-
Notifications
You must be signed in to change notification settings - Fork 1
/
forti_login
executable file
·172 lines (141 loc) · 3.64 KB
/
forti_login
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
#!/bin/bash
# Enable curl alias
alias curl="curl --insecure --max-time 5 --silent --user-agent \
'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko'"
shopt -s expand_aliases
# Associative array with user as key and password as value
declare -A CREDENTIALS
KEEPALIVE_URL=""
SLEEP_PID=""
USAGE="Usage: $(basename "$0") [-u <username>] [-p <password>] [-f <credentials_filename>]"
cmd_available() {
command -v "$1" &> /dev/null
}
# Print arguments to stderr and exit
fail() {
printf "%s\n" "$*" 1>&2
exit 1
}
get_effective_url() {
curl --location --output /dev/null --write-out "%{url_effective}" "$1"
}
# Is stdout open and refers to a terminal?
is_stdout_term() {
[[ -t 1 ]]
}
# Remove $2 from front and $3 from back of the string $1
remove_substr() {
local tmp=${1##$2}
echo "${tmp%%$3}"
}
# Shuffle order of lines
# http://mywiki.wooledge.org/BashFAQ/026
randomize() {
while IFS='' read -r line
do
printf "%d\t%s\n" "$RANDOM" "$line"
done |
sort -n |
cut -f 2-
}
# File should contain whitespace delimited list of user and password pairs
read_credentials_from_file() {
local filename user password
filename="$1"
while read -r user password
do
CREDENTIALS[$user]=$password
done < <(randomize < "$filename")
}
# Get user and password from parameters/stdin/file
get_credentials() {
local filename user password
while getopts ":u:p:f:" opt
do
case $opt in
u) user=$OPTARG ;;
p) password=$OPTARG ;;
f) filename=$OPTARG ;;
esac
done
if [[ -n $user ]] && [[ -n $password ]]
then
CREDENTIALS[$user]=$password
elif [[ -n $filename ]] && [[ -f $filename ]]
then
# Read from file provided it exists
read_credentials_from_file "$filename"
fi
[[ ${#CREDENTIALS[@]} -eq 0 ]] && return 1
}
do_logout() {
local logout_url=${KEEPALIVE_URL/keepalive/logout}
if curl "$logout_url" &> /dev/null
then
echo "" && echo "Logged out."
else
fail "Error logging out."
fi
}
keepalive() {
local html countdown
while true
do
html=$(curl --output - "$KEEPALIVE_URL")
[[ $? -ne 0 ]] && fail "Error in authentication refresh."
countdown=$(remove_substr "$html" \
"*var countDownTime=" \
" + 1;*")
countdown=$((countdown - 5))
sleep "$countdown" & SLEEP_PID=$!
wait "$SLEEP_PID"
done
}
# Logout & kill subprocesses
cleanup() {
disown -a
[[ -n "$SLEEP_PID" ]] && kill "$SLEEP_PID" &> /dev/null
do_logout
}
main() {
local google effective_url base_url magic html user logged_in
# Do we have curl?
cmd_available "curl" || fail "Please install curl."
google="www.google.com/"
effective_url=$(get_effective_url "$google")
# Did we get redirected to the authentication page?
echo "$effective_url" | grep -q "fgtauth" || \
fail "Did NOT get redirected to authentication page."
# Get login credentials
get_credentials "$@" || fail "$USAGE"
# Extract base URL and magic parameter
base_url=$(remove_substr "$effective_url" "" "fgtauth*")
magic=$(remove_substr "$effective_url" "*fgtauth\?" "" )
for user in "${!CREDENTIALS[@]}"
do
# POST form data to base_url
html=$(curl --output - \
--data-urlencode 4Tredir="$google" \
--data-urlencode magic="$magic" \
--data-urlencode username="$user" \
--data-urlencode password="${CREDENTIALS[$user]}" \
"$base_url")
# Failed?
if echo "$html" | grep -qi "failed"
then
echo "Authentication failed with username $user." 1>&2
else
echo "Logged in with username $user."
logged_in=1
break
fi
done
[[ -z $logged_in ]] && fail "Failed."
is_stdout_term && echo "Press Ctrl-C to logout."
unset CREDENTIALS
KEEPALIVE_URL=$(remove_substr "$html" "*location.href=\"" "\";*")
# Logout on exit
trap "cleanup" EXIT
keepalive
}
main "$@"