Use sudo instead of a custom script

2019-07-11 14:40:46 +02:00 · 2019-07-11 14:40:46 +02:00 · 3c0434ee1f
parent f73b2c117a
commit 3c0434ee1f
5 changed files with 9 additions and 56 deletions
--- a/iproute/main.go
+++ b/iproute/main.go
@ -1,49 +0,0 @@
-package main
-
-import (
-	"errors"
-	"fmt"
-	"net"
-	"os"
-	"os/exec"
-	"regexp"
-)
-
-func checkArg(args []string, pos int, value string) {
-	if args[pos] != value {
-		fmt.Println(errors.New("invalid command : " + args[pos]))
-		os.Exit(10 + pos)
-	}
-}
-
-func main() {
-	if len(os.Args) != 6 {
-		fmt.Println(errors.New("missing args"), len(os.Args))
-		os.Exit(1)
-	}
-
-	args := os.Args[1:]
-
-	r := regexp.MustCompile("[^a-zA-Z0-9.-]")
-	var ip string
-
-	checkArg(args, 0, "route")
-	checkArg(args, 1, "replace")
-
-	if testip := net.ParseIP(args[2]); testip != nil {
-		ip = testip.String()
-	} else {
-		fmt.Println(errors.New("invalid ip"))
-		os.Exit(2)
-	}
-
-	checkArg(args, 3, "dev")
-
-	dev := r.ReplaceAllString(args[4], "")
-
-	cmd := exec.Command("/bin/ip", "route", "replace", ip, "dev", dev)
-	if err := cmd.Run(); err != nil {
-		fmt.Println(err)
-		os.Exit(3)
-	}
-}
--- a/main.go
+++ b/main.go
@ -40,7 +40,6 @@ func main() {
 	server.cacheDir = config.GetString("config.cacheDir", "")
 	server.authCa = config.GetString("config.authCa", "")
 	server.otpMasterSecrets = parseConfigArray(config, "config.masterSecrets")
-	server.ipRouteScript = config.GetString("config.ipRouteScript", "/bin/ip")

 	if len(server.otpMasterSecrets) == 0 {
 		server.otpMasterSecrets = append(server.otpMasterSecrets, "*******************")
--- a/openvpn-dm-mgt-server.conf.example
+++ b/openvpn-dm-mgt-server.conf.example
@ -78,7 +78,6 @@ config
        }
    }
    openvpnPort:    "127.0.0.1:4000"
-    ipRouteScript:  "/usr/local/bin/iproute"
    http:
    {
        port:       ":8443"
--- a/vpnserver.go
+++ b/vpnserver.go
@ -33,7 +33,6 @@ type OpenVpnMgt struct {
 	newAsTemplate    string
 	cacheDir         string
 	syslog           bool
-	ipRouteScript    string
 	otpMasterSecrets []string
 	hibpClient       *hibp.Client
 	debug            bool
@ -130,7 +129,7 @@ func (s *OpenVpnMgt) Kill(session string, id int) error {
 	if _, ok := s.clients[session][id]; !ok {
 		return errors.New("unknown session id")
 	}
-	err, msg := s.sendCommand([]string{fmt.Sprintf("client-kill %d", id)}, session)
+	err, _ := s.sendCommand([]string{fmt.Sprintf("client-kill %d", id)}, session)
 	return err
 }

--- a/vpnsession.go
+++ b/vpnsession.go
@ -71,8 +71,13 @@ func (c *vpnSession) baseHash(salt string, i int64) string {
 	return fmt.Sprintf("%s%s%s%s", salt, c.Login, c.IP, i)
 }

-func (c *vpnSession) AddRoute(script, ip string) error {
-	cmd := exec.Command(script, "route", "replace", ip, "dev", c.dev)
+func (c *vpnSession) AddRoute(ip string) error {
+	var cmd *exec.Cmd
+	if os.Geteuid() == 0 {
+		cmd = exec.Command("/bin/ip", "route", "replace", ip, "dev", c.dev)
+	} else {
+		cmd = exec.Command("/usr/bin/sudo", "/bin/ip", "route", "replace", ip, "dev", c.dev)
+	}
 	return cmd.Run()
 }

@ -193,7 +198,7 @@ func (c *vpnSession) Auth(s *OpenVpnMgt) {
 			ok = -10
 			err = errIP
 		} else {
-			if err := c.AddRoute(s.ipRouteScript, ip); err != nil {
+			if err := c.AddRoute(ip); err != nil {
 				c.LogPrintln(err)
 			}
 		}