smeserver-wireguard/contribs10/smeserver-wireguard-1.0-bz11771-Delete-previous-network-records-when-server-ip-updated-validate-server-ip.patch

diff -urN smeserver-wireguard-1.0.old/root/etc/e-smith/events/actions/wireguard-network smeserver-wireguard-1.0/root/etc/e-smith/events/actions/wireguard-network
--- smeserver-wireguard-1.0.old/root/etc/e-smith/events/actions/wireguard-network       2021-10-27 04:15:11.000000000 +0100
+++ smeserver-wireguard-1.0/root/etc/e-smith/events/actions/wireguard-network   2021-11-24 10:54:47.552659023 +0000
@@ -24,6 +24,12 @@
 my $ip = $block->base;
 my $mask = $block->mask;
 
+#First delete any already there.
+my @wg = $netdb->get_all_by_prop(Wireguard=>"wg0");
+foreach my $netwg (@wg) {
+       $netwg->delete();
+}
+# and then create one from the wireguard server ip
 my $iswg=$netdb->get($ip);
 unless ($iswg) {
   $netdb->new_record("$ip",{   type => "network", 
@@ -35,4 +41,3 @@
   exit;
 }
 
-
diff -urN smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm
--- smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm   2021-11-24 09:43:05.057196197 +0000
+++ smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm       2021-11-25 09:18:50.980936582 +0000
@@ -441,13 +441,18 @@
                 );
 
     $cdb->get('wg-quick@wg0')->merge_props(%props)
-        or $msg = "Error occurred while modifying pseudonym in database.";
-
-    # Untaint before use in system()
-    ($ip) = ($ip =~ /(\d+\.+\d+\.+\d+\.+\d+\.+\/\d+\.+)/);
-    system( "/sbin/e-smith/signal-event", "wireguard-conf-modify", "$ip",)
-        == 0 or $msg = "Error occurred while modifying wireguard conf.";
+        or $msg = "Error occurred while modifying server details.";
 
+       # Test Ip is inside CIDR
+    if (!test_for_private_ip($ip,$mask)) {$msg = "IP must be in private range";}
+    #else {$msg = "Ip is inside range $ip / $mask";}
+    
+    unless ($msg eq "OK"){
+               # Untaint before use in system()
+               ($ip) = ($ip =~ /(\d+\.+\d+\.+\d+\.+\d+\.+\/\d+\.+)/);
+               system( "/sbin/e-smith/signal-event", "wireguard-conf-modify", "$ip",)
+                       == 0 or $msg = "Error occurred while modifying wireguard conf.";
+    }
     if ($msg eq "OK")
     {
         $q->delete('ip');
@@ -612,4 +617,15 @@
   return $ip;
 }
 
+sub test_for_private_ip {
+     use NetAddr::IP;
+     $_ = shift;
+     my $mask = shift;
+     return unless /(\d+\.\d+\.\d+\.\d+)/;
+     my $iprange = NetAddr::IP->new($1,"$mask");
+     return unless $iprange;    
+     return ($iprange->first()->is_rfc1918() and  $iprange->last()->is_rfc1918());
+}
+
+
 1;
1	diff -urN smeserver-wireguard-1.0.old/root/etc/e-smith/events/actions/wireguard-network smeserver-wireguard-1.0/root/etc/e-smith/events/actions/wireguard-network
2	--- smeserver-wireguard-1.0.old/root/etc/e-smith/events/actions/wireguard-network 2021-10-27 04:15:11.000000000 +0100
3	+++ smeserver-wireguard-1.0/root/etc/e-smith/events/actions/wireguard-network 2021-11-24 10:54:47.552659023 +0000
4	@@ -24,6 +24,12 @@
5	my $ip = $block->base;
6	my $mask = $block->mask;
7
8	+#First delete any already there.
9	+my @wg = $netdb->get_all_by_prop(Wireguard=>"wg0");
10	+foreach my $netwg (@wg) {
11	+ $netwg->delete();
12	+}
13	+# and then create one from the wireguard server ip
14	my $iswg=$netdb->get($ip);
15	unless ($iswg) {
16	$netdb->new_record("$ip",{ type => "network",
17	@@ -35,4 +41,3 @@
18	exit;
19	}
20
21	-
22	diff -urN smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm
23	--- smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm 2021-11-24 09:43:05.057196197 +0000
24	+++ smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm 2021-11-25 09:18:50.980936582 +0000
25	@@ -441,13 +441,18 @@
26	);
27
28	$cdb->get('wg-quick@wg0')->merge_props(%props)
29	- or $msg = "Error occurred while modifying pseudonym in database.";
30	-
31	- # Untaint before use in system()
32	- ($ip) = ($ip =~ /(\d+\.+\d+\.+\d+\.+\d+\.+\/\d+\.+)/);
33	- system( "/sbin/e-smith/signal-event", "wireguard-conf-modify", "$ip",)
34	- == 0 or $msg = "Error occurred while modifying wireguard conf.";
35	+ or $msg = "Error occurred while modifying server details.";
36
37	+ # Test Ip is inside CIDR
38	+ if (!test_for_private_ip($ip,$mask)) {$msg = "IP must be in private range";}
39	+ #else {$msg = "Ip is inside range $ip / $mask";}
40	+
41	+ unless ($msg eq "OK"){
42	+ # Untaint before use in system()
43	+ ($ip) = ($ip =~ /(\d+\.+\d+\.+\d+\.+\d+\.+\/\d+\.+)/);
44	+ system( "/sbin/e-smith/signal-event", "wireguard-conf-modify", "$ip",)
45	+ == 0 or $msg = "Error occurred while modifying wireguard conf.";
46	+ }
47	if ($msg eq "OK")
48	{
49	$q->delete('ip');
50	@@ -612,4 +617,15 @@
51	return $ip;
52	}
53
54	+sub test_for_private_ip {
55	+ use NetAddr::IP;
56	+ $_ = shift;
57	+ my $mask = shift;
58	+ return unless /(\d+\.\d+\.\d+\.\d+)/;
59	+ my $iprange = NetAddr::IP->new($1,"$mask");
60	+ return unless $iprange;
61	+ return ($iprange->first()->is_rfc1918() and $iprange->last()->is_rfc1918());
62	+}
63	+
64	+
65	1;