1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-vps-admin.git synced 2025-03-09 15:40:05 +00:00

Fix client2client IPs

This commit is contained in:
Ycarus 2020-03-05 15:02:20 +01:00
parent 6cc1a3236a
commit 51d12602df

View file

@ -1,4 +1,5 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
#
# Copyright (C) 2018-2019 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> # Copyright (C) 2018-2019 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
# #
# This is free software, licensed under the GNU General Public License v3.0. # This is free software, licensed under the GNU General Public License v3.0.
@ -39,7 +40,7 @@ from fastapi.openapi.docs import get_swagger_ui_html
from fastapi.openapi.models import OAuthFlows as OAuthFlowsModel from fastapi.openapi.models import OAuthFlows as OAuthFlowsModel
from fastapi.openapi.utils import get_openapi from fastapi.openapi.utils import get_openapi
from fastapi.openapi.models import SecurityBase as SecurityBaseModel from fastapi.openapi.models import SecurityBase as SecurityBaseModel
from pydantic import BaseModel, ValidationError # pylint: disable=E0611 from pydantic import BaseModel, ValidationError # pylint: disable=E0611
from starlette.status import HTTP_403_FORBIDDEN from starlette.status import HTTP_403_FORBIDDEN
from starlette.responses import RedirectResponse, Response, JSONResponse from starlette.responses import RedirectResponse, Response, JSONResponse
from starlette.requests import Request from starlette.requests import Request
@ -111,13 +112,17 @@ def add_glorytun_tcp(userid):
ip = IPNetwork('10.255.255.0/24') ip = IPNetwork('10.255.255.0/24')
subnets = ip.subnet(30) subnets = ip.subnet(30)
network = list(subnets)[userid] network = list(subnets)[userid]
with open('/etc/glorytun-tcp/tun0', 'r') as f, open('/etc/glorytun-tcp/tun' + str(userid), 'w') as n: with open('/etc/glorytun-tcp/tun0', 'r') as f, \
open('/etc/glorytun-tcp/tun' + str(userid), 'w') as n:
for line in f: for line in f:
if 'PORT' in line: if 'PORT' in line:
n.write('PORT=' + port + "\n") n.write('PORT=' + port + "\n")
elif 'DEV' in line: elif 'DEV' in line:
n.write('DEV=tun' + str(userid) + "\n") n.write('DEV=tun' + str(userid) + "\n")
elif not 'LOCALIP' in line and not 'REMOTEIP' in line and not 'BROADCASTIP' in line and not line == "\n": elif (not 'LOCALIP' in line
and not 'REMOTEIP' in line
and not 'BROADCASTIP' in line
and not line == "\n"):
n.write(line) n.write(line)
n.write("\n" + 'LOCALIP=' + str(list(network)[1]) + "\n") n.write("\n" + 'LOCALIP=' + str(list(network)[1]) + "\n")
n.write('REMOTEIP=' + str(list(network)[2]) + "\n") n.write('REMOTEIP=' + str(list(network)[2]) + "\n")
@ -139,18 +144,23 @@ def add_glorytun_udp(userid):
ip = IPNetwork('10.255.254.0/24') ip = IPNetwork('10.255.254.0/24')
subnets = ip.subnet(30) subnets = ip.subnet(30)
network = list(subnets)[userid] network = list(subnets)[userid]
with open('/etc/glorytun-udp/tun0', 'r') as f, open('/etc/glorytun-udp/tun' + str(userid), 'w') as n: with open('/etc/glorytun-udp/tun0', 'r') as f, \
open('/etc/glorytun-udp/tun' + str(userid), 'w') as n:
for line in f: for line in f:
if 'BIND_PORT' in line: if 'BIND_PORT' in line:
n.write('BIND_PORT=' + port + "\n") n.write('BIND_PORT=' + port + "\n")
elif 'DEV' in line: elif 'DEV' in line:
n.write('DEV=tun' + str(userid) + "\n") n.write('DEV=tun' + str(userid) + "\n")
elif not 'LOCALIP' in line and not 'REMOTEIP' in line and not 'BROADCASTIP' in line and not line == "\n": elif (not 'LOCALIP' in line
and not 'REMOTEIP' in line
and not 'BROADCASTIP' in line
and not line == "\n"):
n.write(line) n.write(line)
n.write("\n" + 'LOCALIP=' + str(list(network)[1]) + "\n") n.write("\n" + 'LOCALIP=' + str(list(network)[1]) + "\n")
n.write('REMOTEIP=' + str(list(network)[2]) + "\n") n.write('REMOTEIP=' + str(list(network)[2]) + "\n")
n.write('BROADCASTIP=' + str(network.broadcast) + "\n") n.write('BROADCASTIP=' + str(network.broadcast) + "\n")
with open('/etc/glorytun-tcp/tun' + str(userid) + '.key', 'r') as f, open('/etc/glorytun-udp/tun' + str(userid) + '.key', 'w') as n: with open('/etc/glorytun-tcp/tun' + str(userid) + '.key', 'r') as f, \
open('/etc/glorytun-udp/tun' + str(userid) + '.key', 'w') as n:
for line in f: for line in f:
n.write(line) n.write(line)
os.system("systemctl -q enable glorytun-udp@tun" + str(userid)) os.system("systemctl -q enable glorytun-udp@tun" + str(userid))
@ -211,9 +221,10 @@ def shorewall_add_port(user, port, proto, name, fwtype='ACCEPT'):
userid = 0 userid = 0
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest() initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
fd, tmpfile = mkstemp() fd, tmpfile = mkstemp()
with open('/etc/shorewall/rules', 'r') as f, open(tmpfile, 'a+') as n: with open('/etc/shorewall/rules', 'r') as f, \
open(tmpfile, 'a+') as n:
for line in f: for line in f:
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line and not port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto in line: if (fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line and not port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto in line):
n.write(line) n.write(line)
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line and not port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto in line: elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line and not port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto in line:
n.write(line) n.write(line)
@ -246,7 +257,7 @@ def shorewall_del_port(username, port, proto, name, fwtype='ACCEPT'):
def shorewall6_add_port(user, port, proto, name, fwtype='ACCEPT'): def shorewall6_add_port(user, port, proto, name, fwtype='ACCEPT'):
userid = user.userid userid = user.userid
if userid == None: if userid is None:
userid = 0 userid = 0
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/rules', 'rb'))).hexdigest() initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/rules', 'rb'))).hexdigest()
fd, tmpfile = mkstemp() fd, tmpfile = mkstemp()
@ -830,7 +841,7 @@ async def config(current_user: User = Depends(get_current_user)):
if 'vpn' in omr_config_data['users'][0][current_user.username]: if 'vpn' in omr_config_data['users'][0][current_user.username]:
vpn = omr_config_data['users'][0][current_user.username]['vpn'] vpn = omr_config_data['users'][0][current_user.username]['vpn']
#vpn = current_user.vpn #vpn = current_user.vpn
if current_user.permissions == 'ro': if user_permissions == 'ro':
del available_vpn del available_vpn
available_vpn = [vpn] available_vpn = [vpn]
@ -839,8 +850,8 @@ async def config(current_user: User = Depends(get_current_user)):
if 'client2client' in omr_config_data and omr_config_data['client2client']: if 'client2client' in omr_config_data and omr_config_data['client2client']:
client2client = True client2client = True
for users in omr_config_data['users'][0]: for users in omr_config_data['users'][0]:
if 'lanips' in omr_config_data['users'][0][users] and users != current_user.username: if 'lanips' in omr_config_data['users'][0][users] and users != current_user.username and omr_config_data['users'][0][users]['lanips'][0] not in alllanips:
alllanips.append(omr_config_data['users'][0][users]['lanips']) alllanips.append(omr_config_data['users'][0][users]['lanips'][0])
shorewall_redirect = "enable" shorewall_redirect = "enable"
with open('/etc/shorewall/rules', 'r') as f: with open('/etc/shorewall/rules', 'r') as f:
@ -1527,7 +1538,7 @@ def client2client(*, params: ClienttoClient, current_user: User = Depends(get_cu
os.close(fd) os.close(fd)
move(tmpfile, '/etc/shorewall/policy') move(tmpfile, '/etc/shorewall/policy')
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/policy', 'rb'))).hexdigest() final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/policy', 'rb'))).hexdigest()
if not initial_md5 == final_md5: if initial_md5 != final_md5:
os.system("systemctl -q reload shorewall") os.system("systemctl -q reload shorewall")
return {'result': 'done'} return {'result': 'done'}