wait for cookie over side-channel

Dockerfile

@@ -7,11 +7,12 @@ COPY src /app/src/src/
 RUN mkdir -p /app/build && cd /app/build && cmake /app/src && make && mv tcpproxy ..
 
 FROM debian:bookworm-slim
-RUN apt-get update && apt-get install -y --no-install-recommends openconnect libevent-core-2.1-7 && rm -rf /var/cache/apt/archives /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y --no-install-recommends openconnect libevent-core-2.1-7 netcat-traditional && rm -rf /var/cache/apt/archives /var/lib/apt/lists/*
 COPY --from=builder /app/tcpproxy /app/
 COPY --from=builder /app/src/NOTICE /app/
 COPY --from=builder /app/src/lwip/COPYING /app/
 COPY docker-entrypoint.sh /app/
 EXPOSE 1234
+EXPOSE 1235
 USER nobody
 ENTRYPOINT ["/app/docker-entrypoint.sh"]

docker-entrypoint.sh

@@ -1,2 +1,18 @@
 #!/bin/bash
-exec openconnect --script-tun --script "/app/tcpproxy -g -L 1234:$HOST" "$@"
+action="$1"
+shift
+case "$action" in
+"connect")
+    echo "Waiting for cookie on tcp:1235..."
+    cookie="$(netcat -l -p 1235)"
+    echo "Got cookie! Connecting..."
+    exec openconnect --script-tun --script "/app/tcpproxy -g -L 1234:$HOST" --non-inter --cookie="$cookie" --disable-ipv6 "$@"
+    ;;
+"authenticate")
+    exec openconnect --cookieonly "$@"
+    ;;
+*)
+    echo "Unknown action $action"
+    exit 1
+    ;;
+esac