UW Superior uses Cisco Clean Access to authenticate users on its networks, both wired and wireless. This is a pain. Windows users get a little daemon that sits on their machines, letting the powers that be know that the local system is secure. Right.
For the rest of us, the following script (after the break) can be thrown in /etc/interfaces/if-up.d/ or run on cron or something, if you’re a Linux user with cURL installed. And lockfile-progs, I guess, which you should have already if you’re on Ubuntu or a derivative thereof.
#!/bin/bash
# network credentials
username=uname1
password=123456
# uws wireless
server=nac-w.uwsuper.edu
provider=UWS\ Wireless
# uws wired (resnet)
#server=nac-srv.uwsuper.edu
#provider=ResNet
# other settings
maxtime=60
PATH=/sbin:/bin:/usr/sbin:/usr/bin
lockfile=/var/lock/uwsnac
# setup lockfile
lockfile-create $lockfile
lockfile-touch $lockfile &
locktouchpid="$!"
trap "kill $locktouchpid; lockfile-remove $lockfile;" exit
# initial check - do we need to authenticate?
if !(curl -# -m $maxtime http://google.com | grep -q $server)
then
echo "already authenticated; exiting"
exit
fi
# submit credentials
authresult=$(curl -# -m $maxtime -d cm=ws32vklm -d "username=$username" -d "password=$password" -d "provider=$provider" https://$server/auth/perfigo_cm_validate.jsp)
# check for user limit error
if (echo $authresult | grep -q "Too many users using this account")
then
echo "too many users on this account; booting off the oldest of these"
echo "your network connection may reset - hang tight"
authresult=$(curl -# -m $maxtime -d cm=ws32vklm -d remove_old=1 -d "username=$username" -d "password=$password" -d "provider=$provider" https://$server/auth/perfigo_cm_validate.jsp)
fi
# evaluate results
if (echo $authresult | grep -q "Invalid username or password")
then
echo "invalid credentials (protip: reconfigure); exiting"
exit
elif !(echo $authresult | grep -q perfigo_cm_agree.jsp)
then
echo "finished authenticating"
exit
fi
# submit policy agreement
userkey=$(echo $authresult | sed -r 's/.*"perfigo_cm_agree\.jsp\?userkey=([^&]*).*/\1/')
agreeresult=$(curl -# -m $maxtime -d "userkey=$userkey" -d "provider=$provider" https://$server/auth/perfigo_cm_policy.jsp)
if (echo $agreeresult | grep -q "You will be redirected to the URL")
then
echo "finished authenticating"
else
echo "ran into some difficulty, sorry"
fi
# done here
exit
(Anthony astutely points out that the part about /etc/interfaces/if-up.d/ is a lie. We’re having some difficulties with that particular trigger. But, failing everything else, you could have this run every two minutes as a root cronjob. It’d work.)
