def view(self, request): # initialize default response. response = utils.__default_response__() # check parameters. parameters, success, response = utils.__get_request_params__( request, [ "passphrase", "verify_passphrase", ]) if not success: return self.response(response) # check active. if ENCRYPTION.passphrase == None: response[ "error"] = "The encryption is not actived. Go to [Dashboard > Encryption > Activate] to active the encryption." return self.response(response) # check password. success, response = utils.__check_password__( parameters["passphrase"], parameters["verify_passphrase"]) if not success: return self.response(response) # response. response = ENCRYPTION.edit_passphrase( passphrase=parameters["passphrase"]) if response["error"] != None: return self.response(response) # reload keys. l_response = ENCRYPTION.load_keys( passphrase=parameters["passphrase"]) if l_response["error"] != None: l_response[ "error"] = "Successfully edited the passphrase but failed to load the keys." return self.response(l_response) # response. response = utils.__default_response__() PASSPHRASES.passphrase = parameters['passphrase'] response = PASSPHRASES.initialize() if response["error"] != None: return self.response(response) # success. response["success"] = True l_response["message"] = "Successfully edited the passphrase." return self.response(l_response)
def view(request): # initialize default response. response = utils.__default_response__() # check single key. response = ssht00ls.smart_cards.__single_key_plugged_in__() if response["error"] != None: return JsonResponse(response) # response. response = ssht00ls.smart_cards.scan() if response["error"] != None: return JsonResponse(response) smart_card = response["smart_cards"][list(response["smart_cards"].keys())[0]] # check parameters. parameters, success, response = utils.__get_request_params__(request, [ "pin", ]) if not success: return JsonResponse(response) # response. response = ssht00ls.agent.add( path=smart_card.path, smart_card=True, pin=parameters["pin"],) if response["success"]: manager.activated_smart_cards.append(smart_card.serial_number) return JsonResponse(response)
def view(self, request): # initialize default response. response = utils.__default_response__() # check parameters. client_path, success, response = utils.__get_request_param__( request, "client_path") if not success: return self.response(response) client_path = client_path.replace("$ROOT_DIR/", ROOT_DIR) # make request. if not Files.exists(client_path) or not os.path.ismount( client_path): response["success"] = True response["mounted"] = False response[ "message"] = f"Directory [{client_path}] is not mounted." return self.response(response) else: response["success"] = True response["mounted"] = True response[ "message"] = f"Directory [{client_path}] is mounted." return self.response(response)
def view(self, request): # initialize default response. response = utils.__default_response__() # check parameters. client, success, response = utils.__get_request_param__( request, "client") if not success: return self.response(response) try: username, server = client.split("@") except: return r3sponse.error( f"Invalid client format [{client}], valid format: user@server.", django=True) if not success: return self.response(response) # check existance. if server not in list(manager.servers.keys()): response["error"] = f"Server [{server}] does not exist." return self.response(response) if username not in list(manager.servers[server]["clients"].keys()): response[ "error"] = f"Client [{username}] from server [{server}] does not exist." return self.response(response)["error"] client = manager.servers[server]["clients"][username] response = client.key.check_agent() if response["error"] != None: return self.response(response) return self.response(client.vnc.create_connection())
def view(self, request): # initialize default response. response = utils.__default_response__() # check parameters. server, success, response = utils.__get_request_param__( request, "server") if not success: return self.response(response) dmoain, success, response = utils.__get_request_param__( request, "dmoain") if not success: return self.response(response) lan_ip, success, response = utils.__get_request_param__( request, "lan_ip") if not success: return self.response(response) wan_ip, success, response = utils.__get_request_param__( request, "wan_ip") if not success: return self.response(response) lan_ssh_port, success, response = utils.__get_request_param__( request, "lan_ssh_port") if not success: return self.response(response) wan_ssh_port, success, response = utils.__get_request_param__( request, "wan_ssh_port") if not success: return self.response(response) # make request. return self.response( manager.edit_server( server=server, domain=domain, lan_ip=lan_ip, wan_ip=wan_ip, lan_ssh_port=lan_ssh_port, wan_ssh_port=wan_ssh_port, ))
