Use sudo instead of a custom script

This commit is contained in:
Xavier Henner 2019-07-11 14:40:46 +02:00
parent f73b2c117a
commit 3c0434ee1f
5 changed files with 9 additions and 56 deletions

View File

@ -1,49 +0,0 @@
package main
import (
"errors"
"fmt"
"net"
"os"
"os/exec"
"regexp"
)
func checkArg(args []string, pos int, value string) {
if args[pos] != value {
fmt.Println(errors.New("invalid command : " + args[pos]))
os.Exit(10 + pos)
}
}
func main() {
if len(os.Args) != 6 {
fmt.Println(errors.New("missing args"), len(os.Args))
os.Exit(1)
}
args := os.Args[1:]
r := regexp.MustCompile("[^a-zA-Z0-9.-]")
var ip string
checkArg(args, 0, "route")
checkArg(args, 1, "replace")
if testip := net.ParseIP(args[2]); testip != nil {
ip = testip.String()
} else {
fmt.Println(errors.New("invalid ip"))
os.Exit(2)
}
checkArg(args, 3, "dev")
dev := r.ReplaceAllString(args[4], "")
cmd := exec.Command("/bin/ip", "route", "replace", ip, "dev", dev)
if err := cmd.Run(); err != nil {
fmt.Println(err)
os.Exit(3)
}
}

View File

@ -40,7 +40,6 @@ func main() {
server.cacheDir = config.GetString("config.cacheDir", "") server.cacheDir = config.GetString("config.cacheDir", "")
server.authCa = config.GetString("config.authCa", "") server.authCa = config.GetString("config.authCa", "")
server.otpMasterSecrets = parseConfigArray(config, "config.masterSecrets") server.otpMasterSecrets = parseConfigArray(config, "config.masterSecrets")
server.ipRouteScript = config.GetString("config.ipRouteScript", "/bin/ip")
if len(server.otpMasterSecrets) == 0 { if len(server.otpMasterSecrets) == 0 {
server.otpMasterSecrets = append(server.otpMasterSecrets, "*******************") server.otpMasterSecrets = append(server.otpMasterSecrets, "*******************")

View File

@ -78,7 +78,6 @@ config
} }
} }
openvpnPort: "127.0.0.1:4000" openvpnPort: "127.0.0.1:4000"
ipRouteScript: "/usr/local/bin/iproute"
http: http:
{ {
port: ":8443" port: ":8443"

View File

@ -33,7 +33,6 @@ type OpenVpnMgt struct {
newAsTemplate string newAsTemplate string
cacheDir string cacheDir string
syslog bool syslog bool
ipRouteScript string
otpMasterSecrets []string otpMasterSecrets []string
hibpClient *hibp.Client hibpClient *hibp.Client
debug bool debug bool
@ -130,7 +129,7 @@ func (s *OpenVpnMgt) Kill(session string, id int) error {
if _, ok := s.clients[session][id]; !ok { if _, ok := s.clients[session][id]; !ok {
return errors.New("unknown session id") return errors.New("unknown session id")
} }
err, msg := s.sendCommand([]string{fmt.Sprintf("client-kill %d", id)}, session) err, _ := s.sendCommand([]string{fmt.Sprintf("client-kill %d", id)}, session)
return err return err
} }

View File

@ -71,8 +71,13 @@ func (c *vpnSession) baseHash(salt string, i int64) string {
return fmt.Sprintf("%s%s%s%s", salt, c.Login, c.IP, i) return fmt.Sprintf("%s%s%s%s", salt, c.Login, c.IP, i)
} }
func (c *vpnSession) AddRoute(script, ip string) error { func (c *vpnSession) AddRoute(ip string) error {
cmd := exec.Command(script, "route", "replace", ip, "dev", c.dev) var cmd *exec.Cmd
if os.Geteuid() == 0 {
cmd = exec.Command("/bin/ip", "route", "replace", ip, "dev", c.dev)
} else {
cmd = exec.Command("/usr/bin/sudo", "/bin/ip", "route", "replace", ip, "dev", c.dev)
}
return cmd.Run() return cmd.Run()
} }
@ -193,7 +198,7 @@ func (c *vpnSession) Auth(s *OpenVpnMgt) {
ok = -10 ok = -10
err = errIP err = errIP
} else { } else {
if err := c.AddRoute(s.ipRouteScript, ip); err != nil { if err := c.AddRoute(ip); err != nil {
c.LogPrintln(err) c.LogPrintln(err)
} }
} }