├── docker ├── .dockerignore ├── .gitignore ├── README.md ├── Dockerfile ├── docker-compose.yml └── api-only │ ├── conf.d │ └── pritunl-fake-api.conf │ └── docker-compose.yml ├── .gitattributes ├── .github └── FUNDING.yml ├── www ├── logo.png ├── logo.xcf ├── premium.css ├── .htaccess ├── custom.css └── index.php ├── docs ├── done.png ├── login-msg.png ├── active-ultimate.png ├── enter-something.png ├── apache │ ├── 000-default-le-ssl.conf │ └── install.md ├── docker │ ├── pritunl-patched-install.md │ └── api-only-install.md └── nginx │ ├── hard_nginx.conf │ └── install.md ├── README.md ├── server └── setup.py └── LICENSE.md /docker/.dockerignore: -------------------------------------------------------------------------------- 1 | mongodb -------------------------------------------------------------------------------- /docker/.gitignore: -------------------------------------------------------------------------------- 1 | setup.py 2 | mongodb -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | *.zip filter=lfs diff=lfs merge=lfs -text 2 | -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | github: simonmicro 2 | patreon: simonmicro 3 | -------------------------------------------------------------------------------- /www/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simonmicro/Pritunl-Fake-API/HEAD/www/logo.png -------------------------------------------------------------------------------- /www/logo.xcf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simonmicro/Pritunl-Fake-API/HEAD/www/logo.xcf -------------------------------------------------------------------------------- /docs/done.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simonmicro/Pritunl-Fake-API/HEAD/docs/done.png -------------------------------------------------------------------------------- /docs/login-msg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simonmicro/Pritunl-Fake-API/HEAD/docs/login-msg.png -------------------------------------------------------------------------------- /docs/active-ultimate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simonmicro/Pritunl-Fake-API/HEAD/docs/active-ultimate.png -------------------------------------------------------------------------------- /docs/enter-something.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simonmicro/Pritunl-Fake-API/HEAD/docs/enter-something.png -------------------------------------------------------------------------------- /docker/README.md: -------------------------------------------------------------------------------- 1 | This uses the docker image for Pritunl by `goofball222/pritunl` and installs the fake api hooks directly into it. 2 | -------------------------------------------------------------------------------- /docker/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM goofball222/pritunl:latest 2 | 3 | ARG API_SERVER_DOMAIN 4 | ENV API_SERVER_DOMAIN $API_SERVER_DOMAIN 5 | 6 | # Yes, you will need to copy it over into the build context... 7 | COPY setup.py . 8 | 9 | RUN chmod +x setup.py; python3 -u setup.py --install --api-server ${API_SERVER_DOMAIN:-}; rm setup.py -------------------------------------------------------------------------------- /www/premium.css: -------------------------------------------------------------------------------- 1 | /* Fixes for the premium subscription-modal, which seems to be empty / broken in recent versions */ 2 | .enterprise-modal .enterprise-info { 3 | display: inherit; 4 | } 5 | 6 | .enterprise-modal .modal .enterprise-info .premium-plan { 7 | display: inherit; 8 | } 9 | 10 | .enterprise-modal .enterprise-buttons { 11 | display: inherit; 12 | } -------------------------------------------------------------------------------- /www/.htaccess: -------------------------------------------------------------------------------- 1 | Options -Indexes 2 | 3 | 4 | # Force HTTPS 5 | RewriteEngine On 6 | 7 | # Activate a virutal file system and send every request of a non existing file to index.php?apiReq=(...) 8 | RewriteCond %{REQUEST_FILENAME} !-f 9 | RewriteCond %{REQUEST_FILENAME} !-d 10 | RewriteRule ^(.*)$ index.php?path=$1 [L,QSA] 11 | 12 | -------------------------------------------------------------------------------- /docs/apache/000-default-le-ssl.conf: -------------------------------------------------------------------------------- 1 | 2 | 3 | # The ServerName directive sets the request scheme, hostname and port that 4 | # the server uses to identify itself. This is used when creating 5 | # redirection URLs. In the context of virtual hosts, the ServerName 6 | # specifies what hostname must appear in the request's Host: header to 7 | # match this virtual host. For the default virtual host (this file) this 8 | # value is not decisive as it is used as a last resort host regardless. 9 | # However, you must set it for any further virtual host explicitly. 10 | #ServerName www.example.com 11 | 12 | ServerAdmin webmaster@localhost 13 | DocumentRoot /var/www/html 14 | 15 | ErrorLog ${APACHE_LOG_DIR}/error.log 16 | CustomLog ${APACHE_LOG_DIR}/access.log combined 17 | 18 | 19 | AllowOverride All 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /www/custom.css: -------------------------------------------------------------------------------- 1 | * { 2 | color: rgb(57, 83, 120); 3 | } 4 | 5 | .dark * { 6 | color: rgb(220, 232, 232); 7 | } 8 | 9 | .navbar .navbar-brand { 10 | animation-name: pritunl-logo; 11 | animation-duration: 20s; 12 | animation-iteration-count: infinite; 13 | } 14 | 15 | @keyframes pritunl-logo { 16 | 0% { 17 | transform: rotate3d(1, 0, 0, 360deg); 18 | } 19 | 20 | 25% { 21 | transform: rotate3d(1, 0, 0, 0deg); 22 | } 23 | 24 | 50% { 25 | transform: rotate3d(0, 1, 0, 0deg); 26 | } 27 | 28 | 75% { 29 | transform: rotate3d(0, 1, 0, 360deg); 30 | } 31 | 32 | 100% { 33 | transform: rotate3d(0, 1, 0, 360deg); 34 | } 35 | } 36 | 37 | body::before { 38 | position: fixed; 39 | bottom: 0; 40 | right: 0; 41 | content: ''; 42 | background: url("BACKGROUND_IMAGE_URI"); 43 | background-size: contain; 44 | background-repeat: no-repeat; 45 | width: 10em; 46 | height: 10em; 47 | margin: 1em; 48 | opacity: 0.1; 49 | z-index: -99; 50 | } -------------------------------------------------------------------------------- /docs/docker/pritunl-patched-install.md: -------------------------------------------------------------------------------- 1 | # Fully Patched Pritunl: Using Docker 2 | 3 | ## Only installs the API (webserver) and not the Pritunl VPN itself. 4 | You need to have docker up and running on your server. 5 | 6 | This uses the docker image for Pritunl by `goofball222/pritunl` and installs the fake api hooks directly into it. 7 | 8 | 9 | Step: 10 | 11 | - In your server, clone this repo, then `cd` to the cloned folder. 12 | - Go to the `docker` folder of the repo. 13 | - Read the `/docker/docker-compose.yml` file carefully and edit to fit your needs (ports, volumes, network, server domain...) 14 | - Run the `docker-compose.yml` file in daemon mode with: 15 | 16 | `docker-compose up -d` 17 | 18 | - This will `docker build` the patched pritunl container and run it on the following ports: 19 | - Under this port the Pritunl web interface will be exposed (for reverse proxies) 20 | 21 | *9700:9700* 22 | 23 | - The following are the two default ports for the tcp+udp servers (you may edit these as needed!) 24 | 25 | *1194:1194* 26 | 27 | *1194:1194/udp* 28 | 29 | -------------------------------------------------------------------------------- /docker/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | services: 3 | mongodb: 4 | image: mongo:latest 5 | restart: always 6 | volumes: 7 | - ./mongodb:/data/db 8 | 9 | pritunl: 10 | # Use the following to build the image from source (assuming you're running inside the repository). 11 | build: 12 | context: ../server 13 | dockerfile: ../docker/Dockerfile 14 | args: 15 | - API_SERVER_DOMAIN=${API_SERVER_DOMAIN:-} 16 | restart: always 17 | depends_on: 18 | - mongodb 19 | privileged: true 20 | sysctls: 21 | - net.ipv6.conf.all.disable_ipv6=0 22 | links: 23 | - mongodb 24 | volumes: 25 | - /etc/localtime:/etc/localtime:ro 26 | ports: 27 | # Under this port the Pritunl web interface will be exposed (for reverse proxies) 28 | - 9700:9700 29 | # The following are the two default ports for the tcp+udp servers (you may edit these as needed!) 30 | - 1194:1194 31 | - 1194:1194/udp 32 | environment: 33 | - TZ=UTC 34 | - MONGODB_URI=mongodb://mongodb:27017/pritunl 35 | # Also enable reverse proxie capabilities 36 | - REVERSE_PROXY=true 37 | -------------------------------------------------------------------------------- /docker/api-only/conf.d/pritunl-fake-api.conf: -------------------------------------------------------------------------------- 1 | # Pritunl Fake API Server definition 2 | server { 3 | listen [::]:80 default_server; 4 | listen 80 default_server; 5 | server_name _; 6 | 7 | sendfile off; 8 | tcp_nodelay on; 9 | absolute_redirect off; 10 | 11 | root /var/www/html; 12 | index index.php index.html; 13 | 14 | location / { 15 | # First attempt to serve request as file, then 16 | # as directory, then fall back to index.php 17 | try_files $uri $uri/ /index.php?path=$uri&$args; 18 | } 19 | 20 | # Pass the PHP scripts to PHP-FPM listening on php-fpm.sock 21 | location ~ \.php$ { 22 | try_files $uri =404; 23 | fastcgi_split_path_info ^(.+\.php)(/.