1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
| #!/usr/bin/env bash
# Script to login/logout from a Stormshield firewall,
# like the one at IPGP.
#
# (c) 2019 Michel Le Cocq <lecocq@ipgp.fr>
# (c) 2019 Claudio Satriano <satriano@ipgp.fr>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
BASE_URL=https://fw.ipgp.fr
WORKDIR=/tmp/$USER/fwall
COOKIE_FILE=$WORKDIR/cookie.tmp
mkdir -p $WORKDIR
chmod 700 $WORKDIR
# Login using a HTTP POST, then download and open the java applet.
function login() {
if [ -z $USERNAME ] || [ -z $PASSWORD ]
then
printf 'login or password empty.'
exit 1
fi
curl -s \
--cookie $COOKIE_FILE \
--cookie-jar $COOKIE_FILE \
-d "time=240&uid=$USERNAME&authnum=0&pswd=$PASSWORD" \
-X POST \
$BASE_URL/auth/plain.html \
> /dev/null
PASSWORD=''
curl -s \
--cookie $COOKIE_FILE \
--cookie-jar $COOKIE_FILE \
-o $WORKDIR/tmp.jnlp \
$BASE_URL/auth/xvpnc.jnlp \
> /dev/null
if [ "$(head -n 1 $WORKDIR/tmp.jnlp)" != "<jnlp" ]; then
echo "Error during login."
exit 1
fi
# The jnlp file must be renamed according to the "href" tag,
# otherwhise it does not work
echo "Starting Java applet..."
jnlp_name=$(
grep href $WORKDIR/tmp.jnlp |\
grep jnlp |\
sed 's/href=//' |\
tr -d '"' |\
awk '{print $1}'
)
mv $WORKDIR/tmp.jnlp $WORKDIR/$jnlp_name
javaws $WORKDIR/$jnlp_name || exit 1
if [ $(which sshuttle) ]
then
echo 'now you can launch sshuttle : '
echo 'sismologie usage :'
echo 'sshuttle --dns -r login-sismologie@127.0.0.1:11237 0/1'
else
echo 'I suggest you to install sshuttle see : https://intra.sismo.ipgp.fr/sshuttle'
fi
}
# Logout using HTTP GET, remove the COOKIE_FILE and other temp files
function logout() {
curl -s \
--cookie $COOKIE_FILE \
--cookie-jar $COOKIE_FILE \
$BASE_URL/auth/auth.html\?url\&uid\&time\=240\&logout\=Logout \
> /dev/null && echo "Successfully logged out."
rm -f $COOKIE_FILE
rm -f $WORKDIR/*.jnlp
# kill java session
for p in $(ps aux | grep java.*fwall.*.jnlp | grep -v grep | awk '{print $2}')
do
kill $p
echo 'java process : '$p' : has been killed'
done
}
# Simple usage function
function usage() {
echo "Usage $0 {login|logout}"
if [ $(uname -s) != "Darwin" ]
then
printf "Options :\n%s {login|logout} {-u|--user} LOGIN-IPGP\n" $0
fi
exit 1
}
function amirunning() {
# check if process is still running then kill it
proc=0
proc=$(ps aux | grep /tmp/java | grep $USER | grep -v grep | tr -s ' ' | cut -d' ' -f2 | tail -n 1)
}
# Check options
function options() {
USERNAME=''
# Call getopt to validate the provided input.
options=$(getopt -o u:io -l user -- "$@")
[ $? -eq 0 ] || {
echo "Incorrect options provided"
usage
exit 1
}
eval set -- "$options"
while true; do
# extract options and their arguments into variables.
case "$1" in
-u|--user)
shift; # The arg is next in position args
USERNAME=$1
;;
--)
shift
break
;;
esac
shift
done
if [ $# -ne 1 ]; then usage; fi
}
# main
if [ $(uname -s) != "Darwin" ]
then
options $@
fi
if [ "$1" = "login" ]
then
amirunning proc
if [ ! -z $proc ]
then
printf '... your java applet is already running with PID:%s\n' $proc
printf '... you may need to logout to login again: %s logout\n' $0
exit 1
fi
printf '...login to FW IPGP : %s\n' $BASE_URL
if [ -z $USERNAME ]
then
read -p 'Login:' USERNAME
fi
read -p 'Password:' -s PASSWORD
echo
login
elif [ "$1" = "logout" ]
then
printf '...logout to FW IPGP : %s\n' $BASE_URL
amirunning proc
if [ ! -z $proc ]
then
printf '... killing process : %s\n' $proc
kill $proc
fi
logout
else
usage
fi
|