Уточни TOTP seed и статус модулей VPN
This commit is contained in:
@@ -45,7 +45,7 @@ Usage: vpn-lemanapro.sh [--debug] [--json] [--status] [--configure-keychain]
|
||||
--status --json Show current VPN status as JSON
|
||||
--debug Run visible browser and passthrough debug logs
|
||||
--json Emit JSON Lines events for UI wrappers
|
||||
--configure-keychain Prompt for LDAP password/TOTP and save them to Keychain
|
||||
--configure-keychain Prompt for LDAP password and TOTP secret, then save them to Keychain
|
||||
HELP
|
||||
exit 0
|
||||
;;
|
||||
@@ -75,11 +75,113 @@ _json_get() {
|
||||
python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('$key',''))" 2>/dev/null || true
|
||||
}
|
||||
|
||||
_find_webengine_process() {
|
||||
if [[ -n "${LEMANA_VPN_WEBENGINE_PROCESS:-}" ]]; then
|
||||
printf '%s\n' "$LEMANA_VPN_WEBENGINE_PROCESS"
|
||||
return 0
|
||||
fi
|
||||
find "$OC_VENV/lib" -path '*/site-packages/openconnect_lite/browser/webengine_process.py' -print -quit 2>/dev/null
|
||||
}
|
||||
|
||||
_module_bool() {
|
||||
if "$@" >/dev/null 2>&1; then
|
||||
printf true
|
||||
else
|
||||
printf false
|
||||
fi
|
||||
}
|
||||
|
||||
_patches_active() {
|
||||
local wep
|
||||
wep="$(_find_webengine_process)"
|
||||
[[ -n "$wep" && -f "$wep" ]] || return 1
|
||||
grep -q '"offscreen"' "$wep" \
|
||||
&& grep -q 'new Event("input", {{bubbles: true}})' "$wep" \
|
||||
&& grep -q 'new RegExp' "$wep"
|
||||
}
|
||||
|
||||
_keychain_has() {
|
||||
security find-generic-password -s "$1" -a "$2" >/dev/null 2>&1
|
||||
}
|
||||
|
||||
_module_status_json() {
|
||||
local openconnect_installed openconnect_lite_installed bitwarden_installed touchid_installed dns_cleanup_installed
|
||||
local config_present oc_config_present patch_backup_present patches_active keychain_password keychain_totp_seed
|
||||
openconnect_installed="$(_module_bool command -v openconnect)"
|
||||
openconnect_lite_installed="$(_module_bool test -x "$OC_BIN")"
|
||||
bitwarden_installed="$(_module_bool command -v bw)"
|
||||
touchid_installed="$(_module_bool test -x "$KC_FP")"
|
||||
dns_cleanup_installed="$(_module_bool test -x "$DNS_CLEANUP")"
|
||||
config_present="$(_module_bool test -f "$CONFIG_FILE")"
|
||||
oc_config_present="$(_module_bool test -f "$HOME/.config/openconnect-lite/config.toml")"
|
||||
patch_backup_present="$(_module_bool test -f "$PATCH_BACKUP_DIR/webengine_process.py.before-lemana-vpn")"
|
||||
patches_active="$(_module_bool _patches_active)"
|
||||
keychain_password="$(_module_bool _keychain_has openconnect-lite "$KC_USERNAME")"
|
||||
keychain_totp_seed="$(_module_bool _keychain_has openconnect-lite "totp/$KC_USERNAME")"
|
||||
|
||||
printf '{"core":{"openconnect":%s,"openconnect_lite":%s,"config":%s,"openconnect_lite_config":%s},"bitwarden":{"enabled":%s,"installed":%s,"item":"%s"},"touchid":{"enabled":%s,"installed":%s},"keychain":{"password":%s,"totp_seed":%s},"dns_cleanup":{"installed":%s},"patches":{"active":%s,"backup":%s}}' \
|
||||
"$openconnect_installed" \
|
||||
"$openconnect_lite_installed" \
|
||||
"$config_present" \
|
||||
"$oc_config_present" \
|
||||
"$([[ "$USE_BITWARDEN" == "1" ]] && printf true || printf false)" \
|
||||
"$bitwarden_installed" \
|
||||
"$BW_ITEM_NAME" \
|
||||
"$([[ "$USE_TOUCHID" == "1" ]] && printf true || printf false)" \
|
||||
"$touchid_installed" \
|
||||
"$keychain_password" \
|
||||
"$keychain_totp_seed" \
|
||||
"$dns_cleanup_installed" \
|
||||
"$patches_active" \
|
||||
"$patch_backup_present"
|
||||
}
|
||||
|
||||
_module_human_part() {
|
||||
local name="$1" enabled="$2" installed="$3"
|
||||
if [[ "$enabled" == "0" ]]; then
|
||||
printf '%s=off' "$name"
|
||||
elif [[ "$installed" == "true" ]]; then
|
||||
printf '%s=on' "$name"
|
||||
else
|
||||
printf '%s=missing' "$name"
|
||||
fi
|
||||
}
|
||||
|
||||
_module_status_human() {
|
||||