def view(request): # initialize default response. response = utils.__default_response__() # check parameters. server, success, response = utils.__get_request_param__(request, "server") if not success: return JsonResponse(response) username, success, response = utils.__get_request_param__(request, "username") if not success: return JsonResponse(response) # check encryptiom. if PASSPHRASES.passphrase == None or ENCRYPTION.passphrase == None: response["error"] = "The encryption requires to be activated when making client edits. Go to [Dashboard > Encryption > Activate] to activate the encryption." return JsonResponse(response) # make request. response = manager.delete_client( server=server, username=username,) if response["error"] != None: return JsonResponse(response) # save new passphrase. client = manager.servers[server]["clients"][username] if client.public_key_id in list(PASSPHRASES.dictionary["ssh_keys"].keys()) : del PASSPHRASES.dictionary["ssh_keys"][client.public_key_id] response = PASSPHRASES.save() if response["error"] != None: return JsonResponse(response) else: return JsonResponse(response)
def view(request): # initialize default response. response = utils.__default_response__() # check parameters. server, success, response = utils.__get_request_param__(request, "server") if not success: return JsonResponse(response) username, success, response = utils.__get_request_param__(request, "client") if not success: return JsonResponse(response) server_path, success, response = utils.__get_request_param__(request, "server_path") if not success: return JsonResponse(response) client_path, success, response = utils.__get_request_param__(request, "client_path") if not success: return JsonResponse(response) client_path = client_path.replace("$ROOT_DIR/", ROOT_DIR) # check existance. if server not in list(manager.servers.keys()): response["error"] = f"Server [{server}] does not exist." return JsonResponse(response) if username not in list(manager.servers[server]["clients"].keys()): response["error"] = f"Client [{username}] from server [{server}] does not exist." return JsonResponse(response)["error"] # check client key active. client = manager.servers[server]["clients"][username] response = client.key.check_agent() if response["error"] != None: return JsonResponse(response) # make request. return JsonResponse(client.sshfs.mount( server_path=server_path, client_path=client_path,))
def delete_client(self, server=None, username=None): success, response = utils.__check_parameter__(server, "server", None) if not success: return response success, response = utils.__check_parameter__(username, "username", None) if not success: return response # initialize default response. response = utils.__default_response__() # check existance. if server not in list(self.servers.keys()): response["error"] = f"Server [{server}] does not exist." return response if username not in list(self.servers[server]["clients"].keys()): response["error"] = f"Client [{username}] does not exist." return response # delete. os.system(f"rm -fr {ROOT_DIR}/servers/{server}/{username}") # response. response["success"] = True response[ "message"] = f"Successfully deleted client [{username}@{server}]." self.__initialize_servers__() return response
def list(self): # initialize default response. response = utils.__default_response__() # response. return response
def view(request): # initialize default response. response = utils.__default_response__() # check parameters. parameters, success, response = utils.__get_request_params__(request, [ "serial_number", "new", "verify_new", "old", ]) if not success: return JsonResponse(response) # check new pin. if parameters["new"] != parameters["verify_new"]: return r3sponse.error_response("The pin codes do not match.", django=True) if len(parameters["new"]) != 6: return r3sponse.error_response("The pin code must be a six character integer code.", django=True) # scan smart card. response = ssht00ls.smart_cards.find_smart_card(serial_number=parameters["serial_number"]) if response["error"] != None: return JsonResponse(response) smart_card = response["smart_card"] # response. return JsonResponse(smart_card.change_pin( new=parameters["new"], old=parameters["old"],))
def view(self, request): # initialize default response. response = utils.__default_response__() # check encryptiom. if PASSPHRASES.passphrase == None or ENCRYPTION.passphrase == None: response[ "error"] = "The encryption requires to be activated when making client edits. Go to [Dashboard > Encryption > Activate] to activate the encryption." return self.response(response) # check parameters. server, success, response = utils.__get_request_param__( request, "server") if not success: return self.response(response) username, success, response = utils.__get_request_param__( request, "username") if not success: return self.response(response) new, success, response = utils.__get_request_param__( request, "new") if not success: return self.response(response) new_verify, success, response = utils.__get_request_param__( request, "new_verify") if not success: return self.response(response) # check passphrase. if new != new_verify: response["error"] = "Passphrases do not match." return self.response(response) if len(new) <= 12: response[ "error"] = "Passphrase must contain at least 12 characters." return self.response(response) # check existance. if server not in list(manager.servers.keys()): response["error"] = f"Server [{server}] does not exist." return self.response(response) if username not in list(manager.servers[server]["clients"].keys()): response[ "error"] = f"Client [{username}] from server [{server}] does not exist." return self.response(response)["error"] # make request. client = manager.servers[server]["clients"][username] if client.public_key_id not in list( PASSPHRASES.dictionary["ssh_keys"].keys()): return self.response( r3sponse.error( f"There is no passphrase cached for the ssh key of client [{username}@{server}]." )) old = PASSPHRASES.dictionary["ssh_keys"][client.public_key_id] return self.response(client.key.edit_passphrase( new=new, old=old, ))
