update
This commit is contained in:
parent
65496cbce9
commit
a82131c8c8
|
|
@ -0,0 +1,100 @@
|
|||
package main
|
||||
|
||||
// get https://www.expressvpn.com/vpn-server
|
||||
// remove everyting starting with >
|
||||
// remove until "Not supported" and after What the green checks mean
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
"net/http"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
)
|
||||
|
||||
func (s *OpenVpnMgt) getServerList() error {
|
||||
var mux sync.Mutex
|
||||
requestCount := 0
|
||||
VPNNames := map[string]bool{}
|
||||
|
||||
// Create HTTP client with timeout
|
||||
client := &http.Client{
|
||||
Timeout: 30 * time.Second,
|
||||
}
|
||||
|
||||
// Make request
|
||||
resp, err := client.Get("https://www.expressvpn.com/vpn-server")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
if resp.StatusCode != 200 {
|
||||
return errors.New(fmt.Sprintf("Server List URL is not valid (%d)\n", resp.StatusCode))
|
||||
}
|
||||
|
||||
buf := bufio.NewReader(bufio.NewReader(resp.Body))
|
||||
start := false
|
||||
for {
|
||||
line, err := buf.ReadString('\n')
|
||||
if err != nil {
|
||||
break
|
||||
}
|
||||
line = strings.Trim(line, "\n\r ")
|
||||
if strings.HasPrefix(line, "<") {
|
||||
continue
|
||||
}
|
||||
if line == "Not supported" {
|
||||
start = true
|
||||
continue
|
||||
}
|
||||
if line == "What the green checks mean" {
|
||||
start = false
|
||||
}
|
||||
if !start {
|
||||
continue
|
||||
}
|
||||
|
||||
if line == "" {
|
||||
continue
|
||||
}
|
||||
|
||||
requestCount++
|
||||
go func(line string) {
|
||||
line = strings.ToLower(line)
|
||||
line = strings.Replace(line, " & ", "", -1)
|
||||
line = strings.Replace(line, " ", "", -1)
|
||||
|
||||
name := fmt.Sprintf("%s-ca-version-2.expressnetw.com", line)
|
||||
if _, err := net.ResolveIPAddr("ip4", name); err == nil {
|
||||
mux.Lock()
|
||||
VPNNames[name] = true
|
||||
mux.Unlock()
|
||||
}
|
||||
requestCount--
|
||||
}(line)
|
||||
}
|
||||
|
||||
// wait for all resolutions
|
||||
for requestCount > 0 {
|
||||
time.Sleep(100 * time.Millisecond)
|
||||
}
|
||||
|
||||
if len(VPNNames) == 0 {
|
||||
return errors.New("Can't get a list of VPN endpoints")
|
||||
}
|
||||
|
||||
// add the right values
|
||||
keys := make([]string, 0, len(VPNNames))
|
||||
for k := range VPNNames {
|
||||
keys = append(keys, k)
|
||||
}
|
||||
|
||||
s.Lock()
|
||||
s.VpnRemotes = keys
|
||||
s.Unlock()
|
||||
return nil
|
||||
}
|
||||
136
httpd.go
136
httpd.go
|
|
@ -1,17 +1,12 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"bytes"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"net/http"
|
||||
"os"
|
||||
)
|
||||
|
||||
type jsonInput struct {
|
||||
|
|
@ -20,18 +15,13 @@ type jsonInput struct {
|
|||
}
|
||||
|
||||
type jsonInputParams struct {
|
||||
Id int `json:"id"`
|
||||
Session string `json:"session"`
|
||||
Server string `json:"server"`
|
||||
Session int `json:"session"`
|
||||
}
|
||||
|
||||
type HttpServer struct {
|
||||
Port string
|
||||
ovpn *OpenVpnMgt
|
||||
key string
|
||||
cert string
|
||||
minProfile string
|
||||
