1 |
diff -Nur --no-dereference smeserver-wireguard-1.0.old/createlink smeserver-wireguard-1.0/createlink |
2 |
--- smeserver-wireguard-1.0.old/createlink 2022-05-29 02:43:17.319000000 -0400 |
3 |
+++ smeserver-wireguard-1.0/createlink 2022-05-29 02:46:12.907000000 -0400 |
4 |
@@ -24,7 +24,7 @@ |
5 |
masq restart |
6 |
wg-quick@wg0 restart |
7 |
)); |
8 |
-event_link("wireguard-network", $event, "30"); |
9 |
+event_link("wireguard-network", $event, "04"); |
10 |
templates2events("/etc/systemd/system-preset/49-koozali.preset", $event); |
11 |
event_link("systemd-reload", $event, "89"); |
12 |
event_link("systemd-default", $event, "88"); |
13 |
@@ -41,7 +41,7 @@ |
14 |
masq restart |
15 |
wg-quick@wg0 restart |
16 |
)); |
17 |
-event_link("wireguard-network", $event, "30"); |
18 |
+event_link("wireguard-network", $event, "04"); |
19 |
|
20 |
#wireguard-user-modify |
21 |
$event="wireguard-user-modify"; |
22 |
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/events/actions/wireguard-network smeserver-wireguard-1.0/root/etc/e-smith/events/actions/wireguard-network |
23 |
--- smeserver-wireguard-1.0.old/root/etc/e-smith/events/actions/wireguard-network 2022-05-29 02:43:17.315000000 -0400 |
24 |
+++ smeserver-wireguard-1.0/root/etc/e-smith/events/actions/wireguard-network 2022-05-29 02:44:49.245000000 -0400 |
25 |
@@ -8,8 +8,9 @@ |
26 |
use esmith::AccountsDB; |
27 |
use NetAddr::IP; |
28 |
use Net::Netmask; |
29 |
+use NetAddr::IP; |
30 |
|
31 |
-my $conf = esmith::ConfigDB->open_ro; |
32 |
+my $conf = esmith::ConfigDB->open; |
33 |
my $netdb = esmith::ConfigDB->open('networks'); |
34 |
my $accounts = esmith::AccountsDB->open; |
35 |
esmith::ConfigDB->create('/home/e-smith/db/wireguard') unless (-f '/home/e-smith/db/wireguard'); |
36 |
@@ -24,14 +25,50 @@ |
37 |
my $ip = $block->base; |
38 |
my $mask = $block->mask; |
39 |
|
40 |
+#count clients |
41 |
+my @client = $wg->get_all_by_prop(type=>"wg0"); |
42 |
+my $clients = scalar @client; |
43 |
+ |
44 |
+#check is_rfc1918 |
45 |
+#if yes proceed |
46 |
+my $skipme = 0; |
47 |
+my $rfc=NetAddr::IP->new($wgip,$wgmask); |
48 |
+unless ( $rfc->is_rfc1918() ) { |
49 |
+ if ($clients == 0 ) { |
50 |
+ #if not and no clients make it compliant 172.16.0.1/22 as default |
51 |
+ my $minimum=16; |
52 |
+ my $maximum=32; |
53 |
+ my $x = $minimum + int(rand($maximum - $minimum)); |
54 |
+ warn("$wgip/$wgmask is not considered as a LAN addressing, set default to 172.$x.0.1/22"); |
55 |
+ $wgip="172.$x.0.1";$wgmask="22"; |
56 |
+ $wg0->set_prop('ip',$wgip); $wg0->set_prop('mask',$wgmask); |
57 |
+ $block = Net::Netmask->new("$wgip/$wgmask", shortnet => 1); |
58 |
+ $ip = $block->base; |
59 |
+ $mask = $block->mask; |
60 |
+ } |
61 |
+ else { |
62 |
+ #if not and clients configured, disable service delete network |
63 |
+ warn("$wgip/$wgmask is not considered as a LAN addressing, adding this network to SME trusted network could allow email relaying. Disabling service."); |
64 |
+ warn("Please remove configured client and start your configuration from scratch"); |
65 |
+ $wg0->set_prop('status','disabled'); |
66 |
+ $skipme=1; $ip="nop"; |
67 |
+ } |
68 |
+} |
69 |
+ |
70 |
+#if yes proceed |
71 |
+#if not and no clients make it compliant 172.16.0.1/22 as default |
72 |
+#if not and clients configured, disable service delete network |
73 |
+ |
74 |
#First delete any already there. |
75 |
my @wg = $netdb->get_all_by_prop(Wireguard=>"wg0"); |
76 |
foreach my $netwg (@wg) { |
77 |
+ next if ($netwg->key eq $ip and $netwg->prop('Mask') eq $mask); |
78 |
+ print "delete " . $netwg->key; |
79 |
$netwg->delete(); |
80 |
} |
81 |
# and then create one from the wireguard server ip |
82 |
my $iswg=$netdb->get($ip); |
83 |
-unless ($iswg) { |
84 |
+unless ($iswg or $skipme == 1) { |
85 |
$netdb->new_record("$ip",{ type => "network", |
86 |
Mask => "$mask", |
87 |
Wireguard => "wg0", |
88 |
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm |
89 |
--- smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm 2022-05-29 02:43:17.320000000 -0400 |
90 |
+++ smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm 2022-05-29 02:44:49.471000000 -0400 |
91 |
@@ -447,14 +447,18 @@ |
92 |
,'status' => $status |
93 |
); |
94 |
|
95 |
+ # Test Ip is inside CIDR |
96 |
+ if (!test_for_private_ip($ip,$mask)) { |
97 |
+ $msg = "IP must be in private range"; |
98 |
+ $fm->error($msg);return; |
99 |
+ } |
100 |
+ |
101 |
+ |
102 |
$cdb->get('wg-quick@wg0')->merge_props(%props) |
103 |
or $msg = "Error occurred while modifying server details."; |
104 |
|
105 |
- # Test Ip is inside CIDR |
106 |
- if (!test_for_private_ip($ip,$mask)) {$msg = "IP must be in private range";} |
107 |
- #else {$msg = "Ip is inside range $ip / $mask";} |
108 |
|
109 |
- unless ($msg eq "OK"){ |
110 |
+ if ($msg eq "OK"){ |
111 |
# Untaint before use in system() |
112 |
($ip) = ($ip =~ /(\d+\.+\d+\.+\d+\.+\d+\.+\/\d+\.+)/); |
113 |
system( "/sbin/e-smith/signal-event", "wireguard-conf-modify", "$ip",) |
114 |
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/usr/share/smanager/lib/SrvMngr/Controller/Wireguard.pm smeserver-wireguard-1.0/root/usr/share/smanager/lib/SrvMngr/Controller/Wireguard.pm |
115 |
--- smeserver-wireguard-1.0.old/root/usr/share/smanager/lib/SrvMngr/Controller/Wireguard.pm 2022-05-29 02:43:17.321000000 -0400 |
116 |
+++ smeserver-wireguard-1.0/root/usr/share/smanager/lib/SrvMngr/Controller/Wireguard.pm 2022-05-29 02:51:31.997000000 -0400 |
117 |
@@ -345,14 +345,17 @@ |
118 |
,'status' => $status |
119 |
); |
120 |
|
121 |
+ # Test Ip is inside CIDR |
122 |
+ if (!test_for_private_ip($ip,$mask)) { |
123 |
+ $msg = "IP must be in private range"; |
124 |
+ $fm->error($msg);return; |
125 |
+ } |
126 |
+ |
127 |
$cdb->get('wg-quick@wg0')->merge_props(%props) |
128 |
or $msg = "Error occurred while modifying server details."; |
129 |
|
130 |
- # Test Ip is inside CIDR |
131 |
- if ( ! test_for_private_ip( $ip,$mask ) ) { $msg = "IP must be in private range"; } |
132 |
- #else {$msg = "Ip is inside range $ip / $mask";} |
133 |
|
134 |
- unless ($msg eq "OK"){ |
135 |
+ if ($msg eq "OK"){ |
136 |
# Untaint before use in system() |
137 |
($ip) = ($ip =~ /(\d+\.+\d+\.+\d+\.+\d+\.+\/\d+\.+)/); |
138 |
system( "/sbin/e-smith/signal-event", "wireguard-conf-modify", "$ip",) |