def check_agent(self): # initialize default response. response = utils.__default_response__() # check encryptiom. if self.defaults.smartcard: return r3sponse.error("This client uses a smart card.") # check agent. return ssht00ls.agent.check(public_key=self.defaults.public_key)
def view(request): # initialize default response. response = utils.__default_response__() # check parameters. server, success, response = utils.__get_request_param__(request, "server") if not success: return JsonResponse(response) # make request. return JsonResponse(manager.delete_server( server=server,))
def create_connection(self): # initialize default response. response = utils.__default_response__() # test connection. response = self.defaults.test_connection() if not response.success: return response # log in & create connection loader = syst3m.console.Loader("Requesting vnc connection ...") response = self.restapi.request("/requests/vnc/create_connection/") if not response.success: loader.stop(success=False) r3sponse.log(response=response) return response input_port = response["port"] url = response["url"] # find free port. loader.message = "Finding free port ... " _response_ = utils.__find_port__(start=6080) if not response.success: loader.stop(success=False) return response output_port = _response_["port"] # kill previous tunnels & start ssh tunnel. processes = syst3m.utils.__execute_script__("ps -ax | grep ssh") for line in processes.split("\n"): if line not in [ "" ] and self.defaults.alias in line and ":localhost:" in line and "ssh -f -N -L " in line: id = line.split(" ") if id[0] == "": id = id[1] else: id = id[0] os.system(f"kill {id}") loader.message = "Creating ssh tunnel ... " #output = syst3m.utils.__execute_script__(f"ssh -f -N -L {output_port}:localhost:{input_port} {self.defaults.alias}") #print("Tunnel output:",output) os.system( f"ssh -f -N -L {output_port}:localhost:{input_port} {self.defaults.alias}" ) # response. url = url.replace(f"127.0.0.1:{input_port}/", f"127.0.0.1:{output_port}/") url = url.replace(f"&port={input_port}&", f"&port={output_port}&") response["url"] = url response[ "message"] = f"Successfully created a vnc connection with client [{self.defaults.id}]." loader.stop(message=response["message"]) return response
def view(request): # initialize default response. response = utils.__default_response__() # check parameters. parameters, success, response = utils.__get_request_params__(request, [ "passphrase", ]) if not success: return JsonResponse(response) # make request. return JsonResponse(manager.activate_encryption( passphrase=parameters["passphrase"],))
def activate_clients(self): # default response. response = utils.__default_response__() # check encryptiom. if PASSPHRASES.passphrase == None or ENCRYPTION.passphrase == None: response[ "error"] = "The encryption requires to be activated when making client edits. Go to [Dashboard > Encryption > Activate] to activate the encryption." return response # iterate for server, dict in self.servers.items(): for username, client in dict["clients"].items(): if not client.defaults.smart_card: response = client.key.add_to_agent(load_passphrase=True) if response["error"] != None: return response # response. response = utils.__default_response__() response["success"] = True response["message"] = f"Successfully activated all clients." return response
def view(request): # initialize default response. response = utils.__default_response__() # check parameters. client_path, success, response = utils.__get_request_param__(request, "client_path") if not success: return JsonResponse(response) client_path = client_path.replace("$ROOT_DIR/", ROOT_DIR) # make request. utils.__open_directory__(client_path) response["success"] = True response["message"] = f"Successfully opened [{client_path}]." return JsonResponse(response)
def view(request): # initialize default response. response = utils.__default_response__() # response. response = ssht00ls.smart_cards.scan() if response["success"]: x, y = {}, response["smart_cards"] del response["smart_cards"] for serial_number,smart_card in y.items(): l_response = smart_card.get_info() if l_response["success"]: x[serial_number] = l_response["info"] response["smart_cards"] = x print(response["smart_cards"]) return JsonResponse(response)
