def view(self, request):
# initialize default response.
response = utils.__default_response__()
# check parameters.
parameters, success, response = utils.__get_request_params__(
request, [
"passphrase",
"verify_passphrase",
])
if not success: return self.response(response)
# check active.
if ENCRYPTION.passphrase == None:
response[
"error"] = "The encryption is not actived. Go to [Dashboard > Encryption > Activate] to active the encryption."
return self.response(response)
# check password.
success, response = utils.__check_password__(
parameters["passphrase"], parameters["verify_passphrase"])
if not success: return self.response(response)
# response.
response = ENCRYPTION.edit_passphrase(
passphrase=parameters["passphrase"])
if response["error"] != None:
return self.response(response)
# reload keys.
l_response = ENCRYPTION.load_keys(
passphrase=parameters["passphrase"])
if l_response["error"] != None:
l_response[
"error"] = "Successfully edited the passphrase but failed to load the keys."
return self.response(l_response)
# response.
response = utils.__default_response__()
PASSPHRASES.passphrase = parameters['passphrase']
response = PASSPHRASES.initialize()
if response["error"] != None:
return self.response(response)
# success.
response["success"] = True
l_response["message"] = "Successfully edited the passphrase."
return self.response(l_response)
def view(request): # initialize default response. response = utils.__default_response__() # check single key. response = ssht00ls.smart_cards.__single_key_plugged_in__() if response["error"] != None: return JsonResponse(response) # response. response = ssht00ls.smart_cards.scan() if response["error"] != None: return JsonResponse(response) smart_card = response["smart_cards"][list(response["smart_cards"].keys())[0]] # check parameters. parameters, success, response = utils.__get_request_params__(request, [ "pin", ]) if not success: return JsonResponse(response) # response. response = ssht00ls.agent.add( path=smart_card.path, smart_card=True, pin=parameters["pin"],) if response["success"]: manager.activated_smart_cards.append(smart_card.serial_number) return JsonResponse(response)
def view(self, request):
# initialize default response.
response = utils.__default_response__()
# check parameters.
client_path, success, response = utils.__get_request_param__(
request, "client_path")
if not success: return self.response(response)
client_path = client_path.replace("$ROOT_DIR/", ROOT_DIR)
# make request.
if not Files.exists(client_path) or not os.path.ismount(
client_path):
response["success"] = True
response["mounted"] = False
response[
"message"] = f"Directory [{client_path}] is not mounted."
return self.response(response)
else:
response["success"] = True
response["mounted"] = True
response[
"message"] = f"Directory [{client_path}] is mounted."
return self.response(response)
def view(self, request):
# initialize default response.
response = utils.__default_response__()
# check parameters.
client, success, response = utils.__get_request_param__(
request, "client")
if not success: return self.response(response)
try:
username, server = client.split("@")
except:
return r3sponse.error(
f"Invalid client format [{client}], valid format: user@server.",
django=True)
if not success: return self.response(response)
# check existance.
if server not in list(manager.servers.keys()):
response["error"] = f"Server [{server}] does not exist."
return self.response(response)
if username not in list(manager.servers[server]["clients"].keys()):
response[
"error"] = f"Client [{username}] from server [{server}] does not exist."
return self.response(response)["error"]
client = manager.servers[server]["clients"][username]
response = client.key.check_agent()
if response["error"] != None: return self.response(response)
return self.response(client.vnc.create_connection())
def view(self, request):
# initialize default response.
response = utils.__default_response__()
# check parameters.
server, success, response = utils.__get_request_param__(
request, "server")
if not success: return self.response(response)
dmoain, success, response = utils.__get_request_param__(
request, "dmoain")
if not success: return self.response(response)
lan_ip, success, response = utils.__get_request_param__(
request, "lan_ip")
if not success: return self.response(response)
wan_ip, success, response = utils.__get_request_param__(
request, "wan_ip")
if not success: return self.response(response)
lan_ssh_port, success, response = utils.__get_request_param__(
request, "lan_ssh_port")
if not success: return self.response(response)
wan_ssh_port, success, response = utils.__get_request_param__(
request, "wan_ssh_port")
if not success: return self.response(response)
# make request.
return self.response(
manager.edit_server(
server=server,
domain=domain,
lan_ip=lan_ip,
wan_ip=wan_ip,
lan_ssh_port=lan_ssh_port,
wan_ssh_port=wan_ssh_port,
))
def view(request): # initialize default response. response = utils.__default_response__() # check parameters. server, success, response = utils.__get_request_param__(request, "server") if not success: return JsonResponse(response) username, success, response = utils.__get_request_param__(request, "username") if not success: return JsonResponse(response) # check encryptiom. if PASSPHRASES.passphrase == None or ENCRYPTION.passphrase == None: response["error"] = "The encryption requires to be activated when making client edits. Go to [Dashboard > Encryption > Activate] to activate the encryption." return JsonResponse(response) # make request. response = manager.delete_client( server=server, username=username,) if response["error"] != None: return JsonResponse(response) # save new passphrase. client = manager.servers[server]["clients"][username] if client.public_key_id in list(PASSPHRASES.dictionary["ssh_keys"].keys()) : del PASSPHRASES.dictionary["ssh_keys"][client.public_key_id] response = PASSPHRASES.save() if response["error"] != None: return JsonResponse(response) else: return JsonResponse(response)
def view(request):
