feat(user): add admin user type

api/rpc.go

@@ -32,6 +32,7 @@ func (s *UserService) List(ctx context.Context, req *pb.UserListRequest) (*pb.Us
 			IPNet:              user.GetIPNet(),
 			NoGW:               user.IsNoGW(),
 			HostID:             user.GetHostID(),
+			IsAdmin:            user.IsAdmin(),
 		})
 	}
 
@@ -41,7 +42,7 @@ func (s *UserService) List(ctx context.Context, req *pb.UserListRequest) (*pb.Us
 func (s *UserService) Create(ctx context.Context, req *pb.UserCreateRequest) (*pb.UserResponse, error) {
 	logrus.Debugf("rpc call: user create: %s", req.Username)
 	var ut []*pb.UserResponse_User
-	user, err := ovpm.CreateNewUser(req.Username, req.Password, req.NoGW, req.HostID)
+	user, err := ovpm.CreateNewUser(req.Username, req.Password, req.NoGW, req.HostID, req.IsAdmin)
 	if err != nil {
 		return nil, err
 	}
@@ -51,6 +52,7 @@ func (s *UserService) Create(ctx context.Context, req *pb.UserCreateRequest) (*p
 		ServerSerialNumber: user.GetServerSerialNumber(),
 		NoGW:               user.IsNoGW(),
 		HostID:             user.GetHostID(),
+		IsAdmin:            user.IsAdmin(),
 	}
 	ut = append(ut, &pbUser)
 
@@ -76,7 +78,18 @@ func (s *UserService) Update(ctx context.Context, req *pb.UserUpdateRequest) (*p
 
 	}
 
-	err = user.Update(req.Password, noGW, req.HostID)
+	var admin bool
+
+	switch req.Adminpref {
+	case pb.UserUpdateRequest_ADMIN:
+		admin = true
+	case pb.UserUpdateRequest_NOADMIN:
+		admin = false
+	case pb.UserUpdateRequest_NOPREFADMIN:
+		admin = user.IsAdmin()
+	}
+
+	err = user.Update(req.Password, noGW, req.HostID, admin)
 	if err != nil {
 		return nil, err
 	}
@@ -85,6 +98,7 @@ func (s *UserService) Update(ctx context.Context, req *pb.UserUpdateRequest) (*p
 		ServerSerialNumber: user.GetServerSerialNumber(),
 		NoGW:               user.IsNoGW(),
 		HostID:             user.GetHostID(),
+		IsAdmin:            user.IsAdmin(),
 	}
 
 	ut = append(ut, &pbUser)
@@ -104,6 +118,7 @@ func (s *UserService) Delete(ctx context.Context, req *pb.UserDeleteRequest) (*p
 		Username:           user.GetUsername(),
 		ServerSerialNumber: user.GetServerSerialNumber(),
 		HostID:             user.GetHostID(),
+		IsAdmin:            user.IsAdmin(),
 	}
 	ut = append(ut, &pbUser)
 
@@ -127,6 +142,7 @@ func (s *UserService) Renew(ctx context.Context, req *pb.UserRenewRequest) (*pb.
 		Username:           user.GetUsername(),
 		ServerSerialNumber: user.GetServerSerialNumber(),
 		HostID:             user.GetHostID(),
+		IsAdmin:            user.IsAdmin(),
 	}
 	ut = append(ut, &pbUser)
 

bindata/bindata.go

@@ -167,7 +167,7 @@ func templateServerConfTmpl() (*asset, error) {
 		return nil, err
 	}
 
-	info := bindataFileInfo{name: "template/server.conf.tmpl", size: 9597, mode: os.FileMode(420), modTime: time.Unix(1504030791, 0)}
+	info := bindataFileInfo{name: "template/server.conf.tmpl", size: 9597, mode: os.FileMode(420), modTime: time.Unix(1504196445, 0)}
 	a := &asset{bytes: bytes, info: info}
 	return a, nil
 }

cmd/ovpm/user.go

@@ -46,7 +46,11 @@ var userListCommand = cli.Command{
 			if user.HostID != 0 {
 				static = "s"
 			}
-			data := []string{fmt.Sprintf("%v", i+1), user.Username, fmt.Sprintf("%s %s", user.IPNet, static), user.CreatedAt, fmt.Sprintf("%t", user.ServerSerialNumber == server.SerialNumber), fmt.Sprintf("%t", !user.NoGW)}
+			username := user.Username
+			if user.IsAdmin {
+				username = fmt.Sprintf("%s *", username)
+			}
+			data := []string{fmt.Sprintf("%v", i+1), username, fmt.Sprintf("%s %s", user.IPNet, static), user.CreatedAt, fmt.Sprintf("%t", user.ServerSerialNumber == server.SerialNumber), fmt.Sprintf("%t", !user.NoGW)}
 			table.Append(data)
 		}
 		table.Render()
@@ -76,6 +80,10 @@ var userCreateCommand = cli.Command{
 			Name:  "static",
 			Usage: "ip address for the vpn user",
 		},
+		cli.BoolFlag{
+			Name:  "admin, a",
+			Usage: "this user has admin rights",
+		},
 	},
 	Action: func(c *cli.Context) error {
 		action = "user:create"
@@ -83,6 +91,7 @@ var userCreateCommand = cli.Command{
 		password := c.String("password")
 		noGW := c.Bool("no-gw")
 		static := c.String("static")
+		admin := c.Bool("admin")
 
 		if username == "" || password == "" {
 			fmt.Println(cli.ShowSubcommandHelp(c))
@@ -112,7 +121,9 @@ var userCreateCommand = cli.Command{
 		defer conn.Close()
 		userSvc := pb.NewUserServiceClient(conn)
 
-		response, err := userSvc.Create(context.Background(), &pb.UserCreateRequest{Username: username, Password: password, NoGW: noGW, HostID: hostid})
+		response, err := userSvc.Create(context.Background(),
+			&pb.UserCreateRequest{Username: username, Password: password, NoGW: noGW, HostID: hostid, IsAdmin: admin},
+		)
 		if err != nil {
 			logrus.Errorf("user can not be created '%s': %v", username, err)
 			os.Exit(1)
@@ -152,6 +163,14 @@ var userUpdateCommand = cli.Command{
 			Name:  "no-static",
 			Usage: "do not set static ip address for the vpn user",
 		},
+		cli.BoolFlag{
+			Name:  "admin",
+			Usage: "this user has admin rights",
+		},
+		cli.BoolFlag{
+			Name:  "no-admin",
+			Usage: "this user has no admin rights",
+		},
 	},
 	Action: func(c *cli.Context) error {
 		action = "user:update"
@@ -161,6 +180,8 @@ var userUpdateCommand = cli.Command{
 		gw := c.Bool("gw")
 		static := c.String("static")
 		noStatic := c.Bool("no-static")
+		admin := c.Bool("admin")
+		noAdmin := c.Bool("no-admin")
 
 		if username == "" {
 			fmt.Println(cli.ShowSubcommandHelp(c))
@@ -168,7 +189,7 @@ var userUpdateCommand = cli.Command{
 		}
 
 		// Check wether if all flags are are empty.
-		if !(password != "" || gw || nogw || static != "" || noStatic) {
+		if !(password != "" || gw || nogw || static != "" || noStatic || admin || noAdmin) {
 			fmt.Println("nothing is updated!")
 			fmt.Println()
 			fmt.Println(cli.ShowSubcommandHelp(c))
@@ -218,6 +239,7 @@ var userUpdateCommand = cli.Command{
 			staticPref = pb.UserUpdateRequest_NOPREFSTATIC
 			hostid = 0
 		}
+
 		var gwPref pb.UserUpdateRequest_GWPref
 
 		switch {
@@ -236,6 +258,23 @@ var userUpdateCommand = cli.Command{
 
 		}
 
+		var adminPref pb.UserUpdateRequest_AdminPref
+
+		switch {
+		case admin && !noAdmin:
+			adminPref = pb.UserUpdateRequest_ADMIN
+		case !admin && noAdmin:
+			adminPref = pb.UserUpdateRequest_NOADMIN
+		case !admin && !noAdmin:
+			adminPref = pb.UserUpdateRequest_NOPREFADMIN
+		case admin && noAdmin:
+			// Ambigius.
+			fmt.Println("you can't use --admin together with --no-admin")
+			fmt.Println()
+			fmt.Println(cli.ShowSubcommandHelp(c))
+			os.Exit(1)
+		}
+
 		//conn := getConn(c.String("port"))
 		conn := getConn(c.GlobalString("daemon-port"))
 		defer conn.Close()
@@ -247,6 +286,7 @@ var userUpdateCommand = cli.Command{
 			Gwpref:     gwPref,
 			HostID:     hostid,
 			Staticpref: staticPref,
+			Adminpref:  adminPref,
 		})
 
 		if err != nil {

pb/user.pb.go

@@ -112,6 +112,32 @@ func (UserUpdateRequest_StaticPref) EnumDescriptor() ([]byte, []int) {
 	return fileDescriptor0, []int{2, 1}
 }
 
+type UserUpdateRequest_AdminPref int32
+
+const (
+	UserUpdateRequest_NOPREFADMIN UserUpdateRequest_AdminPref = 0
+	UserUpdateRequest_NOADMIN     UserUpdateRequest_AdminPref = 1
+	UserUpdateRequest_ADMIN       UserUpdateRequest_AdminPref = 2
+)
+
+var UserUpdateRequest_AdminPref_name = map[int32]string{
+	0: "NOPREFADMIN",
+	1: "NOADMIN",
+	2: "ADMIN",
+}
+var UserUpdateRequest_AdminPref_value = map[string]int32{
+	"NOPREFADMIN": 0,
+	"NOADMIN":     1,
+	"ADMIN":       2,
+}
+
+func (x UserUpdateRequest_AdminPref) String() string {
+	return proto.EnumName(UserUpdateRequest_AdminPref_name, int32(x))
+}
+func (UserUpdateRequest_AdminPref) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor0, []int{2, 2}
+}
+
 type UserListRequest struct {
 }
 
@@ -125,6 +151,7 @@ type UserCreateRequest struct {
 	Password string `protobuf:"bytes,2,opt,name=Password" json:"Password,omitempty"`
 	NoGW     bool   `protobuf:"varint,3,opt,name=NoGW" json:"NoGW,omitempty"`
 	HostID   uint32 `protobuf:"varint,4,opt,name=HostID" json:"HostID,omitempty"`
+	IsAdmin  bool   `protobuf:"varint,5,opt,name=IsAdmin" json:"IsAdmin,omitempty"`
 }
 
 func (m *UserCreateRequest) Reset()                    { *m = UserCreateRequest{} }
@@ -160,12 +187,20 @@ func (m *UserCreateRequest) GetHostID() uint32 {
 	return 0
 }
 
+func (m *UserCreateRequest) GetIsAdmin() bool {
+	if m != nil {
+		return m.IsAdmin
+	}
+	return false
+}
+
 type UserUpdateRequest struct {
 	Username   string                       `protobuf:"bytes,1,opt,name=Username" json:"Username,omitempty"`
 	Password   string                       `protobuf:"bytes,2,opt,name=Password" json:"Password,omitempty"`
 	Gwpref     UserUpdateRequest_GWPref     `protobuf:"varint,3,opt,name=gwpref,enum=pb.UserUpdateRequest_GWPref" json:"gwpref,omitempty"`
 	HostID     uint32                       `protobuf:"varint,4,opt,name=HostID" json:"HostID,omitempty"`
 	Staticpref UserUpdateRequest_StaticPref `protobuf:"varint,5,opt,name=staticpref,enum=pb.UserUpdateRequest_StaticPref" json:"staticpref,omitempty"`
+	Adminpref  UserUpdateRequest_AdminPref  `protobuf:"varint,6,opt,name=adminpref,enum=pb.UserUpdateRequest_AdminPref" json:"adminpref,omitempty"`
 }
 
 func (m *UserUpdateRequest) Reset()                    { *m = UserUpdateRequest{} }
@@ -208,6 +243,13 @@ func (m *UserUpdateRequest) GetStaticpref() UserUpdateRequest_StaticPref {
 	return UserUpdateRequest_NOPREFSTATIC
 }
 
+func (m *UserUpdateRequest) GetAdminpref() UserUpdateRequest_AdminPref {
+	if m != nil {
+		return m.Adminpref
+	}
+	return UserUpdateRequest_NOPREFADMIN
+}
+
 type UserDeleteRequest struct {
 	Username string `protobuf:"bytes,1,opt,name=Username" json:"Username,omitempty"`
 }
@@ -280,6 +322,7 @@ type UserResponse_User struct {
 	IPNet              string `protobuf:"bytes,5,opt,name=IPNet" json:"IPNet,omitempty"`
 	NoGW               bool   `protobuf:"varint,6,opt,name=NoGW" json:"NoGW,omitempty"`
 	HostID             uint32 `protobuf:"varint,7,opt,name=HostID" json:"HostID,omitempty"`
+	IsAdmin            bool   `protobuf:"varint,8,opt,name=IsAdmin" json:"IsAdmin,omitempty"`
 }
 
 func (m *UserResponse_User) Reset()                    { *m = UserResponse_User{} }
@@ -336,6 +379,13 @@ func (m *UserResponse_User) GetHostID() uint32 {
 	return 0
 }
 
+func (m *UserResponse_User) GetIsAdmin() bool {
+	if m != nil {
+		return m.IsAdmin
+	}
+	return false
+}
+
 type UserGenConfigResponse struct {
 	ClientConfig string `protobuf:"bytes,1,opt,name=ClientConfig" json:"ClientConfig,omitempty"`
 }
@@ -364,6 +414,7 @@ func init() {
 	proto.RegisterType((*UserGenConfigResponse)(nil), "pb.UserGenConfigResponse")
 	proto.RegisterEnum("pb.UserUpdateRequest_GWPref", UserUpdateRequest_GWPref_name, UserUpdateRequest_GWPref_value)
 	proto.RegisterEnum("pb.UserUpdateRequest_StaticPref", UserUpdateRequest_StaticPref_name, UserUpdateRequest_StaticPref_value)
+	proto.RegisterEnum("pb.UserUpdateRequest_AdminPref", UserUpdateRequest_AdminPref_name, UserUpdateRequest_AdminPref_value)
 }
 
