vpnmanager/manager/views.py

507 lines
16 KiB
Python

from django.shortcuts import render, get_object_or_404, redirect
from django.http import HttpResponse
from django.contrib.auth.forms import AuthenticationForm
from django.db.models import Q
from django.views.decorators.csrf import csrf_exempt
from django.utils import timezone
from django.core.files import File
from django.db.models.fields.files import FieldFile
from .models import Device, Organization, Network, Model, Wifi
from distutils.dir_util import copy_tree
import glob
import sys
import subprocess
import os
import socket
import tempfile
import crypt
import tarfile
import datetime
def index(request):
if request.user.is_authenticated:
return redirect("/devices")
else:
return redirect("/accounts/login")
@csrf_exempt
def heartbeat(request):
device = get_object_or_404(Device, secret=request.POST.get("secret", ""))
ip = request.POST.get("ip", "")
if device.update:
device.reboot = False
code = """
. /etc/vpnsecret
if /usr/bin/wget -O/tmp/update.bin https://admin360.kumi.host/update --post-data "secret=$SECRET" --no-check-certificate 2>/var/log/wget;
then
/sbin/sysupgrade -F -n /tmp/update.bin
fi
"""
elif device.lastbeat < device.changed:
code = """
. /etc/vpnsecret
if /usr/bin/wget -O/tmp/wireless.in https://admin360.kumi.host/wireless --post-data "secret=$SECRET" --no-check-certificate 2>/var/log/wget;
then
while read p
do
echo $p >/tmp/wireless.line
if /bin/grep wifi-iface /tmp/wireless.line && ! /bin/grep radio /tmp/wireless.line;
then
break
fi
echo $p >>/tmp/wireless.og
done </etc/config/wireless
/bin/cat /tmp/wireless.in >>/tmp/wireless.og
/bin/cp /tmp/wireless.og /etc/config/wireless
/sbin/uci commit /etc/config/wireless
/bin/rm /tmp/wireless.*
fi
"""
device.lastbeat = timezone.now()
elif device.reboot:
code = "/sbin/reboot"
else:
code = ""
device.lastbeat = timezone.now()
if ip:
device.lasttime = timezone.now()
device.curip = ip
device.save()
return HttpResponse(code)
def makewificonfig(device):
output = ""
i = 1
for wifi in device.wifi.all():
output += """config wifi-iface
option network 'wwan%i'
option ssid '%s'
option encryption 'psk2'
option device 'radio1'
option mode 'sta'
option key '%s'
""" % (i, wifi.ssid, wifi.key)
i += 1
return output
@csrf_exempt
def wireless(request):
device = get_object_or_404(Device, secret=request.POST.get("secret", ""))
return HttpResponse(makewificonfig(device))
@csrf_exempt
def hosts(request):
device = get_object_or_404(Device, secret=request.POST.get("secret", ""))
device.reboot = False
device.save()
return render(request, "manager/hosts", {"device": device})
def mkfirmware(device, path):
if device.firmware and device.firmware > device.model.firmware and device.firmware > device.changed and glob.glob("%s/%s.bin" % (path, device.id)):
return True
BEFORE = os.getcwd()
DEVICEDIR = "/opt/vpnmanager/device-config/%i/" % device.model.id
SRCDIR = "/opt/vpnmanager/imagebuilder/%i/" % device.model.id
if glob.glob(SRCDIR + "/.kumilock"):
return False
with open(SRCDIR + "/.kumilock", "w") as lock:
lock.write("")
tempdir = tempfile.TemporaryDirectory()
copy_tree(DEVICEDIR, tempdir.name)
# Write OpenVPN config
with open(tempdir.name + "/etc/openvpn/client.conf", "w") as vpnconf:
vpnconf.write(device.vpnconfig)
# Write secret
with open(tempdir.name + "/etc/vpnsecret", "w") as secret:
secret.write('SECRET="%s"' % device.secret)
# Write password
with open(tempdir.name + "/etc/shadow", "r") as shadow:
password = crypt.crypt(device.password, crypt.mksalt(crypt.METHOD_MD5))
shadowin = shadow.read()
with open(tempdir.name + "/etc/shadow", "w") as shadowout:
shadowout.write(shadowin.replace("$PASSWORD", password))
# Write Wireless config
with open(tempdir.name + "/etc/config/wireless", "r") as wireless:
wirein = wireless.read()
with open(tempdir.name + "/etc/config/wireless", "w") as wireout:
wire = wirein.replace("$SSID", device.serial)
wireout.write(wire + "\n" + makewificonfig(device))
'''
# Generate .tar.gz file
with tarfile.open(tempdir.name + ".tar.gz", "w:gz") as tar:
tar.add(tempdir.name, arcname=os.path.sep)
with open(tempdir.name + ".tar.gz", "rb") as download:
response = HttpResponse(download.read(), content_type="application/tar+gzip")
response['Content-Disposition'] = 'inline; filename=' + os.path.basename(device.serial + ".tar.gz")
return response
'''
# Create compilation environment
os.system("rm -rf " + SRCDIR + "/files/")
os.mkdir(SRCDIR + "/files/")
os.system("cp -r " + tempdir.name + "/* " + SRCDIR + "/files/")
tempdir.cleanup()
os.system("rm " + SRCDIR + "/bin/targets/ar71xx/generic/*")
# Build image
os.chdir(SRCDIR)
try:
subprocess.call(["/usr/bin/make"])
except:
os.remove(SRCDIR + "/.kumilock")
os.chdir(BEFORE)
return False
os.chdir(BEFORE)
os.rename(glob.glob(SRCDIR + "/bin/targets/ar71xx/generic/*squashfs-sysupgrade.bin")[0], "%s/%s.bin" % (path, device.id))
os.remove(SRCDIR + "/.kumilock")
os.system("rm -rf " + SRCDIR + "/files/")
os.system("rm " + SRCDIR + "/bin/targets/ar71xx/generic/*")
device.firmware = datetime.datetime.now()
device.save()
return True
@csrf_exempt
def update(request):
FWDIR = "/opt/vpnmanager/images/"
device = get_object_or_404(Device, secret=request.POST.get("secret", ""))
if not mkfirmware(device, FWDIR):
return HttpResponse(status=503)
device.update = False
device.save()
with open("%s/%s.bin" % (FWDIR, device.id), "rb") as download:
response = HttpResponse(download.read(), content_type="application/octet-stream")
response['Content-Disposition'] = 'inline; filename=%s.bin' % device.serial
return response
def ping(request, device_id):
if request.user.is_authenticated:
device = None
ajax = '{\n "status": '
for organization in Organization.objects.filter(users=request.user):
device = device or Device.objects.filter(id=device_id, organization=organization)
if not device:
ajax += "-1"
else:
try:
socket.inet_aton(device[0].curip)
ajax += str(int(not os.WEXITSTATUS(os.system("ping -c1 -w1 " + device[0].curip + " > /dev/null 2>&1"))))
ajax += ',\n "serial": "%s"' % device[0].serial
ajax += ',\n "name": "%s"' % device[0].name if device[0].name else ""
ajax += ',\n "ip": "%s"' % device[0].curip
ajax += ',\n "time": "%s"' % device[0].lasttime
ajax += ',\n "lastbeat": "%s"' % device[0].lastbeat
ajax += ',\n "reboot": %i' % (1 if device[0].reboot else 0)
ajax += ',\n "update": %i' % (1 if device[0].update else 0)
ajax += ',\n "network": {'
ajax += '\n "intip": "%s"' % device[0].network.intip
ajax += ',\n "extip": "%s"' % device[0].network.extip
ajax += ',\n "name": "%s"' % device[0].network.name
ajax += '\n }'
except:
ajax += "-3"
else:
ajax += "-2"
ajax += "\n}"
return HttpResponse(ajax, content_type="application/json")
def devices(request):
if request.user.is_authenticated:
user = request.user
devices = set()
wifis = set()
orga = ", ".join([x.__str__() for x in Organization.objects.filter(users=user)])
for organization in Organization.objects.filter(users=user):
for device in Device.objects.filter(organization=organization):
devices.add(device)
for wifi in Wifi.objects.filter(organization=organization):
wifis.add(wifi)
return render(request, "manager/index.html",
{
"title": "Device Administration",
"user": user,
"organization": orga,
"devices": sorted(devices, key=lambda x: x.__str__()),
"wifis": wifis
}
)
else:
return redirect("/")
def editdevice(request, device_id):
if request.user.is_authenticated:
device = None
subnets = set()
wifis = set()
for organization in Organization.objects.filter(users=request.user):
device = device or Device.objects.filter(id=device_id, organization=organization)
if not device:
return redirect("/")
for subnet in Network.objects.filter(organizations=device[0].organization):
subnets.add(subnet)
for wifi in Wifi.objects.filter(organization=device[0].organization):
wifis.add(wifi)
if request.POST.get("subnet", ""):
subnet = Network.objects.filter(intip=request.POST.get("subnet", device[0].network.intip if device[0].network else "No VPN"))
if subnet[0] in subnets:
device[0].name = request.POST.get("name", "")
device[0].network = subnet[0]
device[0].reboot = True if request.POST.get("reboot", "0") == "True" else False
device[0].update = True if request.POST.get("update", "0") == "True" else False
device[0].wifi.set(request.POST.getlist("wifi", []))
device[0].changed = timezone.now()
device[0].save()
return redirect("/")
return render(request, "manager/edit.html",
{
"title": "Edit Device",
"device": device[0],
"subnets": subnets,
"user": request.user,
"wifis": wifis,
"curfis": Wifi.objects.filter(device=device[0])
}
)
else:
return redirect("/")
def editwifi(request, wifi_id):
if not request.user.is_authenticated:
return redirect("/")
wifi = None
for organization in Organization.objects.filter(users=request.user):
wifi = wifi or Wifi.objects.filter(id=wifi_id, organization=organization)
if not wifi:
return redirect("/")
if request.POST.get("serial", ""):
wifi[0].serial = request.POST.get("serial", "")
wifi[0].ssid = request.POST.get("ssid", "")
wifi[0].key = request.POST.get("key", "")
wifi[0].save()
return redirect("/")
return render(request, "manager/editwifi.html",
{
"title": "Edit WiFi",
"wifi": wifi[0]
}
)
def getconfig(request, device_id):
FWDIR = "/opt/vpnmanager/images/"
if not request.user.is_superuser:
return redirect("/")
device = get_object_or_404(Device, id=device_id)
if not mkfirmware(device, FWDIR):
return HttpResponse("Something went wrong generating the firmware image. The server may be busy, please try again later.")
device.update = False
device.save()
with open("%s/%s.bin" % (FWDIR, device.id), "rb") as download:
response = HttpResponse(download.read(), content_type="application/octet-stream")
response['Content-Disposition'] = 'inline; filename=%s.bin' % device.serial
return response
def rebootdevice(request, device_id):
if request.user.is_authenticated:
device = None
for organization in Organization.objects.filter(users=request.user):
device = device or Device.objects.filter(id=device_id, organization=organization)
if device:
device[0].reboot = True
device[0].save()
return redirect("/")
def updatedevice(request, device_id):
if request.user.is_staff:
device = None
for organization in Organization.objects.filter(users=request.user):
device = device or Device.objects.filter(id=device_id, organization=organization)
if device:
device[0].update = True
device[0].save()
return redirect("/")
def deletedevice(request, device_id):
if request.user.is_superuser:
CADIR = "/etc/openvpn/ca/"
BEFORE = os.getcwd()
device = get_object_or_404(Device, id=device_id)
os.chdir(CADIR)
subprocess.call(CADIR + "/revoke " + device.serial, shell=True)
os.system("rm " + CADIR + "/keys/" + device.serial + ".{crt,csr,key}")
os.chdir(BEFORE)
device.delete()
return redirect("/")
def deletewifi(request, wifi_id):
if request.user.is_staff:
wifi = get_object_or_404(Wifi, id=wifi_id)
for organization in Organization.objects.filter(users=request.user):
if organization == wifi.organization:
wifi.delete()
break
return redirect("/")
def makewifi(request):
wifi_serial = request.POST.get("serial", "")
wifi_ssid = request.POST.get("ssid", "")
wifi_key = request.POST.get("key", "")
wifi_organization = request.POST.get("organization", "")
if not request.user.is_staff:
return redirect("/")
if not wifi_serial:
orga = Organization.objects.filter(users=request.user)
return render(request, "manager/addwifi.html",
{
"title": "Add WiFi",
"organizations": orga
}
)
wifi = Wifi.objects.create(
serial = wifi_serial,
ssid = wifi_ssid,
key = wifi_key,
organization = Organization.objects.filter(id=wifi_organization)[0]
)
return redirect("/")
def makedevice(request):
CADIR = "/etc/openvpn/ca/"
CONFIGDIR = "/etc/openvpn/client-configs/"
BEFORE = os.getcwd()
device_serial = request.POST.get("serial", "")
device_name = request.POST.get("name", "")
device_organization = request.POST.get("organization", "")
device_model = request.POST.get("model", "")
if not request.user.is_superuser:
return redirect("/")
if not device_serial:
orga = Organization.objects.all()
models = Model.objects.all()
return render(request, "manager/add.html",
{
"title": "Add Device",
"organizations": orga,
"models": models
}
)
if glob.glob(CADIR + "/keys/" + device_serial + "*"):
return HttpResponse("This key already exists.")
os.chdir(CADIR)
if subprocess.call(CADIR + "/generate-key " + device_serial, shell=True):
os.chdir(BEFORE)
return HttpResponse("Something went wrong trying to generate the key.")
if glob.glob(CONFIGDIR + "/files/" + device_serial + "*"):
os.chdir(BEFORE)
return HttpResponse("This configuration file already exists.")
os.chdir(CONFIGDIR)
if subprocess.call(CONFIGDIR + "/make_config " + device_serial, shell=True):
os.chdir(BEFORE)
return HttpResponse("Something went wrong trying to generate the config file.")
os.chdir(BEFORE)
device = Device.objects.create(
serial=device_serial,
name=device_name,
model=Model.objects.filter(id=device_model)[0],
network=Network.objects.filter(intip="No VPN")[0],
organization=Organization.objects.filter(id=device_organization)[0],
vpnconfig = open(CONFIGDIR + "/files/" + device_serial + ".ovpn").read()
)
return redirect("/")