# initialize default response.
response = utils.__default_response__()
# check parameters.
server, success, response = utils.__get_request_param__(request, "server")
if not success: return JsonResponse(response)
username, success, response = utils.__get_request_param__(request, "client")
if not success: return JsonResponse(response)
server_path, success, response = utils.__get_request_param__(request, "server_path")
if not success: return JsonResponse(response)
client_path, success, response = utils.__get_request_param__(request, "client_path")
if not success: return JsonResponse(response)
client_path = client_path.replace("$ROOT_DIR/", ROOT_DIR)
# check existance.
if server not in list(manager.servers.keys()):
response["error"] = f"Server [{server}] does not exist."
return JsonResponse(response)
if username not in list(manager.servers[server]["clients"].keys()):
response["error"] = f"Client [{username}] from server [{server}] does not exist."
return JsonResponse(response)["error"]
# check client key active.
client = manager.servers[server]["clients"][username]
response = client.key.check_agent()
if response["error"] != None: return JsonResponse(response)
# make request.
return JsonResponse(client.sshfs.mount(
server_path=server_path,
client_path=client_path,))
def delete_client(self, server=None, username=None):
success, response = utils.__check_parameter__(server, "server", None)
if not success: return response
success, response = utils.__check_parameter__(username, "username",
None)
if not success: return response
# initialize default response.
response = utils.__default_response__()
# check existance.
if server not in list(self.servers.keys()):
response["error"] = f"Server [{server}] does not exist."
return response
if username not in list(self.servers[server]["clients"].keys()):
response["error"] = f"Client [{username}] does not exist."
return response
# delete.
os.system(f"rm -fr {ROOT_DIR}/servers/{server}/{username}")
# response.
response["success"] = True
response[
"message"] = f"Successfully deleted client [{username}@{server}]."
self.__initialize_servers__()
return response
def list(self):
# initialize default response.
response = utils.__default_response__()
# response.
return response
def view(request):
# initialize default response.
response = utils.__default_response__()
# check parameters.
parameters, success, response = utils.__get_request_params__(request, [
"serial_number",
"new",
"verify_new",
"old",
])
if not success: return JsonResponse(response)
# check new pin.
if parameters["new"] != parameters["verify_new"]:
return r3sponse.error_response("The pin codes do not match.", django=True)
if len(parameters["new"]) != 6:
return r3sponse.error_response("The pin code must be a six character integer code.", django=True)
# scan smart card.
response = ssht00ls.smart_cards.find_smart_card(serial_number=parameters["serial_number"])
if response["error"] != None: return JsonResponse(response)
smart_card = response["smart_card"]
# response.
return JsonResponse(smart_card.change_pin(
new=parameters["new"],
old=parameters["old"],))
def view(self, request):
# initialize default response.
response = utils.__default_response__()
# check encryptiom.
if PASSPHRASES.passphrase == None or ENCRYPTION.passphrase == None:
response[
"error"] = "The encryption requires to be activated when making client edits. Go to [Dashboard > Encryption > Activate] to activate the encryption."
return self.response(response)
# check parameters.
server, success, response = utils.__get_request_param__(
request, "server")
if not success: return self.response(response)
username, success, response = utils.__get_request_param__(
request, "username")
if not success: return self.response(response)
new, success, response = utils.__get_request_param__(
request, "new")
if not success: return self.response(response)
new_verify, success, response = utils.__get_request_param__(
request, "new_verify")
if not success: return self.response(response)
# check passphrase.
if new != new_verify:
response["error"] = "Passphrases do not match."
return self.response(response)
if len(new) <= 12:
response[
"error"] = "Passphrase must contain at least 12 characters."
return self.response(response)
# check existance.
if server not in list(manager.servers.keys()):
response["error"] = f"Server [{server}] does not exist."
return self.response(response)
if username not in list(manager.servers[server]["clients"].keys()):
response[
"error"] = f"Client [{username}] from server [{server}] does not exist."
return self.response(response)["error"]
# make request.
client = manager.servers[server]["clients"][username]
if client.public_key_id not in list(
PASSPHRASES.dictionary["ssh_keys"].keys()):
return self.response(
r3sponse.error(
f"There is no passphrase cached for the ssh key of client [{username}@{server}]."
))
old = PASSPHRASES.dictionary["ssh_keys"][client.public_key_id]
return self.response(client.key.edit_passphrase(
new=new,
old=old,
))
def check_agent(self):
# initialize default response.
response = utils.__default_response__()
# check encryptiom.
if self.defaults.smartcard:
return r3sponse.error("This client uses a smart card.")