neededProfiles []string
|
||||
certPool *x509.CertPool
|
||||
Port string
|
||||
ovpn *OpenVpnMgt
|
||||
}
|
||||
|
||||
func parseJsonQuery(r *http.Request) (*jsonInput, error) {
|
||||
|
|
@ -52,43 +42,12 @@ func (h *HttpServer) handler(w http.ResponseWriter, r *http.Request) {
|
|||
fmt.Fprintf(w, "\n")
|
||||
}
|
||||
|
||||
func (h *HttpServer) versionHandler(w http.ResponseWriter, r *http.Request) {
|
||||
err, message := h.ovpn.Version()
|
||||
if err != nil {
|
||||
fmt.Fprintf(w, "Error : %s", err)
|
||||
}
|
||||
|
||||
jsonStr, err := json.Marshal(message)
|
||||
if err != nil {
|
||||
fmt.Fprintf(w, "Error : %s", err)
|
||||
}
|
||||
fmt.Fprintf(w, "%s", jsonStr)
|
||||
}
|
||||
|
||||
func (h *HttpServer) helpHandler(w http.ResponseWriter, r *http.Request) {
|
||||
err, message := h.ovpn.Help()
|
||||
if err != nil {
|
||||
fmt.Fprintf(w, "Error : %s", err)
|
||||
}
|
||||
jsonStr, err := json.Marshal(message)
|
||||
if err != nil {
|
||||
fmt.Fprintf(w, "Error : %s", err)
|
||||
}
|
||||
fmt.Fprintf(w, "%s", jsonStr)
|
||||
}
|
||||
|
||||
func (h *HttpServer) ajaxHandler(w http.ResponseWriter, r *http.Request) {
|
||||
//var sslUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageAny}
|
||||
var err error
|
||||
var jsonStr []byte
|
||||
|
||||
w.Header().Set("Content-type", "application/json")
|
||||
|
||||
// deactivate if there is no https auth
|
||||
/*
|
||||
if h.key == "" || h.cert == "" || h.certPool == nil {
|
||||
http.Error(w, "No security, deactivated", 403)
|
||||
return
|
||||
}
|
||||
*/
|
||||
// add CORS headers
|
||||
w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
|
||||
w.Header().Set("Access-Control-Allow-Methods", "POST")
|
||||
|
|
@ -106,27 +65,6 @@ func (h *HttpServer) ajaxHandler(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
// ssl auth
|
||||
/*
|
||||
if len(r.TLS.PeerCertificates) == 0 {
|
||||
log.Println(len(r.TLS.PeerCertificates))
|
||||
http.Error(w, "Need certificate", 403)
|
||||
return
|
||||
}
|
||||
opts := x509.VerifyOptions{Roots: h.certPool, KeyUsages: sslUsage}
|
||||
if _, err := r.TLS.PeerCertificates[0].Verify(opts); err != nil {
|
||||
http.Error(w, "Bad certificate", 403)
|
||||
return
|
||||
}
|
||||
|
||||
webuser := strings.Replace(r.TLS.PeerCertificates[0].Subject.CommonName, " ", "", -1)
|
||||
*/
|
||||
//TODO security
|
||||
|
||||
webuser := "xavier"
|
||||
|
||||
log.Printf("%s is connected via the web interfaces\n", webuser)
|
||||
|
||||
req, err := parseJsonQuery(r)
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
|
|
@ -135,54 +73,40 @@ func (h *HttpServer) ajaxHandler(w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
switch req.Action {
|
||||
case "get-remotes":
|
||||
jsonStr, err = json.Marshal(h.ovpn)
|
||||
case "set-remote":
|
||||
err = h.ovpn.SetRemote(req.Params.Server, req.Params.Session)
|
||||
jsonStr = []byte("{\"status\": \"ok\"}")
|
||||
case "version":
|
||||
err, version := h.ovpn.Version()
|
||||
if err != nil {
|
||||
break
|
||||
}
|
||||
jsonStr, err = json.Marshal(version)
|
||||
case "stats":
|
||||
case "kill":
|
||||