+)$; 24 | fastcgi_pass unix:/run/php-fpm.sock; 25 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 26 | fastcgi_param SCRIPT_NAME $fastcgi_script_name; 27 | fastcgi_index index.php; 28 | include fastcgi_params; 29 | } 30 | 31 | location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { 32 | expires 5d; 33 | } 34 | 35 | # Deny access to . files, for security 36 | location ~ /\. { 37 | log_not_found off; 38 | deny all; 39 | } 40 | } -------------------------------------------------------------------------------- /docs/nginx/hard_nginx.conf: -------------------------------------------------------------------------------- 1 | worker_processes auto; 2 | error_log stderr warn; 3 | pid /run/nginx.pid; 4 | 5 | events { 6 | worker_connections 64; 7 | } 8 | 9 | http { 10 | include mime.types; 11 | default_type application/octet-stream; 12 | 13 | # Define custom log format to include reponse times 14 | log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" ' 15 | '$status $body_bytes_sent "$http_referer" ' 16 | '"$http_user_agent" "$http_x_forwarded_for" ' 17 | '$request_time $upstream_response_time $pipe $upstream_cache_status'; 18 | 19 | access_log /dev/stdout main_timed; 20 | error_log /dev/stderr notice; 21 | 22 | keepalive_timeout 65; 23 | 24 | # Write temporary files to /tmp so they can be created as a non-privileged user 25 | client_body_temp_path /tmp/client_temp; 26 | proxy_temp_path /tmp/proxy_temp_path; 27 | fastcgi_temp_path /tmp/fastcgi_temp; 28 | uwsgi_temp_path /tmp/uwsgi_temp; 29 | scgi_temp_path /tmp/scgi_temp; 30 | 31 | # Hardening 32 | proxy_hide_header X-Powered-By; 33 | fastcgi_hide_header X-Powered-By; 34 | server_tokens off; 35 | 36 | gzip on; 37 | gzip_proxied any; 38 | gzip_types text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss; 39 | gzip_vary on; 40 | gzip_disable "msie6"; 41 | 42 | # Include other server configs 43 | include /etc/nginx/conf.d/*.conf; 44 | } 45 | -------------------------------------------------------------------------------- /docs/docker/api-only-install.md: -------------------------------------------------------------------------------- 1 | # API Only: Docker 2 | 3 | ## Only installs the API (webserver) and not the Pritunl VPN itself. 4 | This approach runs this API, either on port 80 or behind Traefik, either on docker swarm or single daemon. 5 | 6 | You need to have docker up and running on your server. 7 | 8 | - In your server, clone this repo, then `cd` to the cloned folder. 9 | - Copy the docker-compose file provided in `/docker/api-only/docker-compose.yml` to 10 | the root of the cloned folder. 11 | 12 | You shall now have: `/docker-compose.yml` 13 | - Modify the `/docker-compose.yml` to fit your needs and config 14 | 15 | _Watch for volumes, docker swarm or single daemon, behind Traefik or not and the HOST value if behind traefik:_ 16 | 17 | In case you run behind Traefik, you need to setup the traefik router HOST 18 | 19 | You need correctly setup traefik and docker network (here called proxy_external) 20 | 21 | **(!) Make sure the mount volumes match correctly.** 22 | 23 | * The first volume is the path to the www folder from the root of this repo. 24 | 25 | The path shall be a full path, or be next to this docker-compose.yml file. 26 | 27 | No parent folder navigation like `../../../` is allowed by docker. 28 | 29 | * The second volume is the path to the nginx server config file. 30 | 31 | This needs the commited nginx server config (or your own adapted version) to work properly. 32 | 33 | See the file `/docker/api-only/conf.d/pritunl-fake-api.conf` for more details. 34 | - Run the updated `docker-compose.yml` file in daemon mode with: 35 | 36 | `docker-compose up -d` -------------------------------------------------------------------------------- /docs/apache/install.md: -------------------------------------------------------------------------------- 1 | # HowTo install the selfhost api variant on Apache 2 | 3 | First you want to install the apache2. 4 | ```bash 5 | sudo apt-get install apache2 6 | ``` 7 | After install all of the relevent apache modules: 8 | ```bash 9 | sudo apt-get -y install php7.4-mysql php7.4-curl php7.4-gd php7.4-intl php-pear php-imagick php7.4-imap php-memcache 10 | ``` 11 | Then install certbot for free ssl certs : 12 | ```bash 13 | sudo apt-get install -y certbot 14 | ``` 15 | After this then create a basic site config for the fake api server, do this by creating a file under /etc/apache2/sites-enabled/000-default-le-ssl.conf with the example conf [example](docs/apache/000-default-le-ssl.conf). 16 | 17 | Then generate a ssl certificate for the website with certbot. 18 | ```bash 19 | sudo certbot -d [PUBLIC_ACCESSIBLE_API_DOMAIN] 20 | ``` 21 | Once this is done you should check if you have all of the required loaded php modules required for this server. You can check this by running `sudo apache2ctl -M` and the output should look be something like 22 | ``` 23 | sudo apache2ctl -M 24 | Loaded Modules: 25 | core_module (static) 26 | so_module (static) 27 | watchdog_module (static) 28 | http_module (static) 29 | log_config_module (static) 30 | logio_module (static) 31 | version_module (static) 32 | unixd_module (static) 33 | access_compat_module (shared) 34 | alias_module (shared) 35 | auth_basic_module (shared) 36 | authn_core_module (shared) 37 | authn_file_module (shared) 38 | authz_core_module (shared) 39 | authz_host_module (shared) 40 | authz_user_module (shared) 41 | autoindex_module (shared) 42 | deflate_module (shared) 43 | dir_module (shared) 44 | env_module (shared) 45 | filter_module (shared) 46 | http2_module (shared) 47 | mime_module (shared) 48 | mpm_prefork_module (shared) 49 | negotiation_module (shared) 50 | php7_module (shared) 51 | proxy_module (shared) 52 | proxy_fcgi_module (shared) 53 | reqtimeout_module (shared) 54 | rewrite_module (shared) 55 | setenvif_module (shared) 56 | socache_shmcb_module (shared) 57 | ssl_module (shared) 58 | status_module (shared) 59 | ``` 60 | 61 | Then clone this repo if you've not done this already and `cd` into the root of the project: 62 | ```bash 63 | git clone https://gitlab.simonmicro.de/simonmicro/pritunl-fake-api.git 64 | cd ./pritunl-fake-api 65 | ``` 66 | After this is done copy over the API server files to the server and set permissions 67 | ```bash 68 | sudo cp -R ./www/* /var/html/ 69 | sudo chown www-data:www-data -R /var/www/html 70 | sudo chmod -R 774 /var/www/html/ 71 | ``` 72 | Then restart apache2 to make sure all of the configuration is loaded 73 | ```bash 74 | sudo systemctl restart apache2 75 | ``` 76 | Once this is done you should get a response when you visit `https://[PUBLIC_ACCESSIBLE_API_DOMAIN]/notification`! 77 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # What is this? # 2 | This neat script provides a little fake API to unlock all premium/enterprise/enterprise+ (here called ultimate) features of your own Pritunl VPN server. If Pritunl wouldn't be mostly free already, you could call this a crack. An Open Source crack. 3 | 4 | ## How to setup (server) ## 5 | Take a look into the `server` folder: You _could_ use the Pritunl source there (or just download this specific version from their GitHub repo) to compile a guaranteed compatible version for this API or just download any other version of the Pritunl server and try your luck. 6 | Then you'll need to execute the `setup.py` script (preferable as `root`, as it needs to modify the Pritunl files directly). 7 | After that log in into the dashboard - there should be a "Update Notification": 8 | 9 | ![login-msg](docs/login-msg.png) 10 | 11 | Now try to enter any serial key for your subscription and just follow the hints/notes if you enter an invalid command: 12 | 13 | ![enter-something](docs/enter-something.png) 14 | 15 | A valid command would be `bad premium` or `active ultimate`: 16 | 17 | ![active-ultimate](docs/active-ultimate.png) 18 | 19 | If everything worked, your subscription should now look like this: 20 | 21 | ![done](docs/done.png) 22 | 23 | Make sure to support the developers by buying the choosen subscription for your enterprise or company! 24 | 25 | ## How to setup (api) (optional) ## 26 | This is _optional_. You can simply use the default instance of this API (host is noted inside the `setup.py` script) and profit from "automatic" updates. 27 | 28 | ## API Only: Using Apache 29 | Just transfer the `www` files inside a public accessible root-folder on your _dedicated_ Apache webserver (really everthing with PHP support works). Also make sure your instance has a valid SSL-certificate (Let's encrypt is enough), otherwise it may won't work. 30 | An example Apache install process can be found [here](docs/apache/install.md). If you want to test your instance, just open the public accessible URI in your browser and append `/healthz` to it - if you see some JSON with the text, then everything worked! 31 | 32 | ### API Only: Using Nginx 33 | Just transfer the `www` files inside a public accessible root-folder on your _dedicated_ Nginx webserver (really everthing with PHP support works). Also make sure your instance has a valid SSL-certificate (Let's encrypt is enough), otherwise it may won't work. 34 | See the documentation in [Nginx Install](docs/nginx/install.md). 35 | 36 | ### API Only: Using Docker 37 | See the documentation in [Docker Install](docs/docker/api-only-install.md). 38 | 39 | ### Fully Patched Pritunl: Using Docker 40 | This api has also its own docker image. Take a look into the `docker` folder and enjoy! 41 | 42 | See the documentation in [Patched Pritunl Docker Install](docs/docker/pritunl-patched-install.md). 43 | 44 | ### Nett2Know ### 45 | * This modification will also block any communication to the Pritunl servers - so no calling home :) 46 | * SSO will not work with this api version! As Pritunls own authentication servers handle the whole SSO stuff, track instance ids and verify users, I won't implement this part for privacy concerns (and also this would need to be securly implemented and a database). 47 | 48 | Have fun with your new premium/enterprise/ultimate Pritunl instance! 49 | -------------------------------------------------------------------------------- /docs/nginx/install.md: -------------------------------------------------------------------------------- 1 | # HowTo install the selfhost api variant on Nginx 2 | 3 | ## Easy way: 4 | Use docker and docker-compose files provided in `docker/api-only` folder. 5 | 6 | See documentation [Docker Install](docs/docker/api-only-install.md). 7 | 8 | The docker compose file has a detailed help in its top too. Read and Roll :) 9 | 10 | 11 | ## Hard way: 12 | First, you need to install Nginx. 13 | ```bash 14 | sudo apt-get install nginx 15 | ``` 16 | 17 | After that, install all of the relevant PHP modules: 18 | 19 | ```bash 20 | sudo apt-get -y install php7.4-fpm php7.4-mysql php7.4-curl php7.4-gd php7.4-intl php-pear php-imagick php7.4-imap php-memcache 21 | ``` 22 | 23 | Then install certbot for free SSL certs: 24 | ```bash 25 | sudo apt-get install -y certbot python3-certbot-nginx 26 | ``` 27 | 28 | After this, create a basic site config for the fake api server. Do this by creating a file under /etc/nginx/sites-available/ and create a symbolic link to /etc/nginx/sites-enabled. 29 | You can refer to the provided Nginx server block available in: 30 | `/docker/api-only/conf.d/pritunl-fake-api.conf` 31 | 32 | Then generate an SSL certificate for the website with certbot. 33 | ```bash 34 | sudo certbot --nginx -d [PUBLIC_ACCESSIBLE_API_DOMAIN] 35 | ``` 36 | 37 | Once this is done, you should check if you have all the required loaded PHP modules for this server. You can check this by running php -m, and the output should list your PHP modules. 38 | 39 | the output should look be something like: 40 | ```bash 41 | #... 42 | core_module (static) 43 | so_module (static) 44 | watchdog_module (static) 45 | http_module (static) 46 | log_config_module (static) 47 | logio_module (static) 48 | version_module (static) 49 | unixd_module (static) 50 | access_compat_module (shared) 51 | alias_module (shared) 52 | auth_basic_module (shared) 53 | authn_core_module (shared) 54 | authn_file_module (shared) 55 | authz_core_module (shared) 56 | authz_host_module (shared) 57 | authz_user_module (shared) 58 | autoindex_module (shared) 59 | deflate_module (shared) 60 | dir_module (shared) 61 | env_module (shared) 62 | filter_module (shared) 63 | http2_module (shared) 64 | mime_module (shared) 65 | mpm_prefork_module (shared) 66 | negotiation_module (shared) 67 | php7_module (shared) 68 | proxy_module (shared) 69 | proxy_fcgi_module (shared) 70 | reqtimeout_module (shared) 71 | rewrite_module (shared) 72 | setenvif_module (shared) 73 | socache_shmcb_module (shared) 74 | ssl_module (shared) 75 | status_module (shared) 76 | #... 77 | ``` 78 | 79 | Then clone this repository if you haven't done this already and cd into the root of the project: 80 | ```bash 81 | git clone https://gitlab.simonmicro.de/simonmicro/pritunl-fake-api.git 82 | cd ./pritunl-fake-api 83 | ``` 84 | 85 | After this is done, copy over the API server files to the server and set permissions. 86 | ```bash 87 | sudo cp -R ./www/* /var/www/html/ 88 | sudo chown www-data:www-data -R /var/www/html 89 | sudo chmod -R 774 /var/www/html/ 90 | ``` 91 | 92 | For your convenience, a hardened Nginx configuration is provided to help you secure and improve your server, 93 | Read it carefully before use and make sure you understand what it does. 94 | 95 | See: `/docs/nginx/hard_nginx.conf` 96 | 97 | 98 | Then restart Nginx to make sure all of the configuration is loaded. 99 | ```bash 100 | sudo systemctl restart nginx 101 | ``` 102 | 103 | Once this is done, you should get a response when you visit 104 | 105 | `https://[PUBLIC_ACCESSIBLE_API_DOMAIN]/notification`! 106 | -------------------------------------------------------------------------------- /docker/api-only/docker-compose.yml: -------------------------------------------------------------------------------- 1 | # Runs this API, either on port 80 or behind Traefik, either on docker swarm or single daemon. 2 | # Choose the right configuration for you and comment out the other. 3 | # Read the comments carefully. 4 | # 5 | # 6 | # In case you run behind Traefik, you need to setup the traefik router HOST 7 | # You need correctly setup traefik and docker network (here called proxy_external) 8 | # 9 | # /!\ /!\ Make sure the mount volumes match correctly. /!\ /!\ 10 | # 11 | # The first volume is the path to the www folder from the root of this repo. 12 | # The path shall be a full path, or be next to this docker-compose.yml file. 13 | # No parent folder navigation like `../../../` is allowed by docker. 14 | # 15 | # -> Easy solution: 16 | # Once you have cloned this repo, you shall move this docker-compose.yml file to the root of the repo. 17 | # 18 | # The second volume is the path to the nginx server config file. 19 | # This needs the commited nginx server config (or your own adapted version) to work properly. 20 | # See the file `/docker/api-only/conf.d/pritunl-fake-api.conf` for more details. 21 | 22 | version: '3.7' 23 | services: 24 | web: 25 | image: trafex/php-nginx 26 | volumes: 27 | - "./www:/var/www/html:ro" 28 | - "./docker/api-only/conf.d/pritunl-fake-api.conf:/etc/nginx/conf.d/pritunl-fake-api.conf" 29 | ################################################################# 30 | ### If you run behind Traefik COMMENT OUT the following lines ### 31 | ### BEGIN TRAEFIK_BLOCK ### 32 | ports: 33 | - "80:8080" 34 | ################################################################# 35 | 36 | ################################################################# 37 | 38 | ### BEGIN SINGLE_DAEMON_BLOCK ### 39 | 40 | ### If you run behind on Docker Single Daemon (NOT Swarm) uncomment the following lines ### 41 | # networks: 42 | # - default 43 | # - proxy_external 44 | # labels: 45 | # - "traefik.enable=true" 46 | # - "traefik.docker.network=proxy_external" 47 | # - "traefik.tags=proxy_external" 48 | # ### Services 49 | # ## API 50 | # - "traefik.http.services.pritunl-api.loadbalancer.server.port=8080" 51 | # ### Routers 52 | # - "traefik.http.routers.pritunl-api.entrypoints=https" 53 | # - "traefik.http.routers.pritunl-api.rule=Host(`mypritunlfakeapi.example.com`)" 54 | # - "traefik.http.routers.pritunl-api.service=pritunl-api" 55 | # - "traefik.http.routers.pritunl-api.tls=true" 56 | # - "traefik.http.routers.pritunl-api.tls.certresolver=http" 57 | # networks: 58 | # proxy_external: 59 | # external: true 60 | # name: proxy_external 61 | 62 | ### END SINGLE_DAEMON_BLOCK ### 63 | 64 | 65 | ### BEGIN SWARM_BLOCK ### 66 | 67 | ### If you run on Docker Swarm uncomment the following lines ### 68 | # networks: 69 | # - default 70 | # - proxy_external 71 | # labels: 72 | # - "traefik.enable=true" 73 | # deploy: 74 | # labels: 75 | # - "traefik.enable=true" 76 | # - "traefik.docker.network=proxy_external" 77 | # - "traefik.tags=proxy_external" 78 | # ### Services 79 | # ## API 80 | # - "traefik.http.services.pritunl-api.loadbalancer.server.port=8080" 81 | # ### Routers 82 | # - "traefik.http.routers.pritunl-api.entrypoints=https" 83 | # - "traefik.http.routers.pritunl-api.rule=Host(`mypritunlfakeapi.example.com`)" 84 | # - "traefik.http.routers.pritunl-api.service=pritunl-api" 85 | # - "traefik.http.routers.pritunl-api.tls=true" 86 | # - "traefik.http.routers.pritunl-api.tls.certresolver=http" 87 | # networks: 88 | # proxy_external: 89 | # external: true 90 | # name: proxy_external 91 | 92 | ### END SWARM_BLOCK ### 93 | 94 | 95 | 96 | ### END TRAEFIK BLOCK ### 97 | ################################################################# 98 | -------------------------------------------------------------------------------- /server/setup.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import os 3 | import glob 4 | import time 5 | import base64 6 | import argparse 7 | 8 | originalApiServer = 'app.pritunl.com' 9 | originalAuthServer = 'auth.pritunl.com' 10 | defaultApiServer = 'pritunl-api.simonmicro.de' 11 | searchIn = [*glob.glob('/usr/lib/python3*'), '/usr/lib/pritunl/', '/usr/share/pritunl/www/', '/usr/lib/pritunl/', '/usr/share/pritunl/www/'] 12 | 13 | print(" ____ _ _ _ _____ _ _ ____ ___ ") 14 | print(" | _ \ _ __(_) |_ _ _ _ __ | | | ___|_ _| | _____ / \ | _ \_ _|") 15 | print(" | |_) | '__| | __| | | | '_ \| | | |_ / _` | |/ / _ \ / _ \ | |_) | | ") 16 | print(" | __/| | | | |_| |_| | | | | | | _| (_| | < __/ / ___ \| __/| | ") 17 | print(" |_| |_| |_|\__|\__,_|_| |_|_| |_| \__,_|_|\_\___| /_/ \_\_| |___|") 18 | print(" ") 19 | 20 | sel = None 21 | interactive = True 22 | parser = argparse.ArgumentParser() 23 | parser.add_argument('--install', type=str, default='DEFAULT', nargs='?', help='Do not ask and install new API endpoint.') 24 | parser.add_argument('--reset', type=str, default='DEFAULT', nargs='?', help='Do not ask and remove new API endpoint.') 25 | parser.add_argument('--api-server', type=str, default=defaultApiServer, help='Set new API server.') 