#!/bin/bash time_in=$(date +%s%N) . /usr/local/lib/network.bash #-------------------------------------------------------------------------------------------------------------------------- # Header Print #-------------------------------------------------------------------------------------------------------------------------- Header_Print () { case "${format}" in "html") echo "Content-type: text/html" echo "" echo "" echo "" echo " " echo " " echo " " echo " " echo " " echo " " if [[ "${cmd_status}" == "" ]] then echo " Rx3 VPN Admin Board" else echo " Rx3 VPN Admin Board: ${cmd_status}" fi if [[ "${redirect}" != "" ]] then echo " " fi echo " " echo " " ;; "csv") echo "Content-type: text/csv" echo "" echo "SOF" if [[ "${redirect}" != "" ]] then echo "CMD: ${cmd_status}" fi ;; "txt") echo "Content-disposition: attachment; filename=${file_name}" echo "Content-type: text/plain" echo "" ;; esac } #-------------------------------------------------------------------------------------------------------------------------- # Tailer #-------------------------------------------------------------------------------------------------------------------------- Footer_Print () { case "${format}" in "html") echo " " echo "" echo "" ;; "csv") echo "" echo "EOF" ;; esac } #-------------------------------------------------------------------------------------------------------------------------- # Destination Status Board #-------------------------------------------------------------------------------------------------------------------------- Destination_Status_Board () { if [[ "${format}" == "html" ]] then echo "

" echo "
" echo "

" echo "" echo "

Destination Status Board

" echo "" echo " " echo " " else echo "TABLE: Destination_Status_Board" echo "#;Name;Type;Device;Address;Config;Table;Status;Bytes In;Bytes Out;UpTime" fi for dst_id in ${NETWORK_DST_ID_LIST} do network_dst_tab_get ${dst_id} if [[ ${dst_status} == 0 ]] then dst_ip="-" fi if [[ "${format}" == "html" ]] then echo -n "" else echo -n " $\"Down\"$ " fi echo "" else echo "${dst_id};${dst_name};${NETWORK_DST_TYPE[${dst_type}]};${dst_device};${dst_ip};${dst_config};${dst_table};${dst_status};${dst_bytes_received};${dst_bytes_sent};${dst_uptime}" fi done if [[ "${format}" == "html" ]] then echo "

#	Name	Type	Device	Address	Config	Table	Status	Bytes In	Bytes Out	UpTime
${dst_id}	${dst_name}	${NETWORK_DST_TYPE[${dst_type}]}	${dst_device}	${dst_ip}	${dst_config}	${dst_table}	" if [[ "${dst_status}" == 1 ]] then echo -n " $\"Up\"$	${dst_bytes_received:--}	${dst_bytes_sent:--}	${dst_uptime:--}

" echo "

" echo "
" echo "

" echo "" else echo "" fi } #-------------------------------------------------------------------------------------------------------------------------- # Source Routing Board Line #-------------------------------------------------------------------------------------------------------------------------- Source_Routing_Board_Line() { src_id=$1 network_src_tab_get ${src_id} if [[ ( "${filter}" == "") || ( "${filter}" == "owner") || ( "${filter}" == "${src_owner}") ]] then if [[ ( "${admin}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]] then class="default" else if [[ "${filter}" == "owner" ]] then class="skip" else class="dark" fi fi else # filter == user not owner of this line class="skip" fi if [[ "${class}" != "skip" ]] then host_name=${src_name} if [[ "${format}" == "html" ]] then echo -n "${src_id}" echo -n "${NETWORK_SRC_TYPE[${src_type}]}${src_ip}${host_name}" echo -n "${src_device:--}" case "${src_status}" in "0") echo -n " $\"Down\"$ " ;; "1") echo -n " $\"Up\"$ " ;; "2") echo -n "-" ;; esac else echo -n "${src_id};${NETWORK_SRC_TYPE[${src_type}]};${src_ip};${host_name};${src_device};${status};" fi for dst_id in ${NETWORK_DST_ID_LIST} do network_dst_tab_get ${dst_id} if [[ "${format}" == "html" ]] then echo -n "

" if [[ "${dst_table}" == "${src_table}" ]] then echo -n " $\"Up\"$

" else echo -n " $\"Down\"$

" if [[ ( ${admin} == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]] then echo -n " $\"Activate\"$ " else echo -n " " fi fi echo -n "

" else if [[ "${dst_table}" == "${src_table}" ]] then echo -n "1;" else echo -n "0;" fi fi done if [[ "${format}" == "html" ]] then if [[ "${port_range}" != "0" ]] then echo -n "${src_port_range}${src_port_start:--}${src_port_end:--}" else echo -n "${src_port_range}--" fi echo "${src_owner}${src_bytes_received:--}${src_bytes_sent:--}${src_uptime:--}${src_last_seen:--}" else echo "${src_port_range};${src_port_start};${src_port_end};${src_owner};${src_bytes_received};${src_bytes_sent};${src_uptime};${src_last_seen}" fi fi } #-------------------------------------------------------------------------------------------------------------------------- # Source Routing Board #-------------------------------------------------------------------------------------------------------------------------- Source_Routing_Board() { if [[ "${format}" == "html" ]] then echo "

" echo "
" echo "

" echo "" echo "

Source Routing Board

" echo "" echo " " echo -n " " else echo "TABLE: Source_Routing_Board" echo -n "#;Type;IP;Host Name;Status;Device;" fi for dst_id in ${NETWORK_DST_ID_LIST} do network_dst_tab_get ${dst_id} if [[ "${format}" == "html" ]] then echo -n "" else echo -n "${dst_name};" fi done if [[ "${format}" == "html" ]] then echo "" else echo "Port Range;From Port;To Port;Owner;Bytes In;Bytes Out;UpTime;Last Seen" fi for src_id in ${NETWORK_SRC_ID_LIST} do Source_Routing_Board_Line ${src_id} done if [[ "${format}" == "html" ]] then echo "

" echo "

" echo "
" echo "

" else echo "" fi } #-------------------------------------------------------------------------------------------------------------------------- # OpenVPN Board #-------------------------------------------------------------------------------------------------------------------------- VPN_OpenVPN_Board() { if [[ "${format}" == "html" ]] then echo "

" echo "
" echo "

" echo "" echo "

OpenVPN Board

" echo "" echo " " echo -n " " else echo "TABLE: OpenVPN_Board" echo "#;IP;Host Name;Certificate" fi for src_id in ${NETWORK_SRC_ID_LIST} do network_src_tab_get ${src_id} if [[ "${src_type}" == 1 ]] then if [[ ( "${filter}" == "") ||( "${filter}" == "owner") || ( "${filter}" == "${src_owner}") ]] then if [[ ( "${admin}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]] then class="default" else if [[ "${filter}" == "owner" ]] then class="skip" else class="dark" fi fi else # filter == user not owner of this line class="skip" fi if [[ "${class}" != "skip" ]] then if [[ "${format}" == "html" ]] then echo -n "" echo -n "" if [[ ( "${admin}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]] then echo -n "" else echo -n "" fi echo -n "" if [[ ( "${admin}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]] then echo -n "" else echo -n "" fi else echo -n "${src_id};${src_ip};${src_name}" fi if [[ "${format}" == "html" ]] then echo -n "" if [[ ( "${admin}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]] then echo -n "" if [[ -f /etc/openvpn/tls/certs/${src_name}.crt ]] then echo -n "" echo -n "" echo -n "" else echo -n "" echo -n "" echo -n "" fi else echo -n "" if [[ -f /etc/openvpn/tls/certs/${src_name}.crt ]] then echo -n "" echo -n "" echo -n "" else echo -n "" echo -n "" echo -n "" fi fi else if [[ -f /etc/openvpn/tls/certs/${src_name}.crt ]] then echo ";1" else echo ";0" fi fi fi fi done if [[ "${format}" == "html" ]] then echo "

${src_ip}

${src_name}

$\"Configuration$

$\"CA$

$\"TC$

$\"Private$

$\"Certificat$

$\"Public$

$\"Private$

$\"Certificat$

$\"Public$

$\"TC$

$\"Private$

$\"Certificat$

$\"Public$

$\"Private$

$\"Certificat$

$\"Public$

" echo "

" echo "
" echo "

" fi } #-------------------------------------------------------------------------------------------------------------------------- # Main Board Print #-------------------------------------------------------------------------------------------------------------------------- Main_Board_Print () { if [[ "${format}" == "html" ]] then echo "" if [[ "${admin}" == "true" ]] then admin_mode=" - Admin Mode" else admin_mode="" fi case "${filter}" in "owner") filter_mode="My VPN" ;; "") filter_mode="All VPN" ;; *) filter_mode="${filter} VPN" ;; esac echo "

VPN Admin Board: ${filter_mode}${admin_mode}

" echo "

" echo "
" echo "" echo " Date: $(/bin/date)
" echo "

" echo "

" echo "" fi Destination_Status_Board Source_Routing_Board VPN_OpenVPN_Board if [[ "${format}" == "html" ]] then echo "

" echo "
" echo "
" echo -n " " if [[ " ${ADMIN_USER_LIST} " == *" ${REMOTE_USER} "* ]] then if [[ "${admin}" == "true" ]] then echo -n "Non Admin Mode" else echo -n "Admin Mode" fi echo -n " " fi if [[ "${filter}" != "" ]] then echo -n "All VPN" fi echo "" echo "

" time_out=$(date +%s%N) elaps=$((${time_out} - ${time_in})) elaps_sec=$((${elaps} / 1000000000)) elaps_mili=$(( ( ${elaps} / 1000000) - ( ${elaps_sec} * 1000))) echo "

" echo "
" echo "
" printf "Page generated in %d.%03d seconds" ${elaps_sec} ${elaps_mili} echo "

" echo "" echo "

" echo " Rx3 Admin" echo "

" echo "" echo "

" echo " $\"Best$ " echo " $\"Valid$ " echo " $\"Valid$ " echo "

" fi } #-------------------------------------------------------------------------------------------------------------------------- # Main #-------------------------------------------------------------------------------------------------------------------------- #-------------------------------------------------------------------------------------------------------------------------- # Args #-------------------------------------------------------------------------------------------------------------------------- cmd="" format="" filter="" ip="" vpn="" type="" redirect="" cmd_status="" admin="" if [[ "${QUERY_STRING}" != "" ]] then OIFS=${IFS} IFS="\&" set ${QUERY_STRING} IFS=${OIFS} i=$# while [[ "${i}" != 0 ]] do var=${1/=*/} arg=${1/*=/} case "${var}" in "cmd") cmd=${arg} ;; "format") format=${arg} ;; "admin") admin=${arg} ;; "filter") filter=${arg} ;; "ip") ip=${arg} ;; "vpn") vpn=${arg} ;; "type") type=${arg} ;; "filename") filename=${arg} ;; "defroute") defroute=${arg} ;; esac shift i=$((i - 1)) done fi if [[ "${format}" == "" ]] then format="html" fi #-------------------------------------------------------------------------------------------------------------------------- # Command Handler #-------------------------------------------------------------------------------------------------------------------------- network_tab_load #network_tab_dump if [[ ( ${admin} == "true") && ( " ${ADMIN_USER_LIST} " != *" ${REMOTE_USER} "*) ]] then cmd_status="${cmd}: Admin NOT_AUTHORIZED" redirect="?filter=${filter}" Header_Print Footer_Print else case "${cmd}" in "") Header_Print Main_Board_Print Footer_Print ;; "route_set") network_src_tab_ip_lookup "${ip}" network_src_tab_get "${src_id}" if [[ ( ${admin} == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]] then sudo /usr/local/sbin/rx3_net_adm table_set ${ip} $((${vpn} + 3)) 1>&2 if [[ "$?" == 0 ]] then cmd_status="route_set: OK" else cmd_status="route_set: KO" fi else cmd_status="route_set: NOT_AUTHORIZED [${REMOTE_USER}]/[${src_owner}]" fi redirect="?admin=${admin}&filter=${filter}" Header_Print Footer_Print ;; "cert_download") network_src_tab_ip_lookup "${ip}" network_src_tab_get "${src_id}" if [[ ( ${admin} == "true") || ( "${REMOTE_USER}" == "${src_owner}") || ( "${type}" == "ca") || ( "${type}" == "crt") ]] then cmd_status="cert_download: OK" format="txt" case "${type}" in "ca") file_name="ca.crt" host_name="" ;; "tc") file_name="tc.key" host_name="" ;; *) host_name=$(host ${ip} | sed -e 's/.*domain name pointer //' -e 's/.$//') file_name="${host_name}.${type}" ;; esac Header_Print sudo /usr/local/sbin/cert_dump ${type} ${host_name} else cmd_status="cert_download: NOT_AUTHORIZED" redirect="?admin=${admin}&filter=${filter}" format="html" Header_Print Footer_Print fi ;; "config_download") network_src_tab_ip_lookup "${ip}" network_src_tab_get "${src_id}" if [[ ( ${admin} == "true") || ( "${REMOTE_USER}" == "${src_owner}") || ( "${type}" == "ext") ]] then cmd_status="config_download: OK" host_name=$(host ${ip} | sed -e 's/.*domain name pointer //' -e 's/.$//') template_name="rx3-client.ovpn" if [[ "${defroute}" == "false" ]] then defroute_pipe="sed s/#pull-filter/pull-filter/" route_type="nodefroute" else defroute_pipe="cat" route_type="defroute" fi format="txt" if [[ "${type}" == "ext" ]] then file_name="${host_name}-${route_type}-external.ovpn" Header_Print sed \"; sudo \/usr\/local\/sbin\/cert_dump ca; echo \"<\/ca>\")/" -e "s/cert tls\/certs\/CLIENT_FQDN.crt/\$(echo \"\"; sudo \/usr\/local\/sbin\/cert_dump crt CLIENT_FQDN; echo \"<\/cert>\")/" -e "s/key tls\/private\/CLIENT_FQDN.key/\$(echo \"\"; sudo \/usr\/local\/sbin\/cert_dump key CLIENT_FQDN; echo \"<\/key>\")/" -e "s/tls-crypt tls\/private\/tc.key/\$(echo \"\"; sudo \/usr\/local\/sbin\/cert_dump tc; echo \"<\/tls-crypt>\")/" -e "s/CLIENT_FQDN/${host_name}/g")\"" | ${defroute_pipe} fi else cmd_status="config_download: NOT_AUTHORIZED" redirect="?admin=${admin}&filter=${filter}" format="html" Header_Print Footer_Print fi ;; *) cmd_status="${cmd}: UNKNOWN_CMD" Header_Print Footer_Print ;; esac fi