def view(self, request): # initialize default response. response = utils.__default_response__() # check parameters. server, success, response = utils.__get_request_param__( request, "server") if not success: return self.response(response) username, success, response = utils.__get_request_param__( request, "client") if not success: return self.response(response) server_path, success, response = utils.__get_request_param__( request, "server_path") if not success: return self.response(response) client_path, success, response = utils.__get_request_param__( request, "client_path") if not success: return self.response(response) directory, success, response = utils.__get_request_param__( request, "directory") if not success: return self.response(response) # check existance. if server not in list(manager.servers.keys()): response["error"] = f"Server [{server}] does not exist." return self.response(response) if username not in list( manager.servers[server]["clients"].keys()): response[ "error"] = f"Client [{username}] from server [{server}] does not exist." return self.response(response)["error"] # check client key active. client = manager.servers[server]["clients"][username] response = client.key.check_agent() if response["error"] != None: return self.response(response) # make request. return self.response( client.scp.upload( server_path=server_path, client_path=client_path, directory=directory, ))
def view(request): # initialize default response. response = utils.__default_response__() # check parameters. client_path, success, response = utils.__get_request_param__(request, "client_path") if not success: return JsonResponse(response) forced, success, response = utils.__get_request_param__(request, "forced") if not success: return JsonResponse(response) sudo, success, response = utils.__get_request_param__(request, "sudo") if not success: return JsonResponse(response) client_path = client_path.replace("$ROOT_DIR/", ROOT_DIR) # make request. return JsonResponse(ssht00ls.sshfs.unmount( client_path=client_path, forced=forced, sudo=sudo,))
def view(self, request): # initialize default response. response = utils.__default_response__() # check parameters. server, success, response = utils.__get_request_param__( request, "server") if not success: return self.response(response) username, success, response = utils.__get_request_param__( request, "username") if not success: return self.response(response) # check existance. if server not in list(manager.servers.keys()): response["error"] = f"Server [{server}] does not exist." return self.response(response) if username not in list(manager.servers[server]["clients"].keys()): response[ "error"] = f"Client [{username}] from server [{server}] does not exist." return self.response(response)["error"] # check load or passed passphrase. load_passphrase, success, response = utils.__get_request_param__( request, "load_passphrase") if not success: # passed passphrase. passphrase, success, response = utils.__get_request_param__( request, "passphrase") if not success: return self.response(response) # make request. client = manager.servers[server]["clients"][username] return self.response( client.key.add_to_agent(passphrase=passphrase)) else: # load passphrase. client = manager.servers[server]["clients"][username] return self.response( client.key.add_to_agent(load_passphrase=True))
def view(self, request): # initialize default response. response = utils.__default_response__() # check parameters. parameters, success, response = utils.__get_request_params__( request, [ "passphrase", "verify_passphrase", ]) if not success: return self.response(response) # make request. return self.response( manager.install_encryption( passphrase=parameters["passphrase"], verify_passphrase=parameters["verify_passphrase"], ))
def edit_passphrase(self, old=None, new=None): # initialize default response. response = utils.__default_response__() # check encryptiom. if self.defaults.smartcard: return r3sponse.error("This client uses a smart card.") # check encryptiom. if PASSPHRASES.passphrase == None or ENCRYPTION.passphrase == None: return r3sponse.error( "The encryption requires to be activated when making client edits. Go to [Dashboard > Encryption > Activate] to activate the encryption." ) # checks. success, response = utils.__check_parameter__(old, "old", None) if not success: return response success, response = utils.__check_parameter__(new, "new", None) if not success: return response # response. response = ssht00ls.keys.edit_passphrase( path=self.defaults.private_key, old=old, new=new, ) if response["error"] != None: return response # save pass. if smartcard: PASSPHRASES.dictionary["smartcards"][ self.defaults.public_key_id] = str(new) else: PASSPHRASES.dictionary["ssh_keys"][ self.defaults.public_key_id] = str(new) l_response = PASSPHRASES.save() if l_response["error"] != None: return r3sponse.error( 'Successfully edited the passphrase but failed to store the passphrase in the encrypted dictionary, error: ' + l_response["error"]) return response
def view(self, request): # initialize default response. response = utils.__default_response__() # check parameters. parameters, success, response = utils.__get_request_params__( request, [ "serial_number", "pin", "verify_pin", "puk", ]) if not success: return self.response(response) # check new pin. if parameters["pin"] != parameters["verify_pin"]: return r3sponse.error("The pin codes do not match.", django=True) if len(parameters["pin"]) != 6: return r3sponse.error( "The pin code must be a six character integer code.", django=True) if len(parameters["puk"]) != 8: return r3sponse.error( "The puk code must be a eighth character integer code.", django=True) # scan smart card. response = ssht00ls.smartcards.find_smartcard( serial_number=parameters["serial_number"]) if response["error"] != None: return JonsResponse(response) smartcard = response["smartcard"] # response. return self.response( smartcard.unblock_pin( pin=parameters["pin"], puk=parameters["puk"], ))
