/[smecontribs]/rpms/smeserver-wireguard/contribs10/smeserver-wireguard-1.0-bz11721-init.patch
ViewVC logotype

Diff of /rpms/smeserver-wireguard/contribs10/smeserver-wireguard-1.0-bz11721-init.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph | View Patch Patch

Revision 1.4 by jpp, Thu Oct 28 02:50:14 2021 UTC Revision 1.10 by jpp, Wed Nov 3 18:19:58 2021 UTC
# Line 108  diff -Nur --no-dereference smeserver-wir Line 108  diff -Nur --no-dereference smeserver-wir
108    
109    
110   </lexicon>   </lexicon>
111    diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface
112    --- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface   2021-06-28 04:41:57.000000000 -0400
113    +++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface       2021-10-27 17:41:12.223000000 -0400
114    @@ -4,7 +4,6 @@
115     PrivateKey = {${'wg-quick@wg0'}{private}}
116    
117     # this should be added to masq with correct interfaces
118    -#eth0 should be rempalced by external interface if available or internal
119    -#PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
120    -#PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
121    +PostUp = iptables -I FORWARD -i %i -j ACCEPT; iptables -I FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o {$outernet = ($SystemMode eq "serveronly") ? $InternalInterface{Name} : $ExternalInterface{Name}; return $InternalInterface{Name} } -j MASQUERADE
122    +PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o {$outernet = ($SystemMode eq "serveronly") ? $InternalInterface{Name} : $ExternalInterface{Name}; return $InternalInterface{Name} } -j MASQUERADE
123    
124    diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/50usersPeers smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/50usersPeers
125    --- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/50usersPeers  2021-06-28 04:46:01.000000000 -0400
126    +++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/50usersPeers      2021-10-27 17:41:12.429000000 -0400
127    @@ -1,33 +1,36 @@
128     {
129    -$OUT = "";
130    +use esmith::AccountsDB;
131    
132    -return;
133    -my $wg =  esmith::ConfigDB->open_ro('/etc/e-smith/db/wireguard') or return "#no peers";
134    -# for each user
135    +my $wg =  esmith::ConfigDB->open_ro('/home/e-smith/db/wireguard');
136     my $accounts = esmith::AccountsDB->open_ro;
137    -for my $user ( $accounts->get_all_by_prop(type => 'wg0') ) {
138    +
139    +# for each user
140    +my @users = ( $accounts->users );
141    +push(@users, $accounts->get('admin'));
142    +for my $user ( @users ) {
143       my $username = $user->key;
144    +  my $count = 0;
145       for my $cnx ( $wg->get_all_by_prop(user => $username) ) {
146    +     $count++;
147          my $public = $cnx->prop('public');
148    -     my $ip = $cnx->prop('ip');
149    +     my $ip = $cnx->key;
150          my $info = $cnx->prop('info');
151    +     my $status = $cnx->prop('status') || "enabled";
152    +     if ( $status eq "disabled" ) {
153    +       $OUT .= "\n# $username : $info DISABLED (PublicKey = $public ; AllowedIPs = $ip)\n";
154    +       next;
155    +     }
156    
157    -# wireguard
158    -#private;public;ips;info#private;public;ips;info
159    -#private and public is base64 : +/= could be in it
160    -#ips can be v4 or v6 with subnet ./:,
161    -#info could have letters, digit and space
162    -# to separate multiple #
163    -
164    -    $OUT .= "
165    +     $OUT .= "
166     [Peer]
167     # $username : $info
168     PublicKey = $public
169     AllowedIPs = $ip\n";
170    -  }
171    
172    +
173    +  }
174    +  $OUT .= "# no entry for user $username\n" if $count <1;
175     }
176    
177    
178     }
179    -
180    diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/60serversPeers smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/60serversPeers
181    --- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/60serversPeers        2021-06-08 03:56:43.000000000 -0400
182    +++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/60serversPeers    1969-12-31 19:00:00.000000000 -0500
183    @@ -1,3 +0,0 @@
184    -
185    -#TODO