default:
|
||||
http.Error(w, "Invalid request", 500)
|
||||
err = errors.New("Invalid request")
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
http.Error(w, fmt.Sprintf("Error : %s", err), 500)
|
||||
return
|
||||
}
|
||||
fmt.Fprintf(w, "%s", jsonStr)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
func NewHTTPServer(port, key, cert, ca, minProfile string, neededProfiles []string, s *OpenVpnMgt) {
|
||||
func NewHTTPServer(port string, s *OpenVpnMgt) {
|
||||
h := &HttpServer{
|
||||
Port: port,
|
||||
ovpn: s,
|
||||
key: key,
|
||||
cert: cert,
|
||||
minProfile: minProfile,
|
||||
neededProfiles: neededProfiles,
|
||||
Port: port,
|
||||
ovpn: s,
|
||||
}
|
||||
|
||||
http.HandleFunc("/help", h.helpHandler)
|
||||
http.HandleFunc("/ajax", h.ajaxHandler)
|
||||
http.HandleFunc("/version", h.versionHandler)
|
||||
http.HandleFunc("/", h.handler)
|
||||
|
||||
switch {
|
||||
case key == "" || cert == "":
|
||||
log.Fatal(http.ListenAndServe(port, nil))
|
||||
case ca != "":
|
||||
h.certPool = x509.NewCertPool()
|
||||
fi, err := os.Open(ca)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
defer fi.Close()
|
||||
buf := new(bytes.Buffer)
|
||||
reader := bufio.NewReader(fi)
|
||||
io.Copy(buf, reader)
|
||||
if ok := h.certPool.AppendCertsFromPEM(buf.Bytes()); !ok {
|
||||
log.Fatal("Failed to append PEM.")
|
||||
}
|
||||
server := &http.Server{
|
||||
Addr: port,
|
||||
TLSConfig: &tls.Config{
|
||||
ClientAuth: tls.RequireAndVerifyClientCert,
|
||||
ClientCAs: h.certPool,
|
||||
},
|
||||
}
|
||||
log.Fatal(server.ListenAndServeTLS(cert, key))
|
||||
default:
|
||||
log.Fatal(http.ListenAndServeTLS(port, cert, key, nil))
|
||||
}
|
||||
log.Fatal(http.ListenAndServe(port, nil))
|
||||
}
|
||||
|
|
|
|||
25
main.go
25
main.go
|
|
@ -29,34 +29,23 @@ func main() {
|
|||
// seed the prng
|
||||
rand.Seed(time.Now().UnixNano())
|
||||
|
||||
server := NewVPNServer(config.GetString("config.openvpnPort", "127.0.0.01:5000"))
|
||||
server := NewVPNServer(config.GetString("config.openvpnPort", "127.0.0.01:5000"), *debug)
|
||||
|
||||
server.syslog = false
|
||||
if *logToSyslog {
|
||||
log.SetFlags(0)
|
||||
server.syslog = true
|
||||
logWriter, e := syslog.New(syslog.LOG_NOTICE, "vpnauth")
|
||||
logWriter, e := syslog.New(syslog.LOG_NOTICE, "vpncontrol")
|
||||
if e == nil {
|
||||
log.SetOutput(logWriter)
|
||||
defer logWriter.Close()
|
||||
}
|
||||
}
|
||||
|
||||
server.debug = false
|
||||
if *debug {
|
||||
server.debug = true
|
||||
}
|
||||
|
||||
log.Println(getServerList("https://www.expressvpn.com/vpn-server"))
|
||||
|
||||
// time to start the listeners
|
||||
go server.Run()
|
||||
NewHTTPServer(
|
||||
go NewHTTPServer(
|
||||
config.GetString("config.http.port", "127.0.0.01:8080"),
|
||||
config.GetString("config.http.key", ""),
|
||||
config.GetString("config.http.cert", ""),
|
||||
config.GetString("config.http.ca", ""),
|
||||
config.GetString("config.http.startAuth", "CORP"),
|
||||
parseConfigArray(config, "config.http.reqAuth"),
|
||||
server)
|
||||
server.Run()
|
||||
|
||||
// server.Run() should never end
|
||||
os.Exit(1)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,113 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"fmt"
|
||||
"net"
|
||||
"sync"
|
||||
)
|
||||
|
||||
type OpenVpnSrv struct {
|
||||
Remote string `json:"active-vpn"`
|
||||
Status string `json:"status"`
|
||||
hold bool
|
||||
chanHold chan bool
|
||||
m sync.RWMutex
|
||||
ret chan []string
|
||||
buf *bufio.ReadWriter
|
||||
}
|
||||
|
||||
func (s *OpenVpnSrv) Lock() {
|
||||
s.m.Lock()
|
||||
}
|
||||
|
||||
func (s *OpenVpnSrv) Unlock() {
|
||||
s.m.Unlock()
|
||||
}
|
||||
|
||||
func NewOpenVpnSrv(conn net.Conn) *OpenVpnSrv {
|
||||
return &OpenVpnSrv{
|
||||
buf: bufio.NewReadWriter(bufio.NewReader(conn), bufio.NewWriter(conn)),
|
||||
hold: false,
|
||||
chanHold: make(chan bool),
|
||||
ret: make(chan []string),
|
||||
}
|
||||
}
|
||||
|
||||
// send a command to the server. Set the channel to receive the response
|
||||
func (s *OpenVpnSrv) sendCommand(msg []string) (error, []string) {
|
||||
for _, line := range msg {
|
||||
if _, err := s.buf.WriteString(line + "\r\n"); err != nil {
|
||||
return err, nil
|
||||
}
|
||||
}
|
||||
|
||||
if err := s.buf.Flush(); err != nil {
|
||||
return err, nil
|
||||
}
|
||||
|
||||
// wait for the response
|
||||
ret := <-s.ret
|
||||
|
||||
return nil, ret
|
||||
}
|
||||
|
||||
func (s *OpenVpnSrv) Response(response []string) {
|
||||
s.Lock()
|
||||
s.ret <- response
|
||||
s.Unlock()
|
||||
}
|
||||
|
||||
func (s *OpenVpnSrv) GetLine() (string, error) {
|
||||
return s.buf.ReadString('\n')
|
||||
}
|
||||
|
||||
func (s *OpenVpnSrv) ValidRemote(server, port, proto string) {
|
||||
if s.Remote != "" {
|
||||
s.sendCommand([]string{fmt.Sprintf("remote MOD %s %s %s", s.Remote, port, proto)})
|
||||
s.Status = "Connected"
|
||||
return
|
||||
}
|
||||
s.Remote = server
|
||||
s.sendCommand([]string{"remote ACCEPT"})
|
||||
}
|
||||
|
||||
func (s *OpenVpnSrv) Kill() {
|
||||
}
|
||||
|
||||
func (s *OpenVpnSrv) Version() (error, []string) {
|
||||
return s.sendCommand([]string{"version"})
|
||||
}
|
||||
|
||||
func (s *OpenVpnSrv) SetRemote(server string) error {
|
||||
// already the active server, do nothing
|
||||
if s.Remote == server {
|
||||
return nil
|
||||
}
|
||||
|
||||
if s.Remote != "" {
|
||||
s.Kill()
|
||||
}
|
||||
|
||||
s.Remote = server
|
||||
|
||||
// release Hold if necessary
|
||||
s.ReleaseHold()
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *OpenVpnSrv) waitForRelase() {
|
||||
s.hold = true
|
||||
s.Status = "Hold"
|
||||
<-s.chanHold
|
||||
s.sendCommand([]string{"hold release"})
|
||||
}
|
||||
|
||||
func (s *OpenVpnSrv) ReleaseHold() {
|
||||
if !s.hold {
|
||||
return
|
||||
}
|
||||
s.hold = false
|
||||
s.chanHold <- true
|
||||
s.Status = "Waiting for connexion"
|
||||
}
|
||||
71
vpnlist.go
71
vpnlist.go
|
|
@ -1,71 +0,0 @@
|
|||
package main
|
||||
|
||||
// get https://www.expressvpn.com/vpn-server
|
||||
// remove everyting starting with >
|
||||
// remove until "Not supported" and after What the green checks mean
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"fmt"