def edit_server( self, server=None, # the lan ip address of the server. lan_ip=None, # the wan ip address of the server. wan_ip=None, # the lan ssh port of the server. lan_ssh_port=None, # the wan ssh port of the server. wan_ssh_port=None, ): success, resposne = utils.__check_parameter__(server, "server", None) if not success: return response success, response = utils.__check_parameter__(lan_ip, "lan_ip", None) if not success: return response success, response = utils.__check_parameter__(wan_ip, "wan_ip", None) if not success: return response success, response = utils.__check_parameter__(lan_ssh_port, "lan_ssh_port", None) if not success: return response success, response = utils.__check_parameter__(wan_ssh_port, "wan_ssh_port", None) if not success: return response # initialize default response. response = utils.__default_response__() # check existance. if server not in list(self.servers.keys()): response["error"] = f"Server [{server}] does not exist." return response # save. try: utils.__save_json__( f'{ROOT_DIR}/servers/{server}/settings.json', { "ip": { "wan": wan_ip, "lan": lan_ip, }, "ports": { "wan": { "ssh": wan_ssh_port, }, "lan": { "ssh": lan_ssh_port, }, } }) except: response[ "error"] = f"Failed to edit the settings of server [{server}]." return response # response. response["success"] = True response[ "message"] = f"Successfully edited the settings of server [{server}]." self.__initialize_servers__() return response
def install_client( self, # # option 1: # all info encoded into a string. encoded=None, # # option 2: # the user. username=None, # the servers alias. (example:vandenberghinc) server=None, # the servers domain. (example:vandenberghinc.com) domain=None, # the lan ip address of the server. lan_ip=None, # the wan ip address of the server. wan_ip=None, # the lan ssh port of the server. lan_ssh_port=None, # the wan ssh port of the server. wan_ssh_port=None, # the client's api key. api_key=None, # option 1: # the old passphrase for the private key. old_passphrase="''", # (no passphrase) # the path to the private key. private_key=None, # the path to the private key. public_key=None, # the client's vpn key. vpn_key=None, # option 2: # enable for smart cards. smartcards=False, # serial numbers of the smart cards (list). serial_numbers=None, ): # by encoding. if encoded != None: decoded = json.loads(urllib.parse.unquote(encoded)) #print(json.dumps(decoded, indent=4)) try: if decoded["serial_numbers"] != None: decoded["serial_numbers"] = decoded[ "serial_numbers"].split(",") if decoded["old_passphrase"] == None: decoded["old_passphrase"] = "''" Files.save(f"{HOME}/Downloads/public_key.txt", decoded["public_key"]) decoded["public_key"] = f"{HOME}/Downloads/public_key.txt" Files.save(f"{HOME}/Downloads/private_key.txt", decoded["private_key"]) decoded["private_key"] = f"{HOME}/Downloads/private_key.txt" Files.save(f"{HOME}/Downloads/vpn_key.ovpn", decoded["vpn_key"]) decoded["vpn_key"] = f"{HOME}/Downloads/vpn_key.ovpn" return self.install_client( # the user. username=decoded["username"], # the servers alias. (example:vandenberghinc) server=decoded["server"], # the server domain. (example:vandenberghinc.com) domain=decoded["domain"], # the lan ip address of the server. lan_ip=decoded["lan_ip"], # the wan ip address of the server. wan_ip=decoded["wan_ip"], # the lan ssh port of the server. lan_ssh_port=decoded["lan_ssh_port"], # the wan ssh port of the server. wan_ssh_port=decoded["wan_ssh_port"], # the client's api key. api_key=decoded["api_key"], # option 1: # the old passphrase for the private key. old_passphrase=decoded[ "old_passphrase"], # (no passphrase) # the path to the private key. private_key=decoded["private_key"], # the path to the private key. public_key=decoded["public_key"], # the client's vpn key. vpn_key=decoded["vpn_key"], # option 2: # enable for smart cards. smartcards=decoded["smartcards"], # serial numbers of the smart cards (list). serial_numbers=decoded["serial_numbers"], ) except KeyError as e: return r3sponse.error( f"Incorrect encoding format, missing key: {e}.") # by paramters. else: # check parameters. success, response = utils.__check_parameters__( empty_value=None, parameters={ "username": username, "server": server, "lan_ip": lan_ip, "wan_ip": wan_ip, "lan_ssh_port": lan_ssh_port, "wan_ssh_port": wan_ssh_port, "api_key": api_key, "vpn_key": vpn_key, "domain": domain, }) if not success: return response server = server.replace(" ", '-') # smart card parameters. if smartcards: if isinstance(serial_numbers, str): serial_numbers = [serial_numbers] success, response = utils.__check_parameters__( empty_value=None, parameters={ "serial_numbers": serial_numbers, }) if not success: print(response["error"]) return response # non smart card parameters. else: success, response = utils.__check_parameters__( empty_value=None, parameters={ "old_passphrase": old_passphrase, "private_key": private_key, "public_key": public_key, }) if not success: print(response["error"]) return response print(f"Installing client [{username}@{server}].") # default response. response = utils.__default_response__() # check server dir. dir = f'{self.root_dir}servers/{server}/' if not Files.exists(dir): os.mkdir(dir) # check server settings. try: utils.