def generate_server_cert():
server_cert_path = os.path.join(settings.conf.temp_path, SERVER_CERT_NAME)
server_key_path = os.path.join(settings.conf.temp_path, SERVER_KEY_NAME)
check_output_logged([
'openssl',
'ecparam',
'-name',
'prime256v1',
'-genkey',
'-noout',
'-out',
server_key_path,
])
check_output_logged([
'openssl',
'req',
'-new',
'-batch',
'-x509',
'-days',
'3652',
'-key',
server_key_path,
'-out',
server_cert_path,
])
os.chmod(server_key_path, 0600)
return server_cert_path, server_key_path
def generate_server_cert(server_cert_path, server_key_path):
check_output_logged([
'openssl', 'req', '-batch', '-x509', '-nodes', '-sha256',
'-newkey', 'rsa:4096',
'-days', '3652',
'-keyout', server_key_path,
'-out', server_cert_path,
])
os.chmod(server_key_path, 0600)
def generate_server_dh_params(dh_size):
server_dh_path = os.path.join(settings.conf.temp_path, SERVER_DH_NAME)
check_output_logged([
'openssl',
'dhparam', str(dh_size),
'-out', server_dh_path,
])
os.chmod(server_dh_path, 0600)
return server_dh_path
def generate_server_dh_params(dh_size):
server_dh_path = os.path.join(settings.conf.temp_path, SERVER_DH_NAME)
check_output_logged([
'openssl',
'dhparam',
str(dh_size),
'-out',
server_dh_path,
])
os.chmod(server_dh_path, 0600)
return server_dh_path
def generate_csr(private_key, domain):
private_key_path = get_temp_path() + '.key'
with open(private_key_path, 'w') as private_key_file:
os.chmod(private_key_path, 0600)
private_key_file.write(private_key)
csr = check_output_logged([
'openssl',
'req',
'-new',
'-batch',
'-sha256',
'-key',
private_key_path,
'-subj',
'/CN=%s' % domain,
])
try:
os.remove(private_key_path)
except:
pass
return csr
def generate_server_cert():
server_cert_path = os.path.join(settings.conf.temp_path, SERVER_CERT_NAME)
server_key_path = os.path.join(settings.conf.temp_path, SERVER_KEY_NAME)
check_output_logged([
'openssl', 'ecparam', '-name', 'secp384r1', '-genkey', '-noout',
'-out', server_key_path,
])
check_output_logged([
'openssl', 'req', '-new', '-batch', '-x509', '-days', '3652',
'-key', server_key_path,
'-out', server_cert_path,
])
os.chmod(server_key_path, 0600)
return server_cert_path, server_key_path
def generate_server_cert(server_cert_path, server_key_path):
check_output_logged([
'openssl',
'req',
'-batch',
'-x509',
'-nodes',
'-sha256',
'-newkey',
'rsa:4096',
'-days',
'3652',
'-keyout',
server_key_path,
'-out',
server_cert_path,
])
os.chmod(server_key_path, 0600)
def generate_private_ec_key():
return check_output_logged([
'openssl',
'ecparam',
'-name',
'prime256v1',
'-genkey',
'-noout',
])
def get_interfaces():
gateway = get_gateway()
if not gateway:
from pritunl import logger
logger.error('Failed to find gateway address', 'utils')
gateway_inf, gateway_addr = gateway
output = check_output_logged(['ifconfig'])
interfaces = {}
for interface in output.split('\n\n'):
data = {}
interface_name = re.findall(r'[a-z0-9]+', interface, re.IGNORECASE)
if not interface_name:
continue
interface_name = interface_name[0]
data['interface'] = interface_name
addr = re.findall(r'inet.{0,10}' + IP_REGEX, interface, re.IGNORECASE)
if not addr:
continue
addr = re.findall(IP_REGEX, addr[0], re.IGNORECASE)
if not addr:
continue
data['address'] = addr[0]
netmask = re.findall(r'mask.{0,10}' + IP_REGEX,
interface, re.IGNORECASE)
if not netmask:
continue
netmask = re.findall(IP_REGEX, netmask[0], re.IGNORECASE)
if not netmask:
continue
data['netmask'] = netmask[0]
broadcast = re.findall(r'broadcast.{0,10}' + IP_REGEX,
interface, re.IGNORECASE)
if not broadcast:
broadcast = re.findall(r'bcast.{0,10}' + IP_REGEX,
interface, re.IGNORECASE)
if not broadcast:
continue
broadcast = re.findall(IP_REGEX, broadcast[0], re.IGNORECASE)
if not broadcast:
continue
data['broadcast'] = broadcast[0]
if data['interface'] == gateway_inf:
data['gateway'] = gateway_addr
else:
data['gateway'] = None
interfaces[interface_name] = data
return interfaces
def get_interfaces():
gateway = get_gateway()
if not gateway:
from pritunl import logger
logger.error('Failed to find gateway address', 'utils')
gateway_inf, gateway_addr = gateway
output = check_output_logged(['ifconfig'])
interfaces = {}
for interface in output.split('\n\n'):
data = {}
interface_name = re.findall(r'[a-z0-9]+', interface, re.IGNORECASE)
if not interface_name:
continue
interface_name = interface_name[0]
data['interface'] = interface_name
addr = re.findall(r'inet.{0,10}' + IP_REGEX, interface, re.IGNORECASE)
if not addr:
continue
addr = re.findall(IP_REGEX, addr[0], re.IGNORECASE)
if not addr:
continue
data['address'] = addr[0]
netmask = re.findall(r'mask.{0,10}' + IP_REGEX, interface,
re.IGNORECASE)
if not netmask:
continue
netmask = re.findall(IP_REGEX, netmask[0], re.IGNORECASE)
if not netmask:
continue
data['netmask'] = netmask[0]
broadcast = re.findall(r'broadcast.{0,10}' + IP_REGEX, interface,
re.IGNORECASE)
if not broadcast:
broadcast = re.findall(r'bcast.{0,10}' + IP_REGEX, interface,
re.IGNORECASE)
if not broadcast:
continue
broadcast = re.findall(IP_REGEX, broadcast[0], re.IGNORECASE)
if not broadcast:
continue
data['broadcast'] = broadcast[0]
if data['interface'] == gateway_inf:
data['gateway'] = gateway_addr
else:
data['gateway'] = None
interfaces[interface_name] = data
return interfaces
def get_gateway():
routes_output = check_output_logged(['route', '-n'])
for line in routes_output.splitlines():
line_split = line.split()
if len(line_split) < 8 or not re.match(IP_REGEX, line_split[0]) or \
not re.match(IP_REGEX, line_split[1]):
continue
if line_split[0] == '0.0.0.0':
return (line_split[7], line_split[1])
def get_gateway():
routes_output = check_output_logged(['route', '-n'])
for line in routes_output.splitlines():
line_split = line.split()
if len(line_split) < 8 or not re.match(IP_REGEX, line_split[0]) or \
not re.match(IP_REGEX, line_split[1]):
continue
if line_split[0] == '0.0.0.0':
return (line_split[7], line_split[1])
def get_routes():
routes_output = check_output_logged(['route', '-n'])
routes = {}
for line in routes_output.splitlines():
line_split = line.split()
if len(line_split) < 8 or not re.match(IP_REGEX, line_split[0]):
continue
routes[line_split[0]] = line_split[7]
return routes
def get_routes():
routes_output = check_output_logged(['route', '-n'])
routes = {}
for line in routes_output.splitlines():
line_split = line.split()
if len(line_split) < 8 or not re.match(IP_REGEX, line_split[0]):
continue
routes[line_split[0]] = line_split[7]
return routes
def get_interfaces():
output = check_output_logged(['ifconfig'])
interfaces = {}
for interface in output.split('\n\n'):
data = {}
interface_name = re.findall(r'[a-z0-9]+', interface, re.IGNORECASE)
if not interface_name:
continue
interface_name = interface_name[0]
data['interface'] = interface_name
addr = re.findall(r'inet.{0,10}' + IP_REGEX, interface, re.IGNORECASE)
if not addr:
continue
addr = re.findall(IP_REGEX, addr[0], re.IGNORECASE)
if not addr:
continue
data['address'] = addr[0]
netmask = re.findall(r'mask.{0,10}' + IP_REGEX,
interface, re.IGNORECASE)
if not netmask:
continue
netmask = re.findall(IP_REGEX, netmask[0], re.IGNORECASE)
if not netmask:
continue
data['netmask'] = netmask[0]
broadcast = re.findall(r'broadcast.{0,10}' + IP_REGEX,
interface, re.IGNORECASE)
if not broadcast:
broadcast = re.findall(r'bcast.{0,10}' + IP_REGEX,
interface, re.IGNORECASE)
if not broadcast:
continue
broadcast = re.findall(IP_REGEX, broadcast[0], re.IGNORECASE)
if not broadcast:
continue
data['broadcast'] = broadcast[0]
interfaces[interface_name] = data
return interfaces
def get_interfaces():
output = check_output_logged(['ifconfig'])
interfaces = {}
for interface in output.split('\n\n'):
data = {}
interface_name = re.findall(r'[a-z0-9]+', interface, re.IGNORECASE)
if not interface_name:
continue
interface_name = interface_name[0]
data['interface'] = interface_name
addr = re.findall(r'inet.{0,10}' + IP_REGEX, interface, re.IGNORECASE)
if not addr:
continue
addr = re.findall(IP_REGEX, addr[0], re.IGNORECASE)
if not addr:
continue
data['address'] = addr[0]
netmask = re.findall(r'mask.{0,10}' + IP_REGEX, interface,
re.IGNORECASE)
if not netmask:
continue
netmask = re.findall(IP_REGEX, netmask[0], re.IGNORECASE)
if not netmask:
continue
data['netmask'] = netmask[0]
broadcast = re.findall(r'broadcast.{0,10}' + IP_REGEX, interface,
re.IGNORECASE)
if not broadcast:
broadcast = re.findall(r'bcast.{0,10}' + IP_REGEX, interface,
re.IGNORECASE)
if not broadcast:
continue
broadcast = re.findall(IP_REGEX, broadcast[0], re.IGNORECASE)
if not broadcast:
continue
data['broadcast'] = broadcast[0]
interfaces[interface_name] = data
return interfaces
def get_interfaces():
output = check_output_logged(["ifconfig"])
interfaces = {}
for interface in output.split("\n\n"):
data = {}
interface_name = re.findall(r"[a-z0-9]+", interface, re.IGNORECASE)
if not interface_name:
continue
interface_name = interface_name[0]
data["interface"] = interface_name
addr = re.findall(r"inet.{0,10}" + IP_REGEX, interface, re.IGNORECASE)
if not addr:
continue
addr = re.findall(IP_REGEX, addr[0], re.IGNORECASE)
if not addr:
continue
data["address"] = addr[0]
netmask = re.findall(r"mask.{0,10}" + IP_REGEX, interface, re.IGNORECASE)
if not netmask:
continue
netmask = re.findall(IP_REGEX, netmask[0], re.IGNORECASE)
if not netmask:
continue
data["netmask"] = netmask[0]
broadcast = re.findall(r"broadcast.{0,10}" + IP_REGEX, interface, re.IGNORECASE)
if not broadcast:
broadcast = re.findall(r"bcast.{0,10}" + IP_REGEX, interface, re.IGNORECASE)
if not broadcast:
continue
broadcast = re.findall(IP_REGEX, broadcast[0], re.IGNORECASE)
if not broadcast:
continue
data["broadcast"] = broadcast[0]
interfaces[interface_name] = data
return interfaces
def generate_csr(private_key, domain):
private_key_path = get_temp_path() + '.key'
with open(private_key_path, 'w') as private_key_file:
os.chmod(private_key_path, 0600)
private_key_file.write(private_key)
csr = check_output_logged([
'openssl',
'req',
'-new',
'-sha256',
'-key', private_key_path,
'-subj', '/CN=%s' % domain,
])
try:
os.remove(private_key_path)
except:
pass
return csr
def get_local_networks():
addresses = []
output = check_output_logged(['ifconfig'])
for interface in output.split('\n\n'):
interface_name = re.findall(r'[a-z0-9]+', interface, re.IGNORECASE)
if not interface_name:
continue
interface_name = interface_name[0]
if re.search(r'tun[0-9]+', interface_name) or interface_name == 'lo':
continue
addr = re.findall(r'inet.{0,10}' + IP_REGEX, interface, re.IGNORECASE)
if not addr:
continue
addr = re.findall(IP_REGEX, addr[0], re.IGNORECASE)
if not addr:
continue
mask = re.findall(r'mask.{0,10}' + IP_REGEX, interface, re.IGNORECASE)
if not mask:
continue
mask = re.findall(IP_REGEX, mask[0], re.IGNORECASE)
if not mask:
continue
addr = addr[0]
mask = mask[0]
if addr.split('.')[0] == '127':
continue
addresses.append(network_addr(addr, mask))
return addresses
def get_local_networks():
addresses = []
output = check_output_logged(['ifconfig'])
for interface in output.split('\n\n'):
interface_name = re.findall(r'[a-z0-9]+', interface, re.IGNORECASE)
if not interface_name:
continue
interface_name = interface_name[0]
if re.search(r'tun[0-9]+', interface_name) or interface_name == 'lo':
continue
addr = re.findall(r'inet.{0,10}' + IP_REGEX, interface, re.IGNORECASE)
if not addr:
continue
addr = re.findall(IP_REGEX, addr[0], re.IGNORECASE)
if not addr:
continue
mask = re.findall(r'mask.{0,10}' + IP_REGEX, interface, re.IGNORECASE)
if not mask:
continue
mask = re.findall(IP_REGEX, mask[0], re.IGNORECASE)
if not mask:
continue
addr = addr[0]
mask = mask[0]
if addr.split('.')[0] == '127':
continue
addresses.append(network_addr(addr, mask))
return addresses
def get_local_networks():
addresses = []
output = check_output_logged(["ifconfig"])
for interface in output.split("\n\n"):
interface_name = re.findall(r"[a-z0-9]+", interface, re.IGNORECASE)
if not interface_name:
continue
interface_name = interface_name[0]
if re.search(r"tun[0-9]+", interface_name) or interface_name == "lo":
continue
addr = re.findall(r"inet.{0,10}" + IP_REGEX, interface, re.IGNORECASE)
if not addr:
continue
addr = re.findall(IP_REGEX, addr[0], re.IGNORECASE)
if not addr:
continue
mask = re.findall(r"mask.{0,10}" + IP_REGEX, interface, re.IGNORECASE)
if not mask:
continue
mask = re.findall(IP_REGEX, mask[0], re.IGNORECASE)
if not mask:
continue
addr = addr[0]
mask = mask[0]
if addr.split(".")[0] == "127":
continue
addresses.append(network_addr(addr, mask))
return addresses
def generate_private_ec_key():
return check_output_logged([
'openssl', 'ecparam', '-name', 'secp384r1', '-genkey', '-noout',
])
def generate_server_dh_params_inline(dh_size):
return check_output_logged([
'openssl',
'dhparam', str(dh_size),
])
def generate_private_key():
return check_output_logged([
'openssl',
'genrsa',
'4096',
])
def generate_server_dh_params_inline(dh_size):
return check_output_logged([
'openssl',
'dhparam',
str(dh_size),
])
def generate_private_key():
return check_output_logged([
'openssl', 'genrsa', '4096',
])
