def _run_wsgi(self): if self.ssl: self._setup_server_cert() logger.info('Starting server...') if self.auto_start_servers: from pritunl.server import Server for server in Server.iter_servers(): if server.org_count: try: server.start() except: logger.exception('Failed to auto start server. %r' % { 'server_id': server.id, }) server = cherrypy.wsgiserver.CherryPyWSGIServer( (self.bind_addr, self.port), self.app, request_queue_size=SERVER_REQUEST_QUEUE_SIZE, server_name=cherrypy.wsgiserver.CherryPyWSGIServer.version) if self.ssl: server.ConnectionClass = HTTPConnectionPatch server.ssl_adapter = SSLAdapter( self._server_cert_path, self._server_key_path) try: server.start() except (KeyboardInterrupt, SystemExit): pass except: logger.exception('Server error occurred') raise finally: signal.signal(signal.SIGINT, signal.SIG_IGN) logger.info('Stopping server...') self._on_exit()
def status_get(): orgs_count = 0 servers_count = 0 servers_online_count = 0 clients_count = 0 for server in Server.iter_servers(): servers_count += 1 if server.status: servers_online_count += 1 clients_count += len(server.clients) user_count = 0 for org in Organization.iter_orgs(): orgs_count += 1 user_count += org.user_count local_networks = utils.get_local_networks() return utils.jsonify({ 'org_count': orgs_count, 'users_online': clients_count, 'user_count': user_count, 'servers_online': servers_online_count, 'server_count': servers_count, 'server_version': __version__, 'public_ip': app_server.public_ip, 'local_networks': local_networks, })
def server_get(server_id=None): if server_id: return utils.jsonify(Server.get_server(server_id).dict()) else: servers = [] servers_dict = {} servers_sort = [] for server in Server.iter_servers(): servers.append(server.dict()) return utils.jsonify(servers)
def status_get(): orgs_count = 0 servers_count = 0 servers_online_count = 0 clients_count = 0 for server in Server.iter_servers(): servers_count += 1 if server.status: servers_online_count += 1 clients_count += len(server.clients) user_count = 0 for org in Organization.iter_orgs(): orgs_count += 1 user_count += org.user_count local_networks = utils.get_local_networks() if app_server.openssl_heartbleed: notification = 'You are running an outdated version of openssl ' + \ 'containting the heartbleed bug. This could allow an attacker ' + \ 'to compromise your server. Please upgrade your openssl ' + \ 'package and restart the pritunl service.' else: notification = app_server.notification return utils.jsonify({ 'org_count': orgs_count, 'users_online': clients_count, 'user_count': user_count, 'servers_online': servers_online_count, 'server_count': servers_count, 'server_version': __version__, 'public_ip': app_server.public_ip, 'local_networks': local_networks, 'notification': notification, })
def server_put_post(server_id=None): network_used = set() interface_used = set() port_used = set() for server in Server.iter_servers(): if server.id == server_id: continue network_used.add(server.network) interface_used.add(server.interface) port_used.add('%s%s' % (server.port, server.protocol)) name = None name_def = False if 'name' in flask.request.json: name_def = True name = utils.filter_str(flask.request.json['name']) network = None network_def = False if 'network' in flask.request.json: network_def = True network = flask.request.json['network'] if network not in SAFE_PUB_SUBNETS: network_split = network.split('/') if len(network_split) != 2: return _network_invalid() address = network_split[0].split('.') if len(address) != 4: return _network_invalid() for i, value in enumerate(address): try: address[i] = int(value) except ValueError: return _network_invalid() if address[0] != 10: return _network_invalid() if address[1] > 255 or address[1] < 0 or \ address[2] > 255 or address[2] < 0: return _network_invalid() if address[3] != 0: return _network_invalid() try: subnet = int(network_split[1]) except ValueError: return _network_invalid() if subnet < 8 or subnet > 24: return _network_invalid() interface = None interface_def = False if 'interface' in flask.request.json: interface_def = True interface = flask.request.json['interface'] if not re.match('^[a-z0-9]+$', interface): return _interface_invalid() if interface[:3] != 'tun': return _interface_invalid() try: interface_num = int(interface[3:]) except ValueError: return _interface_invalid() if interface_num > 64: return _interface_invalid() interface = interface[:3] + str(interface_num) protocol = 'udp' protocol_def = False if 'protocol' in flask.request.json: protocol_def = True protocol = flask.request.json['protocol'].lower() if protocol not in ('udp', 'tcp'): return utils.jsonify({ 'error': PROTOCOL_INVALID, 'error_msg': PROTOCOL_INVALID_MSG, }, 400) port = None port_def = False if 'port' in flask.request.json: port_def = True port = flask.request.json['port'] try: port = int(port) except ValueError: return _port_invalid() if port < 1 or port > 65535: return _port_invalid() dh_param_bits = None dh_param_bits_def = False if 'dh_param_bits' in flask.request.json: dh_param_bits_def = True dh_param_bits = flask.request.json['dh_param_bits'] try: dh_param_bits = int(dh_param_bits) except ValueError: return _dh_param_bits_invalid() if dh_param_bits not in VALID_DH_PARAM_BITS: return _dh_param_bits_invalid() mode = None mode_def = False if 'mode' in flask.request.json: mode_def = True mode = flask.request.json['mode'] if mode not in (ALL_TRAFFIC, LOCAL_TRAFFIC, VPN_TRAFFIC): return utils.jsonify({ 'error': MODE_INVALID, 'error_msg': MODE_INVALID_MSG, }, 400) local_networks = None local_networks_def = False if 'local_networks' in flask.request.json: local_networks_def = True local_networks = flask.request.json['local_networks'] or [] for local_network in local_networks: local_network_split = local_network.split('/') if len(local_network_split) != 2: return _local_network_invalid() address = local_network_split[0].split('.') if len(address) != 4: return _local_network_invalid() for i, value in enumerate(address): try: address[i] = int(value) except ValueError: return _local_network_invalid() if address[0] > 255 or address[0] < 0 or \ address[1] > 255 or address[1] < 0 or \ address[2] > 255 or address[2] < 0 or \ address[3] > 254 or address[3] < 0: return _local_network_invalid() try: subnet = int(local_network_split[1]) except ValueError: return _local_network_invalid() if subnet < 8 or subnet > 30: return _local_network_invalid() dns_servers = None dns_servers_def = False if 'dns_servers' in flask.request.json: dns_servers_def = True dns_servers = flask.request.json['dns_servers'] or [] for dns_server in dns_servers: if not re.match(IP_REGEX, dns_server): return _dns_server_invalid() search_domain = None search_domain_def = False if 'search_domain' in flask.request.json: search_domain_def = True search_domain = utils.filter_str(flask.request.json['search_domain']) public_address = None public_address_def = False if 'public_address' in flask.request.json: public_address_def = True public_address = utils.filter_str(flask.request.json['public_address']) debug = False debug_def = False if 'debug' in flask.request.json: debug_def = True debug = True if flask.request.json['debug'] else False otp_auth = False otp_auth_def = False if 'otp_auth' in flask.request.json: otp_auth_def = True otp_auth = True if flask.request.json['otp_auth'] else False lzo_compression = False lzo_compression_def = False if 'lzo_compression' in flask.request.json: lzo_compression_def = True lzo_compression = True if flask.request.json[ 'lzo_compression'] else False if not server_id: if not name_def: return utils.jsonify({ 'error': MISSING_PARAMS, 'error_msg': MISSING_PARAMS_MSG, }, 400) if not network_def: network_def = True for i in xrange(5000): rand_network = '10.%s.%s.0/24' % ( random.randint(15,250), random.randint(15,250)) if rand_network not in network_used: network = rand_network break if not network: return utils.jsonify({ 'error': NETWORK_IN_USE, 'error_msg': NETWORK_IN_USE_MSG, }, 400) if not interface_def: interface_def = True for i in xrange(64): rand_interface = 'tun%s' % i if rand_interface not in interface_used: interface = rand_interface break if not interface: return utils.jsonify({ 'error': INTERFACE_IN_USE, 'error_msg': INTERFACE_IN_USE_MSG, }, 400) if not port_def: port_def = True rand_ports = range(10000, 19999) random.shuffle(rand_ports) for rand_port in rand_ports: if '%s%s' % (rand_port, protocol) not in port_used: port = rand_port break if not port: return utils.jsonify({ 'error': PORT_PROTOCOL_IN_USE, 'error_msg': PORT_PROTOCOL_IN_USE_MSG, }, 400) if not dh_param_bits_def: dh_param_bits_def = True dh_param_bits = DEFAULT_DH_PARAM_BITS if not mode_def: mode_def = True if local_networks_def and local_networks: mode = LOCAL_TRAFFIC else: mode = ALL_TRAFFIC if not public_address_def: public_address_def = True public_address = app_server.public_ip if network_def: if network in network_used: return utils.jsonify({ 'error': NETWORK_IN_USE, 'error_msg': NETWORK_IN_USE_MSG, }, 400) if interface_def: if interface in interface_used: return utils.jsonify({ 'error': INTERFACE_IN_USE, 'error_msg': INTERFACE_IN_USE_MSG, }, 400) if port_def: if '%s%s' % (port, protocol) in port_used: return utils.jsonify({ 'error': PORT_PROTOCOL_IN_USE, 'error_msg': PORT_PROTOCOL_IN_USE_MSG, }, 400) if not server_id: server = Server.new_server( name=name, network=network, interface=interface, port=port, protocol=protocol, dh_param_bits=dh_param_bits, mode=mode, local_networks=local_networks, dns_servers=dns_servers, search_domain=search_domain, public_address=public_address, otp_auth=otp_auth, lzo_compression=lzo_compression, debug=debug, ) else: server = Server.get_server(id=server_id) if server.status: return utils.jsonify({ 'error': SERVER_NOT_OFFLINE, 'error_msg': SERVER_NOT_OFFLINE_SETTINGS_MSG, }, 400) if name_def: server.name = name if network_def: server.network = network if interface_def: server.interface = interface if port_def: server.port = port if protocol_def: server.protocol = protocol if dh_param_bits_def and server.dh_param_bits != dh_param_bits: server.dh_param_bits = dh_param_bits server.generate_dh_param() if mode_def: server.mode = mode if local_networks_def: server.local_networks = local_networks if dns_servers_def: server.dns_servers = dns_servers if search_domain_def: server.search_domain = search_domain if public_address_def: server.public_address = public_address if otp_auth_def: server.otp_auth = otp_auth if lzo_compression_def: server.lzo_compression = lzo_compression if debug_def: server.debug = debug server.commit() LogEntry(message='Created server "%s".' % server.name) Event(type=SERVERS_UPDATED) for org in server.iter_orgs(): Event(type=USERS_UPDATED, resource_id=org.id) return utils.jsonify(server.dict())
def export_get(): data_path = app_server.data_path temp_path = os.path.join(data_path, TEMP_DIR) empty_temp_path = os.path.join(temp_path, EMPTY_TEMP_DIR) data_archive_name = '%s_%s.tar' % (APP_NAME, time.strftime('%Y_%m_%d_%H_%M_%S', time.localtime())) data_archive_path = os.path.join(temp_path, data_archive_name) # Create empty temp directory to recreate temp dirs in tarfile if not os.path.exists(empty_temp_path): os.makedirs(empty_temp_path) tar_file = tarfile.open(data_archive_path, 'w') try: tar_add(tar_file, os.path.join(data_path, AUTH_LOG_NAME)) tar_add(tar_file, os.path.join(data_path, 'pritunl.db')) tar_add(tar_file, os.path.join(data_path, SERVER_CERT_NAME)) tar_add(tar_file, os.path.join(data_path, SERVER_KEY_NAME)) tar_add(tar_file, os.path.join(data_path, VERSION_NAME)) for org in Organization.iter_orgs(): tar_add(tar_file, org.get_path()) tar_file.add(empty_temp_path, arcname=os.path.relpath(os.path.join(org.path, TEMP_DIR), data_path)) for user in org.iter_users(): tar_add(tar_file, user.reqs_path) tar_add(tar_file, user.key_path) tar_add(tar_file, user.cert_path) tar_add(tar_file, user.get_path()) tar_add(tar_file, org.ca_cert.reqs_path) tar_add(tar_file, org.ca_cert.key_path) tar_add(tar_file, org.ca_cert.cert_path) tar_add(tar_file, org.ca_cert.get_path()) for server in Server.iter_servers(): tar_add(tar_file, server.dh_param_path) tar_add(tar_file, server.ip_pool_path) tar_add(tar_file, server.get_path()) tar_add(tar_file, os.path.join(server.path, NODE_SERVER)) tar_file.add(empty_temp_path, arcname=os.path.relpath(os.path.join(server.path, TEMP_DIR), data_path)) tar_file.close() with open(data_archive_path, 'r') as archive_file: response = flask.Response(response=archive_file.read(), mimetype='application/octet-stream') response.headers.add('Content-Disposition', 'attachment; filename="%s"' % data_archive_name) return response finally: try: tar_file.close() except OSError: pass try: os.remove(data_archive_path) except OSError: pass
def server_put_post(server_id=None): network_used = set() interface_used = set() port_used = set() for server in Server.iter_servers(): if server.id == server_id: continue network_used.add(server.network) interface_used.add(server.interface) port_used.add("%s%s" % (server.port, server.protocol)) name = None name_def = False if "name" in flask.request.json: name_def = True name = utils.filter_str(flask.request.json["name"]) type = SERVER type_def = False if "type" in flask.request.json: type_def = True if flask.request.json["type"] == NODE_SERVER: type = NODE_SERVER network = None network_def = False if "network" in flask.request.json: network_def = True network = flask.request.json["network"] if network not in SAFE_PUB_SUBNETS: network_split = network.split("/") if len(network_split) != 2: return _network_invalid() address = network_split[0].split(".") if len(address) != 4: return _network_invalid() for i, value in enumerate(address): try: address[i] = int(value) except ValueError: return _network_invalid() if address[0] != 10: return _network_invalid() if address[1] > 255 or address[1] < 0 or address[2] > 255 or address[2] < 0: return _network_invalid() if address[3] != 0: return _network_invalid() try: subnet = int(network_split[1]) except ValueError: return _network_invalid() if subnet < 8 or subnet > 24: return _network_invalid() interface = None interface_def = False if "interface" in flask.request.json: interface_def = True interface = flask.request.json["interface"] if not re.match("^[a-z0-9]+$", interface): return _interface_invalid() if interface[:3] != "tun": return _interface_invalid() try: interface_num = int(interface[3:]) except ValueError: return _interface_invalid() if interface_num > 64: return _interface_invalid() interface = interface[:3] + str(interface_num) protocol = "udp" protocol_def = False if "protocol" in flask.request.json: protocol_def = True protocol = flask.request.json["protocol"].lower() if protocol not in ("udp", "tcp"): return utils.jsonify({"error": PROTOCOL_INVALID, "error_msg": PROTOCOL_INVALID_MSG}, 400) port = None port_def = False if "port" in flask.request.json: port_def = True port = flask.request.json["port"] try: port = int(port) except ValueError: return _port_invalid() if port < 1 or port > 65535: return _port_invalid() dh_param_bits = None dh_param_bits_def = False if "dh_param_bits" in flask.request.json: dh_param_bits_def = True dh_param_bits = flask.request.json["dh_param_bits"] try: dh_param_bits = int(dh_param_bits) except ValueError: return _dh_param_bits_invalid() if dh_param_bits not in {1024, 1536, 2048, 3072, 4096}: return _dh_param_bits_invalid() mode = None mode_def = False if "mode" in flask.request.json: mode_def = True mode = flask.request.json["mode"] if mode not in (ALL_TRAFFIC, LOCAL_TRAFFIC, VPN_TRAFFIC): return utils.jsonify({"error": MODE_INVALID, "error_msg": MODE_INVALID_MSG}, 400) local_networks = None local_networks_def = False if "local_networks" in flask.request.json: local_networks_def = True local_networks = flask.request.json["local_networks"] or [] for local_network in local_networks: local_network_split = local_network.split("/") if len(local_network_split) != 2: return _local_network_invalid() address = local_network_split[0].split(".") if len(address) != 4: return _local_network_invalid() for i, value in enumerate(address): try: address[i] = int(value) except ValueError: return _local_network_invalid() if ( address[0] > 255 or address[0] < 0 or address[1] > 255 or address[1] < 0 or address[2] > 255 or address[2] < 0 or address[3] > 254 or address[3] < 0 ): return _local_network_invalid() try: subnet = int(local_network_split[1]) except ValueError: return _local_network_invalid() if subnet < 8 or subnet > 30: return _local_network_invalid() dns_servers = None dns_servers_def = False if "dns_servers" in flask.request.json: dns_servers_def = True dns_servers = flask.request.json["dns_servers"] or [] for dns_server in dns_servers: if not re.match(IP_REGEX, dns_server): return _dns_server_invalid() public_address = None public_address_def = False if "public_address" in flask.request.json: public_address_def = True public_address = utils.filter_str(flask.request.json["public_address"]) debug = False debug_def = False if "debug" in flask.request.json: debug_def = True debug = True if flask.request.json["debug"] else False otp_auth = False otp_auth_def = False if "otp_auth" in flask.request.json: otp_auth_def = True otp_auth = True if flask.request.json["otp_auth"] else False lzo_compression = False lzo_compression_def = False if "lzo_compression" in flask.request.json: lzo_compression_def = True lzo_compression = True if flask.request.json["lzo_compression"] else False node_host = None node_host_def = False if "node_host" in flask.request.json: node_host_def = True node_host = utils.filter_str(flask.request.json["node_host"]) node_port = None node_port_def = False if "node_port" in flask.request.json: node_port_def = True node_port = flask.request.json["node_port"] if node_port is not None: try: node_port = int(node_port) except ValueError: return _port_invalid() if node_port < 1 or node_port > 65535: return _port_invalid() node_key = None node_key_def = False if "node_key" in flask.request.json: node_key_def = True node_key = utils.filter_str(flask.request.json["node_key"]) if not server_id: if not name_def: return utils.jsonify({"error": MISSING_PARAMS, "error_msg": MISSING_PARAMS_MSG}, 400) if not network_def: network_def = True for i in xrange(5000): rand_network = "10.%s.%s.0/24" % (random.randint(15, 250), random.randint(15, 250)) if rand_network not in network_used: network = rand_network break if not network: return utils.jsonify({"error": NETWORK_IN_USE, "error_msg": NETWORK_IN_USE_MSG}, 400) if not interface_def: interface_def = True for i in xrange(64): rand_interface = "tun%s" % i if rand_interface not in interface_used: interface = rand_interface break if not interface: return utils.jsonify({"error": INTERFACE_IN_USE, "error_msg": INTERFACE_IN_USE_MSG}, 400) if not port_def: port_def = True rand_ports = range(10000, 19999) random.shuffle(rand_ports) for rand_port in rand_ports: if "%s%s" % (rand_port, protocol) not in port_used: port = rand_port break if not port: return utils.jsonify({"error": PORT_PROTOCOL_IN_USE, "error_msg": PORT_PROTOCOL_IN_USE_MSG}, 400) if not dh_param_bits_def: dh_param_bits_def = True dh_param_bits = DEFAULT_DH_PARAM_BITS if not mode_def: mode_def = True if local_networks_def and local_networks: mode = LOCAL_TRAFFIC else: mode = ALL_TRAFFIC if not public_address_def: public_address_def = True public_address = app_server.public_ip if network_def: if network in network_used: return utils.jsonify({"error": NETWORK_IN_USE, "error_msg": NETWORK_IN_USE_MSG}, 400) if interface_def: if interface in interface_used: return utils.jsonify({"error": INTERFACE_IN_USE, "error_msg": INTERFACE_IN_USE_MSG}, 400) if port_def: if "%s%s" % (port, protocol) in port_used: return utils.jsonify({"error": PORT_PROTOCOL_IN_USE, "error_msg": PORT_PROTOCOL_IN_USE_MSG}, 400) if not server_id: if type == NODE_SERVER: server = NodeServer( name=name, network=network, interface=interface, port=port, protocol=protocol, dh_param_bits=dh_param_bits, mode=mode, local_networks=local_networks, dns_servers=dns_servers, public_address=public_address, otp_auth=otp_auth, lzo_compression=lzo_compression, debug=debug, node_host=node_host, node_port=node_port, node_key=node_key, ) else: server = Server( name=name, network=network, interface=interface, port=port, protocol=protocol, dh_param_bits=dh_param_bits, mode=mode, local_networks=local_networks, dns_servers=dns_servers, public_address=public_address, otp_auth=otp_auth, lzo_compression=lzo_compression, debug=debug, ) else: server = Server.get_server(id=server_id) if server.status: return utils.jsonify({"error": SERVER_NOT_OFFLINE, "error_msg": SERVER_NOT_OFFLINE_SETTINGS_MSG}, 400) if name_def: server.name = name if network_def: server.network = network if interface_def: server.interface = interface if port_def: server.port = port if protocol_def: server.protocol = protocol if dh_param_bits_def: server.dh_param_bits = dh_param_bits if mode_def: server.mode = mode if local_networks_def: server.local_networks = local_networks if dns_servers_def: server.dns_servers = dns_servers if public_address_def: server.public_address = public_address if otp_auth_def: server.otp_auth = otp_auth if lzo_compression_def: server.lzo_compression = lzo_compression if debug_def: server.debug = debug if server.type == NODE_SERVER: if node_host_def: server.node_host = node_host if node_port_def: server.node_port = node_port if node_key_def: server.node_key = node_key server.commit() for org in server.iter_orgs(): Event(type=USERS_UPDATED, resource_id=org.id) return utils.jsonify(server.dict())