Checking potential duplicate entries.

wireguardCreate.py

@@ -1,13 +1,18 @@
 #!/usr/bin/env python3
 
 import os
-import sys
 import smtplib
 import subprocess
-import textwrap
+import sys
 import tempfile
-from email.mime.multipart import MIMEMultipart
-from email.mime.text      import MIMEText
+import textwrap
+from email.mime.multipart   import MIMEMultipart
+from email.mime.application import MIMEApplication 
+from email.mime.text        import MIMEText
+
+def _run_cmd(cmd):
+    print("$ %s" % (cmd))
+    subprocess.run(cmd, shell=True, check=True)
 
 def check_env (member_id):
     """ 
@@ -40,15 +45,24 @@ def gen_wg_keys (temp_dir):
     pubkey_path = os.path.join(temp_dir, "pub.key")
     privkey_path = os.path.join(temp_dir, "priv.key")
     psk_path = os.path.join(temp_dir, "psk.key")
-    subprocess.run(\
-        "wg genkey | tee %s | wg pubkey > %s" % (privkey_path, pubkey_path),\
-        shell=True, check=True)
-    subprocess.run("wg genpsk > %s" % (psk_path), shell=True, check=True)
+    _run_cmd("wg genkey | tee %s | wg pubkey > %s" % (privkey_path, pubkey_path))
+    _run_cmd("wg genpsk > %s" % (psk_path))
     return (privkey_path, pubkey_path, psk_path)
 
+def is_duplicate_entry_wg_conf (member_id, config_file):
+    """
+    Look for a potential wireguard duplicate entry.
+
+    Note: wg config format is not really a init file because of the multiple
+    init entries. Hence, we cannot use a proper parser to to the check. We'll
+    only try to pattern match the ip addr.
+    """
+    with open(config_file, "r") as wg_conf_file:
+        return "10.0.0.{}".format(member_id) in wg_conf_file.read()
+
 def update_wg_config (member_id, config_file, pubkey_path, psk_path):
     """
-    Generate the wireguard configuration for this new member.
+    Generate the wireguard peer entry for this new member.
     """
     wg_new_peer    = '''
     [Peer]
@@ -56,10 +70,10 @@ def update_wg_config (member_id, config_file, pubkey_path, psk_path):
     PresharedKey = %PSK%
     AllowedIPs = 10.0.0.{1}/24, fd00::{1}/64
     '''.format(member_id)
-    with open(config_file, "a") as wg_file:
-        wg_file.write(wg_config)
-    subprocess.run('sed -i "s/%PUBKEY%/$(cat %s)/" "%s"' % (pubkey_path, config_file), shell=True, check=True)
-    subprocess.run('sed -i "s/%PSK%/$(cat %s)/" "%s"' % (psk_path, config_file), shell=True, check=True)
+    with open(config_file, "a") as wg_conf_file:
+        wg_conf_file.write(wg_config)
+    _run_cmd('sed -i "s/%PUBKEY%/$(cat %s)/" "%s"' % (pubkey_path, config_file))
+    _run_cmd('sed -i "s/%PSK%/$(cat %s)/" "%s"' % (psk_path, config_file))
 
 class Email:
     """
@@ -136,32 +150,49 @@ if __name__ == '__main__':
         sys.exit(1)
     print("[+] Génération des clés wireguard")
     with tempfile.TemporaryDirectory() as temp_dir:
-        (privkey_path, pubkey_path, psk_path) = gen_wg_keys(temp_dir)
         print("[+] Modification de la configuration wireguard")
         try:
-            update_wg_config(member_id, config_file, pubkey_path, psk_path)
+            (privkey_path, pubkey_path, psk_path) = gen_wg_keys(temp_dir)
+            if not is_duplicate_entry_wg_conf(member_id, config_file):
+                update_wg_config(member_id, config_file, pubkey_path, psk_path)
+            else:
+                print("Le membre {} semble déja avoir un compte VPN.".format(member_id))
+                print("Veuillez contacter la liste de diffusion technique\
+                        si son compte necessite une ré-activation.")
+                sys.exit(1)
         except Exception as e:
             print("ERREUR: Problème lors de la génération des clés wireguard.")
             print(e)
             sys.exit(1)
         print("[+] Chargement de la nouvelle interface réseau")
         try:
-            os.system("systemctl restart %s" % (service_name)) 
+            _run_cmd("systemctl restart %s" % (service_name)) 
         except Exception as e:
             print("ERREUR: Problème lors du redémarrage du service.")
+            print(e)
         print("[+] Envoi de la clé privée au nouveau membre")
         try:
-            username = os.environ['SMTP_USERNAME']
-            passwd   = os.environ['SMTP_PASSWD']
-            server   = os.environ['SMTP_SERVER']
-            server   = os.environ['SYSTEMD_SERVICE']
-            server   = os.environ['SYSTEMD_SERVICE']
-            email    = Email(username, passwd, "bureau@baionet.fr", member_email, server)
-            send_email(email, privkey_path)
+            if use_email:
+                username = os.environ['SMTP_USERNAME']
+                passwd   = os.environ['SMTP_PASSWD']
+                server   = os.environ['SMTP_SERVER']
+                server   = os.environ['SYSTEMD_SERVICE']
+                server   = os.environ['SYSTEMD_SERVICE']
+                email    = Email(username, passwd, "bureau@baionet.fr", member_email, server)
+                send_email(email, privkey_path)
+            else:
+                print("Mode utilisateur avancé")
+                print("=======================")
+                print("À vous de vous débrouiller pour donner les clés/config à l'utilisateur")
+                print("Clé privée: %s" % (privkey_path))
+                print("Clé pré-partagée (psk): %s" % (psk_path)) 
+                print("Clé publique (psk): %s" % (pubkey_path)) 
+                input("Appuyez sur entrée pour continuer (les clés privées seront détruites): ")
         except Exception as e:
             print("ERREUR: erreur lors de l'envoi de l'email.")
-            print("Veuillez envoyer tout ce message d'erreur à la liste de diffusion technique")
             print(e)
+            print("Veuillez envoyer tout ce message d'erreur à la liste de diffusion technique")
             sys.exit(1)
-        print("[+] Nettoyage")
-        print("[+] DONE")
+        print("[+] Nettoyage des clés")
+        _run_cmd("shred -u %s %s %s" % (privkey_path, pubkey_path, psk_path))
+        print("[+] COMPTE CRÉE AVEC SUCCÈS")