as a daemon and it will bring up that VPN connection using ## Systemd I want to use it as systemd service and I prepared a unit file plus a piece of audit config, but both methods of providing password (--ask, passwd-file) don't work when `roly-poly-vpn` is started by systemd. I'm going to find another way or fix some of these methods but it doesn't work as expected right now. So run it from your session somehow. + +## Installation +- Import your OpenVPN configuration to NetworkManager configuration. +- Set your login to the NM VPN config and set to "Ask password every time". +- Download from binary from [release page](https://github.com/nixargh/tired/releases). +- Set execution bit for binary: ```chmod +x ./roly-poly-vpn``` +- Move somewhere to your **PATH**. At Ubuntu I prefer `~/.local/bin/` directory: ```mv ./roly-poly-vpn ~/.local/bin/``` +- Run it and answer questions about NetworkManager VPN config name, ypur LDAP password and OTP secret. +If you make a mistake and want to change the value just run **roly-poly-vpn** with flag setting this secret and it will overwritten at your keyring. Or as alternative **seahorse** utility, which is a GUI keyring manager, could be used. diff --git a/main.go b/main.go index 8a81abc..10cfd72 100644 --- a/main.go +++ b/main.go @@ -1,6 +1,7 @@ package main import ( + "bufio" "flag" "fmt" "os" @@ -20,7 +21,7 @@ import ( // "github.com/pkg/profile" ) -var version string = "1.1.1" +var version string = "1.2.0" var clog *log.Entry @@ -64,18 +65,10 @@ func main() { clog.Info("Let's have some fun with 2FA VPN via NM!") // Validate variables - if config == "" { - clog.Info("Hint: Use 'nmcli connection' to find out your config names.") - config = promptForSecret("config") - } - - if password == "" { - password = promptForSecret("password") - } - - if otpSecret == "" { - otpSecret = promptForSecret("otpSecret") - } + clog.Info("Hint: Use 'nmcli connection' to find out your config names.") + config = manageParameter("config", config, false) + password = manageParameter("password", password, true) + otpSecret = manageParameter("otpSecret", otpSecret, true) go waitForDeath(config) @@ -104,31 +97,59 @@ func main() { } } -func promptForSecret(secret string) string { +func manageParameter(parameter string, parameterValue string, hide bool) string { service := "roly-poly-vpn" - var secretValue string var err error - secretValue, err = keyring.Get(service, secret) + // If value is empty - read from keyring or ask + if parameterValue == "" { + parameterValue, err = keyring.Get(service, parameter) - if err == nil && secretValue != "" { - clog.WithFields(log.Fields{"secret": secret}).Info("Got secret value from keyring.") - return secretValue - } + if err == nil && parameterValue != "" { + clog.WithFields(log.Fields{"parameter": parameter}).Info("Got parameter value from keyring.") + return parameterValue + } + + fmt.Printf("New '%v' value: ", parameter) - fmt.Printf("New '%v' value: ", secret) - bytespw, _ := term.ReadPassword(int(syscall.Stdin)) - secretValue = string(bytespw) - fmt.Print("\n") + if hide { + bytespw, err := term.ReadPassword(int(syscall.Stdin)) + if err != nil { + log.Fatal(err) + clog.WithFields(log.Fields{ + "parameter": parameter, + "error": err, + }).Fatal("Reading hidden parameter value from cmd failed.") + } + parameterValue = string(bytespw) + } else { + scanner := bufio.NewScanner(os.Stdin) + scanner.Scan() + err := scanner.Err() + if err != nil { + log.Fatal(err) + clog.WithFields(log.Fields{ + "parameter": parameter, + "error": err, + }).Fatal("Reading parameter value from cmd failed.") + } + parameterValue = scanner.Text() + } + fmt.Print("\n") + } - err = keyring.Set(service, secret, secretValue) + // Save value gotten as flag or asked + err = keyring.Set(service, parameter, parameterValue) if err != nil { - clog.WithFields(log.Fields{"secret": secret, "error": err}).Fatal("Can't save password to keyring.") + clog.WithFields(log.Fields{ + "parameter": parameter, + "error": err, + }).Fatal("Can't save password to keyring.") } - clog.WithFields(log.Fields{"secret": secret}).Info("Secret saved to keyring.") - return secretValue + clog.WithFields(log.Fields{"parameter": parameter}).Info("Parameter's value saved to keyring.") + return parameterValue } func GeneratePassCode(secret string) string {