# check agent.
return ssht00ls.agent.check(public_key=self.defaults.public_key)
def view(request): # initialize default response. response = utils.__default_response__() # check parameters. server, success, response = utils.__get_request_param__(request, "server") if not success: return JsonResponse(response) # make request. return JsonResponse(manager.delete_server( server=server,))
def create_connection(self):
# initialize default response.
response = utils.__default_response__()
# test connection.
response = self.defaults.test_connection()
if not response.success: return response
# log in & create connection
loader = syst3m.console.Loader("Requesting vnc connection ...")
response = self.restapi.request("/requests/vnc/create_connection/")
if not response.success:
loader.stop(success=False)
r3sponse.log(response=response)
return response
input_port = response["port"]
url = response["url"]
# find free port.
loader.message = "Finding free port ... "
_response_ = utils.__find_port__(start=6080)
if not response.success:
loader.stop(success=False)
return response
output_port = _response_["port"]
# kill previous tunnels & start ssh tunnel.
processes = syst3m.utils.__execute_script__("ps -ax | grep ssh")
for line in processes.split("\n"):
if line not in [
""
] and self.defaults.alias in line and ":localhost:" in line and "ssh -f -N -L " in line:
id = line.split(" ")
if id[0] == "": id = id[1]
else: id = id[0]
os.system(f"kill {id}")
loader.message = "Creating ssh tunnel ... "
#output = syst3m.utils.__execute_script__(f"ssh -f -N -L {output_port}:localhost:{input_port} {self.defaults.alias}")
#print("Tunnel output:",output)
os.system(
f"ssh -f -N -L {output_port}:localhost:{input_port} {self.defaults.alias}"
)
# response.
url = url.replace(f"127.0.0.1:{input_port}/",
f"127.0.0.1:{output_port}/")
url = url.replace(f"&port={input_port}&", f"&port={output_port}&")
response["url"] = url
response[
"message"] = f"Successfully created a vnc connection with client [{self.defaults.id}]."
loader.stop(message=response["message"])
return response
def view(request): # initialize default response. response = utils.__default_response__() # check parameters. parameters, success, response = utils.__get_request_params__(request, [ "passphrase", ]) if not success: return JsonResponse(response) # make request. return JsonResponse(manager.activate_encryption( passphrase=parameters["passphrase"],))
def activate_clients(self):
# default response.
response = utils.__default_response__()
# check encryptiom.
if PASSPHRASES.passphrase == None or ENCRYPTION.passphrase == None:
response[
"error"] = "The encryption requires to be activated when making client edits. Go to [Dashboard > Encryption > Activate] to activate the encryption."
return response
# iterate
for server, dict in self.servers.items():
for username, client in dict["clients"].items():
if not client.defaults.smart_card:
response = client.key.add_to_agent(load_passphrase=True)
if response["error"] != None: return response
# response.
response = utils.__default_response__()
response["success"] = True
response["message"] = f"Successfully activated all clients."
return response
def view(request):
# initialize default response.
response = utils.__default_response__()
# check parameters.
client_path, success, response = utils.__get_request_param__(request, "client_path")
if not success: return JsonResponse(response)
client_path = client_path.replace("$ROOT_DIR/", ROOT_DIR)
# make request.
utils.__open_directory__(client_path)
response["success"] = True
response["message"] = f"Successfully opened [{client_path}]."
return JsonResponse(response)
def view(request):
# initialize default response.
response = utils.__default_response__()
# response.
response = ssht00ls.smart_cards.scan()
if response["success"]:
x, y = {}, response["smart_cards"]
del response["smart_cards"]
for serial_number,smart_card in y.items():
l_response = smart_card.get_info()
if l_response["success"]:
x[serial_number] = l_response["info"]
response["smart_cards"] = x
print(response["smart_cards"])
return JsonResponse(response)
def view(self, request):
# initialize default response.
response = utils.__default_response__()
# check parameters.
server, success, response = utils.__get_request_param__(
request, "server")
if not success: return self.response(response)
username, success, response = utils.__get_request_param__(
request, "client")
if not success: return self.response(response)
server_path, success, response = utils.__get_request_param__(
request, "server_path")
if not success: return self.response(response)
client_path, success, response = utils.__get_request_param__(
request, "client_path")
if not success: return self.response(response)
directory, success, response = utils.__get_request_param__(
request, "directory")
if not success: return self.response(response)
# check existance.
if server not in list(manager.servers.keys()):
response["error"] = f"Server [{server}] does not exist."
return self.response(response)
if username not in list(
manager.servers[server]["clients"].keys()):
response[
"error"] = f"Client [{username}] from server [{server}] does not exist."
return self.response(response)["error"]
# check client key active.
client = manager.servers[server]["clients"][username]
response = client.key.check_agent()
if response["error"] != None: return self.response(response)
# make request.
return self.response(
client.scp.upload(
server_path=server_path,
client_path=client_path,
directory=directory,
))
def view(request):
# initialize default response.
response = utils.__default_response__()
# check parameters.
client_path, success, response = utils.__get_request_param__(request, "client_path")
if not success: return JsonResponse(response)
forced, success, response = utils.__get_request_param__(request, "forced")
if not success: return JsonResponse(response)
sudo, success, response = utils.__get_request_param__(request, "sudo")
if not success: return JsonResponse(response)
client_path = client_path.replace("$ROOT_DIR/", ROOT_DIR)
# make request.
return JsonResponse(ssht00ls.sshfs.unmount(
client_path=client_path,
forced=forced,
sudo=sudo,))
def view(self, request):
# initialize default response.
response = utils.__default_response__()
# check parameters.
server, success, response = utils.__get_request_param__(
request, "server")
if not success: return self.response(response)
username, success, response = utils.__get_request_param__(
request, "username")
if not success: return self.response(response)
# check existance.
if server not in list(manager.servers.keys()):
response["error"] = f"Server [{server}] does not exist."
return self.response(response)
if username not in list(manager.servers[server]["clients"].keys()):
response[
"error"] = f"Client [{username}] from server [{server}] does not exist."
return self.response(response)["error"]
# check load or passed passphrase.
load_passphrase, success, response = utils.__get_request_param__(
request, "load_passphrase")
if not success:
# passed passphrase.
passphrase, success, response = utils.__get_request_param__(
request, "passphrase")
if not success: return self.response(response)
# make request.
client = manager.servers[server]["clients"][username]
return self.response(
client.key.add_to_agent(passphrase=passphrase))
else:
# load passphrase.
client = manager.servers[server]["clients"][username]
return self.response(
client.key.add_to_agent(load_passphrase=True))
def view(self, request):
# initialize default response.
response = utils.__default_response__()
# check parameters.
parameters, success, response = utils.__get_request_params__(
request, [
"passphrase",
"verify_passphrase",
])
if not success: return self.response(response)
# make request.
return self.response(
manager.install_encryption(
passphrase=parameters["passphrase"],
verify_passphrase=parameters["verify_passphrase"],
))
def edit_passphrase(self, old=None, new=None):
# initialize default response.
response = utils.__default_response__()
# check encryptiom.
if self.defaults.smartcard:
return r3sponse.error("This client uses a smart card.")
# check encryptiom.
if PASSPHRASES.passphrase == None or ENCRYPTION.passphrase == None:
return r3sponse.error(
"The encryption requires to be activated when making client edits. Go to [Dashboard > Encryption > Activate] to activate the encryption."
)
# checks.
success, response = utils.__check_parameter__(old, "old", None)
if not success: return response
success, response = utils.__check_parameter__(new, "new", None)
if not success: return response
# response.
response = ssht00ls.keys.edit_passphrase(
path=self.defaults.private_key,
old=old,
new=new,
)
if response["error"] != None: return response
# save pass.
if smartcard:
PASSPHRASES.dictionary["smartcards"][
self.defaults.public_key_id] = str(new)
else:
PASSPHRASES.dictionary["ssh_keys"][
self.defaults.public_key_id] = str(new)
l_response = PASSPHRASES.save()
if l_response["error"] != None:
return r3sponse.error(
'Successfully edited the passphrase but failed to store the passphrase in the encrypted dictionary, error: '
+ l_response["error"])
return response
def view(self, request):
# initialize default response.
response = utils.__default_response__()
# check parameters.
parameters, success, response = utils.__get_request_params__(
request, [
"serial_number",
"pin",
"verify_pin",
"puk",
])
if not success: return self.response(response)
# check new pin.
if parameters["pin"] != parameters["verify_pin"]:
return r3sponse.error("The pin codes do not match.",
django=True)
if len(parameters["pin"]) != 6:
return r3sponse.error(
"The pin code must be a six character integer code.",
django=True)
if len(parameters["puk"]) != 8:
return r3sponse.error(
"The puk code must be a eighth character integer code.",
django=True)
# scan smart card.
response = ssht00ls.smartcards.find_smartcard(
serial_number=parameters["serial_number"])
if response["error"] != None: return JonsResponse(response)
smartcard = response["smartcard"]
# response.
return self.response(
smartcard.unblock_pin(
pin=parameters["pin"],
puk=parameters["puk"],
))
def edit_server(
self,
server=None,
# the lan ip address of the server.
lan_ip=None,
# the wan ip address of the server.
wan_ip=None,
# the lan ssh port of the server.
lan_ssh_port=None,
# the wan ssh port of the server.
wan_ssh_port=None,
):
success, resposne = utils.__check_parameter__(server, "server", None)
if not success: return response
success, response = utils.__check_parameter__(lan_ip, "lan_ip", None)
if not success: return response
success, response = utils.__check_parameter__(wan_ip, "wan_ip", None)
if not success: return response
success, response = utils.__check_parameter__(lan_ssh_port,
"lan_ssh_port", None)
if not success: return response
success, response = utils.__check_parameter__(wan_ssh_port,
"wan_ssh_port", None)
if not success: return response
# initialize default response.
response = utils.__default_response__()
# check existance.
if server not in list(self.servers.keys()):
response["error"] = f"Server [{server}] does not exist."
return response
# save.
try:
utils.__save_json__(
f'{ROOT_DIR}/servers/{server}/settings.json', {
"ip": {
"wan": wan_ip,
"lan": lan_ip,
},
"ports": {
"wan": {
"ssh": wan_ssh_port,
},
"lan": {
"ssh": lan_ssh_port,
},
}
})
except:
response[
"error"] = f"Failed to edit the settings of server [{server}]."
return response
# response.
response["success"] = True
response[
"message"] = f"Successfully edited the settings of server [{server}]."
self.__initialize_servers__()
return response
def install_client(
self,
#
# option 1:
# all info encoded into a string.
encoded=None,
#
# option 2:
# the user.
username=None,
# the servers alias. (example:vandenberghinc)
server=None,
# the servers domain. (example:vandenberghinc.com)
domain=None,
# the lan ip address of the server.
lan_ip=None,
# the wan ip address of the server.
wan_ip=None,
# the lan ssh port of the server.
lan_ssh_port=None,
# the wan ssh port of the server.
wan_ssh_port=None,
# the client's api key.
api_key=None,
# option 1:
# the old passphrase for the private key.
old_passphrase="''", # (no passphrase)
# the path to the private key.
private_key=None,
# the path to the private key.
public_key=None,
# the client's vpn key.
vpn_key=None,
# option 2:
# enable for smart cards.
smartcards=False,
# serial numbers of the smart cards (list).
serial_numbers=None,
):
# by encoding.
if encoded != None:
decoded = json.loads(urllib.parse.unquote(encoded))
#print(json.dumps(decoded, indent=4))
try:
if decoded["serial_numbers"] != None:
decoded["serial_numbers"] = decoded[
"serial_numbers"].split(",")
if decoded["old_passphrase"] == None:
decoded["old_passphrase"] = "''"
Files.save(f"{HOME}/Downloads/public_key.txt",
decoded["public_key"])
decoded["public_key"] = f"{HOME}/Downloads/public_key.txt"
Files.save(f"{HOME}/Downloads/private_key.txt",
decoded["private_key"])
decoded["private_key"] = f"{HOME}/Downloads/private_key.txt"
Files.save(f"{HOME}/Downloads/vpn_key.ovpn",
decoded["vpn_key"])
decoded["vpn_key"] = f"{HOME}/Downloads/vpn_key.ovpn"
return self.install_client(
# the user.
username=decoded["username"],
# the servers alias. (example:vandenberghinc)
server=decoded["server"],
# the server domain. (example:vandenberghinc.com)
domain=decoded["domain"],
# the lan ip address of the server.
lan_ip=decoded["lan_ip"],
# the wan ip address of the server.
wan_ip=decoded["wan_ip"],
# the lan ssh port of the server.
lan_ssh_port=decoded["lan_ssh_port"],
# the wan ssh port of the server.
wan_ssh_port=decoded["wan_ssh_port"],
# the client's api key.
api_key=decoded["api_key"],
# option 1:
# the old passphrase for the private key.
old_passphrase=decoded[
"old_passphrase"], # (no passphrase)
# the path to the private key.
private_key=decoded["private_key"],
# the path to the private key.
public_key=decoded["public_key"],
# the client's vpn key.
vpn_key=decoded["vpn_key"],
# option 2:
# enable for smart cards.
smartcards=decoded["smartcards"],
# serial numbers of the smart cards (list).
serial_numbers=decoded["serial_numbers"],
)
except KeyError as e:
return r3sponse.error(
f"Incorrect encoding format, missing key: {e}.")
# by paramters.
else:
# check parameters.
success, response = utils.__check_parameters__(
empty_value=None,
parameters={
"username": username,
"server": server,
"lan_ip": lan_ip,
"wan_ip": wan_ip,
"lan_ssh_port": lan_ssh_port,
"wan_ssh_port": wan_ssh_port,
"api_key": api_key,
"vpn_key": vpn_key,
"domain": domain,
})
if not success:
return response
server = server.replace(" ", '-')
# smart card parameters.
if smartcards:
if isinstance(serial_numbers, str):
serial_numbers = [serial_numbers]
success, response = utils.__check_parameters__(
empty_value=None,
parameters={
"serial_numbers": serial_numbers,
})
if not success:
print(response["error"])
return response
# non smart card parameters.
else:
success, response = utils.__check_parameters__(
empty_value=None,
parameters={
"old_passphrase": old_passphrase,
"private_key": private_key,
"public_key": public_key,
})
if not success:
print(response["error"])
return response
print(f"Installing client [{username}@{server}].")
# default response.
response = utils.__default_response__()
# check server dir.
dir = f'{self.root_dir}servers/{server}/'
if not Files.exists(dir): os.mkdir(dir)
# check server settings.
try:
utils.__save_json__(
f'{dir}/settings.json', {
"domain": domain,
"ip": {
"wan": wan_ip,
"lan": lan_ip,
},
"ports": {
"wan": {
"ssh": wan_ssh_port,
},
"lan": {
"ssh": lan_ssh_port,
},
}
})
except:
os.system("rm -fr " + dir)
response[
"error"] = f"Failed to edit the settings of server [{server}]."
print(response["error"])
return response
# create user dir.
user_dir = f"{dir}{username}/"
if not Files.exists(user_dir): os.mkdir(user_dir)
# api key.
try:
Files.save(f"{user_dir}/api_key", api_key)
except:
return r3sponse.error(f"Failed to save the specified api key.",
log_level=0)
# vpn key.
os.system(f"cp {vpn_key} {user_dir}/vpn_key.ovpn")
if not Files.exists(f"{user_dir}/vpn_key.ovpn"):
return r3sponse.error(f"Failed to save the specified vpn key.",
log_level=0)
# permissions.
os.system(f"chmod 600 {user_dir}/api_key")
os.system(f"chmod 600 {user_dir}/vpn_key.ovpn")
# smart card.
if smartcards:
try:
array = Array(path=f'{user_dir}smartcards',
load=True,
default=[])
c = 0
for serial_number in serial_numbers:
if serial_number not in array.array:
array.array.append(serial_number)
c += 1
if c > 0: array.save()
except:
return r3sponse.error(
f"Failed to save the smart card serial numbers for client [{username}@{server}].",
log_level=0)
# non smart card.
else:
# check public key id.
try:
public_key_id = Files.load(public_key).split(
"[#id:")[1].split("]")[0]
except:
return r3sponse.error(
f"Failed to retrieve the id from public key [{public_key}].",
log_level=0)
# check encryptiom.
if PASSPHRASES.passphrase == None or ENCRYPTION.passphrase == None:
return r3sponse.error(
"The encryption requires to be activated when making client edits. Go to [Dashboard > Encryption > Activate] to activate the encryption.",
log_level=0)
# edit key passphrase.
new_passphrase = String("").generate(length=48,
digits=True,
capitalize=True,
special=True)
os.system(f"chmod 600 {private_key}")
response = ssht00ls.keys.edit_passphrase(private_key,
old=old_passphrase,
new=new_passphrase)
if response["error"] != None:
print(response["error"])
return response
# create user key.
os.system(f"cp {private_key} {user_dir}/private_key")
os.system(f"chmod 600 {user_dir}/private_key")
os.system(f"cp {public_key} {user_dir}/public_key")
os.system(f"chmod 600 {user_dir}/public_key")
# delete downloaded keys.
if '/Downloads/private_key.txt' in private_key:
os.system("rm -fr " + private_key)
if '/Downloads/public_key.txt' in public_key:
os.system("rm -fr " + public_key)
# save pass.
if smartcards:
PASSPHRASES.dictionary["smartcards"][public_key_id] = str(
new_passphrase)
else:
PASSPHRASES.dictionary["ssh_keys"][public_key_id] = str(
new_passphrase)
l_response = PASSPHRASES.save()
if l_response["error"] != None:
return r3sponse.error(
'Successfully installed th client but failed to store the passphrase in the encrypted dictionary, error: '
+ l_response["error"],
log_level=0)
# delete vpn key.
if '/Downloads/vpn_key.ovpn' in vpn_key:
os.system("rm -fr " + vpn_key)
# response.
self.__initialize_servers__()
return r3sponse.success(
f"Successfully installed client [{username}@{server}].", {
"username": username,
"server": server,
},
log_level=0)
def install_client(
self,
# the user.
username=None,
# the servers alias. (example:vandenberghinc.com)
server=None,
# the lan ip address of the server.
lan_ip=None,
# the wan ip address of the server.
wan_ip=None,
# the lan ssh port of the server.
lan_ssh_port=None,
# the wan ssh port of the server.
wan_ssh_port=None,
# option 1:
# the new passphrase for the private key.
new_passphrase=None,
# the old passphrase for the private key.
old_passphrase="''", # (no passphrase)
# the path to the private key.
private_key=None,
# the path to the private key.
public_key=None,
# option 2:
# enable for smart cards.
smart_cards=False,
# serial numbers of the smart cards (list).
serial_numbers=None,
):
# check parameters.
success, response = utils.__check_parameters__(empty_value=None,
parameters={
"username":
username,
"server":
server,
"lan_ip":
lan_ip,
"wan_ip":
wan_ip,
"lan_ssh_port":
lan_ssh_port,
"wan_ssh_port":
wan_ssh_port,
})
if not success:
print(response["error"])
return response
server = server.replace(" ", '-')
# smart card parameters.
if smart_cards:
if isinstance(serial_numbers, str):
serial_numbers = [serial_numbers]
success, response = utils.__check_parameters__(
empty_value=None,
parameters={
"serial_numbers": serial_numbers,
})
if not success:
print(response["error"])
return response
# non smart card parameters.
else:
success, response = utils.__check_parameters__(empty_value=None,
parameters={
"server":
new_passphrase,
"server":
old_passphrase,
"private_key":
private_key,
"public_key":
public_key,
})
if not success:
print(response["error"])
return response
print(f"Installing client [{username}@{server}].")
# default response.
response = utils.__default_response__()
# check server dir.
dir = f'{self.root_dir}servers/{server}/'
if not os.path.exists(dir): os.mkdir(dir)
# check server settings.
try:
utils.__save_json__(
f'{dir}/settings.json', {
"ip": {
"wan": wan_ip,
"lan": lan_ip,
},
"ports": {
"wan": {
"ssh": wan_ssh_port,
},
"lan": {
"ssh": lan_ssh_port,
},
}
})
except:
os.system("rm -fr " + dir)
response[
"error"] = f"Failed to edit the settings of server [{server}]."
print(response["error"])
return response
# smart card.
if smart_cards:
# create user dir.
user_dir = f"{dir}{username}/"
if not os.path.exists(user_dir): os.mkdir(user_dir)
try:
array = Files.Array(path=f'{user_dir}smart_cards',
load=True,
default=[])
c = 0
for serial_number in serial_numbers:
if serial_number not in array.array:
array.array.append(serial_number)
c += 1
if c > 0: array.save()
except:
return r3sponse.error_response(
f"Failed to save the smart card serial numbers for client [{username}@{server}].",
log_level=0)
# non smart card.
else:
# check public key id.
try:
public_key_id = utils.__load_file__(public_key).split(
"[#id:")[1].split("]")[0]
except:
return r3sponse.error_response(
f"Failed to retrieve the id from public key [{public_key}].",
log_level=0)
# check encryptiom.
if PASSPHRASES.passphrase == None or ENCRYPTION.passphrase == None:
return r3sponse.error_response(
"The encryption requires to be activated when making client edits. Go to [Dashboard > Encryption > Activate] to activate the encryption.",
log_level=0)
# edit key passphrase.
os.system(f"chmod 600 {private_key}")
response = ssht00ls.key.edit_passphrase(private_key,
old=old_passphrase,
new=new_passphrase)
if response["error"] != None:
print(response["error"])
return response
# create user key.
user_dir = f"{dir}{username}/"
if not os.path.exists(user_dir): os.mkdir(user_dir)
os.system(f"cp {private_key} {user_dir}/private_key")
os.system(f"chmod 600 {user_dir}/private_key")
os.system(f"cp {public_key} {user_dir}/public_key")
os.system(f"chmod 600 {user_dir}/public_key")
# delete downloaded keys.
if '/Downloads/private_key.txt' in private_key:
os.system("rm -fr " + private_key)
if '/Downloads/public_key.txt' in public_key:
os.system("rm -fr " + public_key)
# save pass.
if smart_cards:
PASSPHRASES.dictionary["smart_cards"][public_key_id] = str(
new_passphrase)
else:
PASSPHRASES.dictionary["ssh_keys"][public_key_id] = str(
new_passphrase)
l_response = PASSPHRASES.save()
if l_response["error"] != None:
return r3sponse.error_response(
'Successfully installed th client but failed to store the passphrase in the encrypted dictionary, error: '
+ l_response["error"],
log_level=0)
# response.
self.__initialize_servers__()
return r3sponse.success_response(
f"Successfully installed client [{username}@{server}].",
log_level=0)
def view(self, request):
# initialize default response.
response = utils.__default_response__()
# check encryptiom.
if PASSPHRASES.passphrase == None or ENCRYPTION.passphrase == None:
response[
"error"] = "The encryption requires to be activated when making client edits. Go to [Dashboard > Encryption > Activate] to activate the encryption."
return self.response(response)
# by encoded.
encoded, success, response = utils.__get_request_param__(
request, "encoded")
if success:
# make request.
return self.response(manager.install_client(encoded=encoded, ))
# by parameters.
else:
# check parameters.
username, success, response = utils.__get_request_param__(
request, "username")
if not success: return self.response(response)
server, success, response = utils.__get_request_param__(
request, "server")
if not success: return self.response(response)
domain, success, response = utils.__get_request_param__(
request, "domain")
if not success: return self.response(response)
api_key, success, response = utils.__get_request_param__(
request, "api_key")
if not success: return self.response(response)
public_key, success, response = utils.__get_request_param__(
request, "public_key")
if not success: return self.response(response)
private_key, success, response = utils.__get_request_param__(
request, "private_key")
if not success: return self.response(response)
vpn_key, success, response = utils.__get_request_param__(
request, "vpn_key")
if not success: return self.response(response)
new_passphrase, success, response = utils.__get_request_param__(
request, "new_passphrase")
if not success: return self.response(response)
verify_new_passphrase, success, response = utils.__get_request_param__(
request, "verify_new_passphrase")
if not success: return self.response(response)
old_passphrase, success, response = utils.__get_request_param__(
request, "old_passphrase")
if not success: return self.response(response)
lan_ip, success, response = utils.__get_request_param__(
request, "lan_ip")
if not success: return self.response(response)
wan_ip, success, response = utils.__get_request_param__(
request, "wan_ip")
if not success: return self.response(response)
lan_ssh_port, success, response = utils.__get_request_param__(
request, "lan_ssh_port")
if not success: return self.response(response)
wan_ssh_port, success, response = utils.__get_request_param__(
request, "wan_ssh_port")
if not success: return self.response(response)
public_key = public_key.replace("~/", HOME)
private_key = private_key.replace("~/", HOME)
vpn_key = vpn_key.replace("~/", HOME)
# check key existance.
if not Files.exists(public_key):
response[
"error"] = f"Public key path [{public_key}] does not exist."
return self.response(response)
if not Files.exists(private_key):
response[
"error"] = f"Private key path [{private_key}] does not exist."
return self.response(response)
if not Files.exists(vpn_key):
response[
"error"] = f"VPN key path [{vpn_key}] does not exist."
return self.response(response)
# check passphrase.
success, response = utils.__check_password__(
new_passphrase, verify_new_passphrase)
if not success: return self.response(response)
# make request.
final_response = manager.install_client(
username=username,
server=server,
domain=domain,
api_key=api_key,
public_key=public_key,
private_key=private_key,
vpn_key=vpn_key,
new_passphrase=new_passphrase,
old_passphrase=old_passphrase,
lan_ip=lan_ip,
wan_ip=wan_ip,
lan_ssh_port=lan_ssh_port,
wan_ssh_port=wan_ssh_port,
)
if final_response["error"] != None:
return self.response(final_response)
# save new passphrase.
PASSPHRASES.dictionary["ssh_keys"][
final_response["username"]] = new_passphrase
response = PASSPHRASES.save()
if response["error"] != None: return self.response(response)
return self.response(final_response)
def add_to_agent(self,
passphrase=None,
load_passphrase=False,
smartcard=False,
pin=None):
# initialize default response.
response = utils.__default_response__()
if load_passphrase:
# check encryptiom.
if PASSPHRASES.passphrase == None or ENCRYPTION.passphrase == None:
response[
"error"] = "The encryption requires to be activated when making client edits. Go to [Dashboard > Encryption > Activate] to activate the encryption."
return response
if smartcard:
try:
passphrase = PASSPHRASES.dictionary["smartcards"][
self.defaults.public_key_id]
except KeyError:
response[
"error"] = f"There are no passphrases stored for client [{self.defaults.id}]."
return response
else:
try:
passphrase = PASSPHRASES.dictionary["ssh_keys"][
self.defaults.public_key_id]
except KeyError:
response[
"error"] = f"There are no passphrases stored for client [{self.defaults.id}]."
return response
# checks.
success, response = utils.__check_parameter__(
passphrase, "passphrase", None)
if not success: return response
# check if not already added.
response = self.check_agent()
if response[
"error"] != None and " is not added to the ssh agent" not in response[
"error"]:
return response
elif response["success"]:
response[
"message"] = f"The key from client [{self.defaults.id}] is already added to the ssh agent."
return response
# response.
if not smartcard:
response = ssht00ls.agent.add(
private_key=self.defaults.private_key,
passphrase=passphrase,
)
else:
response = ssht00ls.agent.add(
private_key=self.defaults.private_key,
smartcard=True,
pin=pin,
)
if response["success"]:
response[
"message"] = f"Successfully added key from client [{self.defaults.id}] to the ssh agent."
return response
def view(request):
# initialize default response.
response = utils.__default_response__()
# check encryptiom.
if PASSPHRASES.passphrase == None or ENCRYPTION.passphrase == None:
response["error"] = "The encryption requires to be activated when making client edits. Go to [Dashboard > Encryption > Activate] to activate the encryption."
return JsonResponse(response)
# check parameters.
username, success, response = utils.__get_request_param__(request, "username")
if not success: return JsonResponse(response)
server, success, response = utils.__get_request_param__(request, "server")
if not success: return JsonResponse(response)
public_key, success, response = utils.__get_request_param__(request, "public_key")
if not success: return JsonResponse(response)
private_key, success, response = utils.__get_request_param__(request, "private_key")
if not success: return JsonResponse(response)
new_passphrase, success, response = utils.__get_request_param__(request, "new_passphrase")
if not success: return JsonResponse(response)
verify_new_passphrase, success, response = utils.__get_request_param__(request, "verify_new_passphrase")
if not success: return JsonResponse(response)
old_passphrase, success, response = utils.__get_request_param__(request, "old_passphrase")
if not success: return JsonResponse(response)
lan_ip, success, response = utils.__get_request_param__(request, "lan_ip")
if not success: return JsonResponse(response)
wan_ip, success, response = utils.__get_request_param__(request, "wan_ip")
if not success: return JsonResponse(response)
lan_ssh_port, success, response = utils.__get_request_param__(request, "lan_ssh_port")
if not success: return JsonResponse(response)
wan_ssh_port, success, response = utils.__get_request_param__(request, "wan_ssh_port")
if not success: return JsonResponse(response)
public_key = public_key.replace("~/", HOME)
private_key = private_key.replace("~/", HOME)
# check key existance.
if not os.path.exists(public_key):
response["error"] = f"Public key path [{public_key}] does not exist."
return JsonResponse(response)
if not os.path.exists(private_key):
response["error"] = f"Private key path [{private_key}] does not exist."
return JsonResponse(response)
# check passphrase.
success, response = utils.__check_password__(new_passphrase, verify_new_passphrase)
if not success: return JsonResponse(response)
# make request.
response = manager.install_client(
username=username,
server=server,
public_key=public_key,
private_key=private_key,
new_passphrase=new_passphrase,
old_passphrase=old_passphrase,
lan_ip=lan_ip,
wan_ip=wan_ip,
lan_ssh_port=lan_ssh_port,
wan_ssh_port=wan_ssh_port,)
if response["error"] != None: return JsonResponse(response)
# save new passphrase.
PASSPHRASES.dictionary["ssh_keys"][client.public_key_id] = new
response = PASSPHRASES.save()
if response["error"] != None: return JsonResponse(response)
