def server_client_connect_post(server_id):
org_id = flask.request.json['org_id']
user_id = flask.request.json['user_id']
server = Server(server_id)
if not server:
return utils.jsonify({
'error': SERVER_INVALID,
'error_msg': SERVER_INVALID_MSG,
}, 401)
org = server.get_org(org_id)
if not org:
return utils.jsonify({
'error': ORG_INVALID,
'error_msg': ORG_INVALID_MSG,
}, 401)
user = org.get_user(user_id)
if not user:
return utils.jsonify({
'error': USER_INVALID,
'error_msg': USER_INVALID_MSG,
}, 401)
return utils.jsonify({
'client_conf': None,
})
def server_tls_verify_post(server_id):
org_id = flask.request.json['org_id']
user_id = flask.request.json['user_id']
server = Server(server_id)
if not server:
return utils.jsonify({
'error': SERVER_INVALID,
'error_msg': SERVER_INVALID_MSG,
}, 401)
org = server.get_org(org_id)
if not org:
LogEntry(message='User failed authentication, ' +
'invalid organization "%s".' % server.name)
return utils.jsonify({
'error': ORG_INVALID,
'error_msg': ORG_INVALID_MSG,
}, 401)
user = org.get_user(user_id)
if not user:
LogEntry(message='User failed authentication, ' +
'invalid user "%s".' % server.name)
return utils.jsonify({
'error': USER_INVALID,
'error_msg': USER_INVALID_MSG,
}, 401)
return utils.jsonify({
'authenticated': True,
})
def server_client_disconnect_post(server_id):
org_id = flask.request.json["org_id"]
user_id = flask.request.json["user_id"]
server = Server(server_id)
if not server:
return utils.jsonify({"error": SERVER_INVALID, "error_msg": SERVER_INVALID_MSG}, 401)
org = server.get_org(org_id)
if not org:
return utils.jsonify({"error": ORG_INVALID, "error_msg": ORG_INVALID_MSG}, 401)
user = org.get_user(user_id)
if not user:
return utils.jsonify({"error": USER_INVALID, "error_msg": USER_INVALID_MSG}, 401)
return utils.jsonify({})
def server_tls_verify_post(server_id):
org_id = flask.request.json["org_id"]
user_id = flask.request.json["user_id"]
server = Server(server_id)
if not server:
return utils.jsonify({"error": SERVER_INVALID, "error_msg": SERVER_INVALID_MSG}, 401)
org = server.get_org(org_id)
if not org:
LogEntry(message="User failed authentication, " + 'invalid organization "%s".' % server.name)
return utils.jsonify({"error": ORG_INVALID, "error_msg": ORG_INVALID_MSG}, 401)
user = org.get_user(user_id)
if not user:
LogEntry(message="User failed authentication, " + 'invalid user "%s".' % server.name)
return utils.jsonify({"error": USER_INVALID, "error_msg": USER_INVALID_MSG}, 401)
if user.disabled:
LogEntry(message="User failed authentication, " + 'disabled user "%s".' % server.name)
return utils.jsonify({"error": USER_INVALID, "error_msg": USER_INVALID_MSG}, 401)
return utils.jsonify({"authenticated": True})
def server_otp_verify_post(server_id):
org_id = flask.request.json['org_id']
user_id = flask.request.json['user_id']
otp_code = flask.request.json['otp_code']
remote_ip = flask.request.json.get('remote_ip')
server = Server(server_id)
if not server:
return utils.jsonify({
'error': SERVER_INVALID,
'error_msg': SERVER_INVALID_MSG,
}, 401)
org = server.get_org(org_id)
if not org:
LogEntry(message='User failed authentication, ' +
'invalid organization "%s".' % server.name)
return utils.jsonify({
'error': ORG_INVALID,
'error_msg': ORG_INVALID_MSG,
}, 401)
user = org.get_user(user_id)
if not user:
LogEntry(message='User failed authentication, ' +
'invalid user "%s".' % server.name)
return utils.jsonify({
'error': USER_INVALID,
'error_msg': USER_INVALID_MSG,
}, 401)
if not user.verify_otp_code(otp_code, remote_ip):
LogEntry(message='User failed two-step authentication "%s".' % (
user.name))
return utils.jsonify({
'error': OTP_CODE_INVALID,
'error_msg': OTP_CODE_INVALID_MSG,
}, 401)
return utils.jsonify({
'authenticated': True,
})
def server_otp_verify_post(server_id):
org_id = flask.request.json["org_id"]
user_id = flask.request.json["user_id"]
otp_code = flask.request.json["otp_code"]
remote_ip = flask.request.json.get("remote_ip")
server = Server(server_id)
if not server:
return utils.jsonify({"error": SERVER_INVALID, "error_msg": SERVER_INVALID_MSG}, 401)
org = server.get_org(org_id)
if not org:
LogEntry(message="User failed authentication, " + 'invalid organization "%s".' % server.name)
return utils.jsonify({"error": ORG_INVALID, "error_msg": ORG_INVALID_MSG}, 401)
user = org.get_user(user_id)
if not user:
LogEntry(message="User failed authentication, " + 'invalid user "%s".' % server.name)
return utils.jsonify({"error": USER_INVALID, "error_msg": USER_INVALID_MSG}, 401)
if not user.verify_otp_code(otp_code, remote_ip):
LogEntry(message='User failed two-step authentication "%s".' % (user.name))
return utils.jsonify({"error": OTP_CODE_INVALID, "error_msg": OTP_CODE_INVALID_MSG}, 401)
return utils.jsonify({"authenticated": True})
def server_client_connect_post(server_id):
org_id = flask.request.json["org_id"]
user_id = flask.request.json["user_id"]
server = Server(server_id)
if not server:
return utils.jsonify({"error": SERVER_INVALID, "error_msg": SERVER_INVALID_MSG}, 401)
org = server.get_org(org_id)
if not org:
return utils.jsonify({"error": ORG_INVALID, "error_msg": ORG_INVALID_MSG}, 401)
user = org.get_user(user_id)
if not user:
return utils.jsonify({"error": USER_INVALID, "error_msg": USER_INVALID_MSG}, 401)
if user.type != CERT_CLIENT:
return utils.jsonify({"error": USER_TYPE_INVALID, "error_msg": USER_TYPE_INVALID_MSG}, 401)
local_ip_addr, remote_ip_addr = server.get_ip_set(org.id, user_id)
if local_ip_addr and remote_ip_addr:
client_conf = "ifconfig-push %s %s" % (local_ip_addr, remote_ip_addr)
else:
client_conf = ""
return utils.jsonify({"client_conf": client_conf})
def server_client_connect_post(server_id):
org_id = flask.request.json['org_id']
user_id = flask.request.json['user_id']
server = Server(server_id)
if not server:
return utils.jsonify({
'error': SERVER_INVALID,
'error_msg': SERVER_INVALID_MSG,
}, 401)
org = server.get_org(org_id)
if not org:
return utils.jsonify({
'error': ORG_INVALID,
'error_msg': ORG_INVALID_MSG,
}, 401)
user = org.get_user(user_id)
if not user:
return utils.jsonify({
'error': USER_INVALID,
'error_msg': USER_INVALID_MSG,
}, 401)
if user.type != CERT_CLIENT:
return utils.jsonify({
'error': USER_TYPE_INVALID,
'error_msg': USER_TYPE_INVALID_MSG,
}, 401)
local_ip_addr, remote_ip_addr = server.get_ip_set(org.id, user_id)
if local_ip_addr and remote_ip_addr:
client_conf = 'ifconfig-push %s %s' % (local_ip_addr, remote_ip_addr)
else:
client_conf = ''
return utils.jsonify({
'client_conf': client_conf,
})