26 | args = parser.parse_args() 27 | 28 | newApiServer = args.api_server if args.api_server.strip() != '' else defaultApiServer 29 | if args.install != 'DEFAULT': 30 | interactive = False 31 | newApiServer = args.install if args.install is not None else newApiServer 32 | sel = 'I' 33 | if args.reset != 'DEFAULT': 34 | interactive = False 35 | newApiServer = args.reset if args.reset is not None else newApiServer 36 | sel = 'R' 37 | 38 | if interactive: 39 | while sel not in ['I', 'R', 'B', 'Q']: 40 | sel = input('[I]nstall, [R]eset, [B]uy Pritunl, [Q]uit? ').upper() 41 | print() 42 | 43 | def doTheReplace(fromApiStr, toApiStr, fromAuthStr, toAuthStr): 44 | print(f'Okay. We will change "{fromApiStr}" to "{toApiStr}" and "{fromAuthStr}" to "{toAuthStr}" now...') 45 | numFiles = 0 46 | for i in range(len(searchIn)): 47 | print(f'[{i+1}/{len(searchIn)}] Replacing in {searchIn[i]}...') 48 | for p, d, f in os.walk(searchIn[i]): 49 | for ff in f: 50 | try: 51 | fh = open(os.path.join(p, ff), 'r') 52 | lines = fh.read() 53 | fh.close() 54 | newLines = lines.replace(fromApiStr, toApiStr) 55 | newLines = newLines.replace(fromAuthStr, toAuthStr) 56 | # Special case for changes from c1772d9b3268f91de409ad552e3d4d54d5ae1125 57 | newLines = newLines.replace(base64.b64encode(f'https://{fromApiStr}/subscription'.encode()).decode(), base64.b64encode(f'https://{toApiStr}/subscription'.encode()).decode()) 58 | if newLines != lines: 59 | numFiles += 1 60 | fh = open(os.path.join(p, ff), 'w') 61 | fh.writelines(newLines) 62 | fh.close() 63 | except UnicodeDecodeError: 64 | # Brrr - binary files... 65 | pass 66 | print(f'Modified {numFiles} files in {len(searchIn)} paths.') 67 | 68 | if sel == 'I': 69 | if interactive: 70 | print(f'By default, the Pritunl API endpoint is hosted at "{originalApiServer}".') 71 | print(f'In case you want to use your own instance, you also have to support HTTPS!') 72 | print(f'Note, that the SSO implementation of Pritunl is hosted at their servers (closed source) and will just be "disabled".') 73 | ownApiServer = input(f'Please enter the new API endpoint [{newApiServer}]: ') 74 | if ownApiServer == '': 75 | ownApiServer = newApiServer 76 | else: 77 | ownApiServer = newApiServer 78 | doTheReplace(originalApiServer, ownApiServer, originalAuthServer, ownApiServer + '/auth/') 79 | print('Please make sure to restart the Pritunl daemon now and please support the developer.') 80 | elif sel == 'R': 81 | if interactive: 82 | print(f'To properly revert any changes to your Pritunl server, this script must exactly know what (custom) API endpoint you have choosen.') 83 | ownApiServer = input(f'Please enter the current API endpoint [{newApiServer}]: ') 84 | if ownApiServer == '': 85 | ownApiServer = newApiServer 86 | print('Make sure to REMOVE ANY FAKED SUBSCRIPTION KEY (by not entering an other command - just remove them). You have now 30 seconds time to hit CTRL+C and do this.') 87 | time.sleep(30) 88 | else: 89 | ownApiServer = newApiServer 90 | doTheReplace(ownApiServer, originalApiServer, ownApiServer + '/auth/', originalAuthServer) 91 | print('Please make sure to restart the Pritunl daemon now.') 92 | elif sel == 'B': 93 | print('Sure thing, buddy... Why did you try to use this?') 94 | print('Visit https://pritunl.com/ for you own license!') 95 | try: 96 | import webbrowser 97 | webbrowser.open('https://pritunl.com/') 98 | print('Let me help you...') 99 | except: 100 | pass 101 | elif sel == 'Q': 102 | print('Bye!') 103 | -------------------------------------------------------------------------------- /www/index.php: -------------------------------------------------------------------------------- 1 | version) ? $body->version : null; 21 | 22 | // Fake API 23 | $result = null; 24 | if (version_compare(PHP_VERSION, '8.0.0', '<')) { 25 | $result = array('error_msg' => 'This API only supports PHP 8 or higher.'); 26 | $code = 500; 27 | } else if(isset($_GET['path'])) { 28 | $path = trim($_GET['path'], ' /'); 29 | $pathParts = explode('/', $path); 30 | if(count($pathParts) > 0 && $pathParts[0] == 'healthz') { 31 | $result = 'OK'; 32 | } else if(count($pathParts) > 0 && $pathParts[0] == 'notification') { 33 | // Any notification/[version] will be answered here 34 | $msg = 'Fake API endpoint for v' . $minVersionName . ' active and reachable (contacted at ' . date('r') . ').'; 35 | if(intval($pathParts[1]) < $minVersionNumber) { 36 | $msg .= ' Please update your Pritunl instance to a newer version as this endpoint may not compatible anymore.'; 37 | } 38 | $result = array( 39 | 'message' => $msg, 40 | 'vpn' => false, // idk 41 | 'www' => false // idk 42 | ); 43 | } else if(count($pathParts) > 0 && $pathParts[0] == 'auth') { 44 | $result = array('error_msg' => 'Sorry, but SSO is currently not supported.'); 45 | $code = 401; // Let Pritunl fail, without 500 codes (it will show 405) 46 | } else if(count($pathParts) > 0 && $pathParts[0] == 'ykwyhd') { 47 | // The "you-know-what-you-have-done" endpoint -> used as dummy url target 48 | $result = array('detail' => 'You know what you have done.'); 49 | } else if(!$minVersionIgnored && $clientVersion != null && $clientVersion < $minVersionNumber) { 50 | // Check if the instance is too old for us (for now following operators) 51 | $result = array('error_msg' => 'This API supports v' . $minVersionName . ' (' . $minVersionNumber . ') or higher.'); 52 | $code = 473; 53 | } else if(count($pathParts) > 0 && $pathParts[0] == 'subscription') { 54 | // The following only works with the body containing the desired license 55 | if(isset($body->license)) { 56 | $license = null; 57 | $user = md5(base64_encode($body->license)); 58 | $url_key = substr($user, 0, 8); 59 | $input = strtolower($body->license); 60 | 61 | // The stylesheet determines what is shown on the dashboard (and by the plan). 62 | $stylesheet = ''; 63 | if(str_contains($input, 'premium')) { 64 | $license = 'premium'; 65 | $stylesheet = file_get_contents('premium.css'); 66 | // No need to install the user license "id" into CSS class, as that file only contains custom patches 67 | } else if(str_contains($input, 'enterprise')) { 68 | $license = 'enterprise'; 69 | $stylesheet = file_get_contents('enterprise.css'); 70 | $stylesheet = preg_replace('/(\.enterprise)([\.\ ])/', '$1-'.$url_key.'$2', $stylesheet); // Install user license "id" into CSS class 71 | } else if(str_contains($input, 'ultimate')) { 72 | $license = 'enterprise_plus'; 73 | $stylesheet = file_get_contents('enterprise_plus.css'); 74 | $stylesheet = preg_replace('/(\.enterprise-plus)([\.\ ])/', '$1-'.$url_key.'$2', $stylesheet); // Install user license "id" into CSS class 75 | } 76 | $stylesheet .= "\n/* custom.css */\n"; 77 | $stylesheet .= str_replace('BACKGROUND_IMAGE_URI', "https://" . $_SERVER['HTTP_HOST'] . "/logo.png", file_get_contents('custom.css')); 78 | $stylesheet .= "\n/* Generated for $license license */"; 79 | 80 | $state = null; 81 | if($license) { // The following only makes sense if you selected any license 82 | if(str_starts_with($input, 'bad')) { 83 | $state = 'Bad'; 84 | } else if(str_starts_with($input, 'canceled')) { 85 | $state = 'canceled'; 86 | } else if(str_starts_with($input, 'active')) { 87 | $state = 'Active'; 88 | } 89 | } 90 | 91 | if($state == 'Active') { 92 | $result = array( 93 | 'active' => true, // if the sub is not active, the css won't use the LICENSE-subscription_id pattern 94 | 'status' => $state, 95 | 'plan' => $license, 96 | 'url_key' => $user, 97 | 'quantity' => 42, 98 | 'amount' => $licenseCosts, 99 | 'credit' => 42, 100 | 'period_end' => false, 101 | 'trial_end' => false, 102 | 'cancel_at_period_end' => false, 103 | 'premium_buy_url' => 'https://' . $_SERVER['HTTP_HOST'] . '/ykwyhd/', 104 | 'enterprise_buy_url' => 'https://' . $_SERVER['HTTP_HOST'] . '/ykwyhd/', 105 | 'portal_url' => 'https://' . $_SERVER['HTTP_HOST'] . '/ykwyhd/', 106 | 'styles' => array( 107 | 'etag' => null, // the resource is NOT encrypted 108 | 'last_modified' => time(), 109 | 'data' => $stylesheet 110 | ) 111 | ); 112 | } else if($state == 'Canceled') { 113 | $result = array( 114 | 'active' => false, // Here we can savely disable any style 115 | 'status' => $state, 116 | 'plan' => $license, 117 | 'quantity' => 42, 118 | 'amount' => 42, 119 | 'period_end' => false, 120 | 'trial_end' => false, 121 | 'cancel_at_period_end' => false, 122 | 'styles' => array( 123 | 'etag' => null, 124 | 'last_modified' => null, 125 | 'data' => null 126 | ) 127 | ); 128 | } else if($state == 'Bad' || $state == null) { 129 | $code = 470; // -> bad license 130 | // Do not mention "canceled" in "error_msg", as it is somewhat useless (same as bad)... 131 | $result = array( 132 | 'error' => 'license_invalid', 133 | 'error_msg' => $state == null ? 'Unknown command. Use ["bad" | "active"] ["premium" | "enterprise" | "ultimate"].' : 'As you wish.', 134 | 'active' => false, 135 | 'status' => null, 136 | 'plan' => null, 137 | 'quantity' => null, 138 | 'amount' => null, 139 | 'period_end' => null, 140 | 'trial_end' => null, 141 | 'cancel_at_period_end' => null, 142 | 'styles' => array( 143 | 'etag' => null, 144 | 'last_modified' => null, 145 | 'data' => null 146 | ) 147 | ); 148 | } 149 | } else { 150 | $result = array('error_msg' => 'Missing license in body.'); 151 | $code = 401; 152 | } 153 | } else if(count($pathParts) > 0 && $pathParts[0] == 'checkout') { 154 | $result = array( 155 | 'zipCode' => false, 156 | 'allowRememberMe' => false, 157 | 'image' => 'https://' . $_SERVER['HTTP_HOST'] . '/logo.png', 158 | 'key' => null, // Insert here a key to unlock the stripe store (is a string). And buy the subscription... 159 | 'plans' => array( 160 | 'premium' => array( 161 | 'amount' => $licenseCosts 162 | ), 163 | 'enterprise' => array( 164 | 'amount' => $licenseCosts 165 | ), 166 | 'enterprise_plus' => array( 167 | 'amount' => $licenseCosts 168 | ) 169 | ) 170 | ); 171 | } 172 | } 173 | 174 | header('Content-Type: application/json'); 175 | http_response_code($code); 176 | echo json_encode($result); 177 | 178 | // Should we log any request? Used for the development and debugging of this API 179 | if(false) { 180 | // Log request 181 | file_put_contents('access.log', "\n" . date('r') . ":\n" . json_encode(array('head' => getallheaders(), 'body' => file_get_contents('php://input'), 'get' => $_GET, 'post' => $_POST, 'answer_code' => $code, 'answer' => $result)) . "\n", FILE_APPEND); 182 | 183 | // GET operator to clear log file 184 | if(isset($_GET['clear'])) 185 | file_put_contents('access.log', ''); 186 | } 187 | ?> 188 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | ### GNU AFFERO GENERAL PUBLIC LICENSE 2 | 3 | Version 3, 19 November 2007 4 | 5 | Copyright (C) 2007 Free Software Foundation, Inc. 6 | 7 | 8 | Everyone is permitted to copy and distribute verbatim copies of this 9 | license document, but changing it is not allowed. 10 | 11 | ### Preamble 12 | 13 | The GNU Affero General Public License is a free, copyleft license for 14 | software and other kinds of works, specifically designed to ensure 15 | cooperation with the community in the case of network server software. 16 | 17 | The licenses for most software and other practical works are designed 18 | to take away your freedom to share and change the works. By contrast, 19 | our General Public Licenses are intended to guarantee your freedom to 20 | share and change all versions of a program--to make sure it remains 21 | free software for all its users. 22 | 23 | When we speak of free software, we are referring to freedom, not 24 | price. Our General Public Licenses are designed to make sure that you 25 | have the freedom to distribute copies of free software (and charge for 26 | them if you wish), that you receive source code or can get it if you 27 | want it, that you can change the software or use pieces of it in new 28 | free programs, and that you know you can do these things. 29 | 30 | Developers that use our General Public Licenses protect your rights 31 | with two steps: (1) assert copyright on the software, and (2) offer 32 | you this License which gives you legal permission to copy, distribute 33 | and/or modify the software. 34 | 35 | A secondary benefit of defending all users' freedom is that 36 | improvements made in alternate versions of the program, if they 37 | receive widespread use, become available for other developers to 38 | incorporate. Many developers of free software are heartened and 39 | encouraged by the resulting cooperation. However, in the case of 40 | software used on network servers, this result may fail to come about. 41 | The GNU General Public License permits making a modified version and 42 | letting the public access it on a server without ever releasing its 43 | source code to the public. 44 | 45 | The GNU Affero General Public License is designed specifically to 46 | ensure that, in such cases, the modified source code becomes available 47 | to the community. It requires the operator of a network server to 48 | provide the source code of the modified version running there to the 49 | users of that server. Therefore, public use of a modified version, on 50 | a publicly accessible server, gives the public access to the source 51 | code of the modified version. 52 | 53 | An older license, called the Affero General Public License and 54 | published by Affero, was designed to accomplish similar goals. This is 55 | a different license, not a version of the Affero GPL, but Affero has 56 | released a new version of the Affero GPL which permits relicensing 57 | under this license. 58 | 59 | The precise terms and conditions for copying, distribution and 60 | modification follow. 61 | 62 | ### TERMS AND CONDITIONS 63 | 64 | #### 0. Definitions. 65 | 66 | "This License" refers to version 3 of the GNU Affero General Public 67 | License. 68 | 69 | "Copyright" also means copyright-like laws that apply to other kinds 70 | of works, such as semiconductor masks. 71 | 72 | "The Program" refers to any copyrightable work licensed under this 73 | License. Each licensee is addressed as "you". "Licensees" and 74 | "recipients" may be individuals or organizations. 75 | 76 | To "modify" a work means to copy from or adapt all or part of the work 77 | in a fashion requiring copyright permission, other than the making of 78 | an exact copy. The resulting work is called a "modified version" of 79 | the earlier work or a work "based on" the earlier work. 80 | 81 | A "covered work" means either the unmodified Program or a work based 82 | on the Program. 83 | 84 | To "propagate" a work means to do anything with it that, without 85 | permission, would make you directly or secondarily liable for 86 | infringement under applicable copyright law, except executing it on a 87 | computer or modifying a private copy. Propagation includes copying, 88 | distribution (with or without modification), making available to the 89 | public, and in some countries other activities as well. 90 | 91 | To "convey" a work means any kind of propagation that enables other 92 | parties to make or receive copies. Mere interaction with a user 93 | through a computer network, with no transfer of a copy, is not 94 | conveying. 95 | 96 | An interactive user interface displays "Appropriate Legal Notices" to 97 | the extent that it includes a convenient and prominently visible 98 | feature that (1) displays an appropriate copyright notice, and (2) 99 | tells the user that there is no warranty for the work (except to the 100 | extent that warranties are provided), that licensees may convey the 101 | work under this License, and how to view a copy of this License. If 102 | the interface presents a list of user commands or options, such as a 103 | menu, a prominent item in the list meets this criterion. 104 | 105 | #### 1. Source Code. 106 | 107 | The "source code" for a work means the preferred form of the work for 108 | making modifications to it. "Object code" means any non-source form of 109 | a work. 110 | 111 | A "Standard Interface" means an interface that either is an official 112 | standard defined by a recognized standards body, or, in the case of 113 | interfaces specified for a particular programming language, one that 114 | is widely used among developers working in that language. 115 | 116 | The "System Libraries" of an executable work include anything, other 117 | than the work as a whole, that (a) is included in the normal form of 118 | packaging a Major Component, but which is not part of that Major 119 | Component, and (b) serves only to enable use of the work with that 120 | Major Component, or to implement a Standard Interface for which an 121 | implementation is available to the public in source code form. A 122 | "Major Component", in this context, means a major essential component 123 | (kernel, window system, and so on) of the specific operating system 124 | (if any) on which the executable work runs, or a compiler used to 125 | produce the work, or an object code interpreter used to run it. 126 | 127 | The "Corresponding Source" for a work in object code form means all 128 | the source code needed to generate, install, and (for an executable 129 | work) run the object code and to modify the work, including scripts to 130 | control those activities. However, it does not include the work's 131 | System Libraries, or general-purpose tools or generally available free 132 | programs which are used unmodified in performing those activities but 133 | which are not part of the work. For example, Corresponding Source 134 | includes interface definition files associated with source files for 135 | the work, and the source code for shared libraries and dynamically 136 | linked subprograms that the work is specifically designed to require, 137 | such as by intimate data communication or control flow between those 138 | subprograms and other parts of the work. 139 | 140 | The Corresponding Source need not include anything that users can 141 | regenerate automatically from other parts of the Corresponding Source. 142 | 143 | The Corresponding Source for a work in source code form is that same 144 | work. 145 | 146 | #### 2. Basic Permissions. 147 | 148 | All rights granted under this License are granted for the term of 149 | copyright on the Program, and are irrevocable provided the stated 150 | conditions are met. This License explicitly affirms your unlimited 151 | permission to run the unmodified Program. The output from running a 152 | covered work is covered by this License only if the output, given its 153 | content, constitutes a covered work. This License acknowledges your 154 | rights of fair use or other equivalent, as provided by copyright law. 155 | 156 | You may make, run and propagate covered works that you do not convey, 157 | without conditions so long as your license otherwise remains in force. 158 | You may convey covered works to others for the sole purpose of having 159 | them make modifications exclusively for you, or provide you with 160 | facilities for running those works, provided that you comply with the 161 | terms of this License in conveying all material for which you do not 162 | control copyright. Those thus making or running the covered works for 163 | you must do so exclusively on your behalf, under your direction and 164 | control, on terms that prohibit them from making any copies of your 165 | copyrighted material outside their relationship with you. 166 | 167 | Conveying under any other circumstances is permitted solely under the 168 | conditions stated below. Sublicensing is not allowed; section 10 makes 169 | it unnecessary. 170 | 171 | #### 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 172 | 173 | No covered work shall be deemed part of an effective technological 174 | measure under any applicable law fulfilling obligations under article 175 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 176 | similar laws prohibiting or restricting circumvention of such 177 | measures. 178 | 179 | When you convey a covered work, you waive any legal power to forbid 180 | circumvention of technological measures to the extent such 181 | circumvention is effected by exercising rights under this License with 182 | respect to the covered work, and you disclaim any intention to limit 183 | operation or modification of the work as a means of enforcing, against 184 | the work's users, your or third parties' legal rights to forbid 185 | circumvention of technological measures. 186 | 187 | #### 4. Conveying Verbatim Copies. 188 | 189 | You may convey verbatim copies of the Program's source code as you 190 | receive it, in any medium, provided that you conspicuously and 191 | appropriately publish on each copy an appropriate copyright notice; 192 | keep intact all notices stating that this License and any 193 | non-permissive terms added in accord with section 7 apply to the code; 194 | keep intact all notices of the absence of any warranty; and give all 195 | recipients a copy of this License along with the Program. 196 | 197 | You may charge any price or no price for each copy that you convey, 198 | and you may offer support or warranty protection for a fee. 199 | 200 | #### 5. Conveying Modified Source Versions. 201 | 202 | You may convey a work based on the Program, or the modifications to 203 | produce it from the Program, in the form of source code under the 204 | terms of section 4, provided that you also meet all of these 205 | conditions: 206 | 207 | - a) The work must carry prominent notices stating that you modified 208 | it, and giving a relevant date. 209 | - b) The work must carry prominent notices stating that it is 210 | released under this License and any conditions added under 211 | section 7. This requirement modifies the requirement in section 4 212 | to "keep intact all notices". 213 | - c) You must license the entire work, as a whole, under this 214 | License to anyone who comes into possession of a copy. This 215 | License will therefore apply, along with any applicable section 7 216 | additional terms, to the whole of the work, and all its parts, 217 | regardless of how they are packaged. This License gives no 218 | permission to license the work in any other way, but it does not 219 | invalidate such permission if you have separately received it. 220 | - d) If the work has interactive user interfaces, each must display 221 | Appropriate Legal Notices; however, if the Program has interactive 222 | interfaces that do not display Appropriate Legal Notices, your 223 | work need not make them do so. 224 | 225 | A compilation of a covered work with other separate and independent 226 | works, which are not by their nature extensions of the covered work, 227 | and which are not combined with it such as to form a larger program, 228 | in or on a volume of a storage or distribution medium, is called an 229 | "aggregate" if the compilation and its resulting copyright are not 230 | used to limit the access or legal rights of the compilation's users 231 | beyond what the individual works permit. Inclusion of a covered work 232 | in an aggregate does not cause this License to apply to the other 233 | parts of the aggregate. 234 | 235 | #### 6. Conveying Non-Source Forms. 236 | 237 | You may convey a covered work in object code form under the terms of 238 | sections 4 and 5, provided that you also convey the machine-readable 239 | Corresponding Source under the terms of this License, in one of these 240 | ways: 241 | 242 | - a) Convey the object code in, or embodied in, a physical product 243 | (including a physical distribution medium), accompanied by the 244 | Corresponding Source fixed on a durable physical medium 245 | customarily used for software interchange. 246 | - b) Convey the object code in, or embodied in, a physical product 247 | (including a physical distribution medium), accompanied by a 248 | written offer, valid for at least three years and valid for as 249 | long as you offer spare parts or customer support for that product 250 | model, to give anyone who possesses the object code either (1) a 251 | copy of the Corresponding Source for all the software in the 252 | product that is covered by this License, on a durable physical 253 | medium customarily used for software interchange, for a price no 254 | more than your reasonable cost of physically performing this 255 | conveying of source, or (2) access to copy the Corresponding 256 | Source from a network server at no charge. 257 | - c) Convey individual copies of the object code with a copy of the 258 | written offer to provide the Corresponding Source. This 259 | alternative is allowed only occasionally and noncommercially, and 260 | only if you received the object code with such an offer, in accord 261 | with subsection 6b. 262 | - d) Convey the object code by offering access from a designated 263 | place (gratis or for a charge), and offer equivalent access to the 264 | Corresponding Source in the same way through the same place at no 265 | further charge. You need not require recipients to copy the 266 | Corresponding Source along with the object code. If the place to 267 | copy the object code is a network server, the Corresponding Source 268 | may be on a different server (operated by you or a third party) 269 | that supports equivalent copying facilities, provided you maintain 270 | clear directions next to the object code saying where to find the 271 | Corresponding Source. Regardless of what server hosts the 272 | Corresponding Source, you remain obligated to ensure that it is 273 | available for as long as needed to satisfy these requirements. 274 | - e) Convey the object code using peer-to-peer transmission, 275 | provided you inform other peers where the object code and 276 | Corresponding Source of the work are being offered to the general 277 | public at no charge under subsection 6d. 278 | 279 | A separable portion of the object code, whose source code is excluded 280 | from the Corresponding Source as a System Library, need not be 281 | included in conveying the object code work. 282 | 283 | A "User Product" is either (1) a "consumer product", which means any 284 | tangible personal property which is normally used for personal, 285 | family, or household purposes, or (2) anything designed or sold for 286 | incorporation into a dwelling. In determining whether a product is a 287 | consumer product, doubtful cases shall be resolved in favor of 288 | coverage. For a particular product received by a particular user, 289 | "normally used" refers to a typical or common use of that class of 290 | product, regardless of the status of the particular user or of the way 291 | in which the particular user actually uses, or expects or is expected 292 | to use, the product. A product is a consumer product regardless of 293 | whether the product has substantial commercial, industrial or 294 | non-consumer uses, unless such uses represent the only significant 295 | mode of use of the product. 296 | 297 | "Installation Information" for a User Product means any methods, 298 | procedures, authorization keys, or other information required to 299 | install and execute modified versions of a covered work in that User 300 | Product from a modified version of its Corresponding Source. The 301 | information must suffice to ensure that the continued functioning of 302 | the modified object code is in no case prevented or interfered with 303 | solely because modification has been made. 304 | 305 | If you convey an object code work under this section in, or with, or 306 | specifically for use in, a User Product, and the conveying occurs as 307 | part of a transaction in which the right of possession and use of the 308 | User Product is transferred to the recipient in perpetuity or for a 309 | fixed term (regardless of how the transaction is characterized), the 310 | Corresponding Source conveyed under this section must be accompanied 311 | by the Installation Information. But this requirement does not apply 312 | if neither you nor any third party retains the ability to install 313 | modified object code on the User Product (for example, the work has 314 | been installed in ROM). 315 | 316 | The requirement to provide Installation Information does not include a 317 | requirement to continue to provide support service, warranty, or 318 | updates for a work that has been modified or installed by the 319 | recipient, or for the User Product in which it has been modified or 320 | installed. Access to a network may be denied when the modification 321 | itself materially and adversely affects the operation of the network 322 | or violates the rules and protocols for communication across the 323 | network. 324 | 325 | Corresponding Source conveyed, and Installation Information provided, 326 | in accord with this section must be in a format that is publicly 327 | documented (and with an implementation available to the public in 328 | source code form), and must require no special password or key for 329 | unpacking, reading or copying. 330 | 331 | #### 7. Additional Terms. 332 | 333 | "Additional permissions" are terms that supplement the terms of this 334 | License by making exceptions from one or more of its conditions. 335 | Additional permissions that are applicable to the entire Program shall 336 | be treated as though they were included in this License, to the extent 337 | that they are valid under applicable law. If additional permissions 338 | apply only to part of the Program, that part may be used separately 339 | under those permissions, but the entire Program remains governed by 340 | this License without regard to the additional permissions. 341 | 342 | When you convey a copy of a covered work, you may at your option 343 | remove any additional permissions from that copy, or from any part of 344 | it. (Additional permissions may be written to require their own 345 | removal in certain cases when you modify the work.) You may place 346 | additional permissions on material, added by you to a covered work, 347 | for which you have or can give appropriate copyright permission. 348 | 349 | Notwithstanding any other provision of this License, for material you 350 | add to a covered work, you may (if authorized by the copyright holders 351 | of that material) supplement the terms of this License with terms: 352 | 353 | - a) Disclaiming warranty or limiting liability differently from the 354 | terms of sections 15 and 16 of this License; or 355 | - b) Requiring preservation of specified reasonable legal notices or 356 | author attributions in that material or in the Appropriate Legal 357 | Notices displayed by works containing it; or 358 | - c) Prohibiting misrepresentation of the origin of that material, 359 | or requiring that modified versions of such material be marked in 360 | reasonable ways as different from the original version; or 361 | - d) Limiting the use for publicity purposes of names of licensors 362 | or authors of the material; or 363 | - e) Declining to grant rights under trademark law for use of some 364 | trade names, trademarks, or service marks; or 365 | - f) Requiring indemnification of licensors and authors of that 366 | material by anyone who conveys the material (or modified versions 367 | of it) with contractual assumptions of liability to the recipient, 368 | for any liability that these contractual assumptions directly 369 | impose on those licensors and authors. 370 | 371 | All other non-permissive additional terms are considered "further 372 | restrictions" within the meaning of section 10. If the Program as you 373 | received it, or any part of it, contains a notice stating that it is 374 | governed by this License along with a term that is a further 375 | restriction, you may remove that term. If a license document contains 376 | a further restriction but permits relicensing or conveying under this 377 | License, you may add to a covered work material governed by the terms 378 | of that license document, provided that the further restriction does 379 | not survive such relicensing or conveying. 380 | 381 | If you add terms to a covered work in accord with this section, you 382 | must place, in the relevant source files, a statement of the 383 | additional terms that apply to those files, or a notice indicating 384 | where to find the applicable terms. 385 | 386 | Additional terms, permissive or non-permissive, may be stated in the 387 | form of a separately written license, or stated as exceptions; the 388 | above requirements apply either way. 389 | 390 | #### 8. Termination. 391 | 392 | You may not propagate or modify a covered work except as expressly 393 | provided under this License. Any attempt otherwise to propagate or 394 | modify it is void, and will automatically terminate your rights under 395 | this License (including any patent licenses granted under the third 396 | paragraph of section 11). 397 | 398 | However, if you cease all violation of this License, then your license 399 | from a particular copyright holder is reinstated (a) provisionally, 400 | unless and until the copyright holder explicitly and finally 401 | terminates your license, and (b) permanently, if the copyright holder 402 | fails to notify you of the violation by some reasonable means prior to 403 | 60 days after the cessation. 404 | 405 | Moreover, your license from a particular copyright holder is 406 | reinstated permanently if the copyright holder notifies you of the 407 | violation by some reasonable means, this is the first time you have 408 | received notice of violation of this License (for any work) from that 409 | copyright holder, and you cure the violation prior to 30 days after 410 | your receipt of the notice. 411 | 412 | Termination of your rights under this section does not terminate the 413 | licenses of parties who have received copies or rights from you under 414 | this License. If your rights have been terminated and not permanently 415 | reinstated, you do not qualify to receive new licenses for the same 416 | material under section 10. 417 | 418 | #### 9. Acceptance Not Required for Having Copies. 419 | 420 | You are not required to accept this License in order to receive or run 421 | a copy of the Program. Ancillary propagation of a covered work 422 | occurring solely as a consequence of using peer-to-peer transmission 423 | to receive a copy likewise does not require acceptance. However, 424 | nothing other than this License grants you permission to propagate or 425 | modify any covered work. These actions infringe copyright if you do 426 | not accept this License. Therefore, by modifying or propagating a 427 | covered work, you indicate your acceptance of this License to do so. 428 | 429 | #### 10. Automatic Licensing of Downstream Recipients. 430 | 431 | Each time you convey a covered work, the recipient automatically 432 | receives a license from the original licensors, to run, modify and 433 | propagate that work, subject to this License. You are not responsible 434 | for enforcing compliance by third parties with this License. 435 | 436 | An "entity transaction" is a transaction transferring control of an 437 | organization, or substantially all assets of one, or subdividing an 438 | organization, or merging organizations. If propagation of a covered 439 | work results from an entity transaction, each party to that 440 | transaction who receives a copy of the work also receives whatever 441 | licenses to the work the party's predecessor in interest had or could 442 | give under the previous paragraph, plus a right to possession of the 443 | Corresponding Source of the work from the predecessor in interest, if 444 | the predecessor has it or can get it with reasonable efforts. 445 | 446 | You may not impose any further restrictions on the exercise of the 447 | rights granted or affirmed under this License. For example, you may 448 | not impose a license fee, royalty, or other charge for exercise of 449 | rights granted under this License, and you may not initiate litigation 450 | (including a cross-claim or counterclaim in a lawsuit) alleging that 451 | any patent claim is infringed by making, using, selling, offering for 452 | sale, or importing the Program or any portion of it. 453 | 454 | #### 11. Patents. 455 | 456 | A "contributor" is a copyright holder who authorizes use under this 457 | License of the Program or a work on which the Program is based. The 458 | work thus licensed is called the contributor's "contributor version". 459 | 460 | A contributor's "essential patent claims" are all patent claims owned 461 | or controlled by the contributor, whether already acquired or 462 | hereafter acquired, that would be infringed by some manner, permitted 463 | by this License, of making, using, or selling its contributor version, 464 | but do not include claims that would be infringed only as a 465 | consequence of further modification of the contributor version. For 466 | purposes of this definition, "control" includes the right to grant 467 | patent sublicenses in a manner consistent with the requirements of 468 | this License. 469 | 470 | Each contributor grants you a non-exclusive, worldwide, royalty-free 471 | patent license under the contributor's essential patent claims, to 472 | make, use, sell, offer for sale, import and otherwise run, modify and 473 | propagate the contents of its contributor version. 474 | 475 | In the following three paragraphs, a "patent license" is any express 476 | agreement or commitment, however denominated, not to enforce a patent 477 | (such as an express permission to practice a patent or covenant not to 478 | sue for patent infringement). To "grant" such a patent license to a 479 | party means to make such an agreement or commitment not to enforce a 480 | patent against the party. 481 | 482 | If you convey a covered work, knowingly relying on a patent license, 483 | and the Corresponding Source of the work is not available for anyone 484 | to copy, free of charge and under the terms of this License, through a 485 | publicly available network server or other readily accessible means, 486 | then you must either (1) cause the Corresponding Source to be so 487 | available, or (2) arrange to deprive yourself of the benefit of the 488 | patent license for this particular work, or (3) arrange, in a manner 489 | consistent with the requirements of this License, to extend the patent 490 | license to downstream recipients. "Knowingly relying" means you have 491 | actual knowledge that, but for the patent license, your conveying the 492 | covered work in a country, or your recipient's use of the covered work 493 | in a country, would infringe one or more identifiable patents in that 494 | country that you have reason to believe are valid. 495 | 496 | If, pursuant to or in connection with a single transaction or 497 | arrangement, you convey, or propagate by procuring conveyance of, a 498 | covered work, and grant a patent license to some of the parties 499 | receiving the covered work authorizing them to use, propagate, modify 500 | or convey a specific copy of the covered work, then the patent license 501 | you grant is automatically extended to all recipients of the covered 502 | work and works based on it. 503 | 504 | A patent license is "discriminatory" if it does not include within the 505 | scope of its coverage, prohibits the exercise of, or is conditioned on 506 | the non-exercise of one or more of the rights that are specifically 507 | granted under this License. You may not convey a covered work if you 508 | are a party to an arrangement with a third party that is in the 509 | business of distributing software, under which you make payment to the 510 | third party based on the extent of your activity of conveying the 511 | work, and under which the third party grants, to any of the parties 512 | who would receive the covered work from you, a discriminatory patent 513 | license (a) in connection with copies of the covered work conveyed by 514 | you (or copies made from those copies), or (b) primarily for and in 515 | connection with specific products or compilations that contain the 516 | covered work, unless you entered into that arrangement, or that patent 517 | license was granted, prior to 28 March 2007. 518 | 519 | Nothing in this License shall be construed as excluding or limiting 520 | any implied license or other defenses to infringement that may 521 | otherwise be available to you under applicable patent law. 522 | 523 | #### 12. No Surrender of Others' Freedom. 524 | 525 | If conditions are imposed on you (whether by court order, agreement or 526 | otherwise) that contradict the conditions of this License, they do not 527 | excuse you from the conditions of this License. If you cannot convey a 528 | covered work so as to satisfy simultaneously your obligations under 529 | this License and any other pertinent obligations, then as a 530 | consequence you may not convey it at all. For example, if you agree to 531 | terms that obligate you to collect a royalty for further conveying 532 | from those to whom you convey the Program, the only way you could 533 | satisfy both those terms and this License would be to refrain entirely 534 | from conveying the Program. 535 | 536 | #### 13. Remote Network Interaction; Use with the GNU General Public License. 537 | 538 | Notwithstanding any other provision of this License, if you modify the 539 | Program, your modified version must prominently offer all users 540 | interacting with it remotely through a computer network (if your 541 | version supports such interaction) an opportunity to receive the 542 | Corresponding Source of your version by providing access to the 543 | Corresponding Source from a network server at no charge, through some 544 | standard or customary means of facilitating copying of software. This 545 | Corresponding Source shall include the Corresponding Source for any 546 | work covered by version 3 of the GNU General Public License that is 547 | incorporated pursuant to the following paragraph. 548 | 549 | Notwithstanding any other provision of this License, you have 550 | permission to link or combine any covered work with a work licensed 551 | under version 3 of the GNU General Public License into a single 552 | combined work, and to convey the resulting work. The terms of this 553 | License will continue to apply to the part which is the covered work, 554 | but the work with which it is combined will remain governed by version 555 | 3 of the GNU General Public License. 556 | 557 | #### 14. Revised Versions of this License. 558 | 559 | The Free Software Foundation may publish revised and/or new versions 560 | of the GNU Affero General Public License from time to time. Such new 561 | versions will be similar in spirit to the present version, but may 562 | differ in detail to address new problems or concerns. 563 | 564 | Each version is given a distinguishing version number. If the Program 565 | specifies that a certain numbered version of the GNU Affero General 566 | Public License "or any later version" applies to it, you have the 567 | option of following the terms and conditions either of that numbered 568 | version or of any later version published by the Free Software 569 | Foundation. If the Program does not specify a version number of the 570 | GNU Affero General Public License, you may choose any version ever 571 | published by the Free Software Foundation. 572 | 573 | If the Program specifies that a proxy can decide which future versions 574 | of the GNU Affero General Public License can be used, that proxy's 575 | public statement of acceptance of a version permanently authorizes you 576 | to choose that version for the Program. 577 | 578 | Later license versions may give you additional or different 579 | permissions. However, no additional obligations are imposed on any 580 | author or copyright holder as a result of your choosing to follow a 581 | later version. 582 | 583 | #### 15. Disclaimer of Warranty. 584 | 585 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 586 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 587 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT 588 | WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT 589 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 590 | A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND 591 | PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE 592 | DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR 593 | CORRECTION. 594 | 595 | #### 16. Limitation of Liability. 596 | 597 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 598 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR 599 | CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, 600 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES 601 | ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT 602 | NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR 603 | LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM 604 | TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER 605 | PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 606 | 607 | #### 17. Interpretation of Sections 15 and 16. 608 | 609 | If the disclaimer of warranty and limitation of liability provided 610 | above cannot be given local legal effect according to their terms, 611 | reviewing courts shall apply local law that most closely approximates 612 | an absolute waiver of all civil liability in connection with the 613 | Program, unless a warranty or assumption of liability accompanies a 614 | copy of the Program in return for a fee. 615 | 616 | END OF TERMS AND CONDITIONS 617 | 618 | ### How to Apply These Terms to Your New Programs 619 | 620 | If you develop a new program, and you want it to be of the greatest 621 | possible use to the public, the best way to achieve this is to make it 622 | free software which everyone can redistribute and change under these 623 | terms. 624 | 625 | To do so, attach the following notices to the program. It is safest to 626 | attach them to the start of each source file to most effectively state 627 | the exclusion of warranty; and each file should have at least the 628 | "copyright" line and a pointer to where the full notice is found. 629 | 630 | 631 | Copyright (C) 632 | 633 | This program is free software: you can redistribute it and/or modify 634 | it under the terms of the GNU Affero General Public License as 635 | published by the Free Software Foundation, either version 3 of the 636 | License, or (at your option) any later version. 637 | 638 | This program is distributed in the hope that it will be useful, 639 | but WITHOUT ANY WARRANTY; without even the implied warranty of 640 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 641 | GNU Affero General Public License for more details. 642 | 643 | You should have received a copy of the GNU Affero General Public License 644 | along with this program. If not, see . 645 | 646 | Also add information on how to contact you by electronic and paper 647 | mail. 648 | 649 | If your software can interact with users remotely through a computer 650 | network, you should also make sure that it provides a way for users to 651 | get its source. For example, if your program is a web application, its 652 | interface could display a "Source" link that leads users to an archive 653 | of the code. There are many ways you could offer source, and different 654 | solutions will be better for different programs; see section 13 for 655 | the specific requirements. 656 | 657 | You should also get your employer (if you work as a programmer) or 658 | school, if any, to sign a "copyright disclaimer" for the program, if 659 | necessary. For more information on this, and how to apply and follow 660 | the GNU AGPL, see . 661 | 662 | --------------------------------------------------------------------------------