diff --git a/ReleaseNotes.txt b/ReleaseNotes.txt index 0b430ef..6fb70d7 100644 --- a/ReleaseNotes.txt +++ b/ReleaseNotes.txt @@ -1,13 +1,15 @@ ------------------------------------------------------------------------------------------------------------------------------------ -Network Tools V 1.2.0 - A. GIBERT - 2026/04/xx +Network Tools V 1.2.0 - A. GIBERT - 2026/04/20 ------------------------------------------------------------------------------------------------------------------------------------ - Split repository to remove the Rx3 configuration part and push it to rx3-config repo, - Switch this repository to public, - Migrate Network Tools to the new Rx3 Base Bash library, +- Move usr/lib, usr/sbin & var/www to lib, sbin & www, +- Add dns_host_update() to dns library, - Add RPM Spec & bash completion files, -- Move install dir form /usr/locla to usr, -- Support now rx3-base 1.1.1. +- Move install dir form /usr/local to usr, +- Support now rx3-base 1.1.2. diff --git a/SPECS/network_tools.spec b/SPECS/network_tools.spec new file mode 100644 index 0000000..7175e09 --- /dev/null +++ b/SPECS/network_tools.spec @@ -0,0 +1,188 @@ +#----------------------------------------------------------------------------------------------------------------------------------- +# +# Network Tools +# +# Copyright (C) 2025-2026 Arnaud G. GIBERT +# mailto:arnaud@rx3.net +# +# This is free software: you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; If not, see +# . +# +#----------------------------------------------------------------------------------------------------------------------------------- + + + +%define name network_tools +%define version 1.2.0 +%define release %mkrel 1rx3 + +%global debug_package %{nil} + +%global _webdir %{_localstatedir}/www +%global _webcgi %{_webdir}/cgi-bin +%global _webhtml %{_webdir}/html + + + +Name: %{name} +Version: %{version} +Release: %{release} +Summary: Rx3 Network Tools +License: GPL +URL: https://git.rx3.org/gitea/rx3/%{name} + +Source0: https://git.rx3.org/gitea/rx3/%{name}/archive/%{name}-%{version}.tar.gz + +Distribution: Rx3 Free Software +Vendor: Rx3 +Packager: Arnaud G. GIBERT + +BuildArch: noarch + +Requires: rx3-base + +%description +These tools aims to manage network operation on Rx3 systems. This include: + - Boot time network setup, + - Comand line management tools, + - Web interface tools. + +The following topics are tageted: + - Virtual network interface, + - VPN, + - Proxy, + - Port forwarding, + - Dynamic DNS. + +This release support IPTables and OpenVPN. + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Prep +#----------------------------------------------------------------------------------------------------------------------------------- + +%prep +%setup -q -n %{name} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Build +#----------------------------------------------------------------------------------------------------------------------------------- + +%build + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Install +#----------------------------------------------------------------------------------------------------------------------------------- + +%install + +# Config +%{__mkdir_p} %{buildroot}%{_sysconfdir}/sysconfig +cp etc/sysconfig/* %{buildroot}%{_sysconfdir}/sysconfig + +# SystemD +%{__mkdir_p} %{buildroot}%{_unitdir} +cp etc/systemd/system/* %{buildroot}%{_unitdir} + + +# Bash completion +%{__mkdir_p} %{buildroot}%{_sysconfdir}/bash_completion.d +cp etc/bash_completion.d/* %{buildroot}%{_sysconfdir}/bash_completion.d + +# Lib +%{__mkdir_p} %{buildroot}%{_prefix}/lib/rx3 +cp lib/rx3/*.bash %{buildroot}%{_prefix}/lib/rx3 + +# Bin +%{__mkdir_p} %{buildroot}%{_sbindir} +cp sbin/* %{buildroot}%{_sbindir} + +# WWW +%{__mkdir_p} %{buildroot}%{_webcgi} +cp www/cgi-bin/*.cgi %{buildroot}%{_webcgi} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Check +#----------------------------------------------------------------------------------------------------------------------------------- + +%check + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Post +#----------------------------------------------------------------------------------------------------------------------------------- + +%post +%_post_service %{name} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Preun +#----------------------------------------------------------------------------------------------------------------------------------- + +%preun +%_preun_service %{name} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Files +#----------------------------------------------------------------------------------------------------------------------------------- + +%files +%doc ReadMe.txt ReleaseNotes.txt ToDo.txt +%license COPYING COPYING.LESSER GNU_GPL-3.0.txt GNU_LGPL-3.0.txt GNU_FDL-1.3.txt +%config(noreplace) %{_sysconfdir}/sysconfig/* +%defattr(644,root,root) + %{_sysconfdir}/bash_completion.d/* + %{_unitdir}/*.service + %{_prefix}/lib/rx3/* +%defattr(0755,root,root) + %{_sbindir}/* + %{_webcgi}/*.cgi + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# ChangeLog +#----------------------------------------------------------------------------------------------------------------------------------- + +%changelog +* Mon Apr 20 2026 Arnaud G. GIBERT - 1.2.0-1rx3.mga9 +- Create initial SPEC file for 1.2.0 on Mageia 9 diff --git a/ToDo.txt b/ToDo.txt new file mode 100644 index 0000000..e8bfc71 --- /dev/null +++ b/ToDo.txt @@ -0,0 +1 @@ +- ... diff --git a/etc/bash_completion.d/cert_dump b/etc/bash_completion.d/cert_dump new file mode 100644 index 0000000..86c4866 --- /dev/null +++ b/etc/bash_completion.d/cert_dump @@ -0,0 +1,90 @@ +#!/bin/bash +#----------------------------------------------------------------------------------------------------------------------------------- +# +# Rx3 Cert Dump Bash Completion +# +# Copyright (C) 2025-2026 Arnaud G. GIBERT +# mailto:arnaud@rx3.net +# +# This is free software: you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; If not, see +# . +# +#----------------------------------------------------------------------------------------------------------------------------------- + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Cert Dump Completion +#----------------------------------------------------------------------------------------------------------------------------------- + +_cert_dump_completion() +{ + local cur="${COMP_WORDS[COMP_CWORD]}" + local prev="${COMP_WORDS[COMP_CWORD-1]}" + local opts="-h --help -V --version -v --verbose" + + local pos=0 + local i + + COMPREPLY=() + + # Count non-option positional arguments already provided + for (( i=1; i/dev/null | sed 's|.*/||; s|\.crt$||; s|^ca$||')" -- "${cur}") ) + ;; + *) + COMPREPLY=() + ;; + esac + ;; + *) + COMPREPLY=() + ;; + esac + + return 0 +} + + + +complete -o filenames -F _cert_dump_completion cert_dump diff --git a/etc/bash_completion.d/ip_host_update b/etc/bash_completion.d/ip_host_update new file mode 100644 index 0000000..8924763 --- /dev/null +++ b/etc/bash_completion.d/ip_host_update @@ -0,0 +1,89 @@ +#!/bin/bash +#----------------------------------------------------------------------------------------------------------------------------------- +# +# Rx3 IP Host Update Bash Completion +# +# Copyright (C) 2025-2026 Arnaud G. GIBERT +# mailto:arnaud@rx3.net +# +# This is free software: you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; If not, see +# . +# +#----------------------------------------------------------------------------------------------------------------------------------- + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# IP Host Update Completion +#----------------------------------------------------------------------------------------------------------------------------------- + +_ip_host_update_completion() +{ + local cur="${COMP_WORDS[COMP_CWORD]}" + local prev="${COMP_WORDS[COMP_CWORD-1]}" + local opts="-h --help -V --version -v --verbose" + + local pos=0 + local i + + COMPREPLY=() + + # Count non-option positional arguments already provided + for (( i=1; i/dev/null | grep -oP 'zone\s+\"\K[^\"]+' | sort -u)" -- "${cur}") ) + ;; + 2) + COMPREPLY=() + ;; + 3) + COMPREPLY=( $(compgen -W "60 300 600 3600 86400" -- "${cur}") ) + ;; + *) + COMPREPLY=() + ;; + esac + + return 0 +} + + + +complete -o filenames -F _ip_host_update_completion ip_host_update diff --git a/etc/bash_completion.d/openvpn-status b/etc/bash_completion.d/openvpn-status new file mode 100644 index 0000000..89bbe1c --- /dev/null +++ b/etc/bash_completion.d/openvpn-status @@ -0,0 +1,80 @@ +#!/bin/bash +#----------------------------------------------------------------------------------------------------------------------------------- +# +# Rx3 OpenVPN Status Bash Completion +# +# Copyright (C) 2025-2026 Arnaud G. GIBERT +# mailto:arnaud@rx3.net +# +# This is free software: you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; If not, see +# . +# +#----------------------------------------------------------------------------------------------------------------------------------- + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# OpenVPN Status Completion +#----------------------------------------------------------------------------------------------------------------------------------- + +_openvpn_status_completion() +{ + local cur="${COMP_WORDS[COMP_CWORD]}" + local prev="${COMP_WORDS[COMP_CWORD-1]}" + local opts="-h --help -V --version -v --verbose" + + local pos=0 + local i + + COMPREPLY=() + + # Count non-option positional arguments already provided + for (( i=1; i/dev/null | sed 's|.*/||; s|\.status$||')" -- "${cur}") ) + ;; + *) + COMPREPLY=() + ;; + esac + + return 0 +} + + + +complete -o filenames -F _openvpn_status_completion openvpn-status diff --git a/etc/bash_completion.d/rx3_net_adm b/etc/bash_completion.d/rx3_net_adm index 615e31e..ddae5d4 100644 --- a/etc/bash_completion.d/rx3_net_adm +++ b/etc/bash_completion.d/rx3_net_adm @@ -22,6 +22,8 @@ # #----------------------------------------------------------------------------------------------------------------------------------- + + #----------------------------------------------------------------------------------------------------------------------------------- # Rx3 Net Adm Completion #----------------------------------------------------------------------------------------------------------------------------------- diff --git a/etc/bash_completion.d/rx3_vpn_admin b/etc/bash_completion.d/rx3_vpn_admin new file mode 100644 index 0000000..107e4ef --- /dev/null +++ b/etc/bash_completion.d/rx3_vpn_admin @@ -0,0 +1,80 @@ +#!/bin/bash +#----------------------------------------------------------------------------------------------------------------------------------- +# +# Rx3 Vpn Adm Bash Completion +# +# Copyright (C) 2025-2026 Arnaud G. GIBERT +# mailto:arnaud@rx3.net +# +# This is free software: you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; If not, see +# . +# +#----------------------------------------------------------------------------------------------------------------------------------- + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Rx3 Vpn Adm Completion +#----------------------------------------------------------------------------------------------------------------------------------- + +_rx3_vpn_adm_completion() +{ + local cur="${COMP_WORDS[COMP_CWORD]}" + local prev="${COMP_WORDS[COMP_CWORD-1]}" + local opts="-h --help -V --version -v --verbose" + + local pos=0 + local i + + COMPREPLY=() + + # Count non-option positional arguments already provided + for (( i=1; i. +# +#----------------------------------------------------------------------------------------------------------------------------------- + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Includes +#----------------------------------------------------------------------------------------------------------------------------------- + +: "${RX3_LIB_DIR:=/usr/lib/rx3}" +. "${RX3_LIB_DIR}/base.bash" + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Global Variables +#----------------------------------------------------------------------------------------------------------------------------------- + +declare -g VERSION="1.2.0" +declare -g NAME="cert_dump" +declare -g HELP="usage: [-h | --help] | [-V | --version] | [-v | --verbose] {ca|tc|key|csr|crt} [host]" + +declare -g MODE="DEFAULT" +declare -g VERBOSE="FALSE" +declare -g DRY_RUN="FALSE" +declare -g RETVAL=0 + +declare -g DEBUG="" +#declare -g DEBUG="echo" +#declare -g DEBUG=":" + +declare -g LOG="" +#declare -g LOG=":" +#declare -g LOG="echo" + +declare -g OPENVPN_DIR="/etc/openvpn" +declare -g TYPE="" +declare -g HOST="" + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Version Print +#----------------------------------------------------------------------------------------------------------------------------------- + +cdu_version_print() +{ + version_print +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Help Print +#----------------------------------------------------------------------------------------------------------------------------------- + +cdu_help_print() +{ + cdu_version_print + help_print +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Arg Parse +#----------------------------------------------------------------------------------------------------------------------------------- + +cdu_args_parse() +{ + tmp_args=$(getopt -o hvV --long help,verbose,version -n "${NAME}" -- "$@") + + if [ $? != 0 ]; then echo "Terminating..." >&2; exit 1; fi + + eval set -- "${tmp_args}" + + while true + do + case "$1" in + # Options + -h|--help) MODE="EXIT"; cdu_help_print; shift;; + -V|--version) MODE="EXIT"; cdu_version_print; shift;; + -v|--verbose) VERBOSE="TRUE"; shift;; + + # End of options + --) shift; break;; + *) echo "args_parse internal error [$1]!"; exit 1;; + esac + done + + if [[ "${MODE}" != "EXIT" ]] + then + if [[ "${#}" -lt "1" ]] + then + MODE="EXIT" + + echo_error "Not enough args!" + cdu_help_print + else + case "$1" in + "ca"|"tc") + MODE="$(echo "$1" | tr '[:lower:]' '[:upper:]')" + ;; + + "key"|"csr"|"crt") + if [[ "${#}" -lt "2" ]] + then + MODE="EXIT" + + echo_error "Missing host argument for type: [$1]" + cdu_help_print + else + MODE="$(echo "$1" | tr '[:lower:]' '[:upper:]')" + HOST="$2" + fi + ;; + + *) + MODE="EXIT" + + echo_error "Invalid type: [$1]" + cdu_help_print + ;; + esac + fi + fi +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Cert Dump Ca +#----------------------------------------------------------------------------------------------------------------------------------- + +cdu_cert_dump_ca() +{ + cat "${OPENVPN_DIR}/tls/certs/ca.crt" +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Cert Dump Tc +#----------------------------------------------------------------------------------------------------------------------------------- + +cdu_cert_dump_tc() +{ + cat "${OPENVPN_DIR}/tls/private/tc.key" +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Cert Dump Key +#----------------------------------------------------------------------------------------------------------------------------------- + +cdu_cert_dump_key() +{ + local host="$1" + + cat "${OPENVPN_DIR}/tls/private/${host}.key" +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Cert Dump Csr +#----------------------------------------------------------------------------------------------------------------------------------- + +cdu_cert_dump_csr() +{ + local host="$1" + + cat "${OPENVPN_DIR}/tls/certs/${host}.csr" +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Cert Dump Crt +#----------------------------------------------------------------------------------------------------------------------------------- + +cdu_cert_dump_crt() +{ + local host="$1" + + cat "${OPENVPN_DIR}/tls/certs/${host}.crt" +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Main +#----------------------------------------------------------------------------------------------------------------------------------- + +cdu_args_parse "$@" + + + +if [[ "${MODE}" == "EXIT" ]] +then + exit 0 +fi + + + +case "${MODE}" in + "CA") + cdu_cert_dump_ca + ;; + + "TC") + cdu_cert_dump_tc + ;; + + "KEY") + cdu_cert_dump_key "${HOST}" + ;; + + "CSR") + cdu_cert_dump_csr "${HOST}" + ;; + + "CRT") + cdu_cert_dump_crt "${HOST}" + ;; + + *) + cdu_help_print + RETVAL=1 + ;; +esac + + + +exit ${RETVAL} diff --git a/sbin/ip_host_update b/sbin/ip_host_update new file mode 100755 index 0000000..4cf859e --- /dev/null +++ b/sbin/ip_host_update @@ -0,0 +1,183 @@ +#!/bin/bash +#----------------------------------------------------------------------------------------------------------------------------------- +# +# Rx3 IP Host Update +# +# Copyright (C) 2025-2026 Arnaud G. GIBERT +# mailto:arnaud@rx3.net +# +# This is free software: you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this program; If not, see +# . +# +#----------------------------------------------------------------------------------------------------------------------------------- + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Includes +#----------------------------------------------------------------------------------------------------------------------------------- + +: "${RX3_LIB_DIR:=/usr/lib/rx3}" +. "${RX3_LIB_DIR}/dns.bash" + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Global Variables +#----------------------------------------------------------------------------------------------------------------------------------- + +declare -g VERSION="1.0.0" +declare -g NAME="ip_host_update" +declare -g HELP="usage: [-h | --help] | [-V | --version] | [-v | --verbose] " + +declare -g MODE="DEFAULT" +declare -g VERBOSE="FALSE" +declare -g DRY_RUN="FALSE" +declare -g RETVAL=0 + +declare -g DEBUG="" +#declare -g DEBUG="echo" +#declare -g DEBUG=":" + +declare -g LOG="" +#declare -g LOG=":" +#declare -g LOG="echo" + +declare -g HOST="" +declare -g ZONE="" +declare -g IP="" +declare -g TTL="" + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Version Print +#----------------------------------------------------------------------------------------------------------------------------------- + +ihu_version_print() +{ + version_print +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Help Print +#----------------------------------------------------------------------------------------------------------------------------------- + +ihu_help_print() +{ + ihu_version_print + help_print +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Arg Parse +#----------------------------------------------------------------------------------------------------------------------------------- + +ihu_args_parse() +{ + tmp_args=$(getopt -o hvV --long help,verbose,version -n "${NAME}" -- "$@") + + if [ $? != 0 ]; then echo "Terminating..." >&2; exit 1; fi + + eval set -- "${tmp_args}" + + while true + do + case "$1" in + # Options + -h|--help) MODE="EXIT"; ihu_help_print; shift;; + -V|--version) MODE="EXIT"; ihu_version_print; shift;; + -v|--verbose) VERBOSE="TRUE"; shift;; + + # End of options + --) shift; break;; + *) echo "args_parse internal error [$1]!"; exit 1;; + esac + done + + if [[ "${MODE}" != "EXIT" ]] + then + if [[ "${#}" -lt "4" ]] + then + MODE="EXIT" + + echo_error "Not enough args!" + ihu_help_print + else + MODE="UPDATE" + HOST="$1" + ZONE="$2" + IP="$3" + TTL="$4" + fi + fi +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Host Update +#----------------------------------------------------------------------------------------------------------------------------------- + +ihu_host_update() +{ + local host="$1" + local zone="$2" + local ip="$3" + local ttl="$4" + + dns_host_update "${host}" "${zone}" "${ip}" "${ttl}" +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Main +#----------------------------------------------------------------------------------------------------------------------------------- + +ihu_args_parse "$@" + +if [[ "${MODE}" == "EXIT" ]] +then + exit 0 +fi + +case "${MODE}" in + UPDATE) + ihu_host_update "${HOST}" "${ZONE}" "${IP}" "${TTL}" + ;; + + *) + echo "Usage: $0 " + RETVAL=1 + ;; +esac + +exit ${RETVAL} diff --git a/usr/sbin/ns-launch b/sbin/ns-launch similarity index 100% rename from usr/sbin/ns-launch rename to sbin/ns-launch diff --git a/sbin/openvpn-client-down b/sbin/openvpn-client-down new file mode 100755 index 0000000..29af617 --- /dev/null +++ b/sbin/openvpn-client-down @@ -0,0 +1,75 @@ +#!