forked from vikraman/firewall-auth-sh
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathfirewall-auth.sh
executable file
·115 lines (108 loc) · 2.78 KB
/
firewall-auth.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
#!/bin/sh
username="username"
password="password"
google="http://74.125.236.208"
curl_opts="-k -m3 -s --stderr /dev/null"
trap logout SIGHUP SIGINT SIGQUIT SIGTERM
login() {
fgt_redirect=$(
curl ${curl_opts} --max-redirs 0 -D- ${google}
)
if [ -z "${fgt_redirect}" ];
then
state="fail"
elif [ -z "$(echo ${fgt_redirect} | grep "HTTP\/1.1 303 See Other")" ];
then
state="login"
else
fgt_auth_url=$(
echo "${fgt_redirect}" |
sed -n -e 's/.*Location: \(.*\).*/\1/p' |
tr -d '\r\n'
)
fgt_auth_resp=$(
curl ${curl_opts} ${fgt_auth_url}
)
fgt_auth_magic=$(
echo "${fgt_auth_resp}" |
sed -n -e 's/.*name="magic" \+value="\([^"]\+\).*/\1/p'
)
fgt_post_resp=$(
curl ${curl_opts} -d \
"username=${username}&password=${password}&magic=${fgt_auth_magic}&4Tredir=/" \
"${fgt_auth_url}"
)
fgt_keepalive_url=$(
echo "${fgt_post_resp}" |
sed -n -e 's/.*location.href="\([^"]\+\).*/\1/p' |
tr -d '\r\n'
)
if [ -z "${fgt_keepalive_url}" ];
then
state="badauth"
else
logger -t firewall-auth "Logged in"
fgt_logout_url=$(
echo "${fgt_post_resp}" |
sed -n -e 's/.*<p><a href="\([^"]\+\).*/\1/p' |
tr -d '\r\n'
)
state="keepalive"
fi
fi
}
keepalive() {
fgt_keepalive_resp=$(
curl ${curl_opts} -D- ${fgt_keepalive_url}
)
if [ -z "$(echo "${fgt_keepalive_resp}" | grep "HTTP\/1.1 200 OK")" ];
then
state="retry"
else
state="keepalive"
fi
}
logout() {
if [ -n "${fgt_logout_url}" ];
then
logger -t firewall-auth "Logging out"
curl ${curl_opts} ${fgt_logout_url} >/dev/null
fi
exit
}
login
while :
do
case ${state} in
"fail")
logger -t firewall-auth "Network failure"
sleep 30 & wait $!
login
;;
"login")
logger -t firewall-auth "Already logged in"
sleep 10 & wait $!
login
;;
"badauth")
logger -t firewall-auth "Bad credentials"
sleep 120 & wait $!
login
;;
"retry")
logger -t firewall-auth "Retrying login"
sleep 1 & wait $!
login
;;
"keepalive")
logger -t firewall-auth "Keeping alive"
sleep 120 & wait $!
keepalive
;;
*)
logger -t firewall-auth "Something went wrong"
sleep 10 & wait $!
login
;;
esac
done