1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

Add openvpn-status.log support

This commit is contained in:
Lauri Võsandi 2017-01-26 21:59:12 +00:00
parent 1925207a6d
commit 1ec5ad3b7c
4 changed files with 44 additions and 7 deletions

View File

@ -75,7 +75,7 @@ class SessionResource(object):
) if req.context.get("user").is_admin() else None,
features=dict(
tagging=config.TAGGING_BACKEND,
leases=False, #config.LEASES_BACKEND,
leases=config.LEASES_BACKEND,
logging=config.LOGGING_BACKEND))
@ -122,7 +122,7 @@ def certidude_app():
from .revoked import RevocationListResource
from .signed import SignedCertificateListResource, SignedCertificateDetailResource
from .request import RequestListResource, RequestDetailResource
from .lease import LeaseResource
from .lease import LeaseResource, StatusFileLeaseResource
from .whois import WhoisResource
from .tag import TagResource, TagDetailResource
from .cfg import ConfigResource, ScriptResource
@ -140,8 +140,11 @@ def certidude_app():
app.add_route("/api/", SessionResource())
# Gateway API calls, should this be moved to separate project?
app.add_route("/api/lease/", LeaseResource())
app.add_route("/api/whois/", WhoisResource())
if config.LEASES_BACKEND == "openvpn-status":
app.add_route("/api/lease/", StatusFileLeaseResource(config.OPENVPN_STATUS_URI))
elif config.LEASES_BACKEND == "sql":
app.add_route("/api/lease/", LeaseResource())
app.add_route("/api/whois/", WhoisResource())
# Optional user enrollment API call
if config.USER_CERTIFICATE_ENROLLMENT:

View File

@ -28,6 +28,27 @@ def parse_dn(data):
return ", ".join(generate())
class StatusFileLeaseResource(object):
def __init__(self, uri):
self.uri = uri
@serialize
@login_required
@authorize_admin
def on_get(self, req, resp):
from openvpn_status import parse_status
from urllib import urlopen
fh = urlopen(self.uri)
status = parse_status(fh.read())
for cn, e in status.routing_table.items():
yield {
"acquired": status.client_list[cn].connected_since,
"released": None,
"address": e.virtual_address,
"identity": "CN=%s" % cn, # BUGBUG
}
class LeaseResource(object):
@serialize
@login_required

View File

@ -68,6 +68,8 @@ TAGGING_BACKEND = cp.get("tagging", "backend")
LOGGING_BACKEND = cp.get("logging", "backend")
LEASES_BACKEND = cp.get("leases", "backend")
OPENVPN_STATUS_URI = cp.get("leases", "openvpn status uri")
if "whitelist" == AUTHORIZATION_BACKEND:
USERS_WHITELIST = set([j for j in cp.get("authorization", "users whitelist").split(" ") if j])

View File

@ -60,9 +60,20 @@ backend = sql
database = sqlite://{{ directory }}/db.sqlite
[leases]
backend = sql
schema = strongswan
database = sqlite://{{ directory }}/db.sqlite
[leases]
backend =
;backend = sql
;schema = strongswan
;database = sqlite://{{ directory }}/db.sqlite
# Following was used on an OpenWrt router
# uci set openvpn.s2c.status=/www/status.log
# uci commit; touch /www/status.log; chmod 755 /www/status.log
;backend = openvpn-status
;openvpn status uri = /var/log/openvpn-status.log
openvpn status uri = http://router.example.com/status.log
[signature]
certificate lifetime = {{ certificate_lifetime }}