/bin/bash +#----------------------------------------------------------------------------------------------------------------------------------- +# +# Rx3 OpenVPN Client Down +# +# Copyright (C) 2025-2026 Arnaud G. GIBERT +# mailto:arnaud@rx3.net +# +# This is free software: you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this program; If not, see +# . +# +#----------------------------------------------------------------------------------------------------------------------------------- + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Includes +#----------------------------------------------------------------------------------------------------------------------------------- + +: "${RX3_LIB_DIR:=/usr/lib/rx3}" +. "${RX3_LIB_DIR}/network.bash" + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Global Variables +#----------------------------------------------------------------------------------------------------------------------------------- + +declare -g VERSION="1.2.0" +declare -g NAME="openvpn-client-down" + +declare -g DEBUG="" +#declare -g DEBUG="echo" +#declare -g DEBUG=":" + +declare -g LOG="" +#declare -g LOG=":" +#declare -g LOG="echo" + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Main +#----------------------------------------------------------------------------------------------------------------------------------- + +network_init + + + +line="[${dev}]: Local_Int_Address: [${ifconfig_local}] Remote_Int_Address: [${ifconfig_pool_remote_ip}] Remote_Ext_Address: [${untrusted_ip}] Common_Name: [${common_name}] Duration: [${time_duration}]" + +log_info "VPN-Client-Down" "${line}" + +touch /etc/openvpn/status/${common_name}.status + + + +log_trace "VPN-Client-Down" "[${dev}]: Done!" + +network_deinit diff --git a/sbin/openvpn-client-up b/sbin/openvpn-client-up new file mode 100755 index 0000000..048772f --- /dev/null +++ b/sbin/openvpn-client-up @@ -0,0 +1,77 @@ +#!/bin/bash +#----------------------------------------------------------------------------------------------------------------------------------- +# +# Rx3 OpenVPN Client Up +# +# Copyright (C) 2025-2026 Arnaud G. GIBERT +# mailto:arnaud@rx3.net +# +# This is free software: you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this program; If not, see +# . +# +#----------------------------------------------------------------------------------------------------------------------------------- + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Includes +#----------------------------------------------------------------------------------------------------------------------------------- + +: "${RX3_LIB_DIR:=/usr/lib/rx3}" +. "${RX3_LIB_DIR}/network.bash" + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Global Variables +#----------------------------------------------------------------------------------------------------------------------------------- + +declare -g VERSION="1.0.0" +declare -g NAME="openvpn-client-up" + +declare -g DEBUG="" +#declare -g DEBUG="echo" +#declare -g DEBUG=":" + +declare -g LOG="" +#declare -g LOG=":" +#declare -g LOG="echo" + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Main +#----------------------------------------------------------------------------------------------------------------------------------- + +network_init + +output_param_file="$1" + + + +line="[${dev}]: Local_Int_Address: [${ifconfig_local}] Remote_Int_Address: [${ifconfig_pool_remote_ip}] Remote_Ext_Address: [${untrusted_ip}] Common_Name: [${common_name}] Output_Param_File: [${output_param_file}]" + +log_info "VPN-Client-Up" "${line}" + +touch /etc/openvpn/status/${common_name}.status + + + +log_trace "VPN-Client-Up" "[${dev}]: Done!" + +network_deinit diff --git a/sbin/openvpn-down b/sbin/openvpn-down new file mode 100755 index 0000000..a854ed2 --- /dev/null +++ b/sbin/openvpn-down @@ -0,0 +1,79 @@ +#!/bin/bash +#----------------------------------------------------------------------------------------------------------------------------------- +# +# Rx3 OpenVPN Down +# +# Copyright (C) 2025-2026 Arnaud G. GIBERT +# mailto:arnaud@rx3.net +# +# This is free software: you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this program; If not, see +# . +# +#----------------------------------------------------------------------------------------------------------------------------------- + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Includes +#----------------------------------------------------------------------------------------------------------------------------------- + +: "${RX3_LIB_DIR:=/usr/lib/rx3}" +. "${RX3_LIB_DIR}/network.bash" + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Global Variables +#----------------------------------------------------------------------------------------------------------------------------------- + +declare -g VERSION="1.0.0" +declare -g NAME="openvpn-down" + +declare -g DEBUG="" +#declare -g DEBUG="echo" +#declare -g DEBUG=":" + +declare -g LOG="" +#declare -g LOG=":" +#declare -g LOG="echo" + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Main +#----------------------------------------------------------------------------------------------------------------------------------- + +local dev="$1" +local local_mtu="$2" +local remote_mtu="$3" +local local_address="$4" +local local_netmask="$5" +local phase="$6" + + +network_init + + +log_info "VPN-Down" "[${dev}]: Local_MTU: [${local_mtu}] Remote_MTU: [${remote_mtu}] Local_Address: [${local_address}] Local_Netmask: [${local_netmask}] Phase: [${phase}]" + + +network_device_deinit "" "${dev}" + +log_trace "VPN-Down" "[${dev}]: Done!" + +network_deinit diff --git a/sbin/openvpn-status b/sbin/openvpn-status new file mode 100755 index 0000000..5b7e76a --- /dev/null +++ b/sbin/openvpn-status @@ -0,0 +1,193 @@ +#!/bin/bash +#----------------------------------------------------------------------------------------------------------------------------------- +# +# Rx3 OpenVPN Status +# +# Copyright (C) 2025-2026 Arnaud G. GIBERT +# mailto:arnaud@rx3.net +# +# This is free software: you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this program; If not, see +# . +# +#----------------------------------------------------------------------------------------------------------------------------------- + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Includes +#----------------------------------------------------------------------------------------------------------------------------------- + +: "${RX3_LIB_DIR:=/usr/lib/rx3}" +. "${RX3_LIB_DIR}/base.bash" + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Global Variables +#----------------------------------------------------------------------------------------------------------------------------------- + +declare -g VERSION="1.0.0" +declare -g NAME="openvpn-status" +declare -g HELP="usage: [-h | --help] | [-V | --version] | [-v | --verbose] [dev]" + +declare -g MODE="DEFAULT" +declare -g VERBOSE="FALSE" +declare -g DRY_RUN="FALSE" +declare -g RETVAL=0 + +declare -g DEBUG="" +#declare -g DEBUG="echo" +#declare -g DEBUG=":" + +declare -g LOG="" +#declare -g LOG=":" +#declare -g LOG="echo" + +declare -g STATUS_DIR="/var/lib/openvpn" +declare -g DEV="" + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Version Print +#----------------------------------------------------------------------------------------------------------------------------------- + +ovs_version_print() +{ + version_print +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Help Print +#----------------------------------------------------------------------------------------------------------------------------------- + +ovs_help_print() +{ + ovs_version_print + help_print +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Arg Parse +#----------------------------------------------------------------------------------------------------------------------------------- + +ovs_args_parse() +{ + tmp_args=$(getopt -o hvV --long help,verbose,version -n "${NAME}" -- "$@") + + if [ $? != 0 ]; then echo "Terminating..." >&2; exit 1; fi + + eval set -- "${tmp_args}" + + while true + do + case "$1" in + # Options + -h|--help) MODE="EXIT"; ovs_help_print; shift;; + -V|--version) MODE="EXIT"; ovs_version_print; shift;; + -v|--verbose) VERBOSE="TRUE"; shift;; + + # End of options + --) shift; break;; + *) echo "args_parse internal error [$1]!"; exit 1;; + esac + done + + if [[ "${MODE}" != "EXIT" ]] + then + if [[ "${#}" -ge "1" ]] + then + MODE="DEVICE" + DEV="$1" + else + MODE="ALL" + fi + fi +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Status Device +#----------------------------------------------------------------------------------------------------------------------------------- + +ovs_status_device() +{ + local dev="$1" + + cat "${STATUS_DIR}/${dev}.status" +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Status All +#----------------------------------------------------------------------------------------------------------------------------------- + +ovs_status_all() +{ + awk '{print FILENAME ": " $0}' "${STATUS_DIR}"/*.status +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Main +#----------------------------------------------------------------------------------------------------------------------------------- + +ovs_args_parse "$@" + + + +if [[ "${MODE}" == "EXIT" ]] +then + exit 0 +fi + + + +case "${MODE}" in + DEVICE) + ovs_status_device "${DEV}" + ;; + + ALL) + ovs_status_all + ;; + + *) + echo "Usage: $0 [dev]" + RETVAL=1 + ;; +esac + +exit ${RETVAL} diff --git a/sbin/openvpn-up b/sbin/openvpn-up new file mode 100755 index 0000000..da7a832 --- /dev/null +++ b/sbin/openvpn-up @@ -0,0 +1,78 @@ +#!/bin/bash +#----------------------------------------------------------------------------------------------------------------------------------- +# +# Rx3 OpenVPN Up +# +# Copyright (C) 2025-2026 Arnaud G. GIBERT +# mailto:arnaud@rx3.net +# +# This is free software: you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this program; If not, see +# . +# +#----------------------------------------------------------------------------------------------------------------------------------- + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Includes +#----------------------------------------------------------------------------------------------------------------------------------- + +: "${RX3_LIB_DIR:=/usr/lib/rx3}" +. "${RX3_LIB_DIR}/network.bash" + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Global Variables +#----------------------------------------------------------------------------------------------------------------------------------- + +declare -g VERSION="1.0.0" +declare -g NAME="openvpn-up" + +declare -g DEBUG="" +#declare -g DEBUG="echo" +#declare -g DEBUG=":" + +declare -g LOG="" +#declare -g LOG=":" +#declare -g LOG="echo" + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Main +#----------------------------------------------------------------------------------------------------------------------------------- + +local dev="$1" +local local_mtu="$2" +local remote_mtu="$3" +local local_address="$4" +local local_netmask="$5" +local phase="$6" + + +network_init + + +log_info "VPN-Up" "[${dev}]: Local_MTU: [${local_mtu}] Remote_MTU: [${remote_mtu}] Local_Address: [${local_address}] Local_Netmask: [${local_netmask}] Phase: [${phase}]" + + +network_device_init "" "${dev}" + +log_trace "VPN-Up" "[${dev}]: Done!" + + +network_deinit diff --git a/usr/sbin/rx3_net_adm b/sbin/rx3_net_adm similarity index 99% rename from usr/sbin/rx3_net_adm rename to sbin/rx3_net_adm index cab6179..95838da 100755 --- a/usr/sbin/rx3_net_adm +++ b/sbin/rx3_net_adm @@ -22,6 +22,8 @@ # #----------------------------------------------------------------------------------------------------------------------------------- + + #----------------------------------------------------------------------------------------------------------------------------------- # Includes #----------------------------------------------------------------------------------------------------------------------------------- @@ -31,11 +33,13 @@ + + #----------------------------------------------------------------------------------------------------------------------------------- # Global Variables #----------------------------------------------------------------------------------------------------------------------------------- -declare -g VERSION="1.0.0" +declare -g VERSION="1.2.0" declare -g NAME="rx3_net_adm" declare -g HELP="usage: [-h | --help] | [-V | --version] | [-v | --verbose] {start|stop|restart|status|dump|table_set|refresh_address} [args...]" @@ -123,6 +127,7 @@ rna_args_parse() start|stop|restart|status|dump|table_set|refresh_address) MODE="$(echo "$1" | tr '[:lower:]' '[:upper:]')" ;; + *) MODE="EXIT" diff --git a/sbin/rx3_vpn_adm b/sbin/rx3_vpn_adm new file mode 100755 index 0000000..a6406c3 --- /dev/null +++ b/sbin/rx3_vpn_adm @@ -0,0 +1,271 @@ +#!/bin/bash +#----------------------------------------------------------------------------------------------------------------------------------- +# +# Rx3 Vpn Adm +# +# Copyright (C) 2025-2026 Arnaud G. GIBERT +# mailto:arnaud@rx3.net +# +# This is free software: you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this program; If not, see +# . +# +#----------------------------------------------------------------------------------------------------------------------------------- + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Includes +#----------------------------------------------------------------------------------------------------------------------------------- + +: "${RX3_LIB_DIR:=/usr/lib/rx3}" +. "${RX3_LIB_DIR}/vpn.bash" + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Global Variables +#----------------------------------------------------------------------------------------------------------------------------------- + +declare -g VERSION="1.2.0" +declare -g NAME="rx3_vpn_adm" +declare -g HELP="usage: [-h | --help] | [-V | --version] | [-v | --verbose] {start | stop | restart | status | dump} [args...]" + +declare -g MODE="DEFAULT" +declare -g VERBOSE="FALSE" +declare -g DRY_RUN="FALSE" +declare -g RETVAL=0 +declare -g prog="rx3-vpn" + +declare -g DEBUG="" +#declare -g DEBUG="echo" +#declare -g DEBUG=":" + +declare -g LOG="" +#declare -g LOG=":" +#declare -g LOG="echo" + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Version Print +#----------------------------------------------------------------------------------------------------------------------------------- + +rva_version_print() +{ + version_print +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Help Print +#----------------------------------------------------------------------------------------------------------------------------------- + +rva_help_print() +{ + rva_version_print + help_print +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Arg Parse +#----------------------------------------------------------------------------------------------------------------------------------- + +rva_args_parse() +{ + tmp_args=$(getopt -o hvV --long help,verbose,version -n "${NAME}" -- "$@") + + if [ $? != 0 ]; then echo "Terminating..." >&2; exit 1; fi + + eval set -- "${tmp_args}" + + while true + do + case "$1" in + # Options + -h|--help) MODE="EXIT"; rva_help_print; shift;; + -V|--version) MODE="EXIT"; rva_version_print; shift;; + -v|--verbose) VERBOSE="TRUE"; shift;; + + # End of options + --) shift; break;; + *) echo "args_parse internal error [$1]!"; exit 1;; + esac + done + + if [[ "${MODE}" != "EXIT" ]] + then + if [[ "${#}" -lt "1" ]] + then + MODE="EXIT" + + echo_error "Not enough args!" + rva_help_print + else + case "$1" in + start|stop|restart|status|dump) + MODE="$(echo "$1" | tr '[:lower:]' '[:upper:]')" + ;; + + *) + MODE="EXIT" + + echo_error "Invalid command: [$1]" + rva_help_print + ;; + esac + fi + fi +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Start +#----------------------------------------------------------------------------------------------------------------------------------- + +rva_start() +{ + echo "Starting..." + + if [ -r /var/lock/subsys/rx3-vpn ] + then + echo "already started" + RETVAL=0 + else + vpn_start + + RETVAL=$? + [ "${RETVAL}" = 0 ] && touch /var/lock/subsys/rx3-vpn + fi + + echo +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Stop +#----------------------------------------------------------------------------------------------------------------------------------- + +rva_stop() +{ + echo "Stopping..." + + if [ -r /var/lock/subsys/rx3-vpn ] + then + vpn_stop + + RETVAL=$? + else + echo "already stopped" + RETVAL=0 + fi + + [ "${RETVAL}" = 0 ] && rm -f /var/lock/subsys/rx3-vpn + + echo +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Status +#----------------------------------------------------------------------------------------------------------------------------------- + +rva_status() +{ + vpn_status +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Dump +#----------------------------------------------------------------------------------------------------------------------------------- + +rva_dump() +{ + vpn_job_tab_dump +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Main +#----------------------------------------------------------------------------------------------------------------------------------- + +rva_args_parse "$@" + + + +if [[ "${MODE}" == "EXIT" ]] +then + exit 0 +fi + +vpn_init + +case "${MODE}" in + START) + rva_start + ;; + + STOP) + rva_stop + ;; + + RESTART) + rva_stop + sleep 1 + rva_start + ;; + + STATUS) + rva_status + ;; + + DUMP) + rva_dump + ;; + + *) + echo "Usage: $0 {start|stop|restart|status|dump}" + RETVAL=1 + ;; +esac + +vpn_deinit + +exit ${RETVAL} diff --git a/usr/lib/default.bash b/usr/lib/default.bash deleted file mode 100644 index 33fdb22..0000000 --- a/usr/lib/default.bash +++ /dev/null @@ -1,404 +0,0 @@ -#!/bin/bash - -if [[ "${DEFAULT_BASH}" != "" ]] -then - return -else - declare -g DEFAULT_BASH=1 -fi - - - -# Global Variable -#----------------------------------------------------------------------------------------------------------------------------------- - -declare -g LOG_FILE="" -declare -g LOG_LOCK="" -declare -g LOG_ECHO="" -declare -g LOG_TRACE="DISABLED" - - - - - -# Default Options -#----------------------------------------------------------------------------------------------------------------------------------- - -shopt -s extglob - - - - - -# Print Version -#----------------------------------------------------------------------------------------------------------------------------------- - -version_print() -{ - echo "$VERSION" | sed -e 's/.*: //' -e 's/-/ /' -e 's/_/\./g' -e 's/\$$//' -} - - - - - -# Prin Help -#----------------------------------------------------------------------------------------------------------------------------------- - -help_print() -{ - echo "${NAME} ${HELP}" - -} - - - - - -# Quote Str -#----------------------------------------------------------------------------------------------------------------------------------- - -quote_str() -{ - local quoted=${1//\'/\'\\\'\'} - printf "'%s'" "$quoted" -} - - - - - -# Escape Str -#----------------------------------------------------------------------------------------------------------------------------------- - -escape_str() -{ - echo "$*" | sed -e "s/\"/\\\\\"/g" -} - - - - - -# Line Echo -#----------------------------------------------------------------------------------------------------------------------------------- - -line_echo() -{ - string="$1" - count="$2" - - echo -en "\e[2K\r" - - if [[ "${count}" != "" ]] - then - printf "%05d: %s" "${count}" - echo -en "${string}" - fi -} - - - - - -# Err Echo -#----------------------------------------------------------------------------------------------------------------------------------- - -err_echo() -{ - echo "$@" 1>&2 -} - - - - - -# Exec CMD -#----------------------------------------------------------------------------------------------------------------------------------- - -exec_cmd() -{ - cmd="$1" - - - if [[ "${verbose}" == "true" ]] - then - echo "${cmd}" 1>&2 - fi - - if [[ "${dry_run}" != "true" ]] - then - eval "${cmd}" - fi -} - - - - -#-------------------------------------------------------------------------------------------------------------------------- -# tab_assign -#-------------------------------------------------------------------------------------------------------------------------- - -tab_assign() -{ - declare -n ta_tab=$1 - ta_key=$2 - ta_value=$3 - - - if [[ "${ta_value}" == "-" ]] - then - ta_value="" - fi - - ta_tab[${ta_key}]="${ta_value}" -} - - - - - -#-------------------------------------------------------------------------------------------------------------------------- -# var_assign -#-------------------------------------------------------------------------------------------------------------------------- - -var_assign() -{ - declare -n va_var=$1 - va_value=$2 - va_mode=$3 - - - if [[ "${va_value}" == "-" ]] - then - va_value="" - fi - - if [[ "${va_mode}" == "INC" ]] - then - va_var="${va_var} ${va_value}" - else - va_var="${va_value}" - fi -} - - - - - -#-------------------------------------------------------------------------------------------------------------------------- -# file_dir_init -#-------------------------------------------------------------------------------------------------------------------------- - -file_dir_init() -{ - local File="$1" - local Owner="$2" - local Group="$3" - - local dir - - - if [ ! -f ${File} ] - then - if [[ "$( id -u)" != "0" ]] - then - ${ECHO} "Can't perform file init of: [${File}] as non root user!" - else - dir="$( dirname ${File})" - - if [ ! -d ${dir} ] - then - ${ECHO} "Initializing directory: [${dir}]" - - mkdir ${dir} - chmod ug+rwx ${dir} - chown ${Owner}:${Group} ${dir} - fi - - ${ECHO} "Initializing file: [${File}]" - - >${File} - chmod ug+rw ${File} - chown ${Owner}:${Group} ${File} - fi - fi -} - - - - - -#-------------------------------------------------------------------------------------------------------------------------- -# file_lock -#-------------------------------------------------------------------------------------------------------------------------- - -file_lock() -{ - local file="$1" - local mode="$2" - local desc="$3" - - - if [[ ( "${mode}" == "EXCLUSIVE" ) || ( "${mode}" == "WRITE" ) ]] - then - flag="-x" - else - flag="-s" - fi - - if [[ "${desc}" == "" ]] - then - desc="9" - fi - - - eval "exec ${desc}<>\"\${file}\"" - - if ! flock ${flag} -w 5 ${desc} - then - err_echo "Failed to acquire [${mode}] lock on: [${file}]" - exit 1 - fi -} - - - - - -#-------------------------------------------------------------------------------------------------------------------------- -# file_unlock -#-------------------------------------------------------------------------------------------------------------------------- - -file_unlock() -{ - local desc="$1" - - - if [[ "${desc}" == "" ]] - then - desc="9" - fi - - - eval "exec ${desc}<&-" - eval "exec ${desc}>&-" -} - - - - - -#-------------------------------------------------------------------------------------------------------------------------- -# log_set -#-------------------------------------------------------------------------------------------------------------------------- - -log_set() -{ - local log_file="$1" - local lock_file="$2" - local echo_function="$3" - local log_trace="$4" - - - LOG_FILE="${log_file}" - LOG_LOCK="${lock_file}" - LOG_ECHO="${echo_function}" - - if [[ ${log_trace} != "" ]] - then - LOG_TRACE="${log_trace}" - fi -} - - - - - -#-------------------------------------------------------------------------------------------------------------------------- -# log_print -#-------------------------------------------------------------------------------------------------------------------------- - -log_print() -{ - local log_file="$1" - local lock_file="$2" - local echo_function="$3" - local log_type="$4" - local log_prefix="$5" - - - shift; shift; shift; shift; shift - - if [[ "${log_type}" != "TRA" ]] || [[ "${LOG_TRACE}" != "DISABLED" ]] - then - ${echo_function} "($BASHPID):" "$*" - - if [[ "${log_file}" != "" ]] - then - if [[ "${lock_file}" != "" ]] - then - file_lock "${lock_file}" WRITE 8 - fi - - printf >> "${log_file}" "%s %9s %3s %16s %s\n" "$(date --rfc-3339=seconds -u)" "($BASHPID)" "${log_type}" "${log_prefix}:" "$*" - - if [[ "${lock_file}" != "" ]] - then - file_unlock 8 - fi - fi - fi -} - - - - - -#-------------------------------------------------------------------------------------------------------------------------- -# log_trace -#-------------------------------------------------------------------------------------------------------------------------- - -log_trace() -{ - log_print "${LOG_FILE}" "${LOG_LOCK}" "${LOG_ECHO}" "TRA" "$@" -} - - - - - -#-------------------------------------------------------------------------------------------------------------------------- -# log_info -#-------------------------------------------------------------------------------------------------------------------------- - -log_info() -{ - log_print "${LOG_FILE}" "${LOG_LOCK}" "${LOG_ECHO}" "INF" "$@" -} - - - - - -#-------------------------------------------------------------------------------------------------------------------------- -# log_warning -#-------------------------------------------------------------------------------------------------------------------------- - -log_warning() -{ - log_print "${LOG_FILE}" "${LOG_LOCK}" "${LOG_ECHO}" "WRN" "$@" -} - - - - - -#-------------------------------------------------------------------------------------------------------------------------- -# log_error -#-------------------------------------------------------------------------------------------------------------------------- - -log_error() -{ - log_print "${LOG_FILE}" "${LOG_LOCK}" "${LOG_ECHO}" "ERR" "$@" -} diff --git a/usr/sbin/cert_dump b/usr/sbin/cert_dump deleted file mode 100755 index 03c3c78..0000000 --- a/usr/sbin/cert_dump +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash - -OPENVPN_DIR=/etc/openvpn - -type=$1 -host=$2 - -case "${type}" -in - "ca") - cat ${OPENVPN_DIR}/tls/certs/ca.crt - ;; - - "tc") - cat ${OPENVPN_DIR}/tls/private/tc.key - ;; - - "key") - cat ${OPENVPN_DIR}/tls/private/${host}.key - ;; - - "csr") - cat ${OPENVPN_DIR}/tls/certs/${host}.csr - ;; - - "crt") - cat ${OPENVPN_DIR}/tls/certs/${host}.crt - ;; -esac diff --git a/usr/sbin/ip_host_update b/usr/sbin/ip_host_update deleted file mode 100755 index 5620bb4..0000000 --- a/usr/sbin/ip_host_update +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -host=$1 -zone=$2 -ip=$3 -ttl=$4 - - - -date="$(date --rfc-3339 seconds)" - -( - echo "prereq yxrrset ${host}.${zone}. A" - echo "update delete ${host}.${zone}. A" - echo "update add ${host}.${zone}. ${ttl} A ${ip}" - echo "update delete ${host}.${zone}. TXT" - echo "update add ${host}.${zone}. ${ttl} TXT ${date}" - echo "" -) | nsupdate diff --git a/usr/sbin/openvpn-client-down b/usr/sbin/openvpn-client-down deleted file mode 100755 index dd3a8df..0000000 --- a/usr/sbin/openvpn-client-down +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash - -#DEBUG="" -#DEBUG="echo" -#DEBUG=":" - -#LOG=":" -#LOG="echo" -#LOG="" - - - -# Includes -#----------------------------------------------------------------------------------------------------------------------------------- - -. /usr/local/lib/network.bash - - - -# Global Variables -#----------------------------------------------------------------------------------------------------------------------------------- - -#LOG_FILE=/var/log/openvpn/up-down.log - - - - - -# Main -#----------------------------------------------------------------------------------------------------------------------------------- - -network_init - - - -line="[${dev}]: Local_Int_Address: [${ifconfig_local}] Remote_Int_Address: [${ifconfig_pool_remote_ip}] Remote_Ext_Addres: [${untrusted_ip}] Common_Name: [${common_name}] Duration: [${time_duration}]" - -log_info "VPN-Client-Down" "$line" " Status: [OK]" - -touch /etc/openvpn/status/${common_name}.status - -log_trace "VPN-Client-Down" "[${dev}]: Done!" diff --git a/usr/sbin/openvpn-client-up b/usr/sbin/openvpn-client-up deleted file mode 100755 index 6972e47..0000000 --- a/usr/sbin/openvpn-client-up +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash - -#DEBUG="" -#DEBUG="echo" -#DEBUG=":" - -#LOG=":" -#LOG="echo" -#LOG="" - - - -# Includes -#----------------------------------------------------------------------------------------------------------------------------------- - -. /usr/local/lib/network.bash - - - -# Global Variables -#----------------------------------------------------------------------------------------------------------------------------------- - -#LOG_FILE=/var/log/openvpn/up-down.log - - - - - -# Main -#----------------------------------------------------------------------------------------------------------------------------------- - -Output_Param_File="$1" - - -network_init - - - -line="[${dev}]: Local_Int_Address: [${ifconfig_local}] Remote_Int_Address: [${ifconfig_pool_remote_ip}] Remote_Ext_Addres: [${untrusted_ip}] Common_Name: [${common_name}] Output_Param_File: [${Output_Param_File}]" - -log_info "VPN-Client-Up" "$line" " Status: [OK]" - -touch /etc/openvpn/status/${common_name}.status - -log_trace "VPN-Client-Up" "[${dev}]: Done!" diff --git a/usr/sbin/openvpn-down b/usr/sbin/openvpn-down deleted file mode 100755 index 1cf319a..0000000 --- a/usr/sbin/openvpn-down +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash - -#DEBUG="" -#DEBUG="echo" -#DEBUG=":" - -#LOG=":" -#LOG="echo" - - - -# Includes -#----------------------------------------------------------------------------------------------------------------------------------- - -. /usr/local/lib/network.bash - - - -# Global Variables -#----------------------------------------------------------------------------------------------------------------------------------- - -#LOG_FILE=/var/log/openvpn/up-down.log - - - - - -# Main -#----------------------------------------------------------------------------------------------------------------------------------- - - Dev="$1" - Local_MTU="$2" - Remote_MTU="$3" -Local_Address="$4" -Local_Netmask="$5" - Phase="$6" - - -network_init - - -log_info "VPN-Down" "[${Dev}]: Local_MTU: [${Local_MTU}] Remote_MTU: [${Remote_MTU}] Local_Address: [${Local_Address}] Local_Netmask: [${Local_Netmask}] Dst_Table: [${dst_table}] Phase: [${Phase}] Status: [OK]" - -network_device_deinit "" "${Dev}" - -log_trace "VPN-Down" "[${Dev}]: Done!" diff --git a/usr/sbin/openvpn-status b/usr/sbin/openvpn-status deleted file mode 100755 index 33ddfe4..0000000 --- a/usr/sbin/openvpn-status +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -dev=$1 - -if [[ "$1" != "" ]] -then - cat /var/lib/openvpn/$dev.status -else - awk '{print FILENAME ": " $0}' /var/lib/openvpn/*.status -fi diff --git a/usr/sbin/openvpn-up b/usr/sbin/openvpn-up deleted file mode 100755 index 6eb794d..0000000 --- a/usr/sbin/openvpn-up +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash - -#DEBUG="" -#DEBUG="echo" -#DEBUG=":" - -#LOG=":" -#LOG="echo" -#LOG="" - - - -# Includes -#----------------------------------------------------------------------------------------------------------------------------------- - -. /usr/local/lib/network.bash - - - -# Global Variables -#----------------------------------------------------------------------------------------------------------------------------------- - -#LOG_FILE=/var/log/openvpn/up-down.log - - - - - -# Main -#----------------------------------------------------------------------------------------------------------------------------------- - - Dev="$1" - Local_MTU="$2" - Remote_MTU="$3" -Local_Address="$4" -Local_Netmask="$5" - Phase="$6" - - -network_init - - - -log_info "VPN-Up" "[${Dev}]: Local_MTU: [${Local_MTU}] Remote_MTU: [${Remote_MTU}] Local_Address: [${Local_Address}] Local_Netmask: [${Local_Netmask}] Phase: [${Phase}] Status: [OK]" - -network_device_init "" "${Dev}" - -log_trace "VPN-Up" "[${Dev}]: Done!" diff --git a/usr/sbin/rx3_vpn_adm b/usr/sbin/rx3_vpn_adm deleted file mode 100755 index 424134b..0000000 --- a/usr/sbin/rx3_vpn_adm +++ /dev/null @@ -1,137 +0,0 @@ -#!/bin/bash - -RETVAL=0 - -#DEBUG="" -#DEBUG="echo" -#DEBUG=":" - -#LOG=":" -#LOG="echo" - - - -# Includes -#----------------------------------------------------------------------------------------------------------------------------------- - -. /usr/local/lib/vpn.bash - - - - - -#-------------------------------------------------------------------------------------------------------------------------- -# Start -#-------------------------------------------------------------------------------------------------------------------------- - -start() -{ - echo "Starting..." - - if [ -r /var/lock/subsys/rx3-vpn ] - then - echo "already started" - RETVAL=0 - else - vpn_start - - RETVAL=$? - [ "$RETVAL" = 0 ] && touch /var/lock/subsys/rx3-vpn - fi - - echo -} - - - -#-------------------------------------------------------------------------------------------------------------------------- -# Stop -#-------------------------------------------------------------------------------------------------------------------------- - -stop() -{ - echo "Stopping..." - - if [ -r /var/lock/subsys/rx3-vpn ] - then - vpn_stop - - RETVAL=$? - else - echo "already stopped" - RETVAL=0 - fi - - [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/rx3-vpn - - echo -} - - - - - -#-------------------------------------------------------------------------------------------------------------------------- -# Status -#-------------------------------------------------------------------------------------------------------------------------- - -status() -{ - vpn_status -} - - - - - -#-------------------------------------------------------------------------------------------------------------------------- -# Dump -#-------------------------------------------------------------------------------------------------------------------------- - -dump() -{ - vpn_job_tab_dump -} - - - - - -#-------------------------------------------------------------------------------------------------------------------------- -# Main -#-------------------------------------------------------------------------------------------------------------------------- - -vpn_init - -case "$1" in - start) - start - ;; - - stop) - stop - ;; - - restart) - stop - sleep 1 - start - ;; - - status) - status - ;; - - dump) - dump - ;; - - *) - echo "Usage: $0 {start|stop|restart|status|dump}" - RETVAL=1 - ;; -esac - -vpn_deinit - -exit $RETVAL diff --git a/var/www/cgi-bin/ns-admin_board.cgi b/var/www/cgi-bin/ns-admin_board.cgi deleted file mode 100755 index 19cdc9c..0000000 --- a/var/www/cgi-bin/ns-admin_board.cgi +++ /dev/null @@ -1,460 +0,0 @@ -#!/bin/bash - -. /etc/sysconfig/rx3-ns - - - - - -#-------------------------------------------------------------------------------------------------------------------------- -# Lookup Domain Owner () -#-------------------------------------------------------------------------------------------------------------------------- - -Lookup_Domain_Owner () -{ - for ldo_blk in ${NS_LIST} - do - OIFS=${IFS} - IFS=: - set ${ldo_blk} - ldo_domain=$1 - ldo_host=$2 - ldo_owner=$3 - IFS=${OIFS} - - if [[ "${host}.${domain}" == "${ldo_host}.${ldo_domain}" ]] - then - echo ${ldo_owner} - fi - done -} - - - -#-------------------------------------------------------------------------------------------------------------------------- -# Header Print -#-------------------------------------------------------------------------------------------------------------------------- - -Header_Print () -{ - case "${format}" - in - "html") - echo "Content-type: text/html" - echo "" - - echo "" - echo "" - echo " " - echo " " - - if [[ "${refresh}" == "yes" ]] - then - echo " " - fi - - echo " " - echo " " - echo " " - echo " Rx3 NS Admin: ${cmd_status}" - - echo " " - echo " " - ;; - - "txt") - echo "Content-disposition: attachment; filename=${file_name}" - echo "Content-type: text/plain" - echo "" - ;; - esac -} - - - -#-------------------------------------------------------------------------------------------------------------------------- -# Tailer -#-------------------------------------------------------------------------------------------------------------------------- - -Footer_Print () -{ - case "${format}" - in - "html") - echo " " - echo "" - echo "" - ;; - - esac -} - - - -#-------------------------------------------------------------------------------------------------------------------------- -# Main -#-------------------------------------------------------------------------------------------------------------------------- - - - -#-------------------------------------------------------------------------------------------------------------------------- -# Args -#-------------------------------------------------------------------------------------------------------------------------- - -cmd="" -format="" -ip="" -host="" -domain="" -redirect="" - -remote_ip="${REMOTE_ADDR}" - -if [[ "${QUERY_STRING}" != "" ]] -then - OIFS=${IFS} - IFS="\&" - set ${QUERY_STRING} - IFS=${OIFS} - - i=$# - - while [[ "${i}" != 0 ]] - do - var=${1/=*/} - arg=${1/*=/} - - case "${var}" - in - "format") - format=${arg} - ;; - - "cmd") - cmd=${arg} - ;; - - "host") - host=${arg} - ;; - - "domain") - domain=${arg} - ;; - - "ip") - ip=${arg} - ;; - - "ttl") - ttl=${arg} - ;; - esac - - shift - i=$((i - 1)) - done -fi - -if [[ "${format}" == "" ]] -then - format="html" -fi - - - -#-------------------------------------------------------------------------------------------------------------------------- -# Usage_Print -#-------------------------------------------------------------------------------------------------------------------------- - -Usage_Print () -{ - if [[ "${format}" == "html" ]] - then - echo "

" - echo "
" - echo "

" - echo "" - echo "

Rx3 NS Admin Service Usage

" - echo "" - echo " " - echo " " - echo " " - echo " " - echo "
" - echo " " - echo " " - echo " " - echo " " - echo "
" - echo " 
"
-
-	echo "      
"
-	echo "    - cmd=address_get:           Get the host IP address
"
-	echo "        + [format=html|txt]:     Output request format (Default to "html")
"
-	echo "        + host=<Host Name>:      Host name to show
"
-	echo "        + domain=<Domaine Name>: Domain name of the host name
"
-	echo "
"
-	echo "    - cmd=address_set:           Set the host IP address
"
-	echo "        + [format=html|txt]:     Output request format (Default to "html")
"
-	echo "        + host=<Host Name>:      Host name to set
"
-	echo "        + domain=<Domaine Name>: Domain name of the host name
"
-	echo "        + [ip=<IP Address>]:     IP address to be set (Default to requestor address)
"
-	echo "        + [ttl=<TTL>]:           TTL to be set (Default to 600)
"
-	echo "
"
-	echo "    - Example: https://www.rx3.net/cgi-bin-private/ns-admin_board.cgi?cmd=address_get&host=vpn0&domain=vpn.rx3
"
-
-	echo "
" - echo "
" - echo "
" - else - echo "Rx3 NS Service Usage:" - echo " - cmd=address_get: Get the host IP address" - echo " + [format=html|txt]: Output request format (Default to "html")" - echo " + host=: Host name to show" - echo " + domain=: Domain name of the host name" - echo "" - echo " - cmd=address_set: Set the host IP address" - echo " + [format=html|txt]: Output request format (Default to "html")" - echo " + host=: Host name to set" - echo " + domain=: Domain name of the host name" - echo " + [ip=]: IP address to be set (Default to requestor address)" - echo " + [ttl=]: TTL to be set (Default to 600)
" - fi -} - - - - - -#-------------------------------------------------------------------------------------------------------------------------- -# Main Board Print -#-------------------------------------------------------------------------------------------------------------------------- - -Main_Board_Print () -{ - if [[ "${format}" == "html" ]] - then - echo "" - echo "

Rx3 NS Admin Board

" - echo "

" - echo "
" - echo "" - echo " Date: $(/bin/date)
" - echo "

" - echo "
" - echo "" - fi - - if [[ "${format}" == "html" ]] - then - echo "

" - echo "
" - echo "

" - echo "" - echo "

Rx3 NS Status Board

" - echo "" - echo " " - echo " " - else - echo "TABLE: RX3-NS_Status_Board" - echo "#;Domain;Host;Address;Owner;TTL;Date" - fi - - idx=0 - - for blk in ${NS_LIST} - do - OIFS=${IFS} - IFS=: - set ${blk} - domain=$1 - host=$2 - owner=$3 - IFS=${OIFS} - - address=$(dig -t A ${host}.${domain}. | grep "^${host}.${domain}" | awk '{print $5}') - ttl=$(dig -t A ${host}.${domain}. | grep "^${host}.${domain}" | awk '{print $2}') - date=$(dig -t TXT ${host}.${domain}. | grep "^${host}.${domain}" | awk '{print $5 " " $6}' | sed -e "s/\"//g") - - if [[ "${REMOTE_USER}" == "${owner}" ]] - then - class="default" - else - class="dark" - fi - - if [[ "${format}" == "html" ]] - then - echo "" - else - echo "${domain};${host};${address};${owner};${ttl};${date}" - fi - - idx=$((${idx}+1)) - done - - if [[ "${format}" == "html" ]] - then - echo "
#DomainHostAddressOwnerTTLDate
${idx}${domain}${host}${address}${owner}${ttl}${date}
" - echo "

" - echo "
" - echo "

" - else - echo "" - fi - - Usage_Print -} - - - -#-------------------------------------------------------------------------------------------------------------------------- -# Command Handler -#-------------------------------------------------------------------------------------------------------------------------- - -case "${cmd}" -in - "") - cmd_status="OK" - refresh="yes" - - Header_Print - - Main_Board_Print - - Footer_Print - ;; - - "address_set") - owner=$(Lookup_Domain_Owner) - - if [[ "${owner}" != "" ]] - then - if [[ "${REMOTE_USER}" == "${owner}" ]] - then - if [[ "${ip}" == "" ]] - then - ip="${remote_ip}" - fi - - if [[ "${ttl}" == "" ]] - then - ttl="600" - fi - - sudo /usr/local/sbin/ip_host_update ${host} ${domain} ${ip} ${ttl} - - if [[ "$?" == 0 ]] - then - status="OK" - else - status="KO" - fi - else - status="KO - Not Authorized" - fi - else - status="KO - Domain not found" - fi - - cmd_status="${cmd}: ${status}" - refresh="no" - - Header_Print - - if [[ "${format}" == "html" ]] - then - echo " " - echo " " - echo " " - echo " " - echo "
" - echo " " - echo " " - echo " " - echo " " - echo "
" - echo " 
"
-	fi
-
-	echo "Set $host.$domain. to  ${ip} with TTL ${ttl}: ${status}"
-
-	if [[ "${format}" == "html" ]]
-	then
-	    echo "
" - echo "
" - echo "
" - fi - - Footer_Print - ;; - - "address_get") - - owner=$(Lookup_Domain_Owner) - if [[ "${owner}" != "" ]] - then -# if [[ "${REMOTE_USER}" == "${owner}" ]] -# then -# host_info="$(host ${host}.${domain})" - host_info="$(dig -t ANY ${host}.${domain}.)" - - if [[ "$?" == 0 ]] - then - status="OK" - else - status="KO" - fi -# else -# status="KO - Not Authorized" -# fi - else - status="KO - Domain not found" - fi - - cmd_status="${cmd}: ${status}" - refresh="no" - - Header_Print - - if [[ "${format}" == "html" ]] - then - echo " " - echo " " - echo " " - echo " " - echo "
" - echo " " - echo " " - echo " " - echo " " - echo "
" - echo " 
"
-
-	    echo "$host.$domain.: ${status}"
-	    echo "
"
-	else
-	    echo "$host.$domain.:"
-	    echo ""
-	fi
-
-	echo "${host_info}"
-
-	if [[ "${format}" == "html" ]]
-	then
-	    echo "
" - echo "
" - echo "
" - fi - - Footer_Print - ;; - - *) - cmd_status="${cmd}: UNKNOWN_CMD" - - Header_Print - Footer_Print - ;; -esac diff --git a/var/www/cgi-bin/vpn-admin_board.cgi b/var/www/cgi-bin/vpn-admin_board.cgi deleted file mode 100755 index ec55143..0000000 --- a/var/www/cgi-bin/vpn-admin_board.cgi +++ /dev/null @@ -1,874 +0,0 @@ -#!/bin/bash - -time_in=$(date +%s%N) - - -# No Log please -export LOG="" - -. /usr/local/lib/network.bash - - - - - -#-------------------------------------------------------------------------------------------------------------------------- -# Header Print -#-------------------------------------------------------------------------------------------------------------------------- - -Header_Print() -{ - case "${format}" - in - "html") - echo "Content-type: text/html" - echo "" - - echo "" - echo "" - echo " " - echo " " - echo " " - echo " " - echo " " - echo " " - - if [[ "${cmd_status}" == "" ]] - then - echo " Rx3 VPN Admin Board" - else - echo " Rx3 VPN Admin Board: ${cmd_status}" - fi - - if [[ "${redirect}" != "" ]] - then - echo " " - fi - - echo " " - echo " " - ;; - - "csv") - echo "Content-type: text/csv" - echo "" - - echo "SOF" - - if [[ "${redirect}" != "" ]] - then - echo "CMD: ${cmd_status}" - fi - ;; - - "txt") - echo "Content-disposition: attachment; filename=${file_name}" - echo "Content-type: text/plain" - echo "" - ;; - esac -} - - - -#-------------------------------------------------------------------------------------------------------------------------- -# Tailer -#-------------------------------------------------------------------------------------------------------------------------- - -Footer_Print() -{ - case "${format}" - in - "html") - echo " " - echo "" - echo "" - ;; - - "csv") - echo "" - echo "EOF" - ;; - esac -} - - - -#-------------------------------------------------------------------------------------------------------------------------- -# Destination Status Board -#-------------------------------------------------------------------------------------------------------------------------- - -Destination_Status_Board() -{ - if [[ "${format}" == "html" ]] - then - echo "

" - echo "
" - echo "

" - echo "" - echo "

Destination Status Board

" - echo "" - echo " " - echo " " - else - echo "TABLE: Destination_Status_Board" - echo "#;Name;Type;Device;Status;IP;Host Name;Config;Table;Bytes In;Bytes Out;UpTime" - fi - - - for dst_id in ${NETWORK_DST_ID_LIST} - do - network_dst_tab_get ${dst_id} - - if [[ ${dst_status} == 0 ]] - then - dst_ip="-" - fi - - if [[ ( "${status}" == "" ) || ( "${status}" == "${dst_status}") ]] - then - if [[ "${format}" == "html" ]] - then - echo -n "" - - case "${dst_status}" - in - "0") - echo -n "" - ;; - - "1") - echo -n "" - ;; - - "2") - echo -n "" - ;; - - *) - echo -n "" - ;; - esac - - echo "" - else - echo "${dst_id};${dst_name};${NETWORK_DST_TYPE[${dst_type}]};${dst_device};${dst_status};${dst_ip};${dst_host_name};${dst_config};${dst_table};${dst_bytes_received};${dst_bytes_sent};${dst_uptime}" - fi - fi - done - - if [[ "${format}" == "html" ]] - then - echo "
#NameTypeDeviceStatusIPHost NameConfigTableBytes InBytes OutUpTime
${dst_id}${dst_name}${NETWORK_DST_TYPE[${dst_type}]}${dst_device}\"Down\"\"Up\"\"Unready\"\"Unknown\"${dst_ip:--}${dst_host_name:--}${dst_config:--}${dst_table}${dst_bytes_received:--}${dst_bytes_sent:--}${dst_uptime:--}
" - echo "

" - echo "
" - echo "

" - echo "" - else - echo "" - fi -} - - - -#-------------------------------------------------------------------------------------------------------------------------- -# Source Routing Board Line -#-------------------------------------------------------------------------------------------------------------------------- - -Source_Routing_Board_Line() -{ - src_id=$1 - - network_src_tab_get ${src_id} - - if [[ ( "${user}" == "") || ( "${user}" == "owner") || ( "${user}" == "${src_owner}") ]] - then - if [[ ( "${admin}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]] - then - class="default" - else - if [[ "${user}" == "owner" ]] - then - class="skip" - else - class="dark" - fi - fi - else - # user == user not owner of this line - - class="skip" - fi - - if [[ ( "${status}" != "") && ( "${status}" != "${src_status}") ]] - then - class="skip" - fi - - - if [[ "${class}" != "skip" ]] - then - if [[ "${format}" == "html" ]] - then - echo -n "${src_id}" - - echo -n "${NETWORK_SRC_TYPE[${src_type}]}${src_ip}${src_host_name:--}" - - echo -n "${src_device:--}" - - case "${src_status}" - in - "0") - echo -n "\"Down\"" - ;; - - "1") - echo -n "\"Up\"" - ;; - - "2") - echo -n "-" - ;; - esac - else - echo -n "${src_id};${NETWORK_SRC_TYPE[${src_type}]};${src_ip};${src_host_name};${src_device};${src_status};" - fi - - - for dst_id in ${NETWORK_DST_ID_LIST} - do - network_dst_tab_get ${dst_id} - - if [[ ( "${admin}" == "true") || ( "${dst_type}" != 1) ]] - then - if [[ "${format}" == "html" ]] - then - echo -n "
" - - if [[ "${dst_table}" == "${src_table}" ]] - then - echo -n "\"Up\" " - else - echo -n "\"Down\"" - - if [[ ( ${admin} == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]] - then - echo -n "\"Activate\"" - else - echo -n " " - fi - fi - - echo -n "
" - else - - if [[ "${dst_table}" == "${src_table}" ]] - then - echo -n "1;" - else - echo -n "0;" - fi - fi - fi - done - - if [[ "${format}" == "html" ]] - then - if [[ "${port_range}" != "0" ]] - then - echo -n "${src_port_range}${src_port_start:--}${src_port_end:--}" - else - echo -n "${src_port_range}--" - fi - - echo "${src_owner}${src_bytes_received:--}${src_bytes_sent:--}${src_uptime:--}${src_last_seen:--}" - else - echo "${src_port_range};${src_port_start};${src_port_end};${src_owner};${src_bytes_received};${src_bytes_sent};${src_uptime};${src_last_seen}" - fi - fi - -} - - - -#-------------------------------------------------------------------------------------------------------------------------- -# Source Routing Board -#-------------------------------------------------------------------------------------------------------------------------- - -Source_Routing_Board() -{ - if [[ "${format}" == "html" ]] - then - echo "

" - echo "
" - echo "

" - echo "" - echo "

Source Routing Board

" - echo "" - echo " " - echo -n " " - else - echo "TABLE: Source_Routing_Board" - echo -n "#;Type;IP;Host Name;Status;Device;" - fi - - - for dst_id in ${NETWORK_DST_ID_LIST} - do - network_dst_tab_get ${dst_id} - - if [[ ( "${admin}" == "true") || ( "${dst_type}" != 1) ]] - then - if [[ "${format}" == "html" ]] - then - echo -n "" - else - echo -n "${dst_name};" - fi - fi - done - - - if [[ "${format}" == "html" ]] - then - echo "" - else - echo "Port Range;From Port;To Port;Owner;Bytes In;Bytes Out;UpTime;Last Seen" - fi - - - for src_id in ${NETWORK_SRC_ID_LIST} - do - Source_Routing_Board_Line ${src_id} - done - - - if [[ "${format}" == "html" ]] - then - echo "
#TypeIPHost NameDeviceStatus${dst_name}Port RangeFrom PortTo PortOwnerBytes InBytes OutUpTimeLast Seen
" - echo "

" - echo "
" - echo "

" - else - echo "" - fi -} - - - -#-------------------------------------------------------------------------------------------------------------------------- -# OpenVPN Board -#-------------------------------------------------------------------------------------------------------------------------- - -VPN_OpenVPN_Board() -{ - if [[ "${format}" == "html" ]] - then - echo "

" - echo "
" - echo "

" - echo "" - echo "

OpenVPN Board

" - echo "" - echo " " - echo " " - else - echo "TABLE: OpenVPN_Board" - echo "#;IP;Host Name;Certificate" - fi - - idx=0 - - for src_id in ${NETWORK_SRC_ID_LIST} - do - network_src_tab_get ${src_id} - - if [[ "${src_type}" == 2 ]] - then - if [[ ( "${user}" == "") || ( "${user}" == "owner") || ( "${user}" == "${src_owner}") ]] - then - if [[ ( "${admin}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]] - then - class="default" - else - if [[ "${user}" == "owner" ]] - then - class="skip" - else - class="dark" - fi - fi - else - # user == user not owner of this line - - class="skip" - fi - - if [[ ( "${status}" != "") && ( "${status}" != "${src_status}") ]] - then - class="skip" - fi - - - if [[ "${class}" != "skip" ]] - then - if [[ "${format}" == "html" ]] - then - echo -n " " - echo -n "" - - if [[ ( "${admin}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]] - then - echo -n "" - else - echo -n "" - fi - - echo -n "" - - if [[ ( "${admin}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]] - then - echo -n "" - else - echo -n "" - fi - else - echo -n "${idx};${src_ip};${src_host_name}" - fi - - if [[ "${format}" == "html" ]] - then - echo -n "" - - if [[ ( "${admin}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]] - then - echo -n "" - - if [[ -f /etc/openvpn/tls/certs/${src_host_name}.crt ]] - then - echo -n "" - echo -n "" - echo "" - else - echo -n "" - echo -n "" - echo "" - fi - else - echo -n "" - - if [[ -f /etc/openvpn/tls/certs/${src_host_name}.crt ]] - then - echo -n "" - echo -n "" - echo "" - else - echo -n "" - echo -n "" - echo "" - fi - fi - else - if [[ -f /etc/openvpn/tls/certs/${src_host_name}.crt ]] - then - echo ";1" - else - echo ";0" - fi - fi - - idx=$(( ${idx} + 1)) - fi - fi - done - - if [[ "${format}" == "html" ]] - then - echo "
#IPHost NameConfigurationCertificates
Default Route VPNNo Default Route VPNCA Certificate (.crt)TC Certificate (.key)Private Key (.key)Cerificate Signing Request (.csr)Public Certificate (.crt)
External CrtInline CrtExternal CrtInline Crt
${idx}${src_ip}${src_host_name}\"Configuration\"Configuration\"Configuration\"Configuration\"Configuration\"Configuration\"CA\"TC\"Private\"Certificat\"Public
\"Private\"Certificat\"Public
\"TC\"Private\"Certificat\"Public
\"Private\"Certificat\"Public
" - echo "

" - echo "
" - echo "

" - fi -} - - - -#-------------------------------------------------------------------------------------------------------------------------- -# Main Board Print -#-------------------------------------------------------------------------------------------------------------------------- - -Main_Board_Print() -{ - if [[ "${format}" == "html" ]] - then - echo "" - - if [[ "${admin}" == "true" ]] - then - admin_mode=" - Admin Mode" - else - admin_mode="" - fi - - case "${user}" - in - "") - user_mode="All" - ;; - - "owner") - user_mode="My" - ;; - - *) - user_mode="${user}" - ;; - esac - - case "${status}" - in - "") - status_mode="All" - ;; - - "0") - status_mode="Down" - ;; - - "1") - status_mode="UP" - ;; - - "2") - status_mode="Not Conected" - ;; - - *) - status_mode="Unkwown" - ;; - esac - - - echo "

VPN Admin Board: ${user_mode} VPN - ${status_mode} Status${admin_mode}

" - - - echo "

" - echo "
" - echo "" - echo " Date: $(/bin/date)
" - echo "

" - echo "
" - echo "" - fi - - Destination_Status_Board - Source_Routing_Board - VPN_OpenVPN_Board - - if [[ "${format}" == "html" ]] - then - echo "

" - echo "
" - echo "
" - echo -n " " - - if [[ " ${ADMIN_USER_LIST} " == *" ${REMOTE_USER} "* ]] - then - if [[ "${admin}" == "true" ]] - then - echo -n "Non Admin Mode" - else - echo -n "Admin Mode" - fi - - echo -n "   " - fi - - if [[ "${user}" != "" ]] - then - echo -n "All VPN" - echo -n "   " - fi - - if [[ "${status}" != "" ]] - then - echo -n "All Status" - fi - - echo "" - echo "

" - - time_out=$(date +%s%N) - elaps=$((${time_out} - ${time_in})) - elaps_sec=$((${elaps} / 1000000000)) - elaps_mili=$(( ( ${elaps} / 1000000) - ( ${elaps_sec} * 1000))) - - echo "

" - echo "
" - echo "
" - printf "Page generated in %d.%03d seconds" ${elaps_sec} ${elaps_mili} - echo "

" - echo "" - echo "
" - echo "" - echo "

" - echo " Rx3 Admin" - echo "

" - echo "" - echo "
" - echo "" - echo "

" - echo " \"Best" - echo " \"Valid" - echo " \"Valid" - echo "

" - fi -} - - - - - -#-------------------------------------------------------------------------------------------------------------------------- -# Main -#-------------------------------------------------------------------------------------------------------------------------- - - - -#-------------------------------------------------------------------------------------------------------------------------- -# Args -#-------------------------------------------------------------------------------------------------------------------------- - -cmd="" -format="" -user="" -status="" -ip="" -vpn="" -type="" -redirect="" -cmd_status="" -admin="" - -if [[ "${QUERY_STRING}" != "" ]] -then - OIFS=${IFS} - IFS="\&" - set ${QUERY_STRING} - IFS=${OIFS} - - i=$# - - while [[ "${i}" != 0 ]] - do - var=${1/=*/} - arg=${1/*=/} - - case "${var}" - in - "cmd") - cmd=${arg} - ;; - - "format") - format=${arg} - ;; - - "admin") - admin=${arg} - ;; - - "filter") - filter=${arg} - ;; - - "user") - user=${arg} - ;; - - "status") - status=${arg} - ;; - - "ip") - ip=${arg} - ;; - - "vpn") - vpn=${arg} - ;; - - "type") - type=${arg} - ;; - - "filename") - filename=${arg} - ;; - - "defroute") - defroute=${arg} - ;; - esac - - shift - i=$((i - 1)) - done -fi - -if [[ "${format}" == "" ]] -then - format="html" -fi - - - - - -#-------------------------------------------------------------------------------------------------------------------------- -# Command Handler -#-------------------------------------------------------------------------------------------------------------------------- - -network_init - -#network_tab_dump - -if [[ ( ${admin} == "true") && ( " ${ADMIN_USER_LIST} " != *" ${REMOTE_USER} "*) ]] -then - cmd_status="${cmd}: Admin NOT_AUTHORIZED" - - redirect="?user=${user}&up=${up}" - - Header_Print - Footer_Print -else - - case "${cmd}" - in - "") - Header_Print - Main_Board_Print - Footer_Print - ;; - - "route_set") - network_src_tab_ip_lookup "${ip}" - network_src_tab_get "${src_id}" - - network_dst_tab_get "${vpn}" - - if [[ ( ${admin} == "true") || ( ( "${REMOTE_USER}" == "${src_owner}") && ( "${dst_type}" != 1)) ]] - then - sudo /usr/local/sbin/rx3_net_adm table_set ${ip} ${dst_table} 1>&2 - - if [[ "$?" == 0 ]] - then - cmd_status="route_set: OK" - else - cmd_status="route_set: KO" - fi - else - cmd_status="route_set: NOT_AUTHORIZED [${REMOTE_USER}]/[${src_owner}]/[${dst_type}]" - fi - - redirect="?admin=${admin}&filter=${filter}" - - Header_Print - Footer_Print - ;; - - "cert_download") - network_src_tab_ip_lookup "${ip}" - network_src_tab_get "${src_id}" - - if [[ ( ${admin} == "true") || ( "${REMOTE_USER}" == "${src_owner}") || ( "${type}" == "ca") || ( "${type}" == "crt") ]] - then - cmd_status="cert_download: OK" - format="txt" - - case "${type}" - in - "ca") - file_name="ca.crt" - host_name="" - ;; - - "tc") - file_name="tc.key" - host_name="" - ;; - - *) - host_name=$(host ${ip} | sed -e 's/.*domain name pointer //' -e 's/.$//') - file_name="${host_name}.${type}" - ;; - esac - - Header_Print - sudo /usr/local/sbin/cert_dump ${type} ${host_name} - else - cmd_status="cert_download: NOT_AUTHORIZED" - - redirect="?admin=${admin}&filter=${filter}" - - format="html" - Header_Print - Footer_Print - fi - ;; - - "config_download") - network_src_tab_ip_lookup "${ip}" - network_src_tab_get "${src_id}" - - if [[ ( ${admin} == "true") || ( "${REMOTE_USER}" == "${src_owner}") || ( "${type}" == "ext") ]] - then - cmd_status="config_download: OK" - - host_name=$(host ${ip} | sed -e 's/.*domain name pointer //' -e 's/.$//') - template_name="rx3-client.ovpn" - - if [[ "${defroute}" == "false" ]] - then - defroute_pipe="sed s/#pull-filter/pull-filter/" - route_type="nodefroute" - else - defroute_pipe="cat" - route_type="defroute" - fi - - format="txt" - - if [[ "${type}" == "ext" ]] - then - file_name="${host_name}-${route_type}-external.ovpn" - Header_Print - - sed \"; sudo \/usr\/local\/sbin\/cert_dump ca; echo \"<\/ca>\")/" -e "s/cert tls\/certs\/CLIENT_FQDN.crt/\$(echo \"\"; sudo \/usr\/local\/sbin\/cert_dump crt CLIENT_FQDN; echo \"<\/cert>\")/" -e "s/key tls\/private\/CLIENT_FQDN.key/\$(echo \"\"; sudo \/usr\/local\/sbin\/cert_dump key CLIENT_FQDN; echo \"<\/key>\")/" -e "s/tls-crypt tls\/private\/tc.key/\$(echo \"\"; sudo \/usr\/local\/sbin\/cert_dump tc; echo \"<\/tls-crypt>\")/" -e "s/CLIENT_FQDN/${host_name}/g")\"" | ${defroute_pipe} - fi - else - cmd_status="config_download: NOT_AUTHORIZED" - - redirect="?admin=${admin}&filter=${filter}" - - format="html" - Header_Print - Footer_Print - fi - ;; - - *) - cmd_status="${cmd}: UNKNOWN_CMD" - - Header_Print - Footer_Print - ;; - esac -fi - -network_deinit diff --git a/www/cgi-bin/ns-admin_board.cgi b/www/cgi-bin/ns-admin_board.cgi new file mode 100755 index 0000000..a65f3a8 --- /dev/null +++ b/www/cgi-bin/ns-admin_board.cgi @@ -0,0 +1,534 @@ +#!/bin/bash +#----------------------------------------------------------------------------------------------------------------------------------- +# +# Rx3 NS Admin Board CGI +# +# Copyright (C) 2025-2026 Arnaud G. GIBERT +# mailto:arnaud@rx3.net +# +# This is free software: you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this program; If not, see +# . +# +#----------------------------------------------------------------------------------------------------------------------------------- + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Includes +#----------------------------------------------------------------------------------------------------------------------------------- + +: "${RX3_LIB_DIR:=/usr/lib/rx3}" +. "${RX3_LIB_DIR}/dns.bash" + +. /etc/sysconfig/rx3-ns # To be removed? + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Global Variables +#----------------------------------------------------------------------------------------------------------------------------------- + +declare -g VERSION="1.2.0" +declare -g NAME="ns-admin_board.cgi" + +declare -g DEBUG="" +#declare -g DEBUG="echo" +#declare -g DEBUG=":" + +# No Log please +export LOG="" + +declare -g CMD="" +declare -g FORMAT="" +declare -g IP="" +declare -g HOST="" +declare -g DOMAIN="" +declare -g REDIRECT="" +declare -g CMD_STATUS="" +declare -g REFRESH="" +declare -g TTL="" +declare -g STATUS="" +declare -g FILE_NAME="" +declare -g REMOTE_IP="${REMOTE_ADDR}" +declare -g HOST_INFO="" + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Lookup Domain Owner +#----------------------------------------------------------------------------------------------------------------------------------- + +nab_lookup_domain_owner() +{ + local ldo_blk + local ldo_domain + local ldo_host + local ldo_owner + local OIFS + + for ldo_blk in ${NS_LIST} + do + OIFS="${IFS}" + IFS=":" + set ${ldo_blk} + ldo_domain="$1" + ldo_host="$2" + ldo_owner="$3" + IFS="${OIFS}" + + if [[ "${HOST}.${DOMAIN}" == "${ldo_host}.${ldo_domain}" ]] + then + echo "${ldo_owner}" + fi + done +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Header Print +#----------------------------------------------------------------------------------------------------------------------------------- + +nab_header_print() +{ + case "${FORMAT}" + in + "html") + echo "Content-type: text/html" + echo "" + + echo "" + echo "" + echo " " + echo " " + + if [[ "${REFRESH}" == "yes" ]] + then + echo " " + fi + + echo " " + echo " " + echo " " + echo " Rx3 NS Admin: ${CMD_STATUS}" + echo " " + echo " " + ;; + + "txt") + echo "Content-disposition: attachment; filename=${FILE_NAME}" + echo "Content-type: text/plain" + echo "" + ;; + esac +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Footer Print +#----------------------------------------------------------------------------------------------------------------------------------- + +nab_footer_print() +{ + case "${FORMAT}" + in + "html") + echo " " + echo "" + echo "" + ;; + esac +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Usage Print +#----------------------------------------------------------------------------------------------------------------------------------- + +nab_usage_print() +{ + if [[ "${FORMAT}" == "html" ]] + then + echo "

" + echo "
" + echo "

" + echo "" + echo "

Rx3 NS Admin Service Usage

" + echo "" + echo " " + echo " " + echo "
" + echo " " + echo " " + echo "
" + echo " 
"
+        echo "    - cmd=address_get:           Get the host IP address"
+        echo "        + [format=html|txt]:     Output request format (Default to html)"
+        echo "        + host=<Host Name>:      Host name to show"
+        echo "        + domain=<Domain Name>:  Domain name of the host name"
+        echo ""
+        echo "    - cmd=address_set:           Set the host IP address"
+        echo "        + [format=html|txt]:     Output request format (Default to html)"
+        echo "        + host=<Host Name>:      Host name to set"
+        echo "        + domain=<Domain Name>:  Domain name of the host name"
+        echo "        + [ip=<IP Address>]:     IP address to be set (Default to requestor address)"
+        echo "        + [ttl=<TTL>]:           TTL to be set (Default to 600)"
+        echo ""
+        echo "    - Example: https://www.rx3.net/cgi-bin-private/ns-admin_board.cgi?cmd=address_get&host=vpn0&domain=vpn.rx3"
+        echo "
" + echo "
" + echo "
" + else + echo "Rx3 NS Service Usage:" + echo " - cmd=address_get: Get the host IP address" + echo " + [format=html|txt]: Output request format (Default to html)" + echo " + host=: Host name to show" + echo " + domain=: Domain name of the host name" + echo "" + echo " - cmd=address_set: Set the host IP address" + echo " + [format=html|txt]: Output request format (Default to html)" + echo " + host=: Host name to set" + echo " + domain=: Domain name of the host name" + echo " + [ip=]: IP address to be set (Default to requestor address)" + echo " + [ttl=]: TTL to be set (Default to 600)" + fi +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Result Print +#----------------------------------------------------------------------------------------------------------------------------------- + +nab_result_print() +{ + local message="$1" + + if [[ "${FORMAT}" == "html" ]] + then + echo " " + echo " " + echo "
" + echo " " + echo " " + echo "
" + echo " 
"
+        echo "${message}"
+        echo "
" + echo "
" + echo "
" + else + echo "${message}" + fi +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Main Board Print +#----------------------------------------------------------------------------------------------------------------------------------- + +nab_main_board_print() +{ + local blk + local domain + local host + local owner + local address + local ttl + local date + local class + local idx=0 + local OIFS + + if [[ "${FORMAT}" == "html" ]] + then + echo "" + echo "

Rx3 NS Admin Board

" + echo "

" + echo "
" + echo "" + echo " Date: $(/bin/date)
" + echo "

" + echo "
" + echo "" + echo "

" + echo "
" + echo "

" + echo "" + echo "

Rx3 NS Status Board

" + echo "" + echo " " + echo " " + else + echo "TABLE: RX3-NS_Status_Board" + echo "#;Domain;Host;Address;Owner;TTL;Date" + fi + + for blk in ${NS_LIST} + do + OIFS="${IFS}" + IFS=":" + set ${blk} + domain="$1" + host="$2" + owner="$3" + IFS="${OIFS}" + + address="$( dig -t A "${host}.${domain}." | grep "^${host}.${domain}" | awk '{print $5}')" + ttl="$( dig -t A "${host}.${domain}." | grep "^${host}.${domain}" | awk '{print $2}')" + date="$( dig -t TXT "${host}.${domain}." | grep "^${host}.${domain}" | awk '{print $5 " " $6}' | sed -e 's/\"//g')" + + if [[ "${REMOTE_USER}" == "${owner}" ]] + then + class="default" + else + class="dark" + fi + + if [[ "${FORMAT}" == "html" ]] + then + echo " " + else + echo "${domain};${host};${address};${owner};${ttl};${date}" + fi + + idx=$(( idx + 1 )) + done + + if [[ "${FORMAT}" == "html" ]] + then + echo "
#DomainHostAddressOwnerTTLDate
${idx}${domain}${host}${address}${owner}${ttl}${date}
" + echo "

" + echo "
" + echo "

" + else + echo "" + fi + + nab_usage_print +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Query String Parse +#----------------------------------------------------------------------------------------------------------------------------------- + +nab_query_string_parse() +{ + local var + local arg + local i + + CMD="" + FORMAT="" + IP="" + HOST="" + DOMAIN="" + TTL="" + + if [[ "${QUERY_STRING}" != "" ]] + then + local OIFS="${IFS}" + IFS="&" + set ${QUERY_STRING} + IFS="${OIFS}" + + i=$# + + while [[ "${i}" != "0" ]] + do + var="${1/=*/}" + arg="${1/*=/}" + + case "${var}" + in + "cmd") + CMD="${arg}" + ;; + + "format") + FORMAT="${arg}" + ;; + + "host") + HOST="${arg}" + ;; + + "domain") + DOMAIN="${arg}" + ;; + + "ip") + IP="${arg}" + ;; + + "ttl") + TTL="${arg}" + ;; + esac + + shift + i=$(( i - 1 )) + done + fi + + if [[ "${FORMAT}" == "" ]] + then + FORMAT="html" + fi +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Command Handler +#----------------------------------------------------------------------------------------------------------------------------------- + +nab_command_handler() +{ + local owner + local status + + case "${CMD}" + in + "") + CMD_STATUS="OK" + REFRESH="yes" + + nab_header_print + nab_main_board_print + nab_footer_print + ;; + + "address_set") + owner="$( nab_lookup_domain_owner)" + + if [[ "${owner}" != "" ]] + then + if [[ "${REMOTE_USER}" == "${owner}" ]] + then + if [[ "${IP}" == "" ]] + then + IP="${REMOTE_IP}" + fi + + if [[ "${TTL}" == "" ]] + then + TTL="600" + fi + + dns_host_update "${HOST}" "${DOMAIN}" "${IP}" "${TTL}" + + if [[ "$?" == "0" ]] + then + status="OK" + else + status="KO" + fi + else + status="KO - Not Authorized" + fi + else + status="KO - Domain not found" + fi + + CMD_STATUS="${CMD}: ${status}" + REFRESH="no" + + nab_header_print + nab_result_print "Set ${HOST}.${DOMAIN}. to ${IP} with TTL ${TTL}: ${status}" + nab_footer_print + ;; + + "address_get") + owner="$( nab_lookup_domain_owner)" + + if [[ "${owner}" != "" ]] + then + HOST_INFO="$( dig -t ANY "${HOST}.${DOMAIN}.")" + + if [[ "$?" == "0" ]] + then + status="OK" + else + status="KO" + fi + else + status="KO - Domain not found" + fi + + CMD_STATUS="${CMD}: ${status}" + REFRESH="no" + + nab_header_print + + if [[ "${FORMAT}" == "html" ]] + then + nab_result_print "${HOST}.${DOMAIN}.: ${status}
+${HOST_INFO}" + else + echo "${HOST}.${DOMAIN}.:" + echo "" + echo "${HOST_INFO}" + fi + + nab_footer_print + ;; + + *) + CMD_STATUS="${CMD}: UNKNOWN_CMD" + + nab_header_print + nab_footer_print + ;; + esac +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Main +#----------------------------------------------------------------------------------------------------------------------------------- + +nab_query_string_parse + +dns_init + +nab_command_handler + +dns_deinit diff --git a/www/cgi-bin/vpn-admin_board.cgi b/www/cgi-bin/vpn-admin_board.cgi new file mode 100755 index 0000000..5641281 --- /dev/null +++ b/www/cgi-bin/vpn-admin_board.cgi @@ -0,0 +1,961 @@ +#!/bin/bash +#----------------------------------------------------------------------------------------------------------------------------------- +# +# Rx3 VPN Admin Board CGI +# +# Copyright (C) 2025-2026 Arnaud G. GIBERT +# mailto:arnaud@rx3.net +# +# This is free software: you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this program; If not, see +# . +# +#----------------------------------------------------------------------------------------------------------------------------------- + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Includes +#----------------------------------------------------------------------------------------------------------------------------------- + +: "${RX3_LIB_DIR:=/usr/lib/rx3}" +. "${RX3_LIB_DIR}/network.bash" + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Global Variables +#----------------------------------------------------------------------------------------------------------------------------------- + +declare -g VERSION="1.0.0" +declare -g NAME="vpn-admin_board.cgi" + +declare -g DEBUG="" +#declare -g DEBUG="echo" +#declare -g DEBUG=":" + +# No Log please +export LOG="" + +declare -g TIME_IN=$(date +%s%N) +declare -g CMD="" +declare -g FORMAT="" +declare -g USER="" +declare -g STATUS="" +declare -g IP="" +declare -g VPN="" +declare -g TYPE="" +declare -g REDIRECT="" +declare -g CMD_STATUS="" +declare -g ADMIN="" +declare -g FILTER="" +declare -g DEFROUTE="" +declare -g FILENAME="" +declare -g FILE_NAME="" +declare -g HOST_NAME="" +declare -g ADMIN_MODE="" +declare -g USER_MODE="" +declare -g STATUS_MODE="" + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Header Print +#----------------------------------------------------------------------------------------------------------------------------------- + +vab_header_print() +{ + case "${FORMAT}" + in + "html") + echo "Content-type: text/html" + echo "" + + echo "" + echo "" + echo " " + echo " " + echo " " + echo " " + echo " " + echo " " + + if [[ "${CMD_STATUS}" == "" ]] + then + echo " Rx3 VPN Admin Board" + else + echo " Rx3 VPN Admin Board: ${CMD_STATUS}" + fi + + if [[ "${REDIRECT}" != "" ]] + then + echo " " + fi + + echo " " + echo " " + ;; + + "csv") + echo "Content-type: text/csv" + echo "" + + echo "SOF" + + if [[ "${REDIRECT}" != "" ]] + then + echo "CMD: ${CMD_STATUS}" + fi + ;; + + "txt") + echo "Content-disposition: attachment; filename=${FILE_NAME}" + echo "Content-type: text/plain" + echo "" + ;; + esac +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Footer Print +#----------------------------------------------------------------------------------------------------------------------------------- + +vab_footer_print() +{ + case "${FORMAT}" + in + "html") + echo " " + echo "" + echo "" + ;; + + "csv") + echo "" + echo "EOF" + ;; + esac +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Destination Status Board +#----------------------------------------------------------------------------------------------------------------------------------- + +vab_destination_status_board() +{ + local dst_id + + if [[ "${FORMAT}" == "html" ]] + then + echo "

" + echo "
" + echo "

" + echo "" + echo "

Destination Status Board

" + echo "" + echo " " + echo " " + else + echo "TABLE: Destination_Status_Board" + echo "#;Name;Type;Device;Status;IP;Host Name;Config;Table;Bytes In;Bytes Out;UpTime" + fi + + for dst_id in ${NETWORK_DST_ID_LIST} + do + network_dst_tab_get "${dst_id}" + + if [[ "${dst_status}" == "0" ]] + then + dst_ip="-" + fi + + if [[ ( "${STATUS}" == "" ) || ( "${STATUS}" == "${dst_status}") ]] + then + if [[ "${FORMAT}" == "html" ]] + then + echo -n " " + + case "${dst_status}" + in + "0") + echo -n "" + ;; + + "1") + echo -n "" + ;; + + "2") + echo -n "" + ;; + + *) + echo -n "" + ;; + esac + + echo "" + else + echo "${dst_id};${dst_name};${NETWORK_DST_TYPE[${dst_type}]};${dst_device};${dst_status};${dst_ip};${dst_host_name};${dst_config};${dst_table};${dst_bytes_received};${dst_bytes_sent};${dst_uptime}" + fi + fi + done + + if [[ "${FORMAT}" == "html" ]] + then + echo "
#NameTypeDeviceStatusIPHost NameConfigTableBytes InBytes OutUpTime
${dst_id}${dst_name}${NETWORK_DST_TYPE[${dst_type}]}${dst_device}\"Down\"\"Up\"\"Unready\"\"Unknown\"${dst_ip:--}${dst_host_name:--}${dst_config:--}${dst_table}${dst_bytes_received:--}${dst_bytes_sent:--}${dst_uptime:--}
" + echo "

" + echo "
" + echo "

" + echo "" + else + echo "" + fi +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Source Routing Board Line +#----------------------------------------------------------------------------------------------------------------------------------- + +vab_source_routing_board_line() +{ + local src_id="$1" + local class + local dst_id + + network_src_tab_get "${src_id}" + + if [[ ( "${USER}" == "" ) || ( "${USER}" == "owner") || ( "${USER}" == "${src_owner}") ]] + then + if [[ ( "${ADMIN}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]] + then + class="default" + else + if [[ "${USER}" == "owner" ]] + then + class="skip" + else + class="dark" + fi + fi + else + class="skip" + fi + + if [[ ( "${STATUS}" != "" ) && ( "${STATUS}" != "${src_status}") ]] + then + class="skip" + fi + + if [[ "${class}" != "skip" ]] + then + if [[ "${FORMAT}" == "html" ]] + then + echo -n " ${src_id}" + echo -n "${NETWORK_SRC_TYPE[${src_type}]}${src_ip}${src_host_name:--}" + echo -n "${src_device:--}" + + case "${src_status}" + in + "0") + echo -n "\"Down\"" + ;; + + "1") + echo -n "\"Up\"" + ;; + + "2") + echo -n "-" + ;; + esac + else + echo -n "${src_id};${NETWORK_SRC_TYPE[${src_type}]};${src_ip};${src_host_name};${src_device};${src_status};" + fi + + for dst_id in ${NETWORK_DST_ID_LIST} + do + network_dst_tab_get "${dst_id}" + + if [[ ( "${ADMIN}" == "true") || ( "${dst_type}" != "1") ]] + then + if [[ "${FORMAT}" == "html" ]] + then + echo -n "
" + + if [[ "${dst_table}" == "${src_table}" ]] + then + echo -n "\"Up\" " + else + echo -n "\"Down\"" + + if [[ ( "${ADMIN}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]] + then + echo -n "\"Activate\"" + else + echo -n " " + fi + fi + + echo -n "
" + else + if [[ "${dst_table}" == "${src_table}" ]] + then + echo -n "1;" + else + echo -n "0;" + fi + fi + fi + done + + if [[ "${FORMAT}" == "html" ]] + then + if [[ "${src_port_range}" != "0" ]] + then + echo -n "${src_port_range}${src_port_start:--}${src_port_end:--}" + else + echo -n "${src_port_range}--" + fi + + echo "${src_owner}${src_bytes_received:--}${src_bytes_sent:--}${src_uptime:--}${src_last_seen:--}" + else + echo "${src_port_range};${src_port_start};${src_port_end};${src_owner};${src_bytes_received};${src_bytes_sent};${src_uptime};${src_last_seen}" + fi + fi +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Source Routing Board +#----------------------------------------------------------------------------------------------------------------------------------- + +vab_source_routing_board() +{ + local src_id + local dst_id + + if [[ "${FORMAT}" == "html" ]] + then + echo "

" + echo "
" + echo "

" + echo "" + echo "

Source Routing Board

" + echo "" + echo " " + echo -n " " + else + echo "TABLE: Source_Routing_Board" + echo -n "#;Type;IP;Host Name;Status;Device;" + fi + + for dst_id in ${NETWORK_DST_ID_LIST} + do + network_dst_tab_get "${dst_id}" + + if [[ ( "${ADMIN}" == "true") || ( "${dst_type}" != "1") ]] + then + if [[ "${FORMAT}" == "html" ]] + then + echo -n "" + else + echo -n "${dst_name};" + fi + fi + done + + if [[ "${FORMAT}" == "html" ]] + then + echo "" + else + echo "Port Range;From Port;To Port;Owner;Bytes In;Bytes Out;UpTime;Last Seen" + fi + + for src_id in ${NETWORK_SRC_ID_LIST} + do + vab_source_routing_board_line "${src_id}" + done + + if [[ "${FORMAT}" == "html" ]] + then + echo "
#TypeIPHost NameDeviceStatus${dst_name}Port RangeFrom PortTo PortOwnerBytes InBytes OutUpTimeLast Seen
" + echo "

" + echo "
" + echo "

" + else + echo "" + fi +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# VPN OpenVPN Board +#----------------------------------------------------------------------------------------------------------------------------------- + +vab_vpn_openvpn_board() +{ + local src_id + local class + local idx=0 + + if [[ "${FORMAT}" == "html" ]] + then + echo "

" + echo "
" + echo "

" + echo "" + echo "

OpenVPN Board

" + echo "" + echo " " + echo " " + else + echo "TABLE: OpenVPN_Board" + echo "#;IP;Host Name;Certificate" + fi + + for src_id in ${NETWORK_SRC_ID_LIST} + do + network_src_tab_get "${src_id}" + + if [[ "${src_type}" == "2" ]] + then + if [[ ( "${USER}" == "" ) || ( "${USER}" == "owner") || ( "${USER}" == "${src_owner}") ]] + then + if [[ ( "${ADMIN}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]] + then + class="default" + else + if [[ "${USER}" == "owner" ]] + then + class="skip" + else + class="dark" + fi + fi + else + class="skip" + fi + + if [[ ( "${STATUS}" != "" ) && ( "${STATUS}" != "${src_status}") ]] + then + class="skip" + fi + + if [[ "${class}" != "skip" ]] + then + if [[ "${FORMAT}" == "html" ]] + then + echo -n " " + echo -n "" + + if [[ ( "${ADMIN}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]] + then + echo -n "" + else + echo -n "" + fi + + echo -n "" + + if [[ ( "${ADMIN}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]] + then + echo -n "" + else + echo -n "" + fi + + echo -n "" + + if [[ ( "${ADMIN}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]] + then + echo -n "" + + if [[ -f "/etc/openvpn/tls/certs/${src_host_name}.crt" ]] + then + echo -n "" + echo -n "" + echo "" + else + echo -n "" + echo -n "" + echo "" + fi + else + echo -n "" + + if [[ -f "/etc/openvpn/tls/certs/${src_host_name}.crt" ]] + then + echo -n "" + echo -n "" + echo "" + else + echo -n "" + echo -n "" + echo "" + fi + fi + else + echo -n "${idx};${src_ip};${src_host_name}" + + if [[ -f "/etc/openvpn/tls/certs/${src_host_name}.crt" ]] + then + echo ";1" + else + echo ";0" + fi + fi + + idx=$(( idx + 1 )) + fi + fi + done + + if [[ "${FORMAT}" == "html" ]] + then + echo "
#IPHost NameConfigurationCertificates
Default Route VPNNo Default Route VPNCA Certificate (.crt)TC Certificate (.key)Private Key (.key)Cerificate Signing Request (.csr)Public Certificate (.crt)
External CrtInline CrtExternal CrtInline Crt
${idx}${src_ip}${src_host_name}\"Configuration\"Configuration\"Configuration\"Configuration\"Configuration\"Configuration\"CA\"TC\"Private\"Certificate\"Public
\"Private\"Certificate\"Public
\"TC\"Private\"Certificate\"Public
\"Private\"Certificate\"Public
" + echo "

" + echo "
" + echo "

" + fi +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Main Board Print +#----------------------------------------------------------------------------------------------------------------------------------- + +vab_main_board_print() +{ + if [[ "${FORMAT}" == "html" ]] + then + echo "" + + if [[ "${ADMIN}" == "true" ]] + then + ADMIN_MODE=" - Admin Mode" + else + ADMIN_MODE="" + fi + + case "${USER}" + in + "") + USER_MODE="All" + ;; + + "owner") + USER_MODE="My" + ;; + + *) + USER_MODE="${USER}" + ;; + esac + + case "${STATUS}" + in + "") + STATUS_MODE="All" + ;; + + "0") + STATUS_MODE="Down" + ;; + + "1") + STATUS_MODE="Up" + ;; + + "2") + STATUS_MODE="Not Connected" + ;; + + *) + STATUS_MODE="Unknown" + ;; + esac + + echo "

VPN Admin Board: ${USER_MODE} VPN - ${STATUS_MODE} Status${ADMIN_MODE}

" + + echo "

" + echo "
" + echo "" + echo " Date: $(/bin/date)
" + echo "

" + echo "
" + echo "" + fi + + vab_destination_status_board + vab_source_routing_board + vab_vpn_openvpn_board + + if [[ "${FORMAT}" == "html" ]] + then + local time_out + local elaps + local elaps_sec + local elaps_mili + + echo "

" + echo "
" + echo "
" + echo -n " " + + if [[ " ${ADMIN_USER_LIST} " == *" ${REMOTE_USER} "* ]] + then + if [[ "${ADMIN}" == "true" ]] + then + echo -n "Non Admin Mode" + else + echo -n "Admin Mode" + fi + + echo -n "   " + fi + + if [[ "${USER}" != "" ]] + then + echo -n "All VPN" + echo -n "   " + fi + + if [[ "${STATUS}" != "" ]] + then + echo -n "All Status" + fi + + echo "" + echo "

" + + time_out=$(date +%s%N) + elaps=$(( TIME_IN - time_out )) + elaps_sec=$(( elaps / 1000000000 )) + elaps_mili=$(( ( elaps / 1000000) - ( elaps_sec * 1000) )) + + echo "

" + echo "
" + echo "
" + printf " Page generated in %d.%03d seconds\n" "${elaps_sec}" "${elaps_mili}" + echo "

" + echo "" + echo "
" + echo "" + echo "

" + echo " Rx3 Admin" + echo "

" + echo "" + echo "
" + echo "" + echo "

" + echo " \"Best" + echo " \"Valid" + echo " \"Valid" + echo "

" + fi +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Query String Parse +#----------------------------------------------------------------------------------------------------------------------------------- + +vab_query_string_parse() +{ + local var + local arg + local i + + CMD="" + FORMAT="" + USER="" + STATUS="" + IP="" + VPN="" + TYPE="" + REDIRECT="" + CMD_STATUS="" + ADMIN="" + FILTER="" + DEFROUTE="" + FILENAME="" + + if [[ "${QUERY_STRING}" != "" ]] + then + local OIFS="${IFS}" + IFS="&" + set ${QUERY_STRING} + IFS="${OIFS}" + + i=$# + + while [[ "${i}" != "0" ]] + do + var="${1/=*/}" + arg="${1/*=/}" + + case "${var}" + in + "cmd") + CMD="${arg}" + ;; + + "format") + FORMAT="${arg}" + ;; + + "admin") + ADMIN="${arg}" + ;; + + "filter") + FILTER="${arg}" + ;; + + "user") + USER="${arg}" + ;; + + "status") + STATUS="${arg}" + ;; + + "ip") + IP="${arg}" + ;; + + "vpn") + VPN="${arg}" + ;; + + "type") + TYPE="${arg}" + ;; + + "filename") + FILENAME="${arg}" + ;; + + "defroute") + DEFROUTE="${arg}" + ;; + esac + + shift + i=$(( i - 1 )) + done + fi + + if [[ "${FORMAT}" == "" ]] + then + FORMAT="html" + fi +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Command Handler +#----------------------------------------------------------------------------------------------------------------------------------- + +vab_command_handler() +{ + if [[ ( "${ADMIN}" == "true") && ( " ${ADMIN_USER_LIST} " != *" ${REMOTE_USER} "*) ]] + then + CMD_STATUS="${CMD}: Admin NOT_AUTHORIZED" + REDIRECT="?user=${USER}&up=${up}" + + vab_header_print + vab_footer_print + else + case "${CMD}" + in + "") + vab_header_print + vab_main_board_print + vab_footer_print + ;; + + "route_set") + network_src_tab_ip_lookup "${IP}" + network_src_tab_get "${src_id}" + network_dst_tab_get "${VPN}" + + if [[ ( "${ADMIN}" == "true") || ( ( "${REMOTE_USER}" == "${src_owner}") && ( "${dst_type}" != "1")) ]] + then + sudo rx3_net_adm table_set "${IP}" "${dst_table}" 1>&2 + + if [[ "$?" == "0" ]] + then + CMD_STATUS="route_set: OK" + else + CMD_STATUS="route_set: KO" + fi + else + CMD_STATUS="route_set: NOT_AUTHORIZED [${REMOTE_USER}]/[${src_owner}]/[${dst_type}]" + fi + + REDIRECT="?admin=${ADMIN}&filter=${FILTER}" + + vab_header_print + vab_footer_print + ;; + + "cert_download") + network_src_tab_ip_lookup "${IP}" + network_src_tab_get "${src_id}" + + if [[ ( "${ADMIN}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") || ( "${TYPE}" == "ca") || ( "${TYPE}" == "crt") ]] + then + CMD_STATUS="cert_download: OK" + FORMAT="txt" + + case "${TYPE}" + in + "ca") + FILE_NAME="ca.crt" + HOST_NAME="" + ;; + + "tc") + FILE_NAME="tc.key" + HOST_NAME="" + ;; + + *) + HOST_NAME="$( host "${IP}" | sed -e 's/.*domain name pointer //' -e 's/.$//')" + FILE_NAME="${HOST_NAME}.${TYPE}" + ;; + esac + + vab_header_print + sudo cert_dump "${TYPE}" "${HOST_NAME}" + else + CMD_STATUS="cert_download: NOT_AUTHORIZED" + REDIRECT="?admin=${ADMIN}&filter=${FILTER}" + FORMAT="html" + + vab_header_print + vab_footer_print + fi + ;; + + "config_download") + network_src_tab_ip_lookup "${IP}" + network_src_tab_get "${src_id}" + + if [[ ( "${ADMIN}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") || ( "${TYPE}" == "ext") ]] + then + local defroute_pipe + local template_name + local route_type + + CMD_STATUS="config_download: OK" + + HOST_NAME="$( host "${IP}" | sed -e 's/.*domain name pointer //' -e 's/.$//')" + template_name="rx3-client.ovpn" + + if [[ "${DEFROUTE}" == "false" ]] + then + defroute_pipe="sed s/#pull-filter/pull-filter/" + route_type="nodefroute" + else + defroute_pipe="cat" + route_type="defroute" + fi + + FORMAT="txt" + + if [[ "${TYPE}" == "ext" ]] + then + FILE_NAME="${HOST_NAME}-${route_type}-external.ovpn" + + vab_header_print + + sed \"; sudo cert_dump ca; echo \"<\/ca>\")/" \ + -e "s/cert tls\/certs\/CLIENT_FQDN.crt/\$(echo \"\"; sudo cert_dump crt CLIENT_FQDN; echo \"<\/cert>\")/" \ + -e "s/key tls\/private\/CLIENT_FQDN.key/\$(echo \"\"; sudo cert_dump key CLIENT_FQDN; echo \"<\/key>\")/" \ + -e "s/tls-crypt tls\/private\/tc.key/\$(echo \"\"; sudo cert_dump tc; echo \"<\/tls-crypt>\")/" \ + -e "s/CLIENT_FQDN/${HOST_NAME}/g")\"" | ${defroute_pipe} + fi + else + CMD_STATUS="config_download: NOT_AUTHORIZED" + REDIRECT="?admin=${ADMIN}&filter=${FILTER}" + FORMAT="html" + + vab_header_print + vab_footer_print + fi + ;; + + *) + CMD_STATUS="${CMD}: UNKNOWN_CMD" + + vab_header_print + vab_footer_print + ;; + esac + fi +} + + + + + +#----------------------------------------------------------------------------------------------------------------------------------- +# Main +#----------------------------------------------------------------------------------------------------------------------------------- + +vab_query_string_parse + +network_init + +vab_command_handler + +network_deinit