186    -
187    diff -Nur --no-dereference smeserver-wireguard-1.0.old/createlink smeserver-wireguard-1.0/createlink
188    --- smeserver-wireguard-1.0.old/createlink      2021-10-27 23:25:06.319000000 -0400
189    +++ smeserver-wireguard-1.0/createlink  2021-10-27 23:33:11.426000000 -0400
190    @@ -16,7 +16,7 @@
191    
192     event_services($event, qw(
193       masq restart
194    -  'wg-quick@wg0' restart
195    +  wg-quick@wg0 restart
196     ));
197     event_link("wireguard-network", $event, "30");
198     templates2events("/etc/systemd/system-preset/49-koozali.preset", $event);
199    @@ -54,7 +54,7 @@
200       /etc/wireguard/server_public.key
201     ));
202     event_services($event, qw(
203    -  'wg-quick@wg0' restart
204    +  wg-quick@wg0 restart
205     ));
206     event_link("wireguard-user-create", $event, "03");
207    
208    @@ -67,6 +67,11 @@
209     event_services($event, qw(
210       wg-quick@wg0 restart
211     ));
212    +
213    +$event="remoteaccess-update";
214    +event_services($event, qw(
215    +  wg-quick@wg0 restart
216    +));
217    
218    
219     panel_link("wireguard", "manager");
220    diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm
221    --- smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm   2021-10-26 23:15:10.000000000 -0400
222    +++ smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm       2021-10-31 22:37:41.238000000 -0400
223    @@ -224,6 +224,7 @@
224     my $wg0 = $cdb->get('wg-quick@wg0');
225     my $ServPublic = $wg0->prop('public');
226     my $Port = $wg0->prop('UDPPort');
227    +my $allowedips = $wg0->prop('allowedips') || "0.0.0.0/0";
228    
229     #here we guess wan IP
230     # are we server-gateway mode ? so external lan, should do
231    @@ -233,15 +234,20 @@
232     # dig @resolver4.opendns.com myip.opendns.com +short -4
233     # dig @resolver1.ipv6-sandbox.opendns.com AAAA myip.opendns.com +short -6
234    
235    +#DNS
236    +my $IPAddress = $cdb->get('InternalInterface')->prop('IPAddress');
237    +my $dns = ($allowedips =~ /0.0.0.0\/0/)? "DNS = $IPAddress" : "" ;
238    +
239    
240     my $fulltext ="#configuration for $key $info
241     [Interface]
242     PrivateKey = $private
243     Address = $key
244    +$dns
245    
246     [Peer]
247     PublicKey = $ServPublic
248    -AllowedIPs = 0.0.0.0/0
249    +AllowedIPs = $allowedips
250     Endpoint = $ExternalIP:$Port
251     ";
252     # we could add a DNS field in [Interface]
253    diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/db/configuration/migrate/wireguard smeserver-wireguard-1.0/root/etc/e-smith/db/configuration/migrate/wireguard
254    --- smeserver-wireguard-1.0.old/root/etc/e-smith/db/configuration/migrate/wireguard     2021-11-01 21:46:45.647000000 -0400
255    +++ smeserver-wireguard-1.0/root/etc/e-smith/db/configuration/migrate/wireguard 2021-11-01 21:50:17.661000000 -0400
256    @@ -1,4 +1,6 @@
257     {
258    +my $wireguard = $DB->get('wg-quick@wg0') ||  $DB->new_record('wg-quick@wg0', {type => 'service'});
259    +
260     # add private and public key if not present
261     unless (defined ${'wg-quick@wg0'}{'private'}) {
262       $value= `/usr/bin/wg genkey`;
263    diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard smeserver-wireguard-1.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard
264    --- smeserver-wireguard-1.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard       2021-11-03 00:04:00.688000000 -0400
265    +++ smeserver-wireguard-1.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard   2021-11-03 00:24:10.217000000 -0400
266    @@ -244,5 +244,10 @@
267        <trans>No configured client</trans>
268       </entry>
269    
270    +  <entry>
271    +   <base>INTERFACE</base>
272    +   <trans>Interface</trans>
273    +  </entry>
274    +
275    
276     </lexicon>
277    diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm
278    --- smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm   2021-11-03 00:04:00.691000000 -0400
279    +++ smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm       2021-11-03 00:06:45.195000000 -0400
280    @@ -82,7 +82,7 @@
281                 esmith::cgi::genSmallCell($q, $fm->localise('CONF_NAME'),"header"),
282                 esmith::cgi::genSmallCell($q, $fm->localise('USER'),"header"),
283                 esmith::cgi::genSmallCell($q, $fm->localise('INFO'),"header"),
284    -            esmith::cgi::genSmallCell($q, $fm->localise('STATUS'),"header"),
285    +            esmith::cgi::genSmallCell($q, $fm->localise('LABEL_STATUS'),"header"),
286                 esmith::cgi::genSmallCell($q, $fm->localise('ACTION'),"header", 3),
287             ),
288                 "\n";
289    @@ -131,7 +131,12 @@
290         my $wgip = $wg->prop('ip');
291         my $wgmask = $wg->prop('mask');
292         my $wgport = $wg->prop('UDPPort');
293    +    my $sstatus = $wg->prop('status');
294    
295    +    print $q->Tr (esmith::cgi::genSmallCell($q,$fm->localise('INTERFACE'),"header"),
296    +                esmith::cgi::genSmallCell($q, "wg0"),);
297    +    print $q->Tr (esmith::cgi::genSmallCell($q,$fm->localise('LABEL_STATUS'),"header"),
298    +                esmith::cgi::genSmallCell($q, $sstatus),);
299         print $q->Tr (esmith::cgi::genSmallCell($q,$fm->localise('PUBLIC_KEY'),"header"),
300                    esmith::cgi::genSmallCell($q, $wgpub),);
301         print $q->Tr (esmith::cgi::genSmallCell($q,$fm->localise('IP'),"header"),
302    @@ -228,11 +233,10 @@
303    
304     #here we guess wan IP
305     # are we server-gateway mode ? so external lan, should do
306    -my $ExternalIP = $cdb->get('ExternalInterface')->prop('IPAddress');
307     # else we should guess from an external service
308    -# dig @resolver4.opendns.com myip.opendns.com +short
309    -# dig @resolver4.opendns.com myip.opendns.com +short -4
310    -# dig @resolver1.ipv6-sandbox.opendns.com AAAA myip.opendns.com +short -6
311    +#my $internet_ip_address = get_internet_ip_address();
312    +my $ExternalIP = $cdb->get('ExternalInterface')->prop('IPAddress');
313    +$ExternalIP=get_internet_ip_address() unless defined $ExternalIP;
314    
315     #DNS
316     my $IPAddress = $cdb->get('InternalInterface')->prop('IPAddress');
317    @@ -250,8 +254,6 @@
318     AllowedIPs = $allowedips
319     Endpoint = $ExternalIP:$Port
320     ";
321    -# we could add a DNS field in [Interface]
322    -# DNS = 1.1.1.1, 1.0.0.1
323    
324     print "<br><textarea cols='70' rows='10'>$fulltext </textarea>";
325    
326    @@ -476,7 +478,7 @@
327                 $fm->error('ERROR_OCCURED','FIRST_PAGE');
328                 return undef;
329             }
330    -        unless (system ("/sbin/e-smith/signal-event", "wireguard-client-remove") == 0 ){
331    +        unless (system ("/sbin/e-smith/signal-event", "wireguard-user-delete") == 0 ){
332                 $fm->error('ERROR_OCCURED','FIRST_PAGE');
333                 return undef;
334             }
335    @@ -539,4 +541,73 @@
336     }
337    
338    
339    +
340    +sub get_internet_ip_address {
341    +  #we could use DNS to do this faster but some provider will block DNS
342    +  #dig +short myip.opendns.com @resolver1.opendns.com
343    +  #also resolver1.opendns.com resolver2.opendns.com resolver3.opendns.com
344    +  #here a list of available site with https
345    +  use Net::DNS;
346    +  use LWP::Simple;
347    +  my $timeout=1;
348    +
349    +  my @httpslist=qw(
350    +checkip.amazonaws.com
351    +myexternalip.com/raw
352    +ifconfig.me/
353    +icanhazip.com/
354    +ident.me/
355    +tnx.nl/ip
356    +ipecho.net/plain
357    +wgetip.com/
358    +ip.tyk.nu/
359    +bot.whatismyipaddress.com/
360    +ipof.in/txt
361    +l2.io/ip
362    +eth0.me/ );
363    +  my @dns = (
364    +        ['myip.opendns.com', 'resolver1.opendns.com', 'A'],
365    +        ['myip.opendns.com', 'resolver2.opendns.com', 'A'],
366    +        ['myip.opendns.com', 'resolver3.opendns.com', 'A'],
367    +        ['myip.opendns.com', 'resolver4.opendns.com', 'A'],
368    +        ['whoami.akamai.net', 'ns1-1.akamaitech.net', 'A'],
369    +        ['o-o.myaddr.l.google.com', 'ns1.google.com', 'TXT']
370    +
371    +  );
372    +  my $ip;
373    +
374    +  #foreach my $i ( 0 .. $#dns) {
375    +  # dns calls; test only one random...
376    +  my $i = rand(@httpslist);
377    +  my $res   = Net::DNS::Resolver->new(
378    +        nameservers => [ $dns[$i][1] ],
379    +        udp_timeout => $timeout,
380    +        tcp_timeout => $timeout
381    +  );
382    +  my $reply = $res->search($dns[$i][0], $dns[$i][2]);
383    +  if ($reply) {
384    +    foreach my $rr ($reply->answer) {
385    +        $ip= $rr->txtdata if $rr->can("txtdata");
386    +        $ip= $rr->address if $rr->can("address");
387    +       return $ip if $ip =~ /(\d+\.\d+\.\d+\.\d+)/;
388    +    }
389    +  } else {
390    +    warn "query failed: ", $res->errorstring, "\n";
391    +  }
392    +  #}
393    +
394    +  # https calls
395    +  my $ii=0;
396    +  my $service;
397    +  while ( $ii <5 ) {
398    +    $service=$httpslist[rand(@httpslist)];
399    +    $ip = (get "https://$service" );
400    +    chomp $ip;
401    +    $ii++;
402    +    last if $ip =~ /(\d+\.\d+\.\d+\.\d+)/;
403    +  }
404    +  return $ip;
405    +}
406    +
407    +
408     1;
409    diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm
410    --- smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm   2021-11-03 14:18:15.780000000 -0400
411    +++ smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm       2021-11-03 14:18:39.640000000 -0400
412    @@ -234,9 +234,8 @@
413     #here we guess wan IP
414     # are we server-gateway mode ? so external lan, should do
415     # else we should guess from an external service
416    -#my $internet_ip_address = get_internet_ip_address();
417     my $ExternalIP = $cdb->get('ExternalInterface')->prop('IPAddress');
418    -$ExternalIP=get_internet_ip_address() unless defined $ExternalIP;
419    +$ExternalIP = get_internet_ip_address() unless defined $ExternalIP;
420    
421     #DNS
422     my $IPAddress = $cdb->get('InternalInterface')->prop('IPAddress');
423    @@ -589,6 +588,8 @@
424         foreach my $rr ($reply->answer) {
425             $ip= $rr->txtdata if $rr->can("txtdata");
426             $ip= $rr->address if $rr->can("address");
427    +       # untaint, dns output is tainted
428    +       ($ip) = $ip =~ /(\d+\.\d+\.\d+\.\d+)/;
429            return $ip if $ip =~ /(\d+\.\d+\.\d+\.\d+)/;
430         }
431       } else {
432    @@ -606,8 +607,9 @@
433         $ii++;
434         last if $ip =~ /(\d+\.\d+\.\d+\.\d+)/;
435       }
436    +  # not needed but in case, untaint
437    +  ($ip) = $ip =~ /(\d+\.\d+\.\d+\.\d+)/;
438       return $ip;
439     }
440    
441    -
442     1;

Legend:
Removed lines/characters  
Changed lines/characters
  Added lines/characters
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed