Merge pull request #37 from wzooff/feat/add-custom-client-config-template
add option to specify custom user template path
This commit is contained in:
commit
ace42f729e
3 changed files with 320 additions and 282 deletions
24
.editorconfig
Normal file
24
.editorconfig
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
|
||||||
|
; https://editorconfig.org/
|
||||||
|
|
||||||
|
root = true
|
||||||
|
|
||||||
|
[*]
|
||||||
|
insert_final_newline = true
|
||||||
|
charset = utf-8
|
||||||
|
trim_trailing_whitespace = true
|
||||||
|
indent_style = space
|
||||||
|
indent_size = 2
|
||||||
|
|
||||||
|
[{Makefile,go.mod,go.sum,*.go,.gitmodules}]
|
||||||
|
indent_style = tab
|
||||||
|
indent_size = 4
|
||||||
|
|
||||||
|
[*.md]
|
||||||
|
indent_size = 4
|
||||||
|
trim_trailing_whitespace = false
|
||||||
|
|
||||||
|
eclint_indent_style = unset
|
||||||
|
|
||||||
|
[Dockerfile]
|
||||||
|
indent_size = 4
|
|
@ -94,6 +94,9 @@ Flags:
|
||||||
path to easyrsa index file.
|
path to easyrsa index file.
|
||||||
--ccd Enable client-config-dir.
|
--ccd Enable client-config-dir.
|
||||||
--ccd.path="./ccd" path to client-config-dir
|
--ccd.path="./ccd" path to client-config-dir
|
||||||
|
--templates.clientconfig-path=""
|
||||||
|
path to custom client.config.tpl file
|
||||||
|
--templates.ccd-path="" path to custom ccd.tpl file
|
||||||
--auth.password Enable additional password authorization.
|
--auth.password Enable additional password authorization.
|
||||||
--auth.db="./easyrsa/pki/users.db"
|
--auth.db="./easyrsa/pki/users.db"
|
||||||
Database path fort password authorization.
|
Database path fort password authorization.
|
||||||
|
|
55
main.go
55
main.go
|
@ -5,9 +5,6 @@ import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/prometheus/client_golang/prometheus"
|
|
||||||
"github.com/prometheus/client_golang/prometheus/promhttp"
|
|
||||||
"gopkg.in/alecthomas/kingpin.v2"
|
|
||||||
"log"
|
"log"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
@ -19,6 +16,10 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/gobuffalo/packr/v2"
|
"github.com/gobuffalo/packr/v2"
|
||||||
|
"github.com/prometheus/client_golang/prometheus"
|
||||||
|
"github.com/prometheus/client_golang/prometheus/promhttp"
|
||||||
|
|
||||||
|
"gopkg.in/alecthomas/kingpin.v2"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -32,7 +33,7 @@ const (
|
||||||
indexTxtDateLayout = "060102150405Z"
|
indexTxtDateLayout = "060102150405Z"
|
||||||
stringDateFormat = "2006-01-02 15:04:05"
|
stringDateFormat = "2006-01-02 15:04:05"
|
||||||
ovpnStatusDateLayout = "2006-01-02 15:04:05"
|
ovpnStatusDateLayout = "2006-01-02 15:04:05"
|
||||||
version = "1.6.2"
|
version = "1.6.3"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
@ -52,6 +53,8 @@ var (
|
||||||
indexTxtPath = kingpin.Flag("easyrsa.index-path", "path to easyrsa index file.").Default("./easyrsa/pki/index.txt").String()
|
indexTxtPath = kingpin.Flag("easyrsa.index-path", "path to easyrsa index file.").Default("./easyrsa/pki/index.txt").String()
|
||||||
ccdEnabled = kingpin.Flag("ccd", "Enable client-config-dir.").Default("false").Bool()
|
ccdEnabled = kingpin.Flag("ccd", "Enable client-config-dir.").Default("false").Bool()
|
||||||
ccdDir = kingpin.Flag("ccd.path", "path to client-config-dir").Default("./ccd").String()
|
ccdDir = kingpin.Flag("ccd.path", "path to client-config-dir").Default("./ccd").String()
|
||||||
|
clientConfigTemplatePath = kingpin.Flag("templates.clientconfig-path", "path to custom client.conf.tpl").Default("").String()
|
||||||
|
ccdTemplatePath = kingpin.Flag("templates.ccd-path", "path to custom ccd.tpl").Default("").String()
|
||||||
authByPassword = kingpin.Flag("auth.password", "Enable additional password authorization.").Default("false").Bool()
|
authByPassword = kingpin.Flag("auth.password", "Enable additional password authorization.").Default("false").Bool()
|
||||||
authDatabase = kingpin.Flag("auth.db", "Database path fort password authorization.").Default("./easyrsa/pki/users.db").String()
|
authDatabase = kingpin.Flag("auth.db", "Database path fort password authorization.").Default("./easyrsa/pki/users.db").String()
|
||||||
debug = kingpin.Flag("debug", "Enable debug mode.").Default("false").Bool()
|
debug = kingpin.Flag("debug", "Enable debug mode.").Default("false").Bool()
|
||||||
|
@ -59,11 +62,9 @@ var (
|
||||||
|
|
||||||
certsArchivePath = "/tmp/" + certsArchiveFileName
|
certsArchivePath = "/tmp/" + certsArchiveFileName
|
||||||
ccdArchivePath = "/tmp/" + ccdArchiveFileName
|
ccdArchivePath = "/tmp/" + ccdArchiveFileName
|
||||||
|
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
|
||||||
ovpnServerCertExpire = prometheus.NewGauge(prometheus.GaugeOpts{
|
ovpnServerCertExpire = prometheus.NewGauge(prometheus.GaugeOpts{
|
||||||
Name: "ovpn_server_cert_expire",
|
Name: "ovpn_server_cert_expire",
|
||||||
Help: "openvpn server certificate expire time in days",
|
Help: "openvpn server certificate expire time in days",
|
||||||
|
@ -134,7 +135,6 @@ var (
|
||||||
},
|
},
|
||||||
[]string{"client"},
|
[]string{"client"},
|
||||||
)
|
)
|
||||||
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type OvpnAdmin struct {
|
type OvpnAdmin struct {
|
||||||
|
@ -376,7 +376,6 @@ func main() {
|
||||||
kingpin.Version(version)
|
kingpin.Version(version)
|
||||||
kingpin.Parse()
|
kingpin.Parse()
|
||||||
|
|
||||||
|
|
||||||
ovpnAdmin := new(OvpnAdmin)
|
ovpnAdmin := new(OvpnAdmin)
|
||||||
ovpnAdmin.lastSyncTime = "unknown"
|
ovpnAdmin.lastSyncTime = "unknown"
|
||||||
ovpnAdmin.role = *serverRole
|
ovpnAdmin.role = *serverRole
|
||||||
|
@ -524,6 +523,18 @@ func renderIndexTxt(data []indexTxtLine) string {
|
||||||
return indexTxt
|
return indexTxt
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (oAdmin *OvpnAdmin) getClientConfigTemplate() *template.Template {
|
||||||
|
if *clientConfigTemplatePath != "" {
|
||||||
|
return template.Must(template.ParseFiles(*clientConfigTemplatePath))
|
||||||
|
} else {
|
||||||
|
clientConfigTpl, clientConfigTplErr := oAdmin.templates.FindString("client.conf.tpl")
|
||||||
|
if clientConfigTplErr != nil {
|
||||||
|
log.Println("ERROR: clientConfigTpl not found in templates box")
|
||||||
|
}
|
||||||
|
return template.Must(template.New("client-config").Parse(clientConfigTpl))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func (oAdmin *OvpnAdmin) renderClientConfig(username string) string {
|
func (oAdmin *OvpnAdmin) renderClientConfig(username string) string {