|
||||
"net"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
func getServerList(url string) []string {
|
||||
ret := []string{}
|
||||
// Create HTTP client with timeout
|
||||
client := &http.Client{
|
||||
Timeout: 30 * time.Second,
|
||||
}
|
||||
|
||||
// Make request
|
||||
response, err := client.Get(url)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
return nil
|
||||
}
|
||||
defer response.Body.Close()
|
||||
|
||||
buf := bufio.NewReader(bufio.NewReader(response.Body))
|
||||
start := false
|
||||
for {
|
||||
line, err := buf.ReadString('\n')
|
||||
if err != nil {
|
||||
break
|
||||
}
|
||||
line = strings.Trim(line, "\n\r ")
|
||||
if strings.HasPrefix(line, "<") {
|
||||
continue
|
||||
}
|
||||
if line == "Not supported" {
|
||||
start = true
|
||||
continue
|
||||
}
|
||||
if line == "What the green checks mean" {
|
||||
start = false
|
||||
}
|
||||
if !start {
|
||||
continue
|
||||
}
|
||||
|
||||
if line == "" {
|
||||
continue
|
||||
}
|
||||
|
||||
// france-paris-1-ca-version-2.expressnetw.com
|
||||
line = strings.ToLower(line)
|
||||
line = strings.ReplaceAll(line, " & ", "")
|
||||
line = strings.ReplaceAll(line, " ", "")
|
||||
|
||||
name := fmt.Sprintf("%s-ca-version-2.expressnetw.com", line)
|
||||
fmt.Println(name)
|
||||
|
||||
if _, err := net.ResolveIPAddr("ip4", name); err == nil {
|
||||
ret = append(ret, name)
|
||||
}
|
||||
}
|
||||
|
||||
return ret
|
||||
}
|
||||
162
vpnserver.go
162
vpnserver.go
|
|
@ -1,12 +1,12 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"log"
|
||||
"net"
|
||||
"os"
|
||||
"strconv"
|
||||
"strings"
|
||||
"sync"
|
||||
|
||||
|
|
@ -15,37 +15,50 @@ import (
|
|||
|
||||
// Server represents the server
|
||||
type OpenVpnMgt struct {
|
||||
port string
|
||||
buf map[string]*bufio.ReadWriter
|
||||
m sync.RWMutex
|
||||
ret chan []string
|
||||
syslog bool
|
||||
debug bool
|
||||
hold bool
|
||||
port string
|
||||
m sync.RWMutex
|
||||
debug bool
|
||||
VpnRemotes []string `json:"remotes"`
|
||||
vpnServers map[int]*OpenVpnSrv `json:"sessions"`
|
||||
}
|
||||
|
||||
// NewServer returns a pointer to a new server
|
||||
func NewVPNServer(port string) *OpenVpnMgt {
|
||||
func NewVPNServer(port string, debug bool) *OpenVpnMgt {
|
||||
return &OpenVpnMgt{
|
||||
port: port,
|
||||
ret: make(chan []string),
|
||||
buf: make(map[string]*bufio.ReadWriter),
|
||||
port: port,
|
||||
debug: debug,
|
||||
vpnServers: make(map[int]*OpenVpnSrv),
|
||||
}
|
||||
}
|
||||
|
||||
func (s *OpenVpnMgt) Lock() {
|
||||
s.m.Lock()
|
||||
}
|
||||
|
||||
func (s *OpenVpnMgt) Unlock() {
|
||||
s.m.Unlock()
|
||||
}
|
||||
|
||||
// Run starts a the server
|
||||
func (s *OpenVpnMgt) Run() {
|
||||
|
||||
// get the endpoint list
|
||||
if err := s.getServerList(); err != nil {
|
||||
log.Println(err)
|
||||
return
|
||||
}
|
||||
|
||||
// Resolve the passed port into an address
|
||||
addrs, err := net.ResolveTCPAddr("tcp", s.port)
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
os.Exit(1)
|
||||
return
|
||||
}
|
||||
// start listening to client connections
|