 // Reference imports to suppress errors if they are not otherwise used.
@@ -606,45 +657,49 @@ var _UserService_serviceDesc = grpc.ServiceDesc{
 func init() { proto.RegisterFile("user.proto", fileDescriptor0) }
 
 var fileDescriptor0 = []byte{
-	// 628 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x94, 0xc1, 0x6e, 0xd3, 0x4c,
-	0x10, 0xc7, 0x6b, 0x37, 0xf1, 0x97, 0x4c, 0xd3, 0xd6, 0xdd, 0xa6, 0x1f, 0x6e, 0x54, 0xa4, 0x68,
-	0x0f, 0x28, 0x2a, 0x52, 0x22, 0x02, 0x07, 0x54, 0x2e, 0x54, 0x29, 0x98, 0x22, 0x70, 0x23, 0xa7,
-	0x55, 0x8e, 0xc8, 0x49, 0xa6, 0x91, 0xa5, 0xd4, 0x36, 0xbb, 0x9b, 0xe6, 0x8e, 0x78, 0x03, 0x9e,
-	0x87, 0x2b, 0x2f, 0xc0, 0x2b, 0xf0, 0x00, 0x3c, 0x02, 0xda, 0x5d, 0xc7, 0x6e, 0x8a, 0x41, 0x39,
-	0x70, 0x9b, 0x99, 0x9d, 0xf9, 0x8d, 0x77, 0xf6, 0x3f, 0x06, 0x98, 0x73, 0x64, 0xed, 0x84, 0xc5,
-	0x22, 0x26, 0x66, 0x32, 0x6a, 0x1c, 0x4d, 0xe3, 0x78, 0x3a, 0xc3, 0x4e, 0x90, 0x84, 0x9d, 0x20,
-	0x8a, 0x62, 0x11, 0x88, 0x30, 0x8e, 0xb8, 0xce, 0xa0, 0x7b, 0xb0, 0x7b, 0xc5, 0x91, 0xbd, 0x0b,
-	0xb9, 0xf0, 0xf1, 0xe3, 0x1c, 0xb9, 0xa0, 0x0b, 0xd8, 0x93, 0xa1, 0x1e, 0xc3, 0x40, 0x60, 0x1a,
-	0x24, 0x0d, 0xa8, 0xc8, 0x60, 0x14, 0xdc, 0xa0, 0x63, 0x34, 0x8d, 0x56, 0xd5, 0xcf, 0x7c, 0x79,
-	0xd6, 0x0f, 0x38, 0x5f, 0xc4, 0x6c, 0xe2, 0x98, 0xfa, 0x6c, 0xe9, 0x13, 0x02, 0x25, 0x2f, 0x76,
-	0x87, 0xce, 0x66, 0xd3, 0x68, 0x55, 0x7c, 0x65, 0x93, 0xff, 0xc1, 0x7a, 0x13, 0x73, 0x71, 0x7e,
-	0xe6, 0x94, 0x9a, 0x46, 0x6b, 0xdb, 0x4f, 0x3d, 0xfa, 0xd5, 0xd4, 0x9d, 0xaf, 0x92, 0xc9, 0x3f,
-	0xe8, 0xfc, 0x0c, 0xac, 0xe9, 0x22, 0x61, 0x78, 0xad, 0x7a, 0xef, 0x74, 0x8f, 0xda, 0xc9, 0xa8,
-	0xfd, 0x1b, 0xbe, 0xed, 0x0e, 0xfb, 0x0c, 0xaf, 0xfd, 0x34, 0xf7, 0x4f, 0xdf, 0x46, 0x5e, 0x02,
-	0x70, 0x39, 0xb9, 0xb1, 0x22, 0x96, 0x15, 0xb1, 0x59, 0x4c, 0x1c, 0xa8, 0x3c, 0x45, 0xbd, 0x53,
-	0x43, 0x1f, 0x81, 0xa5, 0x7b, 0x11, 0x00, 0xcb, 0xbb, 0xe8, 0xfb, 0xaf, 0x5e, 0xdb, 0x1b, 0xa4,
-	0x02, 0x25, 0xef, 0xc2, 0x1d, 0xda, 0x06, 0xb1, 0xc0, 0x74, 0x87, 0xb6, 0x49, 0x9f, 0x03, 0xe4,
-	0x04, 0x62, 0x43, 0x4d, 0xe7, 0x0e, 0x2e, 0x4f, 0x2f, 0xcf, 0x7b, 0xf6, 0x06, 0xa9, 0x41, 0xc5,
-	0xbb, 0x48, 0x3d, 0x43, 0xb2, 0x52, 0xdb, 0xa4, 0x1d, 0x3d, 0xbe, 0x33, 0x9c, 0xe1, 0x5a, 0xe3,
-	0xa3, 0x6d, 0xb0, 0xa5, 0xed, 0x63, 0x84, 0x8b, 0x75, 0xf2, 0xbb, 0x50, 0x97, 0xb6, 0x8b, 0x51,
-	0x2f, 0x8e, 0xae, 0xc3, 0xe9, 0x3a, 0x35, 0x9f, 0x4d, 0xa8, 0xe9, 0x26, 0x3c, 0x89, 0x23, 0x8e,
-	0xe4, 0x31, 0x94, 0xa5, 0x42, 0xb9, 0x63, 0x34, 0x37, 0x5b, 0x5b, 0xdd, 0x83, 0xe5, 0x10, 0x97,
-	0x09, 0xda, 0xd1, 0x39, 0x8d, 0x6f, 0x06, 0x94, 0xa4, 0xff, 0x57, 0x15, 0xb4, 0x81, 0x0c, 0x90,
-	0xdd, 0x22, 0x1b, 0x20, 0x0b, 0x83, 0x99, 0x37, 0xbf, 0x19, 0x21, 0x4b, 0xf5, 0x50, 0x70, 0x22,
-	0x35, 0xd9, 0x43, 0x26, 0x94, 0x2e, 0xaa, 0xbe, 0xb2, 0xc9, 0x11, 0x54, 0xb5, 0xe0, 0x27, 0xa7,
-	0x42, 0x3d, 0x7d, 0xd5, 0xcf, 0x03, 0xa4, 0x0e, 0xe5, 0xf3, 0xbe, 0x87, 0x42, 0x3d, 0x7c, 0xd5,
-	0xd7, 0x4e, 0xa6, 0x6d, 0xab, 0x50, 0xdb, 0xff, 0xad, 0x68, 0xfb, 0x05, 0x1c, 0xdc, 0x1b, 0x5d,
-	0x3a, 0x0e, 0x0a, 0xb5, 0xde, 0x2c, 0xc4, 0x48, 0xe8, 0x78, 0x7a, 0xb9, 0x95, 0x58, 0xf7, 0xe7,
-	0x26, 0x6c, 0xc9, 0x6a, 0x79, 0x97, 0x70, 0x8c, 0xc4, 0x85, 0x92, 0x5c, 0x58, 0xb2, 0xbf, 0x9c,
-	0xdd, 0x9d, 0xf5, 0x6d, 0xd8, 0xf7, 0x07, 0x4a, 0x9d, 0x4f, 0xdf, 0x7f, 0x7c, 0x31, 0x09, 0xdd,
-	0xee, 0xdc, 0x3e, 0xe9, 0xc8, 0xb9, 0x76, 0x66, 0x21, 0x17, 0x27, 0xc6, 0x31, 0x79, 0x0f, 0x96,
-	0xbe, 0x24, 0xc9, 0x9e, 0x61, 0x65, 0xed, 0x0b, 0x60, 0x0d, 0x05, 0xab, 0xd3, 0xdd, 0x0c, 0x36,
-	0x56, 0x15, 0x29, 0x4e, 0xaf, 0x42, 0x8e, 0x5b, 0x59, 0x8d, 0xb5, 0x70, 0x73, 0x55, 0x91, 0xe2,
-	0xb4, 0x96, 0x73, 0xdc, 0x8a, 0xb6, 0xd7, 0xc2, 0x4d, 0x54, 0x85, 0xc4, 0xbd, 0x85, 0xb2, 0x52,
-	0x3a, 0xa9, 0xe7, 0x65, 0xb9, 0xf0, 0x0b, 0x60, 0x87, 0x0a, 0xb6, 0x4f, 0x77, 0x32, 0x18, 0x93,
-	0x05, 0x92, 0xf5, 0x01, 0xaa, 0xd9, 0x53, 0x12, 0x67, 0x59, 0x79, 0x7f, 0x31, 0x1a, 0x87, 0x05,
-	0x27, 0x29, 0xfc, 0xa1, 0x82, 0x3f, 0xa0, 0x24, 0x83, 0x4f, 0x31, 0x1a, 0xab, 0x9c, 0x13, 0xe3,
-	0x78, 0x64, 0xa9, 0xdf, 0xf3, 0xd3, 0x5f, 0x01, 0x00, 0x00, 0xff, 0xff, 0x92, 0x5d, 0x0b, 0xf4,
-	0xce, 0x05, 0x00, 0x00,
+	// 696 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x95, 0xc1, 0x6e, 0xd3, 0x40,
+	0x10, 0x86, 0x6b, 0x27, 0x71, 0xe3, 0x49, 0xda, 0xba, 0xd3, 0x14, 0xdc, 0xa8, 0x88, 0x68, 0x0f,
+	0x28, 0x2a, 0x52, 0x22, 0x42, 0x0f, 0xa8, 0x08, 0x89, 0x28, 0x85, 0x10, 0x44, 0x9d, 0xc8, 0x69,
+	0x95, 0x23, 0x72, 0x92, 0x6d, 0x64, 0x29, 0xb5, 0x8d, 0xd7, 0x69, 0xef, 0xbc, 0x01, 0xe2, 0xce,
+	0x43, 0xf0, 0x2a, 0xbc, 0x00, 0x07, 0x1e, 0x80, 0x47, 0x40, 0xbb, 0xeb, 0xd8, 0x4d, 0x71, 0x51,
+	0x0e, 0xdc, 0x76, 0x76, 0xe7, 0xff, 0x32, 0x3b, 0x3b, 0xbf, 0x03, 0xb0, 0x60, 0x34, 0x6c, 0x04,
+	0xa1, 0x1f, 0xf9, 0xa8, 0x06, 0xe3, 0xea, 0xe1, 0xcc, 0xf7, 0x67, 0x73, 0xda, 0x74, 0x02, 0xb7,
+	0xe9, 0x78, 0x9e, 0x1f, 0x39, 0x91, 0xeb, 0x7b, 0x4c, 0x66, 0x90, 0x5d, 0xd8, 0xb9, 0x60, 0x34,
+	0xfc, 0xe0, 0xb2, 0xc8, 0xa6, 0x9f, 0x16, 0x94, 0x45, 0xe4, 0x8b, 0x02, 0xbb, 0x7c, 0xaf, 0x13,
+	0x52, 0x27, 0xa2, 0xf1, 0x2e, 0x56, 0xa1, 0xc8, 0x37, 0x3d, 0xe7, 0x8a, 0x9a, 0x4a, 0x4d, 0xa9,
+	0xeb, 0x76, 0x12, 0xf3, 0xb3, 0x81, 0xc3, 0xd8, 0x8d, 0x1f, 0x4e, 0x4d, 0x55, 0x9e, 0x2d, 0x63,
+	0x44, 0xc8, 0x5b, 0x7e, 0x77, 0x64, 0xe6, 0x6a, 0x4a, 0xbd, 0x68, 0x8b, 0x35, 0x3e, 0x00, 0xed,
+	0x9d, 0xcf, 0xa2, 0xde, 0xa9, 0x99, 0xaf, 0x29, 0xf5, 0x2d, 0x3b, 0x8e, 0xd0, 0x84, 0xcd, 0x1e,
+	0x6b, 0x4f, 0xaf, 0x5c, 0xcf, 0x2c, 0x88, 0xf4, 0x65, 0x48, 0xbe, 0xe7, 0x64, 0x4d, 0x17, 0xc1,
+	0xf4, 0x3f, 0xd4, 0x74, 0x0c, 0xda, 0xec, 0x26, 0x08, 0xe9, 0xa5, 0xa8, 0x6a, 0xbb, 0x75, 0xd8,
+	0x08, 0xc6, 0x8d, 0xbf, 0xf0, 0x8d, 0xee, 0x68, 0x10, 0xd2, 0x4b, 0x3b, 0xce, 0xbd, 0xb7, 0xea,
+	0xd7, 0x00, 0x8c, 0x37, 0x75, 0x22, 0x88, 0x05, 0x41, 0xac, 0x65, 0x13, 0x87, 0x22, 0x4f, 0x50,
+	0x6f, 0x69, 0xf0, 0x15, 0xe8, 0x0e, 0xbf, 0xa6, 0x00, 0x68, 0x02, 0xf0, 0x38, 0x1b, 0x20, 0xba,
+	0x21, 0xf4, 0xa9, 0x82, 0x3c, 0x01, 0x4d, 0x96, 0x8a, 0x00, 0x9a, 0xd5, 0x1f, 0xd8, 0x6f, 0xde,
+	0x1a, 0x1b, 0x58, 0x84, 0xbc, 0xd5, 0xef, 0x8e, 0x0c, 0x05, 0x35, 0x50, 0xbb, 0x23, 0x43, 0x25,
+	0x2f, 0x00, 0xd2, 0x02, 0xd0, 0x80, 0xb2, 0xcc, 0x1d, 0x9e, 0xb7, 0xcf, 0x7b, 0x1d, 0x63, 0x03,
+	0xcb, 0x50, 0xb4, 0xfa, 0x71, 0xa4, 0x70, 0x56, 0xbc, 0x56, 0xc9, 0x31, 0xe8, 0xc9, 0x2f, 0xe3,
