def get_org(self, org_id): if org_id in self.organizations: org = Organization.get_org(id=org_id) try: org.load() except IOError: logger.exception('Failed to load org conf. %r' % { 'org_id': org_id, }) return return org
def iter_orgs(self): orgs_dict = {} orgs_sort = [] for org_id in self.organizations: org = Organization.get_org(id=org_id) if not org: continue name_id = '%s_%s' % (org.name, org.id) orgs_dict[name_id] = org orgs_sort.append(name_id) for name_id in sorted(orgs_sort): yield orgs_dict[name_id]
def _remove_primary_user(self): logger.debug('Removing primary user. %r' % { 'server_id': self.id, }) if not self.primary_organization or not self.primary_user: return org = Organization.get_org(id=self.primary_organization) if org: user = org.get_user(id=self.primary_user) if user: user.remove() self.primary_organization = None self.primary_user = None
def add_org(self, org_id): logger.debug('Adding organization to server. %r' % { 'server_id': self.id, 'org_id': org_id, }) org = Organization.get_org(id=org_id) if org.id in self.organizations: logger.debug('Organization already on server, skipping. %r' % { 'server_id': self.id, 'org_id': org.id, }) return org self.organizations.append(org.id) self.commit() Event(type=SERVERS_UPDATED) Event(type=SERVER_ORGS_UPDATED, resource_id=self.id) Event(type=USERS_UPDATED, resource_id=org_id) return org
def _remove_primary_user(self): logger.debug('Removing primary user. %r' % { 'server_id': self.id, }) primary_organization = self.primary_organization primary_user = self.primary_user self.primary_organization = None self.primary_user = None if not primary_organization or not primary_user: return org = Organization.get_org(id=primary_organization) user = org.get_user(primary_user) if not user: logger.debug('Primary user not found, skipping remove. %r' % { 'server_id': self.id, 'org_id': org.id, }) return if user: user.remove()
def _generate_ovpn_conf(self): if not self.org_count: raise ServerMissingOrg('Ovpn conf cannot be generated without ' + \ 'any organizations', { 'server_id': self.id, }) logger.debug('Generating node server ovpn conf. %r' % { 'server_id': self.id, }) if not self.primary_organization or not self.primary_user: self._create_primary_user() if not os.path.isfile(self.dh_param_path): self._generate_dh_param() primary_org = Organization.get_org(id=self.primary_organization) primary_user = primary_org.get_user(self.primary_user) self.generate_ca_cert() push = '' if self.local_networks: for network in self.local_networks: push += 'push "route %s %s"\n' % self._parse_network(network) else: push += 'push "redirect-gateway"\n' for dns_server in self.dns_servers: push += 'push "dhcp-option DNS %s"\n' % dns_server push = push.rstrip() server_conf = OVPN_INLINE_SERVER_CONF % ( self.port, self.protocol, self.interface, '%s', '%s', '%s', '%s %s' % self._parse_network(self.network), '%s', push, '%s', 4 if self.debug else 1, 8 if self.debug else 3, ) if self.otp_auth: server_conf += 'auth-user-pass-verify ' + \ '<%= user_pass_verify_path %> via-file\n' if self.lzo_compression: server_conf += 'comp-lzo\npush "comp-lzo"\n' if self.local_networks: server_conf += 'client-to-client\n' server_conf += '<ca>\n%s\n</ca>\n' % utils.get_cert_block( self.ca_cert_path) server_conf += '<cert>\n%s\n</cert>\n' % utils.get_cert_block( primary_user.cert_path) server_conf += '<key>\n%s\n</key>\n' % open( primary_user.key_path).read().strip() server_conf += '<dh>\n%s\n</dh>\n' % open( self.dh_param_path).read().strip() return server_conf
def _generate_ovpn_conf(self, temp_path): logger.debug('Generating server ovpn conf. %r' % { 'server_id': self.id, }) if not self.primary_organization or not self.primary_user: self._create_primary_user() primary_org = Organization.get_org(id=self.primary_organization) if not primary_org: self._create_primary_user() primary_org = Organization.get_org(id=self.primary_organization) primary_user = primary_org.get_user(self.primary_user) if not primary_user: self._create_primary_user() primary_org = Organization.get_org(id=self.primary_organization) primary_user = primary_org.get_user(self.primary_user) tls_verify_path = os.path.join(temp_path, TLS_VERIFY_NAME) user_pass_verify_path = os.path.join(temp_path, USER_PASS_VERIFY_NAME) client_connect_path = os.path.join(temp_path, CLIENT_CONNECT_NAME) client_disconnect_path = os.path.join(temp_path, CLIENT_DISCONNECT_NAME) ovpn_status_path = os.path.join(temp_path, OVPN_STATUS_NAME) ovpn_conf_path = os.path.join(temp_path, OVPN_CONF_NAME) auth_host = app_server.bind_addr if auth_host == '0.0.0.0': auth_host = 'localhost' for script, script_path in ( (TLS_VERIFY_SCRIPT, tls_verify_path), (USER_PASS_VERIFY_SCRIPT, user_pass_verify_path), (CLIENT_CONNECT_SCRIPT, client_connect_path), (CLIENT_DISCONNECT_SCRIPT, client_disconnect_path), ): with open(script_path, 'w') as script_file: os.chmod(script_path, 0755) # TODO script_file.write(script % ( app_server.local_api_key, '/dev/null', # TODO app_server.web_protocol, auth_host, app_server.port, self.id, )) push = '' if self.mode == LOCAL_TRAFFIC: for network in self.local_networks: push += 'push "route %s %s"\n' % self._parse_network(network) elif self.mode == VPN_TRAFFIC: pass else: push += 'push "redirect-gateway"\n' for dns_server in self.dns_servers: push += 'push "dhcp-option DNS %s"\n' % dns_server if self.search_domain: push += 'push "dhcp-option DOMAIN %s"\n' % self.search_domain server_conf = OVPN_INLINE_SERVER_CONF % ( self.port, self.protocol, self.interface, tls_verify_path, client_connect_path, client_disconnect_path, '%s %s' % self._parse_network(self.network), ovpn_status_path, 4 if self.debug else 1, 8 if self.debug else 3, ) if self.otp_auth: server_conf += 'auth-user-pass-verify %s via-file\n' % ( user_pass_verify_path) if self.lzo_compression: server_conf += 'comp-lzo\npush "comp-lzo"\n' if self.mode in (LOCAL_TRAFFIC, VPN_TRAFFIC): server_conf += 'client-to-client\n' if push: server_conf += push server_conf += '<ca>\n%s\n</ca>\n' % utils.get_cert_block( self.ca_certificate) server_conf += '<cert>\n%s\n</cert>\n' % utils.get_cert_block( primary_user.certificate) server_conf += '<key>\n%s\n</key>\n' % primary_user.private_key server_conf += '<dh>\n%s\n</dh>\n' % self.dh_params with open(ovpn_conf_path, 'w') as ovpn_conf: os.chmod(ovpn_conf_path, 0600) ovpn_conf.write(server_conf)
def get_org(self, org_id): if org_id in self.organizations: return Organization.get_org(id=org_id)
def iter_orgs(self): for org_id in self.organizations: org = Organization.get_org(id=org_id) if org: yield org
def _generate_ovpn_conf(self, inline=False): if not self.org_count: raise ServerMissingOrg('Ovpn conf cannot be generated without ' + \ 'any organizations', { 'server_id': self.id, }) logger.debug('Generating server ovpn conf. %r' % { 'server_id': self.id, }) if not self.primary_organization or not self.primary_user: self._create_primary_user() if not os.path.isfile(self.dh_param_path): self._generate_dh_param() primary_org = Organization.get_org(id=self.primary_organization) if not primary_org: self._create_primary_user() primary_org = Organization.get_org(id=self.primary_organization) primary_user = primary_org.get_user(self.primary_user) if not primary_user: self._create_primary_user() primary_user = primary_org.get_user(self.primary_user) self.generate_ca_cert() self._generate_scripts() push = '' if self.mode == LOCAL_TRAFFIC: for network in self.local_networks: push += 'push "route %s %s"\n' % self._parse_network(network) elif self.mode == VPN_TRAFFIC: pass else: push += 'push "redirect-gateway"\n' for dns_server in self.dns_servers: push += 'push "dhcp-option DNS %s"\n' % dns_server if self.search_domain: push += 'push "dhcp-option DOMAIN %s"\n' % self.search_domain if not inline: server_conf = OVPN_SERVER_CONF % ( self.port, self.protocol, self.interface, self.ca_cert_path, primary_user.cert_path, primary_user.key_path, self.tls_verify_path, self.client_connect_path, self.client_disconnect_path, self.dh_param_path, '%s %s' % self._parse_network(self.network), self.ovpn_status_path, 4 if self.debug else 1, 8 if self.debug else 3, ) else: server_conf = OVPN_INLINE_SERVER_CONF % ( self.port, self.protocol, self.interface, self.tls_verify_path, self.client_connect_path, self.client_disconnect_path, '%s %s' % self._parse_network(self.network), self.ovpn_status_path, 4 if self.debug else 1, 8 if self.debug else 3, ) if self.otp_auth: server_conf += 'auth-user-pass-verify %s via-file\n' % ( self.user_pass_verify_path) if self.lzo_compression: server_conf += 'comp-lzo\npush "comp-lzo"\n' if self.mode in (LOCAL_TRAFFIC, VPN_TRAFFIC): server_conf += 'client-to-client\n' if push: server_conf += push if inline: server_conf += '<ca>\n%s\n</ca>\n' % utils.get_cert_block( self.ca_cert_path) server_conf += '<cert>\n%s\n</cert>\n' % utils.get_cert_block( primary_user.cert_path) server_conf += '<key>\n%s\n</key>\n' % open( primary_user.key_path).read().strip() server_conf += '<dh>\n%s\n</dh>\n' % open( self.dh_param_path).read().strip() with open(self.ovpn_conf_path, 'w') as ovpn_conf: if inline: os.chmod(self.ovpn_conf_path, 0600) ovpn_conf.write(server_conf)