__save_json__( f'{dir}/settings.json', { "domain": domain, "ip": { "wan": wan_ip, "lan": lan_ip, }, "ports": { "wan": { "ssh": wan_ssh_port, }, "lan": { "ssh": lan_ssh_port, }, } }) except: os.system("rm -fr " + dir) response[ "error"] = f"Failed to edit the settings of server [{server}]." print(response["error"]) return response # create user dir. user_dir = f"{dir}{username}/" if not Files.exists(user_dir): os.mkdir(user_dir) # api key. try: Files.save(f"{user_dir}/api_key", api_key) except: return r3sponse.error(f"Failed to save the specified api key.", log_level=0) # vpn key. os.system(f"cp {vpn_key} {user_dir}/vpn_key.ovpn") if not Files.exists(f"{user_dir}/vpn_key.ovpn"): return r3sponse.error(f"Failed to save the specified vpn key.", log_level=0) # permissions. os.system(f"chmod 600 {user_dir}/api_key") os.system(f"chmod 600 {user_dir}/vpn_key.ovpn") # smart card. if smartcards: try: array = Array(path=f'{user_dir}smartcards', load=True, default=[]) c = 0 for serial_number in serial_numbers: if serial_number not in array.array: array.array.append(serial_number) c += 1 if c > 0: array.save() except: return r3sponse.error( f"Failed to save the smart card serial numbers for client [{username}@{server}].", log_level=0) # non smart card. else: # check public key id. try: public_key_id = Files.load(public_key).split( "[#id:")[1].split("]")[0] except: return r3sponse.error( f"Failed to retrieve the id from public key [{public_key}].", log_level=0) # check encryptiom. if PASSPHRASES.passphrase == None or ENCRYPTION.passphrase == None: return r3sponse.error( "The encryption requires to be activated when making client edits. Go to [Dashboard > Encryption > Activate] to activate the encryption.", log_level=0) # edit key passphrase. new_passphrase = String("").generate(length=48, digits=True, capitalize=True, special=True) os.system(f"chmod 600 {private_key}") response = ssht00ls.keys.edit_passphrase(private_key, old=old_passphrase, new=new_passphrase) if response["error"] != None: print(response["error"]) return response # create user key. os.system(f"cp {private_key} {user_dir}/private_key") os.system(f"chmod 600 {user_dir}/private_key") os.system(f"cp {public_key} {user_dir}/public_key") os.system(f"chmod 600 {user_dir}/public_key") # delete downloaded keys. if '/Downloads/private_key.txt' in private_key: os.system("rm -fr " + private_key) if '/Downloads/public_key.txt' in public_key: os.system("rm -fr " + public_key) # save pass. if smartcards: PASSPHRASES.dictionary["smartcards"][public_key_id] = str( new_passphrase) else: PASSPHRASES.dictionary["ssh_keys"][public_key_id] = str( new_passphrase) l_response = PASSPHRASES.save() if l_response["error"] != None: return r3sponse.error( 'Successfully installed th client but failed to store the passphrase in the encrypted dictionary, error: ' + l_response["error"], log_level=0) # delete vpn key. if '/Downloads/vpn_key.ovpn' in vpn_key: os.system("rm -fr " + vpn_key) # response. self.__initialize_servers__() return r3sponse.success( f"Successfully installed client [{username}@{server}].", { "username": username, "server": server, }, log_level=0)
def install_client( self, # the user. username=None, # the servers alias. (example:vandenberghinc.com) server=None, # the lan ip address of the server. lan_ip=None, # the wan ip address of the server. wan_ip=None, # the lan ssh port of the server. lan_ssh_port=None, # the wan ssh port of the server. wan_ssh_port=None, # option 1: # the new passphrase for the private key. new_passphrase=None, # the old passphrase for the private key. old_passphrase="''", # (no passphrase) # the path to the private key. private_key=None, # the path to the private key. public_key=None, # option 2: # enable for smart cards. smart_cards=False, # serial numbers of the smart cards (list). serial_numbers=None, ): # check parameters. success, response = utils.__check_parameters__(empty_value=None, parameters={ "username": username, "server": server, "lan_ip": lan_ip, "wan_ip": wan_ip, "lan_ssh_port": lan_ssh_port, "wan_ssh_port": wan_ssh_port, }) if not success: print(response["error"]) return response server = server.replace(" ", '-') # smart card parameters. if smart_cards: if isinstance(serial_numbers, str): serial_numbers = [serial_numbers] success, response = utils.__check_parameters__( empty_value=None, parameters={ "serial_numbers": serial_numbers, }) if not success: print(response["error"]) return response # non smart card parameters. else: success, response = utils.__check_parameters__(empty_value=None, parameters={ "server": new_passphrase, "server": old_passphrase, "private_key": private_key, "public_key": public_key, }) if not success: print(response["error"]) return response print(f"Installing client [{username}@{server}].") # default response. response = utils.__default_response__() # check server dir. dir = f'{self.root_dir}servers/{server}/' if not os.path.exists(dir): os.mkdir(dir) # check server settings. try: utils.__save_json__( f'{dir}/settings.json', { "ip": { "wan": wan_ip, "lan": lan_ip, }, "ports": { "wan": { "ssh": wan_ssh_port, }, "lan": { "ssh": lan_ssh_port, }, } }) except: os.system("rm -fr " + dir) response[ "error"] = f"Failed to edit the settings of server [{server}]." print(response["error"]) return response # smart card. if smart_cards: # create user dir. user_dir = f"{dir}{username}/" if not os.path.exists(user_dir): os.mkdir(user_dir) try: array = Files.Array(path=f'{user_dir}smart_cards', load=True, default=[]) c = 0 for serial_number in serial_numbers: if serial_number not in array.array: array.array.append(serial_number) c += 1 if c > 0: array.save() except: return r3sponse.error_response( f"Failed to save the smart card serial numbers for client [{username}@{server}].", log_level=0) # non smart card. else: # check public key id. try: public_key_id = utils.__load_file__(public_key).split( "[#id:")[1].split("]")[0] except: return r3sponse.error_response( f"Failed to retrieve the id from public key [{public_key}].", log_level=0) # check encryptiom. if PASSPHRASES.passphrase == None or ENCRYPTION.passphrase == None: return r3sponse.error_response( "The encryption requires to be activated when making client edits. Go to [Dashboard > Encryption > Activate] to activate the encryption.", log_level=0) # edit key passphrase. os.system(f"chmod 600 {private_key}") response = ssht00ls.key.edit_passphrase(private_key, old=old_passphrase, new=new_passphrase) if response["error"] != None: print(response["error"]) return response # create user key. user_dir = f"{dir}{username}/" if not os.path.exists(user_dir): os.mkdir(user_dir) os.system(f"cp {private_key} {user_dir}/private_key") os.system(f"chmod 600 {user_dir}/private_key") os.system(f"cp {public_key} {user_dir}/public_key") os.system(f"chmod 600 {user_dir}/public_key") # delete downloaded keys. if '/Downloads/private_key.txt' in private_key: os.system("rm -fr " + private_key) if '/Downloads/public_key.txt' in public_key: os.system("rm -fr " + public_key) # save pass. if smart_cards: PASSPHRASES.dictionary["smart_cards"][public_key_id] = str( new_passphrase) else: PASSPHRASES.dictionary["ssh_keys"][public_key_id] = str( new_passphrase) l_response = PASSPHRASES.save() if l_response["error"] != None: return r3sponse.error_response( 'Successfully installed th client but failed to store the passphrase in the encrypted dictionary, error: ' + l_response["error"], log_level=0) # response. self.__initialize_servers__() return r3sponse.success_response( f"Successfully installed client [{username}@{server}].", log_level=0)
def view(self, request): # initialize default response. response = utils.__default_response__() # check encryptiom. if PASSPHRASES.passphrase == None or ENCRYPTION.passphrase == None: response[ "error"] = "The encryption requires to be activated when making client edits. Go to [Dashboard > Encryption > Activate] to activate the encryption." return self.response(response) # by encoded. encoded, success, response = utils.__get_request_param__( request, "encoded") if success: # make request. return self.response(manager.install_client(encoded=encoded, )) # by parameters. else: # check parameters. username, success, response = utils.__get_request_param__( request, "username") if not success: return self.response(response) server, success, response = utils.__get_request_param__( request, "server") if not success: return self.response(response) domain, success, response = utils.__get_request_param__( request, "domain") if not success: return self.response(response) api_key, success, response = utils.__get_request_param__( request, "api_key") if not success: return self.response(response) public_key, success, response = utils.__get_request_param__( request, "public_key") if not success: return self.response(response) private_key, success, response = utils.__get_request_param__( request, "private_key") if not success: return self.response(response) vpn_key, success, response = utils.__get_request_param__( request, "vpn_key") if not success: return self.response(response) new_passphrase, success, response = utils.__get_request_param__( request, "new_passphrase") if not success: return self.response(response) verify_new_passphrase, success, response = utils.__get_request_param__( request, "verify_new_passphrase") if not success: return self.response(response) old_passphrase, success, response = utils.__get_request_param__( request, "old_passphrase") if not success: return self.response(response) lan_ip, success, response = utils.__get_request_param__( request, "lan_ip") if not success: return self.response(response) wan_ip, success, response = utils.__get_request_param__( request, "wan_ip") if not success: return self.response(response) lan_ssh_port, success, response = utils.__get_request_param__( request, "lan_ssh_port") if not success: return self.response(response) wan_ssh_port, success, response = utils.__get_request_param__( request, "wan_ssh_port") if not success: return self.response(response) public_key = public_key.replace("~/", HOME) private_key = private_key.replace("~/", HOME) vpn_key = vpn_key.replace("~/", HOME) # check key existance. if not Files.exists(public_key): response[ "error"] = f"Public key path [{public_key}] does not exist." return self.response(response) if not Files.exists(private_key): response[ "error"] = f"Private key path [{private_key}] does not exist." return self.response(response) if not Files.exists(vpn_key): response[ "error"] = f"VPN key path [{vpn_key}] does not exist." return self.response(response) # check passphrase. success, response = utils.__check_password__( new_passphrase, verify_new_passphrase) if not success: return self.response(response) # make request. final_response = manager.install_client( username=username, server=server, domain=domain, api_key=api_key, public_key=public_key, private_key=private_key, vpn_key=vpn_key, new_passphrase=new_passphrase, old_passphrase=old_passphrase, lan_ip=lan_ip, wan_ip=wan_ip, lan_ssh_port=lan_ssh_port, wan_ssh_port=wan_ssh_port, ) if final_response["error"] != None: return self.response(final_response) # save new passphrase. PASSPHRASES.dictionary["ssh_keys"][ final_response["username"]] = new_passphrase response = PASSPHRASES.save() if response["error"] != None: return self.response(response) return self.response(final_response)
def add_to_agent(self, passphrase=None, load_passphrase=False, smartcard=False, pin=None): # initialize default response. response = utils.__default_response__() if load_passphrase: # check encryptiom. if PASSPHRASES.passphrase == None or ENCRYPTION.passphrase == None: response[ "error"] = "The encryption requires to be activated when making client edits. Go to [Dashboard > Encryption > Activate] to activate the encryption." return response if smartcard: try: passphrase = PASSPHRASES.dictionary["smartcards"][ self.defaults.public_key_id] except KeyError: response[ "error"] = f"There are no passphrases stored for client [{self.defaults.id}]." return response else: try: passphrase = PASSPHRASES.dictionary["ssh_keys"][ self.defaults.public_key_id] except KeyError: response[ "error"] = f"There are no passphrases stored for client [{self.defaults.id}]." return response # checks. success, response = utils.__check_parameter__( passphrase, "passphrase", None) if not success: return response # check if not already added. response = self.check_agent() if response[ "error"] != None and " is not added to the ssh agent" not in response[ "error"]: return response elif response["success"]: response[ "message"] = f"The key from client [{self.defaults.id}] is already added to the ssh agent." return response # response. if not smartcard: response = ssht00ls.agent.add( private_key=self.defaults.private_key, passphrase=passphrase, ) else: response = ssht00ls.agent.add( private_key=self.defaults.private_key, smartcard=True, pin=pin, ) if response["success"]: response[ "message"] = f"Successfully added key from client [{self.defaults.id}] to the ssh agent." return response
def view(request): # initialize default response. response = utils.__default_response__() # check encryptiom. if PASSPHRASES.passphrase == None or ENCRYPTION.passphrase == None: response["error"] = "The encryption requires to be activated when making client edits. Go to [Dashboard > Encryption > Activate] to activate the encryption." return JsonResponse(response) # check parameters. username, success, response = utils.__get_request_param__(request, "username") if not success: return JsonResponse(response) server, success, response = utils.__get_request_param__(request, "server") if not success: return JsonResponse(response) public_key, success, response = utils.__get_request_param__(request, "public_key") if not success: return JsonResponse(response) private_key, success, response = utils.__get_request_param__(request, "private_key") if not success: return JsonResponse(response) new_passphrase, success, response = utils.__get_request_param__(request, "new_passphrase") if not success: return JsonResponse(response) verify_new_passphrase, success, response = utils.__get_request_param__(request, "verify_new_passphrase") if not success: return JsonResponse(response) old_passphrase, success, response = utils.__get_request_param__(request, "old_passphrase") if not success: return JsonResponse(response) lan_ip, success, response = utils.__get_request_param__(request, "lan_ip") if not success: return JsonResponse(response) wan_ip, success, response = utils.__get_request_param__(request, "wan_ip") if not success: return JsonResponse(response) lan_ssh_port, success, response = utils.__get_request_param__(request, "lan_ssh_port") if not success: return JsonResponse(response) wan_ssh_port, success, response = utils.__get_request_param__(request, "wan_ssh_port") if not success: return JsonResponse(response) public_key = public_key.replace("~/", HOME) private_key = private_key.replace("~/", HOME) # check key existance. if not os.path.exists(public_key): response["error"] = f"Public key path [{public_key}] does not exist." return JsonResponse(response) if not os.path.exists(private_key): response["error"] = f"Private key path [{private_key}] does not exist." return JsonResponse(response) # check passphrase. success, response = utils.__check_password__(new_passphrase, verify_new_passphrase) if not success: return JsonResponse(response) # make request. response = manager.install_client( username=username, server=server, public_key=public_key, private_key=private_key, new_passphrase=new_passphrase, old_passphrase=old_passphrase, lan_ip=lan_ip, wan_ip=wan_ip, lan_ssh_port=lan_ssh_port, wan_ssh_port=wan_ssh_port,) if response["error"] != None: return JsonResponse(response) # save new passphrase. PASSPHRASES.dictionary["ssh_keys"][client.public_key_id] = new response = PASSPHRASES.save() if response["error"] != None: return JsonResponse(response)