public void RevokeUser()
{
// we should only revoke if we have records indicating the user has an account on this server.
using (var db = InitializeSettings.DbFactory)
{
var certData = db.Query <Majorsilence.Vpn.Poco.UserPptpInfo>("SELECT * FROM UserPptpInfo wHERE UserId=@UserId",
new { UserId = userData.Id });
if (certData.Count() == 0)
{
return;
}
}
// remove user from pptp server config
sshRevokeServer.Login(vpnData.Address);
sshRevokeServer.WriteLine("sudo su");
RevokeUserImplementation(sshRevokeServer);
sshRevokeServer.WriteLine("exit");
// give server a chance to finish
System.Threading.Thread.Sleep(2000);
var output = sshRevokeServer.Read();
// TODO: Update UserPptpInfo table
}
public void AddUser()
{
RevokeUser();
if (IsActiveAccount() == false)
{
throw new Exceptions.AccountNotActiveException("Do generate a new pptp or ipsec user you first activate your account by making a payment.");
}
// Configure DNS servers to use when clients connect to this PPTP server
sshNewServer.Login(vpnData.Address);
sshNewServer.WriteLine("sudo su");
AddUserImplementation(sshNewServer);
sshNewServer.WriteLine("exit");
// give server a chance to finish
System.Threading.Thread.Sleep(2000);
var output = sshNewServer.Read();
SaveUserInfo();
}
/// <summary>
/// Revoke a users vpn certificate. This is generally used when they close their account
/// or stop making payments.
/// </summary>
/// <param name="certName"></param>
private void RevokeUserCert(string host, string certName)
{
// Run Command on ssh server
sshClient.Login(host);
sshClient.WriteLine("sudo su");
sshClient.WriteLine("cd /etc/openvpn/easy-rsa/");
sshClient.WriteLine("source vars");
sshClient.WriteLine(string.Format("./revoke-full {0}", certName));
int count = 0;
string output = "";
while (output.ToLower().Contains("error 23 at 0 depth lookup:certificate revoked") == false)
{
if (count > 20)
{
throw new Exceptions.SshException("Error revoking client cert on vpn server");
}
if (output.ToLower().Contains("no such file or directory"))
{
throw new Exceptions.SshException("Error revoking client cert on vpn server");
}
if (output.ToLower().Contains("already revoked"))
{
return;
}
output += sshClient.Read();
System.Threading.Thread.Sleep(1000);
count++;
}
sshClient.WriteLine("exit");
}
private void CreateAccount(string certName, string crt_str_orig, string key_str_orig, string csr_str_orig,
string crt_str_moved, string key_str_moved, string csr_str_moved)
{
sshClientNewServer.Login(vpnData.Address);
sshClientNewServer.WriteLine("sudo su");
sshClientNewServer.WriteLine("cd /etc/openvpn/easy-rsa/");
sshClientNewServer.WriteLine("source vars");
sshClientNewServer.WriteLine(string.Format("KEY_CN=client-{0} ./pkitool {0}", certName));
int count = 0;
string output = "";
while (output.ToLower().Contains("certificate is to be certified until") == false)
{
if (count > 20)
{
throw new Majorsilence.Vpn.Logic.Exceptions.SshException("Error creating client cert on vpn server");
}
output += sshClientNewServer.Read();
System.Console.WriteLine("ssh output: " + output);
System.Threading.Thread.Sleep(1000);
count++;
}
if (output.ToLower().Contains("txt_db error number 2"))
{
// see http://blog.kenyap.com.au/2012/07/txtdb-error-number-2-when-generating.html
throw new Majorsilence.Vpn.Logic.Exceptions.SshException("TXT_DB error number 2");
}
sshClientNewServer.WriteLine(string.Format("cp {0} /etc/openvpn/downloadclientcerts/", crt_str_orig));
sshClientNewServer.WriteLine(string.Format("cp {0} /etc/openvpn/downloadclientcerts/", key_str_orig));
sshClientNewServer.WriteLine(string.Format("cp {0} /etc/openvpn/downloadclientcerts/", csr_str_orig));
sshClientNewServer.WriteLine(string.Format("chmod 644 {0}", crt_str_moved));
sshClientNewServer.WriteLine(string.Format("chmod 644 {0}", key_str_moved));
sshClientNewServer.WriteLine(string.Format("chmod 644 {0}", csr_str_moved));
sshClientNewServer.WriteLine("exit");
// give server a chance to move files
System.Threading.Thread.Sleep(2000);
}