local core bitwarden_installed touchid_installed dns_cleanup_installed patches_active keychain_password keychain_totp_seed
|
||||
if command -v openconnect >/dev/null 2>&1 && [[ -x "$OC_BIN" && -f "$HOME/.config/openconnect-lite/config.toml" ]]; then
|
||||
core="core=ok"
|
||||
else
|
||||
core="core=missing"
|
||||
fi
|
||||
|
||||
bitwarden_installed="$(_module_bool command -v bw)"
|
||||
touchid_installed="$(_module_bool test -x "$KC_FP")"
|
||||
dns_cleanup_installed="$(_module_bool test -x "$DNS_CLEANUP")"
|
||||
patches_active="$(_module_bool _patches_active)"
|
||||
keychain_password="$(_module_bool _keychain_has openconnect-lite "$KC_USERNAME")"
|
||||
keychain_totp_seed="$(_module_bool _keychain_has openconnect-lite "totp/$KC_USERNAME")"
|
||||
|
||||
printf 'Modules: %s, ' "$core"
|
||||
_module_human_part "bitwarden" "$USE_BITWARDEN" "$bitwarden_installed"
|
||||
printf ', '
|
||||
_module_human_part "touchid" "$USE_TOUCHID" "$touchid_installed"
|
||||
printf ', dns=%s, patches=%s, keychain=password:%s/totp_seed:%s\n' \
|
||||
"$([[ "$dns_cleanup_installed" == "true" ]] && printf on || printf missing)" \
|
||||
"$([[ "$patches_active" == "true" ]] && printf active || printf pending)" \
|
||||
"$([[ "$keychain_password" == "true" ]] && printf yes || printf no)" \
|
||||
"$([[ "$keychain_totp_seed" == "true" ]] && printf yes || printf no)"
|
||||
}
|
||||
|
||||
_check_status() {
|
||||
local modules_json
|
||||
modules_json="$(_module_status_json)"
|
||||
|
||||
if [[ ! -f "$STATUS_FILE" ]]; then
|
||||
if $JSON_MODE; then
|
||||
printf '%s\n' '{"state":"disconnected","reason":"no status file"}'
|
||||
printf '{"state":"disconnected","reason":"no status file","modules":%s}\n' "$modules_json"
|
||||
else
|
||||
_module_status_human
|
||||
printf '%s\n' "VPN disconnected (нет status-файла)"
|
||||
fi
|
||||
return 0
|
||||
@@ -100,8 +202,9 @@ _check_status() {
|
||||
|
||||
if [[ "$state" != "connected" ]] || ! $process_alive; then
|
||||
if $JSON_MODE; then
|
||||
printf '{"state":"disconnected","reason":"%s"}\n' "$(! $process_alive && printf 'process dead (pid=%s)' "$pid" || printf '%s' "$state")"
|
||||
printf '{"state":"disconnected","reason":"%s","modules":%s}\n' "$(! $process_alive && printf 'process dead (pid=%s)' "$pid" || printf '%s' "$state")" "$modules_json"
|
||||
else
|
||||
_module_status_human
|
||||
printf '%s\n' "VPN disconnected"
|
||||
fi
|
||||
return 0
|
||||
@@ -125,22 +228,15 @@ _check_status() {
|
||||
fi
|
||||
|
||||
if $JSON_MODE; then
|
||||
printf '{"state":"connected","ip":"%s","healthy":%s,"remaining_sec":%s,"expires":"%s","pid":%s,"dns_target":"%s"}\n' \
|
||||
"$ip" "$healthy" "$remaining_sec" "$expires" "$pid" "$dns_target"
|
||||
printf '{"state":"connected","ip":"%s","healthy":%s,"remaining_sec":%s,"expires":"%s","pid":%s,"dns_target":"%s","modules":%s}\n' \
|
||||
"$ip" "$healthy" "$remaining_sec" "$expires" "$pid" "$dns_target" "$modules_json"
|
||||
else
|
||||
_module_status_human
|
||||
printf 'VPN connected - %s (session: %sh %sm, tunnel: %s)\n' \
|
||||
"$ip" "$hours" "$mins" "$($healthy && printf healthy || printf unhealthy)"
|
||||
fi
|
||||
}
|
||||
|
||||
_find_webengine_process() {
|
||||
if [[ -n "${LEMANA_VPN_WEBENGINE_PROCESS:-}" ]]; then
|
||||
printf '%s\n' "$LEMANA_VPN_WEBENGINE_PROCESS"
|
||||
return 0
|
||||
fi
|
||||
find "$OC_VENV/lib" -path '*/site-packages/openconnect_lite/browser/webengine_process.py' -print -quit 2>/dev/null
|
||||
}
|
||||
|
||||
_patch_oc() {
|
||||
local wep
|
||||
wep="$(_find_webengine_process)"
|
||||
@@ -433,6 +529,12 @@ fi
|
||||
|
||||
trap '_dns_cleanup; _clear_status' EXIT
|
||||
|
||||
if ! $JSON_MODE; then
|
||||
_module_status_human
|
||||
else
|
||||
printf '{"event":"modules","modules":%s}\n' "$(_module_status_json)"
|
||||
fi
|
||||
|
||||
_patch_oc
|
||||
_sync_bitwarden
|
||||
|
||||
|
||||
Reference in New Issue
Block a user