/[smecontribs]/rpms/smeserver-wireguard/contribs10/smeserver-wireguard-1.0-bz11771-more-network-check.patch
ViewVC logotype

Annotation of /rpms/smeserver-wireguard/contribs10/smeserver-wireguard-1.0-bz11771-more-network-check.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (hide annotations) (download)
Sun May 29 06:53:32 2022 UTC (2 years, 1 month ago) by jpp
Branch: MAIN
CVS Tags: smeserver-wireguard-1_0-19_el7_sme, smeserver-wireguard-1_0-17_el7_sme, smeserver-wireguard-1_0-18_el7_sme, smeserver-wireguard-1_0-16_el7_sme, HEAD 
* Sun May 29 2022 Jean-Philippe Pialasse <tests@pialasse.com> 1.0-16.sme
- improve check and tidying for non local network type [SME: 11771]
  updated both legacy and new panel
1 jpp 1.1 diff -Nur --no-dereference smeserver-wireguard-1.0.old/createlink smeserver-wireguard-1.0/createlink
2     --- smeserver-wireguard-1.0.old/createlink 2022-05-29 02:43:17.319000000 -0400
3     +++ smeserver-wireguard-1.0/createlink 2022-05-29 02:46:12.907000000 -0400
4     @@ -24,7 +24,7 @@
5     masq restart
6     wg-quick@wg0 restart
7     ));
8     -event_link("wireguard-network", $event, "30");
9     +event_link("wireguard-network", $event, "04");
10     templates2events("/etc/systemd/system-preset/49-koozali.preset", $event);
11     event_link("systemd-reload", $event, "89");
12     event_link("systemd-default", $event, "88");
13     @@ -41,7 +41,7 @@
14     masq restart
15     wg-quick@wg0 restart
16     ));
17     -event_link("wireguard-network", $event, "30");
18     +event_link("wireguard-network", $event, "04");
19    
20     #wireguard-user-modify
21     $event="wireguard-user-modify";
22     diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/events/actions/wireguard-network smeserver-wireguard-1.0/root/etc/e-smith/events/actions/wireguard-network
23     --- smeserver-wireguard-1.0.old/root/etc/e-smith/events/actions/wireguard-network 2022-05-29 02:43:17.315000000 -0400
24     +++ smeserver-wireguard-1.0/root/etc/e-smith/events/actions/wireguard-network 2022-05-29 02:44:49.245000000 -0400
25     @@ -8,8 +8,9 @@
26     use esmith::AccountsDB;
27     use NetAddr::IP;
28     use Net::Netmask;
29     +use NetAddr::IP;
30    
31     -my $conf = esmith::ConfigDB->open_ro;
32     +my $conf = esmith::ConfigDB->open;
33     my $netdb = esmith::ConfigDB->open('networks');
34     my $accounts = esmith::AccountsDB->open;
35     esmith::ConfigDB->create('/home/e-smith/db/wireguard') unless (-f '/home/e-smith/db/wireguard');
36     @@ -24,14 +25,50 @@
37     my $ip = $block->base;
38     my $mask = $block->mask;
39    
40     +#count clients
41     +my @client = $wg->get_all_by_prop(type=>"wg0");
42     +my $clients = scalar @client;
43     +
44     +#check is_rfc1918
45     +#if yes proceed
46     +my $skipme = 0;
47     +my $rfc=NetAddr::IP->new($wgip,$wgmask);
48     +unless ( $rfc->is_rfc1918() ) {
49     + if ($clients == 0 ) {
50     + #if not and no clients make it compliant 172.16.0.1/22 as default
51     + my $minimum=16;
52     + my $maximum=32;
53     + my $x = $minimum + int(rand($maximum - $minimum));
54     + warn("$wgip/$wgmask is not considered as a LAN addressing, set default to 172.$x.0.1/22");
55     + $wgip="172.$x.0.1";$wgmask="22";
56     + $wg0->set_prop('ip',$wgip); $wg0->set_prop('mask',$wgmask);
57     + $block = Net::Netmask->new("$wgip/$wgmask", shortnet => 1);
58     + $ip = $block->base;
59     + $mask = $block->mask;
60     + }
61     + else {
62     + #if not and clients configured, disable service delete network
63     + warn("$wgip/$wgmask is not considered as a LAN addressing, adding this network to SME trusted network could allow email relaying. Disabling service.");
64     + warn("Please remove configured client and start your configuration from scratch");
65     + $wg0->set_prop('status','disabled');
66     + $skipme=1; $ip="nop";
67     + }
68     +}
69     +
70     +#if yes proceed
71     +#if not and no clients make it compliant 172.16.0.1/22 as default
72     +#if not and clients configured, disable service delete network
73     +
74     #First delete any already there.
75     my @wg = $netdb->get_all_by_prop(Wireguard=>"wg0");
76     foreach my $netwg (@wg) {
77     + next if ($netwg->key eq $ip and $netwg->prop('Mask') eq $mask);
78     + print "delete " . $netwg->key;
79     $netwg->delete();
80     }
81     # and then create one from the wireguard server ip
82     my $iswg=$netdb->get($ip);
83     -unless ($iswg) {
84     +unless ($iswg or $skipme == 1) {
85     $netdb->new_record("$ip",{ type => "network",
86     Mask => "$mask",
87     Wireguard => "wg0",
88     diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm
89     --- smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm 2022-05-29 02:43:17.320000000 -0400
90     +++ smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm 2022-05-29 02:44:49.471000000 -0400
91     @@ -447,14 +447,18 @@
92     ,'status' => $status
93     );
94    
95     + # Test Ip is inside CIDR
96     + if (!test_for_private_ip($ip,$mask)) {
97     + $msg = "IP must be in private range";
98     + $fm->error($msg);return;
99     + }
100     +
101     +
102     $cdb->get('wg-quick@wg0')->merge_props(%props)
103     or $msg = "Error occurred while modifying server details.";
104    
105     - # Test Ip is inside CIDR
106     - if (!test_for_private_ip($ip,$mask)) {$msg = "IP must be in private range";}
107     - #else {$msg = "Ip is inside range $ip / $mask";}
108    
109     - unless ($msg eq "OK"){
110     + if ($msg eq "OK"){
111     # Untaint before use in system()
112     ($ip) = ($ip =~ /(\d+\.+\d+\.+\d+\.+\d+\.+\/\d+\.+)/);
113     system( "/sbin/e-smith/signal-event", "wireguard-conf-modify", "$ip",)
114     diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/usr/share/smanager/lib/SrvMngr/Controller/Wireguard.pm smeserver-wireguard-1.0/root/usr/share/smanager/lib/SrvMngr/Controller/Wireguard.pm
115     --- smeserver-wireguard-1.0.old/root/usr/share/smanager/lib/SrvMngr/Controller/Wireguard.pm 2022-05-29 02:43:17.321000000 -0400
116     +++ smeserver-wireguard-1.0/root/usr/share/smanager/lib/SrvMngr/Controller/Wireguard.pm 2022-05-29 02:51:31.997000000 -0400
117     @@ -345,14 +345,17 @@
118     ,'status' => $status
119     );
120    
121     + # Test Ip is inside CIDR
122     + if (!test_for_private_ip($ip,$mask)) {
123     + $msg = "IP must be in private range";
124     + $fm->error($msg);return;
125     + }
126     +
127     $cdb->get('wg-quick@wg0')->merge_props(%props)
128     or $msg = "Error occurred while modifying server details.";
129    
130     - # Test Ip is inside CIDR
131     - if ( ! test_for_private_ip( $ip,$mask ) ) { $msg = "IP must be in private range"; }
132     - #else {$msg = "Ip is inside range $ip / $mask";}
133    
134     - unless ($msg eq "OK"){
135     + if ($msg eq "OK"){
136     # Untaint before use in system()
137     ($ip) = ($ip =~ /(\d+\.+\d+\.+\d+\.+\d+\.+\/\d+\.+)/);
138     system( "/sbin/e-smith/signal-event", "wireguard-conf-modify", "$ip",)
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed