Utils::configDataToOpenVpn() - Code Metrics - Inspection of "update dependencies" - eduVPN/vpn-server-api - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 36987f...5a4612 )

by François

created 2016-03-14 16:15 UTC

Utils::configDataToOpenVpn() B

↳ Parent: Utils

Complexity

Conditions	6
Paths	7

Size

Total Lines	41
Code Lines	20

Duplication

Lines	0
Ratio	0 %

Importance

Changes	2
Bugs	2	Features	0

Metric	Value
c	2
b	2
f	0
dl	0
loc	41
rs	8.439
cc	6
eloc	20
nc	7
nop	1

<?php
/**
 * Copyright 2015 François Kooman <[email protected]>.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

namespace fkooman\VPN\Server;

use RuntimeException;
use fkooman\VPN\Server\Config\IP;

class Utils
{
    public static function exec($cmd, $throwExceptionOnFailure = true)
    {
        exec($cmd, $output, $returnValue);

        if (0 !== $returnValue) {
            if ($throwExceptionOnFailure) {
                throw new RuntimeException(
                    sprintf('command "%s" did not complete successfully (%d)', $cmd, $returnValue)
                );
            }
        }
    }

    public static function writeTempConfig($tmpConfig, array $configFileData)
    {
        if (false === @file_put_contents($tmpConfig, implode(PHP_EOL, $configFileData))) {
            throw new RuntimeException('unable to write temporary config file');
        }
    }

    public static function normalizeIP($ipAddress)
    {
        return inet_ntop(inet_pton($ipAddress));
    }

    /**
     * Convert IPv4 CIDR address to IPv6 address with prefix containing the
     * IPv4 address with the same prefix.
     *
     * @param string $v6p the IPv6 prefix, e.g.: fd00:4242:4242:1194
     * @param string $v4c the IPv4 CIDR, e.g. 10.42.42.0/24
     *
     * @return string the IPv6 address range containing the IPv4 CIDR, e.g.:
     *                fd00:4242:4242:1194:0:ffff:0a2a:2a00/120
     */
    public static function convert4to6($v6p, $v4c)
    {
        list($net4, $prefix4) = explode('/', $v4c);
        $prefix6 = 128 - (32 - $prefix4);
        $v4e = str_split(bin2hex(inet_pton($net4)), 4);

        return sprintf(
            '%s/%d',
            self::normalizeIP(
                sprintf('%s::ffff:%s:%s', $v6p, $v4e[0], $v4e[1])
            ),
            $prefix6
        );
    }

    public static function getActiveLeases($leaseDir)
    {
        $activeLeases = [];
        foreach (glob(sprintf('%s/*', $leaseDir)) as $leaseFile) {
            $activeLeases[] = basename($leaseFile);
        }

        return $activeLeases;
    }

    public static function addRoute4($v4, $dev)
    {
        self::delRoute4($v4, false);
        self::flushRouteCache4();
        $cmd = sprintf('/usr/bin/sudo /sbin/ip -4 ro add %s/32 dev %s', $v4, $dev);
        self::exec($cmd);
    }

    public static function addRoute6($v6, $dev)
    {
        self::delRoute6($v6, false);
        self::flushRouteCache6();
        $cmd = sprintf('/usr/bin/sudo /sbin/ip -6 ro add %s/128 dev %s', $v6, $dev);
        self::exec($cmd);
    }

    public static function delRoute4($v4, $throwExceptionOnFailure = true)
    {
        $cmd = sprintf('/usr/bin/sudo /sbin/ip -4 ro del %s/32', $v4);
        self::exec($cmd, $throwExceptionOnFailure);
        self::flushRouteCache4();
    }

    public static function delRoute6($v6, $throwExceptionOnFailure = true)
    {
        $cmd = sprintf('/usr/bin/sudo /sbin/ip -6 ro del %s/128', $v6);
        self::exec($cmd, $throwExceptionOnFailure);
        self::flushRouteCache6();
    }

    private static function flushRouteCache4()
    {
        $cmd = '/usr/bin/sudo /sbin/ip -4 ro flush cache';
        self::exec($cmd, false);
    }

    private static function flushRouteCache6()
    {
        $cmd = '/usr/bin/sudo /sbin/ip -6 ro flush cache';
        self::exec($cmd, false);
    }

    public static function configDataToOpenVpn($configData)
    {
        if (false === $configData) {
            return ['disable'];
        }

        $configDataArray = [
            sprintf('ifconfig-push %s %s', $configData['v4'], $configData['v4_netmask']),
            sprintf('ifconfig-ipv6-push %s/64 %s', $configData['v6'], $configData['v6_gw']),
        ];

        if ($configData['default_gw']) {
            $configDataArray[] = 'push "redirect-gateway def1 bypass-dhcp"';

            # for Windows clients we need this extra route to mark the TAP adapter as 
            # trusted and as having "Internet" access to allow the user to set it to 
            # "Home" or "Work" to allow accessing file shares and printers
            $configDataArray[] = 'push "route 0.0.0.0 0.0.0.0"';

            # for iOS we need this OpenVPN 2.4 "ipv6" flag to redirect-gateway
            # See https://docs.openvpn.net/docs/openvpn-connect/openvpn-connect-ios-faq.html
            $configDataArray[] = 'push "redirect-gateway ipv6"';

            # we use 2000::/3 instead of ::/0 because it seems to break on native IPv6 
            # networks where the ::/0 default router already exists
            $configDataArray[] = 'push "route-ipv6 2000::/3"';
            foreach ($configData['dns'] as $dnsAddress) {
                $configDataArray[] = sprintf('push "dhcp-option DNS %s"', $dnsAddress);
            }
        } else {
            foreach ($configData['dst_net4'] as $dstNet4) {
                $net4 = new IP($dstNet4);
                $configDataArray[] = sprintf('push "route %s %s"', $net4->getNetwork(), $net4->getNetmask());
            }
            foreach ($configData['dst_net6'] as $dstNet6) {
                $configDataArray[] = sprintf('push "route-ipv6 %s"', $dstNet6);
            }
        }

        return $configDataArray;
    }
}


1			<?php
2			/**
3			* Copyright 2015 François Kooman <[email protected]>.
4			*
5			* Licensed under the Apache License, Version 2.0 (the "License");
6			* you may not use this file except in compliance with the License.
7			* You may obtain a copy of the License at
8			*
9			* http://www.apache.org/licenses/LICENSE-2.0
10			*
11			* Unless required by applicable law or agreed to in writing, software
12			* distributed under the License is distributed on an "AS IS" BASIS,
13			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14			* See the License for the specific language governing permissions and
15			* limitations under the License.
16			*/
17
18			namespace fkooman\VPN\Server;
19
20			use RuntimeException;
21			use fkooman\VPN\Server\Config\IP;
22
23			class Utils
24			{
25			public static function exec($cmd, $throwExceptionOnFailure = true)
26			{
27			exec($cmd, $output, $returnValue);
28
29			if (0 !== $returnValue) {
30			if ($throwExceptionOnFailure) {
31			throw new RuntimeException(
32			sprintf('command "%s" did not complete successfully (%d)', $cmd, $returnValue)
33			);
34			}
35			}
36			}
37
38			public static function writeTempConfig($tmpConfig, array $configFileData)
39			{
40			if (false === @file_put_contents($tmpConfig, implode(PHP_EOL, $configFileData))) {
41			throw new RuntimeException('unable to write temporary config file');
42			}
43			}
44
45			public static function normalizeIP($ipAddress)
46			{
47			return inet_ntop(inet_pton($ipAddress));
48			}
49
50			/**
51			* Convert IPv4 CIDR address to IPv6 address with prefix containing the
52			* IPv4 address with the same prefix.
53			*
54			* @param string $v6p the IPv6 prefix, e.g.: fd00:4242:4242:1194
55			* @param string $v4c the IPv4 CIDR, e.g. 10.42.42.0/24
56			*
57			* @return string the IPv6 address range containing the IPv4 CIDR, e.g.:
58			* fd00:4242:4242:1194:0:ffff:0a2a:2a00/120
59			*/
60			public static function convert4to6($v6p, $v4c)
61			{
62			list($net4, $prefix4) = explode('/', $v4c);
63			$prefix6 = 128 - (32 - $prefix4);
64			$v4e = str_split(bin2hex(inet_pton($net4)), 4);
65
66			return sprintf(
67			'%s/%d',
68			self::normalizeIP(
69			sprintf('%s::ffff:%s:%s', $v6p, $v4e[0], $v4e[1])
70			),
71			$prefix6
72			);
73			}
74
75			public static function getActiveLeases($leaseDir)
76			{
77			$activeLeases = [];
78			foreach (glob(sprintf('%s/*', $leaseDir)) as $leaseFile) {
79			$activeLeases[] = basename($leaseFile);
80			}
81
82			return $activeLeases;
83			}
84
85			public static function addRoute4($v4, $dev)
86			{
87			self::delRoute4($v4, false);
88			self::flushRouteCache4();
89			$cmd = sprintf('/usr/bin/sudo /sbin/ip -4 ro add %s/32 dev %s', $v4, $dev);
90			self::exec($cmd);
91			}
92
93			public static function addRoute6($v6, $dev)
94			{
95			self::delRoute6($v6, false);
96			self::flushRouteCache6();
97			$cmd = sprintf('/usr/bin/sudo /sbin/ip -6 ro add %s/128 dev %s', $v6, $dev);
98			self::exec($cmd);
99			}
100
101			public static function delRoute4($v4, $throwExceptionOnFailure = true)
102			{
103			$cmd = sprintf('/usr/bin/sudo /sbin/ip -4 ro del %s/32', $v4);
104			self::exec($cmd, $throwExceptionOnFailure);
105			self::flushRouteCache4();
106			}
107
108			public static function delRoute6($v6, $throwExceptionOnFailure = true)
109			{
110			$cmd = sprintf('/usr/bin/sudo /sbin/ip -6 ro del %s/128', $v6);
111			self::exec($cmd, $throwExceptionOnFailure);
112			self::flushRouteCache6();
113			}
114
115			private static function flushRouteCache4()
116			{
117			$cmd = '/usr/bin/sudo /sbin/ip -4 ro flush cache';
118			self::exec($cmd, false);
119			}
120
121			private static function flushRouteCache6()
122			{
123			$cmd = '/usr/bin/sudo /sbin/ip -6 ro flush cache';
124			self::exec($cmd, false);
125			}
126
127			public static function configDataToOpenVpn($configData)
128			{
129			if (false === $configData) {
130			return ['disable'];
131			}
132
133			$configDataArray = [
134			sprintf('ifconfig-push %s %s', $configData['v4'], $configData['v4_netmask']),
135			sprintf('ifconfig-ipv6-push %s/64 %s', $configData['v6'], $configData['v6_gw']),
136			];
137
138			if ($configData['default_gw']) {
139			$configDataArray[] = 'push "redirect-gateway def1 bypass-dhcp"';
140
141			# for Windows clients we need this extra route to mark the TAP adapter as
142			# trusted and as having "Internet" access to allow the user to set it to
143			# "Home" or "Work" to allow accessing file shares and printers
144			$configDataArray[] = 'push "route 0.0.0.0 0.0.0.0"';
145
146			# for iOS we need this OpenVPN 2.4 "ipv6" flag to redirect-gateway
147			# See https://docs.openvpn.net/docs/openvpn-connect/openvpn-connect-ios-faq.html
148			$configDataArray[] = 'push "redirect-gateway ipv6"';
149
150			# we use 2000::/3 instead of ::/0 because it seems to break on native IPv6
151			# networks where the ::/0 default router already exists
152			$configDataArray[] = 'push "route-ipv6 2000::/3"';
153			foreach ($configData['dns'] as $dnsAddress) {
154			$configDataArray[] = sprintf('push "dhcp-option DNS %s"', $dnsAddress);
155			}
156			} else {
157			foreach ($configData['dst_net4'] as $dstNet4) {
158			$net4 = new IP($dstNet4);
159			$configDataArray[] = sprintf('push "route %s %s"', $net4->getNetwork(), $net4->getNetmask());
160			}
161			foreach ($configData['dst_net6'] as $dstNet6) {
162			$configDataArray[] = sprintf('push "route-ipv6 %s"', $dstNet6);
163			}
164			}
165
166			return $configDataArray;
167			}
168			}
169

eduVPN / vpn-server-api

GitHub Access Token became invalid

Push — master ( 36987f...5a4612 )

Utils::configDataToOpenVpn() B

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like