--- rpms/smeserver-wireguard/contribs10/smeserver-wireguard-1.0-bz11721-init.patch 2021/10/27 21:35:02 1.1 +++ rpms/smeserver-wireguard/contribs10/smeserver-wireguard-1.0-bz11721-init.patch 2021/11/03 18:19:58 1.10 @@ -10,3 +10,433 @@ diff -Nur --no-dereference smeserver-wir } } +diff -Nur --no-dereference smeserver-wireguard-1.0.old/createlink smeserver-wireguard-1.0/createlink +--- smeserver-wireguard-1.0.old/createlink 2021-10-25 23:38:29.000000000 -0400 ++++ smeserver-wireguard-1.0/createlink 2021-10-27 21:20:46.985000000 -0400 +@@ -69,5 +69,5 @@ + )); + + +- ++panel_link("wireguard", "manager"); + +diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/db/configuration/migrate/wireguard smeserver-wireguard-1.0/root/etc/e-smith/db/configuration/migrate/wireguard +--- smeserver-wireguard-1.0.old/root/etc/e-smith/db/configuration/migrate/wireguard 2021-10-27 21:17:33.367000000 -0400 ++++ smeserver-wireguard-1.0/root/etc/e-smith/db/configuration/migrate/wireguard 2021-10-27 21:18:24.898000000 -0400 +@@ -6,7 +6,7 @@ + $DB->set_prop('wg-quick@wg0', 'private', $value ) ; + } + # recreate public if empty or not the same +-$private=${'wg-quick@wg0'}{'private'}; ++$private=$DB->get_prop('wg-quick@wg0', 'private') ; + $public=`/usr/bin/echo $private | /usr/bin/wg pubkey`; + chomp $public; + if ( ! defined ${'wg-quick@wg0'}{'public'} || ${'wg-quick@wg0'}{'public'} ne $public) { +diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/systemd/system-preset/49-koozali.preset/70wireguard smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/systemd/system-preset/49-koozali.preset/70wireguard +--- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/systemd/system-preset/49-koozali.preset/70wireguard 1969-12-31 19:00:00.000000000 -0500 ++++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/systemd/system-preset/49-koozali.preset/70wireguard 2021-06-28 03:17:15.000000000 -0400 +@@ -0,0 +1,12 @@ ++# wireguard specific configuration ++{ ++$wg = $wireguard{status} || 'disabled'; ++$wg0 = ${'wg-quick@wg0'}{status} || 'disabled'; ++if ($wg0 eq 'enabled') { ++ $OUT .= "enable wg-quick\@wg0.service\n"; ++} else { ++ $OUT .= "disable wg-quick\@wg0.service\n"; ++} ++ ++} ++ +diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/systemd/system-preset/70wireguard smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/systemd/system-preset/70wireguard +--- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/systemd/system-preset/70wireguard 2021-06-28 03:17:15.000000000 -0400 ++++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/systemd/system-preset/70wireguard 1969-12-31 19:00:00.000000000 -0500 +@@ -1,12 +0,0 @@ +-# wireguard specific configuration +-{ +-$wg = $wireguard{status} || 'disabled'; +-$wg0 = ${'wg-quick@wg0'}{status} || 'disabled'; +-if ($wg0 eq 'enabled') { +- $OUT .= "enable wg-quick\@wg0.service\n"; +-} else { +- $OUT .= "disable wg-quick\@wg0.service\n"; +-} +- +-} +- +diff -Nur --no-dereference smeserver-wireguard-1.0.old/createlink smeserver-wireguard-1.0/createlink +--- smeserver-wireguard-1.0.old/createlink 2021-10-27 21:37:41.284000000 -0400 ++++ smeserver-wireguard-1.0/createlink 2021-10-27 21:38:21.164000000 -0400 +@@ -33,7 +33,7 @@ + )); + event_services($event, qw( + masq restart +- 'wg-quick@wg0' restart ++ wg-quick@wg0 restart + )); + event_link("wireguard-network", $event, "30"); + +@@ -44,7 +44,7 @@ + /etc/wireguard/server_public.key + )); + event_services($event, qw( +- 'wg-quick@wg0' restart ++ wg-quick@wg0 restart + )); + + #wireguard-user-create +@@ -65,7 +65,7 @@ + /etc/wireguard/server_public.key + )); + event_services($event, qw( +- 'wg-quick@wg0' restart ++ wg-quick@wg0 restart + )); + + +diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard smeserver-wireguard-1.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard +--- smeserver-wireguard-1.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard 2021-10-26 23:15:11.000000000 -0400 ++++ smeserver-wireguard-1.