forked from pigmonkey/nmtrust
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathttoggle
executable file
·195 lines (174 loc) · 4.59 KB
/
ttoggle
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
#!/bin/sh
UNITFILE="/etc/nmtrust/trusted_units"
###############################################################################
usage() {
echo "Usage: ttrust [OPTION...]
Toggle the activation of certain systemd units based on the trust of the current network connections.
Options:
-f specify an alternative location for the trusted unit file
-s display the status of the trusted units and exit
-x stop all trusted units, regardless of network trust
-t start all trusted units, regardless of network trust
-q be quiet"
}
file_check() {
if [ ! -f "$UNITFILE" ]; then
if [ "$quiet" != true ]; then
echo "Could not locate trusted unit file: $UNITFILE"
fi
exit 1
fi
}
find_nmtrust() {
if hash nmtrust 2> /dev/null; then
NMTRUST=nmtrust
else
echo "Could not find nmtrust"
exit 127
fi
}
extract_user() {
echo "$1" | sed 's/.*user:\([^,]*\).*/\1/'
}
get_trusted_units() {
TRUSTED_SYSTEM_UNITS=$(grep -v '^#\|,.*user:' "$UNITFILE" | cut -d ',' -f1)
OFFLINE_SYSTEM_UNITS=$(grep -v '^#\|,.*user:' "$UNITFILE" | grep ',.*allow_offline' | cut -d ',' -f1)
TRUSTED_USER_UNITS=$(grep -v '^#' "$UNITFILE" | grep ',.*user:')
OFFLINE_USER_UNITS=$(grep -v '^#' "$UNITFILE" | grep ',.*user:' | grep ',.*allow_offline')
}
user_toggle() {
unit_user=$(extract_user "$line")
unit=$(echo "$line" | cut -d ',' -f1)
if [ "$1" = "status" ]; then
command="SYSTEMD_COLORS=1 systemctl $1 --user $unit | sed '1p;/^\s*Active:/!d'"
else
command="systemctl $1 --user $unit"
fi
if [ "$unit_user" = "$USER" ]; then
eval "$command"
else
sudo -u "$unit_user" bash -c "export XDG_RUNTIME_DIR=/run/user/$(id -u "$unit_user"); $command"
fi
}
start() {
if [ -n "$TRUSTED_SYSTEM_UNITS" ]; then
if [ "$quiet" != true ]; then
echo "Starting trusted system units"
fi
systemctl start $TRUSTED_SYSTEM_UNITS
fi
if [ -n "$TRUSTED_USER_UNITS" ]; then
if [ "$quiet" != true ]; then
echo "Starting trusted user units"
fi
echo "$TRUSTED_USER_UNITS" | while read -r line; do
user_toggle "start" "$line"
done
fi
}
stop() {
if [ -n "$TRUSTED_SYSTEM_UNITS" ]; then
if [ "$quiet" != true ]; then
echo "Stopping trusted system units"
fi
systemctl stop $TRUSTED_SYSTEM_UNITS
fi
if [ -n "$TRUSTED_USER_UNITS" ]; then
if [ "$quiet" != true ]; then
echo "Stopping trusted user units"
fi
echo "$TRUSTED_USER_UNITS" | while read -r line; do
user_toggle "stop" "$line"
done
fi
}
start_offline() {
stop
if [ -n "$OFFLINE_SYSTEM_UNITS" ]; then
if [ "$quiet" != true ]; then
echo "Starting trusted system offline units"
fi
systemctl start "$OFFLINE_SYSTEM_UNITS"
fi
if [ -n "$OFFLINE_USER_UNITS" ]; then
if [ "$quiet" != true ]; then
echo "Starting trusted user offline units"
fi
echo "$OFFLINE_USER_UNITS" | while read -r line; do
user_toggle "start" "$line"
done
fi
}
status() {
echo "Systemd system units:"
for unit in $TRUSTED_SYSTEM_UNITS
do
SYSTEMD_COLORS=1 systemctl status "$unit" | sed '1p;/^\s*Active:/!d'
done
echo "Systemd user units:"
echo "$TRUSTED_USER_UNITS" | while read -r line; do
user_toggle "status" "$line"
done
}
while getopts ":f:sxtqh" opt; do
case $opt in
f)
UNITFILE=$OPTARG
;;
q)
quiet=true
;;
s)
status=true
;;
x)
stopall=true
;;
t)
startall=true
;;
:)
echo "Option -$OPTARG requires an argument."
usage
exit 1
;;
h | *)
usage
exit
;;
esac
done
# Check if the trusted unit file exists.
file_check
# Get the trusted units
get_trusted_units
# If the status was requested, display it.
if [ "$status" = true ]; then
status
exit $?
fi
# If stopping everything was requested, do it.
if [ "$stopall" = true ]; then
stop
exit $?
fi
# If starting everything was requested, do it.
if [ "$startall" = true ]; then
start
exit $?
fi
# Execute nmtrust.
find_nmtrust
$NMTRUST
result=$?
# Toggle the units as appropriate.
if [ $result -eq 0 ]; then
start
exit $?
elif [ $result -eq 4 ]; then
start_offline
exit $?
else
stop
exit $?
fi