mirror of
https://github.com/Ysurac/openmptcprouter-vps-admin.git
synced 2025-03-09 15:40:05 +00:00
Fix client2client IPs
This commit is contained in:
parent
6cc1a3236a
commit
51d12602df
1 changed files with 24 additions and 13 deletions
37
omr-admin.py
37
omr-admin.py
|
@ -1,4 +1,5 @@
|
||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3
|
||||||
|
#
|
||||||
# Copyright (C) 2018-2019 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
|
# Copyright (C) 2018-2019 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
|
||||||
#
|
#
|
||||||
# This is free software, licensed under the GNU General Public License v3.0.
|
# This is free software, licensed under the GNU General Public License v3.0.
|
||||||
|
@ -39,7 +40,7 @@ from fastapi.openapi.docs import get_swagger_ui_html
|
||||||
from fastapi.openapi.models import OAuthFlows as OAuthFlowsModel
|
from fastapi.openapi.models import OAuthFlows as OAuthFlowsModel
|
||||||
from fastapi.openapi.utils import get_openapi
|
from fastapi.openapi.utils import get_openapi
|
||||||
from fastapi.openapi.models import SecurityBase as SecurityBaseModel
|
from fastapi.openapi.models import SecurityBase as SecurityBaseModel
|
||||||
from pydantic import BaseModel, ValidationError # pylint: disable=E0611
|
from pydantic import BaseModel, ValidationError # pylint: disable=E0611
|
||||||
from starlette.status import HTTP_403_FORBIDDEN
|
from starlette.status import HTTP_403_FORBIDDEN
|
||||||
from starlette.responses import RedirectResponse, Response, JSONResponse
|
from starlette.responses import RedirectResponse, Response, JSONResponse
|
||||||
from starlette.requests import Request
|
from starlette.requests import Request
|
||||||
|
@ -111,13 +112,17 @@ def add_glorytun_tcp(userid):
|
||||||
ip = IPNetwork('10.255.255.0/24')
|
ip = IPNetwork('10.255.255.0/24')
|
||||||
subnets = ip.subnet(30)
|
subnets = ip.subnet(30)
|
||||||
network = list(subnets)[userid]
|
network = list(subnets)[userid]
|
||||||
with open('/etc/glorytun-tcp/tun0', 'r') as f, open('/etc/glorytun-tcp/tun' + str(userid), 'w') as n:
|
with open('/etc/glorytun-tcp/tun0', 'r') as f, \
|
||||||
|
open('/etc/glorytun-tcp/tun' + str(userid), 'w') as n:
|
||||||
for line in f:
|
for line in f:
|
||||||
if 'PORT' in line:
|
if 'PORT' in line:
|
||||||
n.write('PORT=' + port + "\n")
|
n.write('PORT=' + port + "\n")
|
||||||
elif 'DEV' in line:
|
elif 'DEV' in line:
|
||||||
n.write('DEV=tun' + str(userid) + "\n")
|
n.write('DEV=tun' + str(userid) + "\n")
|
||||||
elif not 'LOCALIP' in line and not 'REMOTEIP' in line and not 'BROADCASTIP' in line and not line == "\n":
|
elif (not 'LOCALIP' in line
|
||||||
|
and not 'REMOTEIP' in line
|
||||||
|
and not 'BROADCASTIP' in line
|
||||||
|
and not line == "\n"):
|
||||||
n.write(line)
|
n.write(line)
|
||||||
n.write("\n" + 'LOCALIP=' + str(list(network)[1]) + "\n")
|
n.write("\n" + 'LOCALIP=' + str(list(network)[1]) + "\n")
|
||||||
n.write('REMOTEIP=' + str(list(network)[2]) + "\n")
|
n.write('REMOTEIP=' + str(list(network)[2]) + "\n")
|
||||||
|
@ -139,18 +144,23 @@ def add_glorytun_udp(userid):
|
||||||
ip = IPNetwork('10.255.254.0/24')
|
ip = IPNetwork('10.255.254.0/24')
|
||||||
subnets = ip.subnet(30)
|
subnets = ip.subnet(30)
|
||||||
network = list(subnets)[userid]
|
network = list(subnets)[userid]
|
||||||
with open('/etc/glorytun-udp/tun0', 'r') as f, open('/etc/glorytun-udp/tun' + str(userid), 'w') as n:
|
with open('/etc/glorytun-udp/tun0', 'r') as f, \
|
||||||
|
open('/etc/glorytun-udp/tun' + str(userid), 'w') as n:
|
||||||
for line in f:
|
for line in f:
|
||||||
if 'BIND_PORT' in line:
|
if 'BIND_PORT' in line:
|
||||||
n.write('BIND_PORT=' + port + "\n")
|
n.write('BIND_PORT=' + port + "\n")
|
||||||
elif 'DEV' in line:
|
elif 'DEV' in line:
|
||||||
n.write('DEV=tun' + str(userid) + "\n")
|
n.write('DEV=tun' + str(userid) + "\n")
|
||||||
elif not 'LOCALIP' in line and not 'REMOTEIP' in line and not 'BROADCASTIP' in line and not line == "\n":
|
elif (not 'LOCALIP' in line
|
||||||
|
and not 'REMOTEIP' in line
|
||||||
|
and not 'BROADCASTIP' in line
|
||||||
|
and not line == "\n"):
|
||||||
n.write(line)
|
n.write(line)
|
||||||
n.write("\n" + 'LOCALIP=' + str(list(network)[1]) + "\n")
|
n.write("\n" + 'LOCALIP=' + str(list(network)[1]) + "\n")
|
||||||
n.write('REMOTEIP=' + str(list(network)[2]) + "\n")
|
n.write('REMOTEIP=' + str(list(network)[2]) + "\n")
|
||||||
n.write('BROADCASTIP=' + str(network.broadcast) + "\n")
|
n.write('BROADCASTIP=' + str(network.broadcast) + "\n")
|
||||||
with open('/etc/glorytun-tcp/tun' + str(userid) + '.key', 'r') as f, open('/etc/glorytun-udp/tun' + str(userid) + '.key', 'w') as n:
|
with open('/etc/glorytun-tcp/tun' + str(userid) + '.key', 'r') as f, \
|
||||||
|
open('/etc/glorytun-udp/tun' + str(userid) + '.key', 'w') as n:
|
||||||
for line in f:
|
for line in f:
|
||||||
n.write(line)
|
n.write(line)
|
||||||
os.system("systemctl -q enable glorytun-udp@tun" + str(userid))
|
os.system("systemctl -q enable glorytun-udp@tun" + str(userid))
|
||||||
|
@ -211,9 +221,10 @@ def shorewall_add_port(user, port, proto, name, fwtype='ACCEPT'):
|
||||||
userid = 0
|
userid = 0
|
||||||
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
|
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
|
||||||
fd, tmpfile = mkstemp()
|
fd, tmpfile = mkstemp()
|
||||||
with open('/etc/shorewall/rules', 'r') as f, open(tmpfile, 'a+') as n:
|
with open('/etc/shorewall/rules', 'r') as f, \
|
||||||
|
open(tmpfile, 'a+') as n:
|
||||||
for line in f:
|
for line in f:
|
||||||
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line and not port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto in line:
|
if (fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line and not port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto in line):
|
||||||
n.write(line)
|
n.write(line)
|
||||||
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line and not port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto in line:
|
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line and not port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto in line:
|
||||||
n.write(line)
|
n.write(line)
|
||||||
|
@ -246,7 +257,7 @@ def shorewall_del_port(username, port, proto, name, fwtype='ACCEPT'):
|
||||||
|
|
||||||
def shorewall6_add_port(user, port, proto, name, fwtype='ACCEPT'):
|
def shorewall6_add_port(user, port, proto, name, fwtype='ACCEPT'):
|
||||||
userid = user.userid
|
userid = user.userid
|
||||||
if userid == None:
|
if userid is None:
|
||||||
userid = 0
|
userid = 0
|
||||||
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/rules', 'rb'))).hexdigest()
|
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/rules', 'rb'))).hexdigest()
|
||||||
fd, tmpfile = mkstemp()
|
fd, tmpfile = mkstemp()
|
||||||
|
@ -830,7 +841,7 @@ async def config(current_user: User = Depends(get_current_user)):
|
||||||
if 'vpn' in omr_config_data['users'][0][current_user.username]:
|
if 'vpn' in omr_config_data['users'][0][current_user.username]:
|
||||||
vpn = omr_config_data['users'][0][current_user.username]['vpn']
|
vpn = omr_config_data['users'][0][current_user.username]['vpn']
|
||||||
#vpn = current_user.vpn
|
#vpn = current_user.vpn
|
||||||
if current_user.permissions == 'ro':
|
if user_permissions == 'ro':
|
||||||
del available_vpn
|
del available_vpn
|
||||||
available_vpn = [vpn]
|
available_vpn = [vpn]
|
||||||
|
|
||||||
|
@ -839,8 +850,8 @@ async def config(current_user: User = Depends(get_current_user)):
|
||||||
if 'client2client' in omr_config_data and omr_config_data['client2client']:
|
if 'client2client' in omr_config_data and omr_config_data['client2client']:
|
||||||
client2client = True
|
client2client = True
|
||||||
for users in omr_config_data['users'][0]:
|
for users in omr_config_data['users'][0]:
|
||||||
if 'lanips' in omr_config_data['users'][0][users] and users != current_user.username:
|
if 'lanips' in omr_config_data['users'][0][users] and users != current_user.username and omr_config_data['users'][0][users]['lanips'][0] not in alllanips:
|
||||||
alllanips.append(omr_config_data['users'][0][users]['lanips'])
|
alllanips.append(omr_config_data['users'][0][users]['lanips'][0])
|
||||||
|
|
||||||
shorewall_redirect = "enable"
|
shorewall_redirect = "enable"
|
||||||
with open('/etc/shorewall/rules', 'r') as f:
|
with open('/etc/shorewall/rules', 'r') as f:
|
||||||
|
@ -1527,7 +1538,7 @@ def client2client(*, params: ClienttoClient, current_user: User = Depends(get_cu
|
||||||
os.close(fd)
|
os.close(fd)
|
||||||
move(tmpfile, '/etc/shorewall/policy')
|
move(tmpfile, '/etc/shorewall/policy')
|
||||||
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/policy', 'rb'))).hexdigest()
|
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/policy', 'rb'))).hexdigest()
|
||||||
if not initial_md5 == final_md5:
|
if initial_md5 != final_md5:
|
||||||
os.system("systemctl -q reload shorewall")
|
os.system("systemctl -q reload shorewall")
|
||||||
return {'result': 'done'}
|
return {'result': 'done'}
|
||||||
|
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue