#!/usr/bin/env python
# -*- coding: utf-8 -*-
# +--------------------------------------------------------------------------+
# | Endian Firewall                                                          |
# +--------------------------------------------------------------------------+
# | Copyright (c) 2004-2019 Endian S.p.A. <info@endian.com>                  |
# |         Endian S.p.A.                                                    |
# |         via Ipazia 2                                                     |
# |         39100 Bolzano (BZ)                                               |
# |         Italy                                                            |
# |                                                                          |
# | This program is free software; you can redistribute it and/or modify     |
# | it under the terms of the GNU General Public License as published by     |
# | the Free Software Foundation; either version 2 of the License, or        |
# | (at your option) any later version.                                      |
# |                                                                          |
# | This program is distributed in the hope that it will be useful,          |
# | but WITHOUT ANY WARRANTY; without even the implied warranty of           |
# | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            |
# | GNU General Public License for more details.                             |
# |                                                                          |
# | You should have received a copy of the GNU General Public License along  |
# | with this program; if not, write to the Free Software Foundation, Inc.,  |
# | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.              |
# +--------------------------------------------------------------------------+
#
# Environ variables example:
#
# link_mtu=1576
# untrusted_port=60407
# daemon_log_redirect=0
# dev_type=tap
# ifconfig_local=192.168.151.1
# tun_mtu=1500
# remote_port_1=1194
# daemon_start_time=1426524468
# ifconfig_netmask=255.255.255.0
# script_context=init
# redirect_gateway=0
# verb=1
# local_port_1=1194
# ifconfig_broadcast=192.168.151.255
# daemon_pid=12489
# untrusted_ip=192.168.18.164
# daemon=1
# config=/etc/openvpn/openvpn.3.conf
# proto_1=tcp-server
# dev=tap2
# script_type=user-pass-verify

import os
import sys
import base64
from endian.job.engine_control import send_cmd_to_engine


password = base64.urlsafe_b64encode(os.environ.get('password'))
result = send_cmd_to_engine(
    cmd='call openvpnjob.authenticate',
    prefix='nolog',
    options={
        'common_name': "'{}'".format(os.environ.get('username')),
        'password_base64': password,
        'dev': os.environ.get('dev'),
        'remote': os.environ.get('untrusted_ip'),
        'remote_port': os.environ.get('untrusted_port')
    }
)

auth_ok = "280 OK" in result
auth_control_file = os.environ.get("auth_control_file")

if auth_control_file:
    out = "1" if auth_ok else "0"
    with open(auth_control_file, "w") as f:
        f.write(out)
    sys.exit(0)
else:
    sys.exit(0 if auth_ok else 1)