|
||||||
if checkUserExist(username) {
|
if checkUserExist(username) {
|
||||||
var hosts []OpenvpnServer
|
var hosts []OpenvpnServer
|
||||||
|
@ -544,12 +555,8 @@ func (oAdmin *OvpnAdmin) renderClientConfig(username string) string {
|
||||||
conf.TLS = fRead(*easyrsaDirPath + "/pki/ta.key")
|
conf.TLS = fRead(*easyrsaDirPath + "/pki/ta.key")
|
||||||
conf.PasswdAuth = *authByPassword
|
conf.PasswdAuth = *authByPassword
|
||||||
|
|
||||||
clientConfigTpl, clientConfigTplErr := oAdmin.templates.FindString("client.conf.tpl")
|
t := oAdmin.getClientConfigTemplate()
|
||||||
if clientConfigTplErr != nil {
|
|
||||||
log.Println("ERROR: clientConfigTpl not found in templates box")
|
|
||||||
}
|
|
||||||
|
|
||||||
t := template.Must(template.New("client-config").Parse(clientConfigTpl))
|
|
||||||
var tmp bytes.Buffer
|
var tmp bytes.Buffer
|
||||||
err := t.Execute(&tmp, conf)
|
err := t.Execute(&tmp, conf)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -568,6 +575,18 @@ func (oAdmin *OvpnAdmin) renderClientConfig(username string) string {
|
||||||
return fmt.Sprintf("User \"%s\" not found", username)
|
return fmt.Sprintf("User \"%s\" not found", username)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (oAdmin *OvpnAdmin) getCcdTemplate() *template.Template {
|
||||||
|
if *ccdTemplatePath != "" {
|
||||||
|
return template.Must(template.ParseFiles(*ccdTemplatePath))
|
||||||
|
} else {
|
||||||
|
ccdTpl, ccdTplErr := oAdmin.templates.FindString("ccd.tpl")
|
||||||
|
if ccdTplErr != nil {
|
||||||
|
log.Printf("ERROR: ccdTpl not found in templates box")
|
||||||
|
}
|
||||||
|
return template.Must(template.New("ccd").Parse(ccdTpl))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func (oAdmin *OvpnAdmin) parseCcd(username string) Ccd {
|
func (oAdmin *OvpnAdmin) parseCcd(username string) Ccd {
|
||||||
ccd := Ccd{}
|
ccd := Ccd{}
|
||||||
ccd.User = username
|
ccd.User = username
|
||||||
|
@ -601,14 +620,7 @@ func (oAdmin *OvpnAdmin) modifyCcd(ccd Ccd) (bool, string) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if ccdValid {
|
if ccdValid {
|
||||||
ccdTpl, ccdTplErr := oAdmin.templates.FindString("ccd.tpl")
|
t := oAdmin.getCcdTemplate()
|
||||||
if ccdTplErr != nil {
|
|
||||||
ccdErr = "ccdTpl not found in templates box"
|
|
||||||
log.Printf("ERROR: %s\n",ccdErr)
|
|
||||||
return false, ccdErr
|
|
||||||
}
|
|
||||||
|
|
||||||
t := template.Must(template.New("ccd").Parse(ccdTpl))
|
|
||||||
var tmp bytes.Buffer
|
var tmp bytes.Buffer
|
||||||
tplErr := t.Execute(&tmp, ccd)
|
tplErr := t.Execute(&tmp, ccd)
|
||||||
if tplErr != nil {
|
if tplErr != nil {
|
||||||
|
@ -924,7 +936,6 @@ func (oAdmin *OvpnAdmin) userUnrevoke(username string) string {
|
||||||
return fmt.Sprintf("{\"msg\":\"User \"%s\" not found\"}", username)
|
return fmt.Sprintf("{\"msg\":\"User \"%s\" not found\"}", username)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
func (oAdmin *OvpnAdmin) mgmtRead(conn net.Conn) string {
|
func (oAdmin *OvpnAdmin) mgmtRead(conn net.Conn) string {
|
||||||
buf := make([]byte, 32768)
|
buf := make([]byte, 32768)
|
||||||
bufLen, _ := conn.Read(buf)
|
bufLen, _ := conn.Read(buf)
|
||||||
|
|
Loading…
Reference in a new issue