robin.thoni
/
vpngen
Suivre 1
Ajouter aux favoris 0
Bifurcation 0
Code Tickets 0 Demandes d'ajout 0 Versions 0 Wiki Activité
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
22 Révisions
2 Branches
Aborescence: 44539c3c25
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de '44539c3c25'
${ noResults }
vpngen/vpngen.py

vpngen.py 11KB
Historique Brut

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297 
  1. import glob

  2. import json

  3. import os

  4. import os.path

  5. import re

  6. import shutil

  7. from enum import Enum

  8. from subprocess import call

  9. 

  10. 

  11. class VpnGenError(Enum):

  12.     Success = 0,

  13.     VpnAlreadyExists = 1,

  14.     VpnDoesNotExists = 2,

  15.     ClientAlreadyExists = 3,

  16.     ClientDoesNotExists = 4

  17. 

  18. 

  19. class VpnGen:

  20.     default_config_base_dir = ""

  21.     default_config_file = ""

  22.     default_client_config_file = ""

  23.     ovpn_config_path = ""

  24. 

  25.     def __init__(self, default_config_path, ovpn_config_path):

  26.         self.default_config_base_dir = os.path.abspath(default_config_path)

  27.         self.default_config_file = "%s.conf" % self.default_config_base_dir

  28.         self.default_client_config_file = "%s%sclients%sclient.conf" % (self.default_config_base_dir, os.sep, os.sep)

  29.         self.ovpn_config_path = os.path.abspath(ovpn_config_path)

  30. 

  31.     def f7(self, seq):

  32.         seen = set()

  33.         seen_add = seen.add

  34.         return [x for x in seq if not (x in seen or seen_add(x))]

  35. 

  36.     def get_vpn_vars(self):

  37.         with open(self.default_config_file, "r") as f:

  38.             default_config = f.read()

  39. 

  40.         variables = re.findall('\$\{([^}]+)}', default_config)

  41.         variables += ["KEY_COUNTRY", "KEY_PROVINCE", "KEY_CITY", "KEY_ORG", "KEY_EMAIL"]

  42.         variables = self.f7(variables)

  43. 

  44.         return variables

  45. 

  46.     def get_client_vars(self, vpn_name):

  47.         default_client_config_path = self.get_client_default_config_path(vpn_name)

  48.         if not os.path.exists(default_client_config_path):

  49.             return None

  50. 

  51.         with open(default_client_config_path, "r") as f:

  52.             default_config = f.read()

  53.         variables = re.findall('\$\{([^}]+)}', default_config)

  54.         variables = self.f7(variables)

  55. 

  56.         vpn_variables = self.get_vpn_vars()

  57.         real_variables = []

  58. 

  59.         for var in variables:

  60.             if var not in vpn_variables and var != "client":

  61.                 real_variables.append(var)

  62. 

  63.         return real_variables

  64. 

  65.     def get_base_dir(self, vpn_name):

  66.         return "%s%s%s%s" % (self.ovpn_config_path, os.sep, vpn_name, os.sep)

  67. 

  68.     def get_config_path(self, vpn_name):

  69.         return "%s%s%s.conf" % (self.ovpn_config_path, os.sep, vpn_name)

  70. 

  71.     def get_vpn_variables_path(self, vpn_name):

  72.         base_dir = self.get_base_dir(vpn_name)

  73.         return "%svpngen.json" % base_dir

  74. 

  75.     def get_easy_rsa_dir(self, vpn_name):

  76.         base_dir = self.get_base_dir(vpn_name)

  77.         return "%seasy-rsa%s" % (base_dir, os.sep)

  78. 

  79.     def get_easy_rsa_key_dir(self, vpn_name):

  80.         easyrsadir = self.get_easy_rsa_dir(vpn_name)

  81.         return "%skeys%s" % (easyrsadir, os.sep)

  82. 

  83.     def get_pkitool_path(self, vpn_name):

  84.         easyrsadir = self.get_easy_rsa_dir(vpn_name)

  85.         return "%spkitool" % easyrsadir

  86. 

  87.     def get_client_default_config_path(self, vpn_name):

  88.         base_dir = self.get_base_dir(vpn_name)

  89.         return "%s%sclients%sclient.conf" % (base_dir, os.sep, os.sep)

  90. 

  91.     def get_client_dir(self, vpn_name, client_name):

  92.         base_dir = self.get_base_dir(vpn_name)

  93.         return "%sclients%s%s-%s%s" % (base_dir, os.sep, client_name, vpn_name, os.sep)

  94. 

  95.     def get_client_config_path(self, vpn_name, client_name):

  96.         client_dir = self.get_client_dir(vpn_name, client_name)

  97.         return "%s%s-%s.conf" % (client_dir, client_name, vpn_name)

  98. 

  99.     def get_client_variables_path(self, vpn_name, client_name):

  100.         client_dir = self.get_client_dir(vpn_name, client_name)

  101.         return "%svpngen.json" % client_dir

  102. 

  103.     def get_client_generated_files_paths(self, vpn_name, client_name):

  104.         keys_dir = self.get_easy_rsa_key_dir(vpn_name,)

  105.         return [

  106.             "%s%s.crt" % (keys_dir, client_name),

  107.             "%s%s.key" % (keys_dir, client_name)

  108.         ]

  109. 

  110.     def get_client_tarball_path(self, vpn_name, client_name):

  111.         base_dir = self.get_base_dir(vpn_name)

  112.         return "%sclients%s%s-%s.tar.bz2" % (base_dir, os.sep, client_name, vpn_name)

  113. 

  114.     def get_server_needed_files_paths(self, vpn_name):

  115.         keys_dir = self.get_easy_rsa_key_dir(vpn_name)

  116.         return [

  117.             "%sca.crt" % keys_dir,

  118.             "%sta.key" % keys_dir

  119.         ]

  120. 

  121.     def get_client_misc_files_paths(self, vpn_name):

  122.         base_dir = self.get_base_dir(vpn_name)

  123.         return glob.glob("%smisc-files%s*" % (base_dir, os.sep))

  124. 

  125.     def get_all_needed_files_paths(self, vpn_name, client_name):

  126.         return self.get_client_generated_files_paths(vpn_name, client_name) +\

  127.                self.get_server_needed_files_paths(vpn_name) +\

  128.                self.get_client_misc_files_paths(vpn_name)

  129. 

  130.     def get_server_variables(self, vpn_name):

  131.         with open(self.get_vpn_variables_path(vpn_name), "r") as f:

  132.             return json.load(f)['variables']

  133. 

  134.     def get_client_variables(self, vpn_name, client_name):

  135.         with open(self.get_client_variables_path(vpn_name, client_name), "r") as f:

  136.             return json.load(f)['variables']

  137. 

  138.     def setup_vars(self, vpn_name, variables):

  139.         easyrsadir = self.get_easy_rsa_dir(vpn_name)

  140. 

  141.         os.environ["KEY_COUNTRY"] = variables['KEY_COUNTRY']

  142.         os.environ["KEY_PROVINCE"] = variables['KEY_PROVINCE']

  143.         os.environ["KEY_CITY"] = variables['KEY_CITY']

  144.         os.environ["KEY_ORG"] = variables['KEY_ORG']

  145.         os.environ["KEY_OU"] = variables['KEY_ORG']

  146.         os.environ["KEY_CN"] = variables['KEY_ORG']

  147.         os.environ["KEY_NAME"] = variables['KEY_ORG']

  148.         os.environ["KEY_EMAIL"] = variables['KEY_EMAIL']

  149.         os.environ["KEY_SIZE"] = variables['KEY_SIZE']

  150.         os.environ["CA_EXPIRE"] = variables['CA_EXPIRE']

  151.         os.environ["KEY_EXPIRE"] = variables['KEY_EXPIRE']

  152. 

  153.         os.environ["EASY_RSA"] = easyrsadir

  154.         os.environ["OPENSSL"] = "openssl"

  155.         os.environ["PKCS11TOOL"] = "pkcs11-tool"

  156.         os.environ["GREP"] = "grep"

  157.         os.environ["KEY_CONFIG"] = "%s%s" % (easyrsadir, "openssl.cnf")

  158.         os.environ["KEY_DIR"] = "%s%s" % (easyrsadir, "keys")

  159.         os.environ["PKCS11_MODULE_PATH"] = "dummy"

  160.         os.environ["PKCS11_PIN"] = "dummy"

  161. 

  162.     def create_vpn(self, vpn_name, variables):

  163.         base_dir = self.get_base_dir(vpn_name)

  164.         conf_file = self.get_config_path(vpn_name)

  165.         conf_vpngen_file = self.get_vpn_variables_path(vpn_name)

  166.         if os.path.exists(base_dir) or os.path.exists(conf_file):

  167.             return VpnGenError.VpnAlreadyExists

  168. 

  169.         with open(self.default_config_file, "r") as f:

  170.             default_config = f.read()

  171. 

  172.         variables['name'] = vpn_name

  173.         for variable in variables:

  174.             default_config = default_config.replace("${%s}" % variable, variables[variable])

  175. 

  176.         os.makedirs(base_dir)

  177.         with open(conf_file, "w") as f:

  178.             f.write(default_config)

  179. 

  180.         os.rmdir(base_dir)

  181.         shutil.copytree(self.default_config_base_dir, base_dir)

  182. 

  183.         curdir = os.curdir

  184.         easyrsadir = self.get_easy_rsa_dir(vpn_name)

  185.         pkitool = self.get_pkitool_path(vpn_name)

  186.         os.chdir(easyrsadir)

  187. 

  188.         self.setup_vars(vpn_name, variables)

  189. 

  190.         call([".%sclean-all" % os.sep])

  191.         call([pkitool, "--initca", "-batch"])

  192.         call([pkitool, "--server", "server", "-batch"])

  193.         call([".%sbuild-dh" % os.sep])

  194.         call(["openssl", "ca", "-gencrl",

  195.               "-keyfile", "keys%sca.key" % os.sep,

  196.               "-cert", "keys%sca.crt" % os.sep,

  197.               "-out", "keys%scrl.pem" % os.sep,

  198.               "-config", "openssl.cnf"])

  199. 

  200.         del os.environ["KEY_OU"]

  201.         del os.environ["KEY_CN"]

  202.         del os.environ["KEY_NAME"]

  203. 

  204.         call(["openvpn", "--genkey", "--secret", "keys%sta.key" % os.sep])

  205. 

  206.         with open(conf_vpngen_file, "w") as f:

  207.             json.dump({'variables': variables}, f, indent=4, separators=(',', ': '))

  208. 

  209.         os.chdir(curdir)

  210. 

  211.         return VpnGenError.Success

  212. 

  213.     def remove_vpn(self, vpn_name):

  214.         base_dir = self.get_base_dir(vpn_name)

  215.         conf_file = self.get_config_path(vpn_name)

  216.         if not os.path.exists(base_dir) and not os.path.exists(conf_file):

  217.             return VpnGenError.VpnDoesNotExists

  218.         os.remove(conf_file)

  219.         shutil.rmtree(base_dir)

  220.         return VpnGenError.Success

  221. 

  222.     def create_client(self, vpn_name, client_name, variables):

  223.         base_dir = self.get_base_dir(vpn_name)

  224.         if not os.path.exists(base_dir):

  225.             return VpnGenError.VpnDoesNotExists

  226.         client_dir = self.get_client_dir(vpn_name, client_name)

  227.         if os.path.exists(client_dir):

  228.             return VpnGenError.ClientAlreadyExists

  229. 

  230.         curdir = os.curdir

  231.         easyrsadir = self.get_easy_rsa_dir(vpn_name)

  232.         pkitool = self.get_pkitool_path(vpn_name)

  233.         os.chdir(easyrsadir)

  234. 

  235.         self.setup_vars(vpn_name, variables)

  236.         os.environ["KEY_CN"] = client_name

  237.         os.environ["KEY_NAME"] = client_name

  238. 

  239.         call([pkitool, client_name])

  240. 

  241.         os.chdir(curdir)

  242. 

  243.         os.makedirs(client_dir)

  244. 

  245.         return self.rebuild_client(vpn_name, client_name, variables)

  246. 

  247.     def remove_client(self, vpn_name, client_name):

  248.         base_dir = self.get_base_dir(vpn_name)

  249.         if not os.path.exists(base_dir):

  250.             return VpnGenError.VpnDoesNotExists

  251.         client_dir = self.get_client_dir(vpn_name, client_name)

  252.         if not os.path.exists(client_dir):

  253.             return VpnGenError.ClientDoesNotExists

  254.         return VpnGenError.Success

  255. 

  256.     def rebuild_client(self, vpn_name, client_name, variables):

  257.         client_dir = self.get_client_dir(vpn_name, client_name)

  258.         client_conf_file = self.get_client_config_path(vpn_name, client_name)

  259.         client_default_config_path = self.get_client_default_config_path(vpn_name)

  260.         with open(client_default_config_path, "r") as f:

  261.             client_default_config = f.read()

  262. 

  263.         for variable in variables:

  264.             client_default_config = client_default_config.replace("${%s}" % variable, variables[variable])

  265. 

  266.         files_names = glob.glob("%s%s*" % (client_dir, os.sep))

  267.         for file_name in files_names:

  268.             os.remove(file_name)

  269. 

  270.         with open(client_conf_file, "w") as f:

  271.             f.write(client_default_config)

  272. 

  273.         files_paths = self.get_all_needed_files_paths(vpn_name, client_name)

  274.         for file_path in files_paths:

  275.             split = os.path.splitext(file_path)

  276.             dest = "%s%s-%s%s" % (client_dir, os.path.basename(split[0]), vpn_name, split[1])

  277.             shutil.copy(file_path, dest)

  278. 

  279.         split = os.path.splitext(client_conf_file)

  280.         client_ovpn_file = "%s.ovpn" % split[0]

  281.         shutil.copy(client_conf_file, client_ovpn_file)

  282. 

  283.         files_names = glob.glob("%s%s*" % (client_dir, os.sep))

  284.         files_names = list(map(lambda file_path: os.path.basename(file_path), files_names))

  285. 

  286. 

  287.         call(["tar", "cfj", self.get_client_tarball_path(vpn_name, client_name),

  288.               "-C", client_dir] + files_names)

  289. 

  290.         client_variables = {}

  291.         for variable in self.get_client_vars(vpn_name):

  292.             client_variables[variable] = variables[variable]

  293. 

  294.         with open(self.get_client_variables_path(vpn_name, client_name), "w") as f:

  295.             json.dump({'variables': client_variables}, f, indent=4, separators=(',', ': '))

  296. 

  297.         return VpnGenError.Success