dissect.target 3.17.dev4__py3-none-any.whl → 3.17.dev5__py3-none-any.whl

dissect/target/plugins/apps/vpn/openvpn.py

@@ -1,12 +1,15 @@
+from __future__ import annotations
+
+import io
 import itertools
-import re
-from os.path import basename
-from typing import Iterator, Union
+from itertools import product
+from typing import Iterable, Iterator, Optional, Union
 
-from dissect.target.exceptions import UnsupportedPluginError
+from dissect.target.exceptions import ConfigurationParsingError, UnsupportedPluginError
 from dissect.target.helpers import fsutil
+from dissect.target.helpers.configutil import Default, ListUnwrapper, _update_dictionary
 from dissect.target.helpers.record import TargetRecordDescriptor
-from dissect.target.plugin import OperatingSystem, Plugin, export
+from dissect.target.plugin import OperatingSystem, Plugin, arg, export
 
 COMMON_ELEMENTS = [
     ("string", "name"),  # basename of .conf file
@@ -15,6 +18,7 @@ COMMON_ELEMENTS = [
     ("string", "ca"),
     ("string", "cert"),
     ("string", "key"),
+    ("boolean", "redacted_key"),
     ("string", "tls_auth"),
     ("string", "status"),
     ("string", "log"),
@@ -46,7 +50,60 @@ OpenVPNClient = TargetRecordDescriptor(
 )
 
 
-CONFIG_COMMENT_SPLIT_REGEX = re.compile("(#|;)")
+class OpenVPNParser(Default):
+    def __init__(self, *args, **kwargs):
+        boolean_fields = OpenVPNServer.getfields("boolean") + OpenVPNClient.getfields("boolean")
+        self.boolean_field_names = set(field.name.replace("_", "-") for field in boolean_fields)
+
+        super().__init__(*args, separator=(r"\s",), collapse=["key", "ca", "cert"], **kwargs)
+
+    def parse_file(self, fh: io.TextIOBase) -> None:
+        root = {}
+        iterator = self.line_reader(fh)
+        for line in iterator:
+            if line.startswith("<"):
+                key = line.strip().strip("<>")
+                value = self._read_blob(iterator)
+                _update_dictionary(root, key, value)
+                continue
+
+            self._parse_line(root, line)
+
+        self.parsed_data = ListUnwrapper.unwrap(root)
+
+    def _read_blob(self, lines: Iterable[str]) -> str | list[dict]:
+        """Read the whole section between <data></data> sections"""
+        output = ""
+        with io.StringIO() as buffer:
+            for line in lines:
+                if "</" in line:
+                    break
+
+                buffer.write(line)
+            output = buffer.getvalue()
+
+        # Check for connection profile blocks
+        if not output.startswith("-----"):
+            profile_dict = dict()
+            for line in output.splitlines():
+                self._parse_line(profile_dict, line)
+
+            # We put it as a list as _update_dictionary appends data in a list.
+            output = [profile_dict]
+
+        return output
+
+    def _parse_line(self, root: dict, line: str) -> None:
+        key, *value = self.SEPARATOR.split(line, 1)
+        # Unquote data
+        value = value[0].strip() if value else ""
+
+        value = value.strip("'\"")
+
+        if key in self.boolean_field_names:
+            value = True
+
+        _update_dictionary(root, key, value)
 
 
 class OpenVPNPlugin(Plugin):
@@ -61,133 +118,98 @@ class OpenVPNPlugin(Plugin):
     config_globs = [
         # This catches openvpn@, openvpn-client@, and openvpn-server@ systemd configurations
         # Linux
-        "/etc/openvpn/*.conf",
-        "/etc/openvpn/server/*.conf",
-        "/etc/openvpn/client/*.conf",
+        "/etc/openvpn/",
         # Windows
-        "sysvol/Program Files/OpenVPN/config/*.conf",
+        "sysvol/Program Files/OpenVPN/config/",
     ]
 
     user_config_paths = {
-        OperatingSystem.WINDOWS.value: ["OpenVPN/config/*.conf"],
-        OperatingSystem.OSX.value: ["Library/Application Support/OpenVPN Connect/profiles/*.conf"],
+        OperatingSystem.WINDOWS.value: ["OpenVPN/config/"],
+        OperatingSystem.OSX.value: ["Library/Application Support/OpenVPN Connect/profiles/"],
     }
 
     def __init__(self, target) -> None:
         super().__init__(target)
         self.configs: list[fsutil.TargetPath] = []
-        for path in self.config_globs:
-            self.configs.extend(self.target.fs.path().glob(path.lstrip("/")))
+        for base, glob in product(self.config_globs, ["*.conf", "*.ovpn"]):
+            self.configs.extend(self.target.fs.path(base).rglob(glob))
 
         user_paths = self.user_config_paths.get(target.os, [])
-        for path, user_details in itertools.product(user_paths, self.target.user_details.all_with_home()):
-            self.configs.extend(user_details.home_path.glob(path))
+        for path, glob, user_details in itertools.product(
+            user_paths, ["*.conf", "*.ovpn"], self.target.user_details.all_with_home()
+        ):
+            self.configs.extend(user_details.home_path.joinpath(path).rglob(glob))
 
     def check_compatible(self) -> None:
         if not self.configs:
             raise UnsupportedPluginError("No OpenVPN configuration files found")
 
+    def _load_config(self, parser: OpenVPNParser, config_path: fsutil.TargetPath) -> Optional[dict]:
+        with config_path.open("rt") as file:
+            try:
+                parser.parse_file(file)
+            except ConfigurationParsingError as e:
+                # Couldn't parse file, continue
+                self.target.log.info("An issue occurred during parsing of %s, continuing", config_path)
+                self.target.log.debug("", exc_info=e)
+                return None
+
+        return parser.parsed_data
+
     @export(record=[OpenVPNServer, OpenVPNClient])
-    def config(self) -> Iterator[Union[OpenVPNServer, OpenVPNClient]]:
+    @arg("--export-key", action="store_true")
+    def config(self, export_key: bool = False) -> Iterator[Union[OpenVPNServer, OpenVPNClient]]:
         """Parses config files from openvpn interfaces."""
+        # We define the parser here so we can reuse it
+        parser = OpenVPNParser()
 
         for config_path in self.configs:
-            config = _parse_config(config_path.read_text())
-
-            name = basename(config_path).replace(".conf", "")
-            proto = config.get("proto", "udp")  # Default is UDP
-            dev = config.get("dev")
-            ca = _unquote(config.get("ca"))
-            cert = _unquote(config.get("cert"))
-            key = _unquote(config.get("key"))
+            config = self._load_config(parser, config_path)
+
+            common_elements = {
+                "name": config_path.stem,
+                "proto": config.get("proto", "udp"),  # Default is UDP
+                "dev": config.get("dev"),
+                "ca": config.get("ca"),
+                "cert": config.get("cert"),
+                "key": config.get("key"),
+                "status": config.get("status"),
+                "log": config.get("log"),
+                "source": config_path,
+                "_target": self.target,
+            }
+
+            if not export_key and "PRIVATE KEY" in common_elements.get("key"):
+                common_elements.update({"key": None})
+                common_elements.update({"redacted_key": True})
+
             tls_auth = config.get("tls-auth", "")
             # The format of tls-auth is 'tls-auth ta.key <NUM>'.
             # NUM is either 0 or 1 depending on whether the configuration
             # is for the client or server, and that does not interest us
             # This gets rid of the number at the end, while still supporting spaces
-            tls_auth = _unquote(" ".join(tls_auth.split(" ")[:-1]))
-            status = config.get("status")
-            log = config.get("log")
+            tls_auth = " ".join(tls_auth.split(" ")[:-1]).strip("'\"")
+
+            common_elements.update({"tls_auth": tls_auth})
 
             if "client" in config:
                 remote = config.get("remote", [])
-                # In cases when there is only a single remote,
-                # we want to return it as its own list
-                if isinstance(remote, str):
-                    remote = [remote]
 
                 yield OpenVPNClient(
-                    name=name,
-                    proto=proto,
-                    dev=dev,
-                    ca=ca,
-                    cert=cert,
-                    key=key,
-                    tls_auth=tls_auth,
-                    status=status,
-                    log=log,
+                    **common_elements,
                     remote=remote,
-                    source=config_path,
-                    _target=self.target,
                 )
             else:
-                pushed_options = config.get("push", [])
-                # In cases when there is only a single push,
-                # we want to return it as its own list
-                if isinstance(pushed_options, str):
-                    pushed_options = [pushed_options]
-                pushed_options = [_unquote(opt) for opt in pushed_options]
                 # Defaults here are taken from `man (8) openvpn`
                 yield OpenVPNServer(
-                    name=name,
-                    proto=proto,
-                    dev=dev,
-                    ca=ca,
-                    cert=cert,
-                    key=key,
-                    tls_auth=tls_auth,
-                    status=status,
-                    log=log,
+                    **common_elements,
                     local=config.get("local", "0.0.0.0"),
                     port=int(config.get("port", "1194")),
-                    dh=_unquote(config.get("dh")),
+                    dh=config.get("dh"),
                     topology=config.get("topology"),
                     server=config.get("server"),
                     ifconfig_pool_persist=config.get("ifconfig-pool-persist"),
-                    pushed_options=pushed_options,
+                    pushed_options=config.get("push", []),
                     client_to_client=config.get("client-to-client", False),
                     duplicate_cn=config.get("duplicate-cn", False),
-                    source=config_path,
-                    _target=self.target,
                 )
-
-
-def _parse_config(content: str) -> dict[str, Union[str, list[str]]]:
-    """Parses Openvpn config  files"""
-    lines = content.splitlines()
-    res = {}
-    boolean_fields = OpenVPNServer.getfields("boolean") + OpenVPNClient.getfields("boolean")
-    boolean_field_names = set(field.name for field in boolean_fields)
-
-    for line in lines:
-        # As per man (8) openvpn, lines starting with ; or # are comments
-        if line and not line.startswith((";", "#")):
-            key, *value = line.split(" ", 1)
-            value = value[0] if value else ""
-            # This removes all text after the first comment
-            value = CONFIG_COMMENT_SPLIT_REGEX.split(value, 1)[0].strip()
-
-            if key in boolean_field_names and value == "":
-                value = True
-
-            if old_value := res.get(key):
-                if not isinstance(old_value, list):
-                    old_value = [old_value]
-                res[key] = old_value + [value]
-            else:
-                res[key] = value
-    return res
-
-
-def _unquote(content: str) -> str:
-    return content.strip("\"'")

{dissect.target-3.17.dev4.dist-info → dissect.target-3.17.dev5.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.17.dev4
+Version: 3.17.dev5
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.17.dev4.dist-info → dissect.target-3.17.dev5.dist-info}/RECORD

@@ -137,7 +137,7 @@ dissect/target/plugins/apps/ssh/opensshd.py,sha256=DaXKdgGF3GYHHA4buEvphcm6FF4C8
 dissect/target/plugins/apps/ssh/putty.py,sha256=N8ssjutUVN50JNA5fEIVISbP5sJ7bGTFidRbX3uNG5Y,9404
 dissect/target/plugins/apps/ssh/ssh.py,sha256=uCaoWlT2bgKLUHA1aL6XymJDWJ8JmLsN8PB1C66eidY,1409
 dissect/target/plugins/apps/vpn/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/apps/vpn/openvpn.py,sha256=NZeFSFgGAifevGIQBusdbBRFOPxu0584Th8rKE-XSus,6875
+dissect/target/plugins/apps/vpn/openvpn.py,sha256=d-DGINTIHP_bvv3T09ZwbezHXGctvCyAhJ482m2_-a0,7654
 dissect/target/plugins/apps/vpn/wireguard.py,sha256=SoAMED_bwWJQ3nci5qEY-qV4wJKSSDZQ8K7DoJRYq0k,6521
 dissect/target/plugins/apps/webhosting/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/webhosting/cpanel.py,sha256=OeFQnu9GmpffIlFyK-AR2Qf8tjyMhazWEAUyccDU5y0,2979
@@ -336,10 +336,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=j1K1iKmspl0C_OJFc7-Q1BMWN2OCC5EVANIgVlJ_fIE,1673
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.17.dev4.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.17.dev4.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.17.dev4.dist-info/METADATA,sha256=66nmVpweOFOoauPHo_Ii1fS7BGJVk1kgezK_wdbjJfk,11225
-dissect.target-3.17.dev4.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-dissect.target-3.17.dev4.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
-dissect.target-3.17.dev4.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.17.dev4.dist-info/RECORD,,
+dissect.target-3.17.dev5.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.17.dev5.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.17.dev5.dist-info/METADATA,sha256=qGpE_5-EiSeQqcnEOWCm0ftgBhIpfe6yMQPtXmQ1i_0,11225
+dissect.target-3.17.dev5.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+dissect.target-3.17.dev5.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
+dissect.target-3.17.dev5.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.17.dev5.dist-info/RECORD,,