/[smecontribs]/rpms/smeserver-wireguard/contribs10/smeserver-wireguard-1.0-bz11771-more-network-check.patch
ViewVC logotype

Contents of /rpms/smeserver-wireguard/contribs10/smeserver-wireguard-1.0-bz11771-more-network-check.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Sun May 29 06:53:32 2022 UTC (2 years, 5 months ago) by jpp
Branch: MAIN
CVS Tags: smeserver-wireguard-1_0-19_el7_sme, smeserver-wireguard-1_0-17_el7_sme, smeserver-wireguard-1_0-16_el7_sme, smeserver-wireguard-1_0-20_el7_sme, smeserver-wireguard-1_0-18_el7_sme, HEAD
* Sun May 29 2022 Jean-Philippe Pialasse <tests@pialasse.com> 1.0-16.sme
- improve check and tidying for non local network type [SME: 11771]
  updated both legacy and new panel

1 diff -Nur --no-dereference smeserver-wireguard-1.0.old/createlink smeserver-wireguard-1.0/createlink
2 --- smeserver-wireguard-1.0.old/createlink 2022-05-29 02:43:17.319000000 -0400
3 +++ smeserver-wireguard-1.0/createlink 2022-05-29 02:46:12.907000000 -0400
4 @@ -24,7 +24,7 @@
5 masq restart
6 wg-quick@wg0 restart
7 ));
8 -event_link("wireguard-network", $event, "30");
9 +event_link("wireguard-network", $event, "04");
10 templates2events("/etc/systemd/system-preset/49-koozali.preset", $event);
11 event_link("systemd-reload", $event, "89");
12 event_link("systemd-default", $event, "88");
13 @@ -41,7 +41,7 @@
14 masq restart
15 wg-quick@wg0 restart
16 ));
17 -event_link("wireguard-network", $event, "30");
18 +event_link("wireguard-network", $event, "04");
19
20 #wireguard-user-modify
21 $event="wireguard-user-modify";
22 diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/events/actions/wireguard-network smeserver-wireguard-1.0/root/etc/e-smith/events/actions/wireguard-network
23 --- smeserver-wireguard-1.0.old/root/etc/e-smith/events/actions/wireguard-network 2022-05-29 02:43:17.315000000 -0400
24 +++ smeserver-wireguard-1.0/root/etc/e-smith/events/actions/wireguard-network 2022-05-29 02:44:49.245000000 -0400
25 @@ -8,8 +8,9 @@
26 use esmith::AccountsDB;
27 use NetAddr::IP;
28 use Net::Netmask;
29 +use NetAddr::IP;
30
31 -my $conf = esmith::ConfigDB->open_ro;
32 +my $conf = esmith::ConfigDB->open;
33 my $netdb = esmith::ConfigDB->open('networks');
34 my $accounts = esmith::AccountsDB->open;
35 esmith::ConfigDB->create('/home/e-smith/db/wireguard') unless (-f '/home/e-smith/db/wireguard');
36 @@ -24,14 +25,50 @@
37 my $ip = $block->base;
38 my $mask = $block->mask;
39
40 +#count clients
41 +my @client = $wg->get_all_by_prop(type=>"wg0");
42 +my $clients = scalar @client;
43 +
44 +#check is_rfc1918
45 +#if yes proceed
46 +my $skipme = 0;
47 +my $rfc=NetAddr::IP->new($wgip,$wgmask);
48 +unless ( $rfc->is_rfc1918() ) {
49 + if ($clients == 0 ) {
50 + #if not and no clients make it compliant 172.16.0.1/22 as default
51 + my $minimum=16;
52 + my $maximum=32;
53 + my $x = $minimum + int(rand($maximum - $minimum));
54 + warn("$wgip/$wgmask is not considered as a LAN addressing, set default to 172.$x.0.1/22");
55 + $wgip="172.$x.0.1";$wgmask="22";
56 + $wg0->set_prop('ip',$wgip); $wg0->set_prop('mask',$wgmask);
57 + $block = Net::Netmask->new("$wgip/$wgmask", shortnet => 1);
58 + $ip = $block->base;
59 + $mask = $block->mask;
60 + }
61 + else {
62 + #if not and clients configured, disable service delete network
63 + warn("$wgip/$wgmask is not considered as a LAN addressing, adding this network to SME trusted network could allow email relaying. Disabling service.");
64 + warn("Please remove configured client and start your configuration from scratch");
65 + $wg0->set_prop('status','disabled');
66 + $skipme=1; $ip="nop";
67 + }
68 +}
69 +
70 +#if yes proceed
71 +#if not and no clients make it compliant 172.16.0.1/22 as default
72 +#if not and clients configured, disable service delete network
73 +
74 #First delete any already there.
75 my @wg = $netdb->get_all_by_prop(Wireguard=>"wg0");
76 foreach my $netwg (@wg) {
77 + next if ($netwg->key eq $ip and $netwg->prop('Mask') eq $mask);
78 + print "delete " . $netwg->key;
79 $netwg->delete();
80 }
81 # and then create one from the wireguard server ip
82 my $iswg=$netdb->get($ip);
83 -unless ($iswg) {
84 +unless ($iswg or $skipme == 1) {
85 $netdb->new_record("$ip",{ type => "network",
86 Mask => "$mask",
87 Wireguard => "wg0",
88 diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm
89 --- smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm 2022-05-29 02:43:17.320000000 -0400
90 +++ smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm 2022-05-29 02:44:49.471000000 -0400
91 @@ -447,14 +447,18 @@
92 ,'status' => $status
93 );
94
95 + # Test Ip is inside CIDR
96 + if (!test_for_private_ip($ip,$mask)) {
97 + $msg = "IP must be in private range";
98 + $fm->error($msg);return;
99 + }
100 +
101 +
102 $cdb->get('wg-quick@wg0')->merge_props(%props)
103 or $msg = "Error occurred while modifying server details.";
104
105 - # Test Ip is inside CIDR
106 - if (!test_for_private_ip($ip,$mask)) {$msg = "IP must be in private range";}
107 - #else {$msg = "Ip is inside range $ip / $mask";}
108
109 - unless ($msg eq "OK"){
110 + if ($msg eq "OK"){
111 # Untaint before use in system()
112 ($ip) = ($ip =~ /(\d+\.+\d+\.+\d+\.+\d+\.+\/\d+\.+)/);
113 system( "/sbin/e-smith/signal-event", "wireguard-conf-modify", "$ip",)
114 diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/usr/share/smanager/lib/SrvMngr/Controller/Wireguard.pm smeserver-wireguard-1.0/root/usr/share/smanager/lib/SrvMngr/Controller/Wireguard.pm
115 --- smeserver-wireguard-1.0.old/root/usr/share/smanager/lib/SrvMngr/Controller/Wireguard.pm 2022-05-29 02:43:17.321000000 -0400
116 +++ smeserver-wireguard-1.0/root/usr/share/smanager/lib/SrvMngr/Controller/Wireguard.pm 2022-05-29 02:51:31.997000000 -0400
117 @@ -345,14 +345,17 @@
118 ,'status' => $status
119 );
120
121 + # Test Ip is inside CIDR
122 + if (!test_for_private_ip($ip,$mask)) {
123 + $msg = "IP must be in private range";
124 + $fm->error($msg);return;
125 + }
126 +
127 $cdb->get('wg-quick@wg0')->merge_props(%props)
128 or $msg = "Error occurred while modifying server details.";
129
130 - # Test Ip is inside CIDR
131 - if ( ! test_for_private_ip( $ip,$mask ) ) { $msg = "IP must be in private range"; }
132 - #else {$msg = "Ip is inside range $ip / $mask";}
133
134 - unless ($msg eq "OK"){
135 + if ($msg eq "OK"){
136 # Untaint before use in system()
137 ($ip) = ($ip =~ /(\d+\.+\d+\.+\d+\.+\d+\.+\/\d+\.+)/);
138 system( "/sbin/e-smith/signal-event", "wireguard-conf-modify", "$ip",)

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed