1
0
Fork 0
mirror of synced 2024-12-21 21:51:10 -05:00

Merge pull request from wzooff/feat/add-custom-client-config-template

add option to specify custom user template path
This commit is contained in:
Ilya Sosnovsky 2021-10-05 15:08:17 +03:00 committed by GitHub
commit ace42f729e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 320 additions and 282 deletions

24
.editorconfig Normal file
View file

@ -0,0 +1,24 @@
; https://editorconfig.org/
root = true
[*]
insert_final_newline = true
charset = utf-8
trim_trailing_whitespace = true
indent_style = space
indent_size = 2
[{Makefile,go.mod,go.sum,*.go,.gitmodules}]
indent_style = tab
indent_size = 4
[*.md]
indent_size = 4
trim_trailing_whitespace = false
eclint_indent_style = unset
[Dockerfile]
indent_size = 4

View file

@ -94,6 +94,9 @@ Flags:
path to easyrsa index file. path to easyrsa index file.
--ccd Enable client-config-dir. --ccd Enable client-config-dir.
--ccd.path="./ccd" path to client-config-dir --ccd.path="./ccd" path to client-config-dir
--templates.clientconfig-path=""
path to custom client.config.tpl file
--templates.ccd-path="" path to custom ccd.tpl file
--auth.password Enable additional password authorization. --auth.password Enable additional password authorization.
--auth.db="./easyrsa/pki/users.db" --auth.db="./easyrsa/pki/users.db"
Database path fort password authorization. Database path fort password authorization.

55
main.go
View file

@ -5,9 +5,6 @@ import (
"bytes" "bytes"
"encoding/json" "encoding/json"
"fmt" "fmt"
"github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promhttp"
"gopkg.in/alecthomas/kingpin.v2"
"log" "log"
"net" "net"
"net/http" "net/http"
@ -19,6 +16,10 @@ import (
"time" "time"
"github.com/gobuffalo/packr/v2" "github.com/gobuffalo/packr/v2"
"github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promhttp"
"gopkg.in/alecthomas/kingpin.v2"
) )
const ( const (
@ -32,7 +33,7 @@ const (
indexTxtDateLayout = "060102150405Z" indexTxtDateLayout = "060102150405Z"
stringDateFormat = "2006-01-02 15:04:05" stringDateFormat = "2006-01-02 15:04:05"
ovpnStatusDateLayout = "2006-01-02 15:04:05" ovpnStatusDateLayout = "2006-01-02 15:04:05"
version = "1.6.2" version = "1.6.3"
) )
var ( var (
@ -52,6 +53,8 @@ var (
indexTxtPath = kingpin.Flag("easyrsa.index-path", "path to easyrsa index file.").Default("./easyrsa/pki/index.txt").String() indexTxtPath = kingpin.Flag("easyrsa.index-path", "path to easyrsa index file.").Default("./easyrsa/pki/index.txt").String()
ccdEnabled = kingpin.Flag("ccd", "Enable client-config-dir.").Default("false").Bool() ccdEnabled = kingpin.Flag("ccd", "Enable client-config-dir.").Default("false").Bool()
ccdDir = kingpin.Flag("ccd.path", "path to client-config-dir").Default("./ccd").String() ccdDir = kingpin.Flag("ccd.path", "path to client-config-dir").Default("./ccd").String()
clientConfigTemplatePath = kingpin.Flag("templates.clientconfig-path", "path to custom client.conf.tpl").Default("").String()
ccdTemplatePath = kingpin.Flag("templates.ccd-path", "path to custom ccd.tpl").Default("").String()
authByPassword = kingpin.Flag("auth.password", "Enable additional password authorization.").Default("false").Bool() authByPassword = kingpin.Flag("auth.password", "Enable additional password authorization.").Default("false").Bool()
authDatabase = kingpin.Flag("auth.db", "Database path fort password authorization.").Default("./easyrsa/pki/users.db").String() authDatabase = kingpin.Flag("auth.db", "Database path fort password authorization.").Default("./easyrsa/pki/users.db").String()
debug = kingpin.Flag("debug", "Enable debug mode.").Default("false").Bool() debug = kingpin.Flag("debug", "Enable debug mode.").Default("false").Bool()
@ -59,11 +62,9 @@ var (
certsArchivePath = "/tmp/" + certsArchiveFileName certsArchivePath = "/tmp/" + certsArchiveFileName
ccdArchivePath = "/tmp/" + ccdArchiveFileName ccdArchivePath = "/tmp/" + ccdArchiveFileName
) )
var ( var (
ovpnServerCertExpire = prometheus.NewGauge(prometheus.GaugeOpts{ ovpnServerCertExpire = prometheus.NewGauge(prometheus.GaugeOpts{
Name: "ovpn_server_cert_expire", Name: "ovpn_server_cert_expire",
Help: "openvpn server certificate expire time in days", Help: "openvpn server certificate expire time in days",
@ -134,7 +135,6 @@ var (
}, },
[]string{"client"}, []string{"client"},
) )
) )
type OvpnAdmin struct { type OvpnAdmin struct {
@ -376,7 +376,6 @@ func main() {
kingpin.Version(version) kingpin.Version(version)
kingpin.Parse() kingpin.Parse()
ovpnAdmin := new(OvpnAdmin) ovpnAdmin := new(OvpnAdmin)
ovpnAdmin.lastSyncTime = "unknown" ovpnAdmin.lastSyncTime = "unknown"
ovpnAdmin.role = *serverRole ovpnAdmin.role = *serverRole
@ -524,6 +523,18 @@ func renderIndexTxt(data []indexTxtLine) string {
return indexTxt return indexTxt
} }
func (oAdmin *OvpnAdmin) getClientConfigTemplate() *template.Template {
if *clientConfigTemplatePath != "" {
return template.Must(template.ParseFiles(*clientConfigTemplatePath))
} else {
clientConfigTpl, clientConfigTplErr := oAdmin.templates.FindString("client.conf.tpl")
if clientConfigTplErr != nil {
log.Println("ERROR: clientConfigTpl not found in templates box")
}
return template.Must(template.New("client-config").Parse(clientConfigTpl))
}
}
func (oAdmin *OvpnAdmin) renderClientConfig(username string) string { func (oAdmin *OvpnAdmin) renderClientConfig(username string) string {
if checkUserExist(username) { if checkUserExist(username) {
var hosts []OpenvpnServer var hosts []OpenvpnServer
@ -544,12 +555,8 @@ func (oAdmin *OvpnAdmin) renderClientConfig(username string) string {
conf.TLS = fRead(*easyrsaDirPath + "/pki/ta.key") conf.TLS = fRead(*easyrsaDirPath + "/pki/ta.key")
conf.PasswdAuth = *authByPassword conf.PasswdAuth = *authByPassword
clientConfigTpl, clientConfigTplErr := oAdmin.templates.FindString("client.conf.tpl") t := oAdmin.getClientConfigTemplate()
if clientConfigTplErr != nil {
log.Println("ERROR: clientConfigTpl not found in templates box")
}
t := template.Must(template.New("client-config").Parse(clientConfigTpl))
var tmp bytes.Buffer var tmp bytes.Buffer
err := t.Execute(&tmp, conf) err := t.Execute(&tmp, conf)
if err != nil { if err != nil {
@ -568,6 +575,18 @@ func (oAdmin *OvpnAdmin) renderClientConfig(username string) string {
return fmt.Sprintf("User \"%s\" not found", username) return fmt.Sprintf("User \"%s\" not found", username)
} }
func (oAdmin *OvpnAdmin) getCcdTemplate() *template.Template {
if *ccdTemplatePath != "" {
return template.Must(template.ParseFiles(*ccdTemplatePath))
} else {
ccdTpl, ccdTplErr := oAdmin.templates.FindString("ccd.tpl")
if ccdTplErr != nil {
log.Printf("ERROR: ccdTpl not found in templates box")
}
return template.Must(template.New("ccd").Parse(ccdTpl))
}
}
func (oAdmin *OvpnAdmin) parseCcd(username string) Ccd { func (oAdmin *OvpnAdmin) parseCcd(username string) Ccd {
ccd := Ccd{} ccd := Ccd{}
ccd.User = username ccd.User = username
@ -601,14 +620,7 @@ func (oAdmin *OvpnAdmin) modifyCcd(ccd Ccd) (bool, string) {
} }
if ccdValid { if ccdValid {
ccdTpl, ccdTplErr := oAdmin.templates.FindString("ccd.tpl") t := oAdmin.getCcdTemplate()
if ccdTplErr != nil {
ccdErr = "ccdTpl not found in templates box"
log.Printf("ERROR: %s\n",ccdErr)
return false, ccdErr
}
t := template.Must(template.New("ccd").Parse(ccdTpl))
var tmp bytes.Buffer var tmp bytes.Buffer
tplErr := t.Execute(&tmp, ccd) tplErr := t.Execute(&tmp, ccd)
if tplErr != nil { if tplErr != nil {
@ -924,7 +936,6 @@ func (oAdmin *OvpnAdmin) userUnrevoke(username string) string {
return fmt.Sprintf("{\"msg\":\"User \"%s\" not found\"}", username) return fmt.Sprintf("{\"msg\":\"User \"%s\" not found\"}", username)
} }
func (oAdmin *OvpnAdmin) mgmtRead(conn net.Conn) string { func (oAdmin *OvpnAdmin) mgmtRead(conn net.Conn) string {
buf := make([]byte, 32768) buf := make([]byte, 32768)
bufLen, _ := conn.Read(buf) bufLen, _ := conn.Read(buf)