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard 2021-10-27 21:41:45.296000000 -0400 +@@ -239,6 +239,10 @@ + You can not alter the server ip, mask, private and public key as there are already some clients configured. + + ++ ++ NO_CONF ++ No configured client ++ + + + +diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface +--- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface 2021-06-28 04:41:57.000000000 -0400 ++++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface 2021-10-27 17:41:12.223000000 -0400 +@@ -4,7 +4,6 @@ + PrivateKey = {${'wg-quick@wg0'}{private}} + + # this should be added to masq with correct interfaces +-#eth0 should be rempalced by external interface if available or internal +-#PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE +-#PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE ++PostUp = iptables -I FORWARD -i %i -j ACCEPT; iptables -I FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o {$outernet = ($SystemMode eq "serveronly") ? $InternalInterface{Name} : $ExternalInterface{Name}; return $InternalInterface{Name} } -j MASQUERADE ++PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o {$outernet = ($SystemMode eq "serveronly") ? $InternalInterface{Name} : $ExternalInterface{Name}; return $InternalInterface{Name} } -j MASQUERADE + +diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/50usersPeers smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/50usersPeers +--- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/50usersPeers 2021-06-28 04:46:01.000000000 -0400 ++++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/50usersPeers 2021-10-27 17:41:12.429000000 -0400 +@@ -1,33 +1,36 @@ + { +-$OUT = ""; ++use esmith::AccountsDB; + +-return; +-my $wg = esmith::ConfigDB->open_ro('/etc/e-smith/db/wireguard') or return "#no peers"; +-# for each user ++my $wg = esmith::ConfigDB->open_ro('/home/e-smith/db/wireguard'); + my $accounts = esmith::AccountsDB->open_ro; +-for my $user ( $accounts->get_all_by_prop(type => 'wg0') ) { ++ ++# for each user ++my @users = ( $accounts->users ); ++push(@users, $accounts->get('admin')); ++for my $user ( @users ) { + my $username = $user->key; ++ my $count = 0; + for my $cnx ( $wg->get_all_by_prop(user => $username) ) { ++ $count++; + my $public = $cnx->prop('public'); +- my $ip = $cnx->prop('ip'); ++ my $ip = $cnx->key; + my $info = $cnx->prop('info'); ++ my $status = $cnx->prop('status') || "enabled"; ++ if ( $status eq "disabled" ) { ++ $OUT .= "\n# $username : $info DISABLED (PublicKey = $public ; AllowedIPs = $ip)\n"; ++ next; ++ } + +-# wireguard +-#private;public;ips;info#private;public;ips;info +-#private and public is base64 : +/= could be in it +-#ips can be v4 or v6 with subnet ./:, +-#info could have letters, digit and space +-# to separate multiple # +- +- $OUT .= " ++ $OUT .= " + [Peer] + # $username : $info + PublicKey = $public + AllowedIPs = $ip\n"; +- } + ++ ++ } ++ $OUT .= "# no entry for user $username\n" if $count <1; + } + + + } +- +diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/60serversPeers smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/60serversPeers +--- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/60serversPeers 2021-06-08 03:56:43.000000000 -0400 ++++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/60serversPeers 1969-12-31 19:00:00.000000000 -0500 +@@ -1,3 +0,0 @@ +- +-#TODO +- +diff -Nur --no-dereference smeserver-wireguard-1.0.old/createlink smeserver-wireguard-1.0/createlink +--- smeserver-wireguard-1.0.old/createlink 2021-10-27 23:25:06.319000000 -0400 ++++ smeserver-wireguard-1.0/createlink 2021-10-27 23:33:11.426000000 -0400 +@@ -16,7 +16,7 @@ + + event_services($event, qw( + masq restart +- 'wg-quick@wg0' restart ++ wg-quick@wg0 restart + )); + event_link("wireguard-network", $event, "30"); + templates2events("/etc/systemd/system-preset/49-koozali.preset", $event); +@@ -54,7 +54,7 @@ + /etc/wireguard/server_public.key + )); + event_services($event, qw( +- 'wg-quick@wg0' restart ++ wg-quick@wg0 restart + )); + event_link("wireguard-user-create", $event, "03"); + +@@ -67,6 +67,11 @@ + event_services($event, qw( + wg-quick@wg0 restart + )); ++ ++$event="remoteaccess-update"; ++event_services($event, qw( ++ wg-quick@wg0 restart ++)); + + + panel_link("wireguard", "manager"); +diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm +--- smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm 2021-10-26 23:15:10.000000000 -0400 ++++ smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm 2021-10-31 22:37:41.238000000 -0400 +@@ -224,6 +224,7 @@ + my $wg0 = $cdb->get('wg-quick@wg0'); + my $ServPublic = $wg0->prop('public'); + my $Port = $wg0->prop('UDPPort'); ++my $allowedips = $wg0->prop('allowedips') || "0.0.0.0/0"; + + #here we guess wan IP + # are we server-gateway mode ? so external lan, should do +@@ -233,15 +234,20 @@ + # dig @resolver4.opendns.com myip.opendns.com +short -4 + # dig @resolver1.ipv6-sandbox.opendns.com AAAA myip.opendns.com +short -6 + ++#DNS ++my $IPAddress = $cdb->get('InternalInterface')->prop('IPAddress'); ++my $dns = ($allowedips =~ /0.0.0.0\/0/)? "DNS = $IPAddress" : "" ; ++ + + my $fulltext ="#configuration for $key $info + [Interface] + PrivateKey = $private + Address = $key ++$dns + + [Peer] + PublicKey = $ServPublic +-AllowedIPs = 0.0.0.0/0 ++AllowedIPs = $allowedips + Endpoint = $ExternalIP:$Port + "; + # we could add a DNS field in [Interface] +diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/db/configuration/migrate/wireguard smeserver-wireguard-1.0/root/etc/e-smith/db/configuration/migrate/wireguard +--- smeserver-wireguard-1.0.old/root/etc/e-smith/db/configuration/migrate/wireguard 2021-11-01 21:46:45.647000000 -0400 ++++ smeserver-wireguard-1.0/root/etc/e-smith/db/configuration/migrate/wireguard 2021-11-01 21:50:17.661000000 -0400 +@@ -1,4 +1,6 @@ + { ++my $wireguard = $DB->get('wg-quick@wg0') || $DB->new_record('wg-quick@wg0', {type => 'service'}); ++ + # add private and public key if not present + unless (defined ${'wg-quick@wg0'}{'private'}) { + $value= `/usr/bin/wg genkey`; +diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard smeserver-wireguard-1.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard +--- smeserver-wireguard-1.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard 2021-11-03 00:04:00.688000000 -0400 ++++ smeserver-wireguard-1.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard 2021-11-03 00:24:10.217000000 -0400 +@@ -244,5 +244,10 @@ + No configured client + + ++ ++ INTERFACE ++ Interface ++ ++ + + +diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm +--- smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm 2021-11-03 00:04:00.691000000 -0400 ++++ smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm 2021-11-03 00:06:45.195000000 -0400 +@@ -82,7 +82,7 @@ + esmith::cgi::genSmallCell($q, $fm->localise('CONF_NAME'),"header"), + esmith::cgi::genSmallCell($q, $fm->localise('USER'),"header"), + esmith::cgi::genSmallCell($q, $fm->localise('INFO'),"header"), +- esmith::cgi::genSmallCell($q, $fm->localise('STATUS'),"header"), ++ esmith::cgi::genSmallCell($q, $fm->localise('LABEL_STATUS'),"header"), + esmith::cgi::genSmallCell($q, $fm->localise('ACTION'),"header", 3), + ), + "\n"; +@@ -131,7 +131,12 @@ + my $wgip = $wg->prop('ip'); + my $wgmask = $wg->prop('mask'); + my $wgport = $wg->prop('UDPPort'); ++ my $sstatus = $wg->prop('status'); + ++ print $q->Tr (esmith::cgi::genSmallCell($q,$fm->localise('INTERFACE'),"header"), ++ esmith::cgi::genSmallCell($q, "wg0"),); ++ print $q->Tr (esmith::cgi::genSmallCell($q,$fm->localise('LABEL_STATUS'),"header"), ++ esmith::cgi::genSmallCell($q, $sstatus),); + print $q->Tr (esmith::cgi::genSmallCell($q,$fm->localise('PUBLIC_KEY'),"header"), + esmith::cgi::genSmallCell($q, $wgpub),); + print $q->Tr (esmith::cgi::genSmallCell($q,$fm->localise('IP'),"header"), +@@ -228,11 +233,10 @@ + + #here we guess wan IP + # are we server-gateway mode ? so external lan, should do +-my $ExternalIP = $cdb->get('ExternalInterface')->prop('IPAddress'); + # else we should guess from an external service +-# dig @resolver4.opendns.com myip.opendns.com +short +-# dig @resolver4.opendns.com myip.opendns.com +short -4 +-# dig @resolver1.ipv6-sandbox.opendns.com AAAA myip.opendns.com +short -6 ++#my $internet_ip_address = get_internet_ip_address(); ++my $ExternalIP = $cdb->get('ExternalInterface')->prop('IPAddress'); ++$ExternalIP=get_internet_ip_address() unless defined $ExternalIP; + + #DNS + my $IPAddress = $cdb->get('InternalInterface')->prop('IPAddress'); +@@ -250,8 +254,6 @@ + AllowedIPs = $allowedips + Endpoint = $ExternalIP:$Port + "; +-# we could add a DNS field in [Interface] +-# DNS = 1.1.1.1, 1.0.0.1 + + print "
"; + +@@ -476,7 +478,7 @@ + $fm->error('ERROR_OCCURED','FIRST_PAGE'); + return undef; + } +- unless (system ("/sbin/e-smith/signal-event", "wireguard-client-remove") == 0 ){ ++ unless (system ("/sbin/e-smith/signal-event", "wireguard-user-delete") == 0 ){ + $fm->error('ERROR_OCCURED','FIRST_PAGE'); + return undef; + } +@@ -539,4 +541,73 @@ + } + + ++ ++sub get_internet_ip_address { ++ #we could use DNS to do this faster but some provider will block DNS ++ #dig +short myip.opendns.com @resolver1.opendns.com ++ #also resolver1.opendns.com resolver2.opendns.com resolver3.opendns.com ++ #here a list of available site with https ++ use Net::DNS; ++ use LWP::Simple; ++ my $timeout=1; ++ ++ my @httpslist=qw( ++checkip.amazonaws.com ++myexternalip.com/raw ++ifconfig.me/ ++icanhazip.com/ ++ident.me/ ++tnx.nl/ip ++ipecho.net/plain ++wgetip.com/ ++ip.tyk.nu/ ++bot.whatismyipaddress.com/ ++ipof.in/txt ++l2.io/ip ++eth0.me/ ); ++ my @dns = ( ++ ['myip.opendns.com', 'resolver1.opendns.com', 'A'], ++ ['myip.opendns.com', 'resolver2.opendns.com', 'A'], ++ ['myip.opendns.com', 'resolver3.opendns.com', 'A'], ++ ['myip.opendns.com', 'resolver4.opendns.com', 'A'], ++ ['whoami.akamai.net', 'ns1-1.akamaitech.net', 'A'], ++ ['o-o.myaddr.l.google.com', 'ns1.google.com', 'TXT'] ++ ++ ); ++ my $ip; ++ ++ #foreach my $i ( 0 .. $#dns) { ++ # dns calls; test only one random... ++ my $i = rand(@httpslist); ++ my $res = Net::DNS::Resolver->new( ++ nameservers => [ $dns[$i][1] ], ++ udp_timeout => $timeout, ++ tcp_timeout => $timeout ++ ); ++ my $reply = $res->search($dns[$i][0], $dns[$i][2]); ++ if ($reply) { ++ foreach my $rr ($reply->answer) { ++ $ip= $rr->txtdata if $rr->can("txtdata"); ++ $ip= $rr->address if $rr->can("address"); ++ return $ip if $ip =~ /(\d+\.\d+\.\d+\.\d+)/; ++ } ++ } else { ++ warn "query failed: ", $res->errorstring, "\n"; ++ } ++ #} ++ ++ # https calls ++ my $ii=0; ++ my $service; ++ while ( $ii <5 ) { ++ $service=$httpslist[rand(@httpslist)]; ++ $ip = (get "https://$service" ); ++ chomp $ip; ++ $ii++; ++ last if $ip =~ /(\d+\.\d+\.\d+\.\d+)/; ++ } ++ return $ip; ++} ++ ++ + 1; +diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm +--- smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm 2021-11-03 14:18:15.780000000 -0400 ++++ smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm 2021-11-03 14:18:39.640000000 -0400 +@@ -234,9 +234,8 @@ + #here we guess wan IP + # are we server-gateway mode ? so external lan, should do + # else we should guess from an external service +-#my $internet_ip_address = get_internet_ip_address(); + my $ExternalIP = $cdb->get('ExternalInterface')->prop('IPAddress'); +-$ExternalIP=get_internet_ip_address() unless defined $ExternalIP; ++$ExternalIP = get_internet_ip_address() unless defined $ExternalIP; + + #DNS + my $IPAddress = $cdb->get('InternalInterface')->prop('IPAddress'); +@@ -589,6 +588,8 @@ + foreach my $rr ($reply->answer) { + $ip= $rr->txtdata if $rr->can("txtdata"); + $ip= $rr->address if $rr->can("address"); ++ # untaint, dns output is tainted ++ ($ip) = $ip =~ /(\d+\.\d+\.\d+\.\d+)/; + return $ip if $ip =~ /(\d+\.\d+\.\d+\.\d+)/; + } + } else { +@@ -606,8 +607,9 @@ + $ii++; + last if $ip =~ /(\d+\.\d+\.\d+\.\d+)/; + } ++ # not needed but in case, untaint ++ ($ip) = $ip =~ /(\d+\.\d+\.\d+\.\d+)/; + return $ip; + } + +- + 1;