||||
listener, err := net.ListenTCP("tcp", addrs)
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
os.Exit(1)
|
||||
return
|
||||
}
|
||||
// Infinite loop since we dont want the server to shut down
|
||||
for {
|
||||
|
|
@ -60,86 +73,59 @@ func (s *OpenVpnMgt) Run() {
|
|||
}
|
||||
}
|
||||
|
||||
// send a command to the server. Set the channel to receive the response
|
||||
func (s *OpenVpnMgt) sendCommand(msg []string, remote string) (error, []string) {
|
||||
if len(s.buf) == 0 {
|
||||
return errors.New("No openvpn server present"), nil
|
||||
func (s *OpenVpnMgt) GetSession(remote int) (error, *OpenVpnSrv) {
|
||||
if vpnServer, ok := s.vpnServers[remote]; ok {
|
||||
return nil, vpnServer
|
||||
}
|
||||
for _, line := range msg {
|
||||
if s.debug {
|
||||
log.Println(line)
|
||||
}
|
||||
if _, err := s.buf[remote].WriteString(line + "\r\n"); err != nil {
|
||||
return err, nil
|
||||
}
|
||||
}
|
||||
|
||||
if err := s.buf[remote].Flush(); err != nil {
|
||||
return err, nil
|
||||
}
|
||||
|
||||
// wait for the response
|
||||
ret := <-s.ret
|
||||
|
||||
if s.debug {
|
||||
for _, line := range ret {
|
||||
log.Println(line)
|
||||
}
|
||||
}
|
||||
|
||||
return nil, ret
|
||||
return errors.New(fmt.Sprintf("unknown session %d", vpnServers)), nil
|
||||
}
|
||||
|
||||
// send the help command on all vpn servers. Kind of useless
|
||||
func (s *OpenVpnMgt) Help() (error, map[string]map[string]string) {
|
||||
ret := make(map[string]map[string]string)
|
||||
re := rcache.Get("^(.*[^ ]) *: (.*)$")
|
||||
for remote := range s.buf {
|
||||
help := make(map[string]string)
|
||||
err, msg := s.sendCommand([]string{"help"}, remote)
|
||||
if err != nil {
|
||||
return err, ret
|
||||
}
|
||||
for _, line := range msg {
|
||||
match := re.FindStringSubmatch(line)
|
||||
if len(match) == 0 {
|
||||
continue
|
||||
}
|
||||
help[match[1]] = match[2]
|
||||
}
|
||||
ret[remote] = help
|
||||
func (s *OpenVpnMgt) SetRemote(server string, remote int) error {
|
||||
// check if the session is valid
|
||||
err, session := s.GetSession(remote)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil, ret
|
||||
|
||||
for _, r := range s.VpnRemotes {
|
||||
if r != server {
|
||||
continue
|
||||
}
|
||||
return session.SetRemote(server)
|
||||
}
|
||||
|
||||
return errors.New(fmt.Sprintf("unknown remote %s", server))
|
||||
}
|
||||
|
||||
// send the version command on all vpn servers. Kind of useless
|
||||
func (s *OpenVpnMgt) Version() (error, map[string][]string) {
|
||||
ret := make(map[string][]string)
|
||||
for remote := range s.buf {
|
||||
err, msg := s.sendCommand([]string{"version"}, remote)
|
||||
if err != nil {
|
||||
return err, ret
|
||||
func (s *OpenVpnMgt) Version() (error, map[int][]string) {
|
||||
var err error
|
||||
ret := make(map[int][]string)
|
||||
for remote, srv := range s.vpnServers {
|
||||
err, msg := srv.Version()
|
||||
if err == nil {
|
||||
ret[remote] = msg
|
||||
}
|
||||
ret[remote] = msg
|
||||
}
|
||||
return nil, ret
|
||||
return err, ret
|
||||
}
|
||||
|
||||
// main loop for a given openvpn server