+	0x0e, 0x94, 0xa4, 0xb0, 0x7d, 0x7a, 0xd6, 0xb3, 0x8c, 0x0d, 0x2c, 0xc1, 0xa6, 0xd5, 0x97, 0x81,
+	0x82, 0x3a, 0x14, 0xe4, 0x52, 0x25, 0x4d, 0xf9, 0x66, 0xa7, 0x74, 0x4e, 0xd7, 0x7a, 0x33, 0xd2,
+	0x00, 0x83, 0xaf, 0x6d, 0xea, 0xd1, 0x9b, 0x75, 0xf2, 0x5b, 0x50, 0xe1, 0xeb, 0x2e, 0xf5, 0x3a,
+	0xbe, 0x77, 0xe9, 0xce, 0xd6, 0xd1, 0x7c, 0x53, 0xa1, 0x2c, 0x7f, 0x84, 0x05, 0xbe, 0xc7, 0x28,
+	0x3e, 0x85, 0x02, 0x77, 0x0c, 0x33, 0x95, 0x5a, 0xae, 0x5e, 0x6a, 0xed, 0x2f, 0x1b, 0xbf, 0x4c,
+	0x90, 0x81, 0xcc, 0xa9, 0xfe, 0x54, 0x20, 0xcf, 0xe3, 0x7f, 0x8e, 0x5e, 0x03, 0x70, 0x48, 0xc3,
+	0x6b, 0x1a, 0x0e, 0x69, 0xe8, 0x3a, 0x73, 0x6b, 0x71, 0x35, 0xa6, 0x61, 0x3c, 0x84, 0x19, 0x27,
+	0xdc, 0x22, 0x1d, 0x1a, 0x46, 0x62, 0x18, 0x75, 0x5b, 0xac, 0xf1, 0x10, 0x74, 0xe9, 0xbf, 0x69,
+	0x3b, 0x12, 0xf3, 0xa6, 0xdb, 0xe9, 0x06, 0x56, 0xa0, 0xd0, 0x1b, 0x58, 0x34, 0x12, 0xd3, 0xa6,
+	0xdb, 0x32, 0x48, 0xac, 0xa6, 0x65, 0x5a, 0x6d, 0xf3, 0x3e, 0xab, 0x15, 0x57, 0xad, 0xf6, 0x12,
+	0xf6, 0xef, 0x34, 0x35, 0x6e, 0x14, 0x81, 0x72, 0x67, 0xee, 0x52, 0x2f, 0x92, 0xfb, 0xf1, 0xb5,
+	0x57, 0xf6, 0x5a, 0xbf, 0x73, 0x50, 0xe2, 0x6a, 0x7e, 0x4b, 0x77, 0x42, 0xb1, 0x0b, 0x79, 0xfe,
+	0x69, 0xc1, 0xbd, 0x65, 0x57, 0x6f, 0x7d, 0x68, 0xaa, 0xc6, 0xdd, 0x56, 0x13, 0xf3, 0xf3, 0x8f,
+	0x5f, 0x5f, 0x55, 0x24, 0x5b, 0xcd, 0xeb, 0x67, 0x4d, 0xde, 0xf1, 0xe6, 0xdc, 0x65, 0xd1, 0x89,
+	0x72, 0x84, 0x67, 0xa0, 0xc9, 0xeb, 0x63, 0xf2, 0x40, 0x2b, 0xdf, 0xa7, 0x0c, 0x58, 0x55, 0xc0,
+	0x2a, 0x64, 0x27, 0x81, 0x4d, 0x84, 0x22, 0xc6, 0x49, 0x63, 0xa5, 0xb8, 0x15, 0xa3, 0xad, 0x85,
+	0x5b, 0x08, 0x45, 0x8c, 0x93, 0x53, 0x9e, 0xe2, 0x56, 0xa6, 0x7e, 0x2d, 0xdc, 0x54, 0x28, 0x38,
+	0xee, 0x3d, 0x14, 0x84, 0x07, 0xb0, 0x92, 0xca, 0x52, 0x4b, 0x64, 0xc0, 0x0e, 0x04, 0x6c, 0x8f,
+	0x6c, 0x27, 0xb0, 0x90, 0x0b, 0x38, 0xeb, 0x23, 0xe8, 0xc9, 0x53, 0xa2, 0xb9, 0x54, 0xde, 0xb5,
+	0x4c, 0xf5, 0x20, 0xe3, 0x24, 0x86, 0x3f, 0x12, 0xf0, 0x87, 0x04, 0x13, 0xf8, 0x8c, 0x7a, 0x13,
+	0x91, 0x73, 0xa2, 0x1c, 0x8d, 0x35, 0xf1, 0x47, 0xf2, 0xfc, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff,
+	0x77, 0x7f, 0x37, 0xa5, 0x78, 0x06, 0x00, 0x00,
 }

pb/user.proto

@@ -13,6 +13,7 @@ message UserCreateRequest {
   string Password = 2;
   bool NoGW = 3;
   uint32 HostID = 4;
+  bool IsAdmin = 5;
 }
 
 message UserUpdateRequest {
@@ -31,6 +32,12 @@ message UserUpdateRequest {
     STATIC = 2;
   }
   StaticPref staticpref = 5;
+  enum AdminPref {
+    NOPREFADMIN = 0;
+    NOADMIN = 1;
+    ADMIN = 2;
+  }
+  AdminPref adminpref = 6;
 }
 
 
@@ -98,6 +105,7 @@ message UserResponse {
     string IPNet = 5;
     bool NoGW = 6;
     uint32 HostID = 7;
+    bool IsAdmin = 8;
   }
 
   repeated User users = 1;

pb/user.swagger.json

@@ -198,9 +198,22 @@
         "HostID": {
           "type": "integer",
           "format": "int64"
+        },
+        "IsAdmin": {
+          "type": "boolean",
+          "format": "boolean"
         }
       }
     },
+    "UserUpdateRequestAdminPref": {
+      "type": "string",
+      "enum": [
+        "NOPREFADMIN",
+        "NOADMIN",
+        "ADMIN"
+      ],
+      "default": "NOPREFADMIN"
+    },
     "UserUpdateRequestGWPref": {
       "type": "string",
       "enum": [
@@ -235,6 +248,10 @@
         "HostID": {
           "type": "integer",
           "format": "int64"
+        },
+        "IsAdmin": {
+          "type": "boolean",
+          "format": "boolean"
         }
       }
     },
@@ -302,6 +319,9 @@
         },
         "staticpref": {
           "$ref": "#/definitions/UserUpdateRequestStaticPref"
+        },
+        "adminpref": {
+          "$ref": "#/definitions/UserUpdateRequestAdminPref"
         }
       }
     }

user.go

@@ -21,6 +21,7 @@ type User interface {
 	GetIPNet() string
 	IsNoGW() bool
 	GetHostID() uint32
+	IsAdmin() bool
 }
 
 // DBUser is database model for VPN users.
@@ -36,6 +37,7 @@ type DBUser struct {
 	Key                string // not user writable
 	NoGW               bool
 	HostID             uint32 // not user writable
+	Admin              bool
 }
 
 // DBRevoked is a database model for revoked VPN users.
@@ -89,7 +91,7 @@ func GetAllUsers() ([]*DBUser, error) {
 //
 // It also generates the necessary client keys and signs certificates with the current
 // server's CA.
-func CreateNewUser(username, password string, nogw bool, hostid uint32) (*DBUser, error) {
+func CreateNewUser(username, password string, nogw bool, hostid uint32, admin bool) (*DBUser, error) {
 	if !IsInitialized() {
 		return nil, fmt.Errorf("you first need to create server")
 	}
@@ -137,6 +139,7 @@ func CreateNewUser(username, password string, nogw bool, hostid uint32) (*DBUser
 		ServerSerialNumber: server.SerialNumber,
 		NoGW:               nogw,
 		HostID:             hostid,
+		Admin:              admin,
 	}
 	user.setPassword(password)
 
@@ -158,7 +161,7 @@ func CreateNewUser(username, password string, nogw bool, hostid uint32) (*DBUser
 // Update updates the user's attributes and writes them to the database.
 //
 // How this method works is similiar to PUT semantics of REST. It sets the user record fields to the provided function arguments.
-func (u *DBUser) Update(password string, nogw bool, hostid uint32) error {
+func (u *DBUser) Update(password string, nogw bool, hostid uint32, admin bool) error {
 	if !IsInitialized() {
 		return fmt.Errorf("you first need to create server")
 	}
@@ -170,6 +173,7 @@ func (u *DBUser) Update(password string, nogw bool, hostid uint32) error {
 
 	u.NoGW = nogw
 	u.HostID = hostid
+	u.Admin = admin
 
 	if hostid != 0 {
 		server, err := GetServerInstance()
@@ -362,6 +366,11 @@ func (u *DBUser) GetHostID() uint32 {
 	return u.HostID
 }
 
+// IsAdmin returns whether user is admin or not.
+func (u *DBUser) IsAdmin() bool {
+	return u.Admin
+}
+
 func getStaticHostUsers() []*DBUser {
 	var users []*DBUser
 	db.Unscoped().Not(DBUser{HostID: 0}).Find(&users)