|
||||
func (s *OpenVpnMgt) handleConn(conn net.Conn) {
|
||||
remote := conn.RemoteAddr().String()
|
||||
pidRegexp := rcache.Get("^SUCCESS: pid=([0-9]+)$")
|
||||
// >REMOTE:vpn.example.com,1194,udp
|
||||
remoteRegexp := rcache.Get("^>REMOTE:(.*),([0-9]*),(.*)$")
|
||||
|
||||
defer conn.Close()
|
||||
defer delete(s.buf, remote)
|
||||
|
||||
// we store the buffer pointer in the struct, to be accessed from other methods
|
||||
s.buf[remote] = bufio.NewReadWriter(bufio.NewReader(conn), bufio.NewWriter(conn))
|
||||
vpnServer := NewOpenVpnSrv(conn)
|
||||
|
||||
// most response are multilined, use response to concatenate them
|
||||
response := []string{}
|
||||
|
||||
// remove bogus clients
|
||||
line, err := s.buf[remote].ReadString('\n')
|
||||
line, err := vpnServer.session.GetLine()
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
return
|
||||
|
|
@ -151,8 +137,10 @@ func (s *OpenVpnMgt) handleConn(conn net.Conn) {
|
|||
|
||||
log.Printf("Valid openvpn connected from %s\n", remote)
|
||||
|
||||
go session.sendCommand([]string{"pid"})
|
||||
|
||||
for {
|
||||
line, err := s.buf[remote].ReadString('\n')
|
||||
line, err := session.GetLine()
|
||||
|
||||
// manage basic errors
|
||||
switch {
|
||||
|
|
@ -165,6 +153,10 @@ func (s *OpenVpnMgt) handleConn(conn net.Conn) {
|
|||
}
|
||||
line = strings.Trim(line, "\n\r ")
|
||||
|
||||
if s.debug && strings.Index(line, "password") == -1 {
|
||||
log.Print(line)
|
||||
}
|
||||
|
||||
// manage exit commands
|
||||
for _, terminator := range []string{"quit", "exit"} {
|
||||
if line == terminator || strings.HasPrefix(line, terminator+" ") {
|
||||
|
|
@ -173,28 +165,36 @@ func (s *OpenVpnMgt) handleConn(conn net.Conn) {
|
|||
}
|
||||
}
|
||||
|
||||
// get the PID
|
||||
match := pidRegexp.FindStringSubmatch(line)
|
||||
if len(match) == 2 {
|
||||
pid, _ := strconv.Atoi(match[1])
|
||||
s.Lock()
|
||||
s.vpnServers[pid] = vpnServer
|
||||
s.Unlock()
|
||||
defer delete(s.vpnServers, pid)
|
||||
}
|
||||
|
||||
// manage all "terminator" lines
|
||||
for _, terminator := range []string{"END", ">CLIENT:ENV,END", "SUCCESS", "ERROR"} {
|
||||
if strings.HasPrefix(line, terminator) {
|
||||
s.ret <- response
|
||||
vpnServer.Response(response)
|
||||
response = nil
|
||||
line = ""
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
remoteMatch := remoteRegexp.FindStringSubmatch(line)
|
||||
switch {
|
||||
// command successfull, we can ignore
|
||||
case strings.HasPrefix(line, ">SUCCESS: client-deny command succeeded"):
|
||||
case strings.HasPrefix(line, ">HOLD"):
|
||||
s.sendCommand([]string{"hold release"}, remote)
|
||||
case strings.HasPrefix(line, ">REMOTE"):
|
||||
s.sendCommand([]string{"remote ACCEPT"}, remote)
|
||||
go vpnServer.waitForRelase()
|
||||
case len(remoteMatch) > 0:
|
||||
go vpnServer.ValidRemote(remoteMatch[1], remoteMatch[2], remoteMatch[3])
|
||||
default:
|
||||
response = append(response, line)
|
||||
}
|
||||
if s.debug && strings.Index(line, "password") == -1 {
|
||||
log.Print(line)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue