Skip to content

Commit

Permalink
Devel (#120)
Browse files Browse the repository at this point in the history
* back merge main onto devel (#94)

* Update main to latest (#77)

* Updated pkg-plist

* Makefile fix

* Experimenting with wireguard service

* Update README.md

Co-authored-by: vajonam <[email protected]>
Co-authored-by: Manojav Sridhar <[email protected]>

* docs: add theonemcdonald as a contributor (#84)

* docs: update README.md [skip ci]

* docs: create .all-contributorsrc [skip ci]

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>

* Update README.md

* Update README.md

* Update .all-contributorsrc

* Update .all-contributorsrc

* Update README.md

* Update README.md

* Update Makefile

* Cleanup

* Cleanup

* Clean upload of v0.1.2

* Create FUNDING.yml

* Add files via upload

Co-authored-by: vajonam <[email protected]>
Co-authored-by: Manojav Sridhar <[email protected]>
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>

* Clean ups

* Syntax

* Updated README

* Improve input error clarity

* Syntax

* More syntax

* Fix missing address, allowedip fields after tunnel or peer input errors

* Reorganized peer post validation

* Reorder all input errors to be consistent with UI order

* Fix input being flushed on peer validation error

* Fix

* Test

* Fix #98

* Also Fix #98

* v0.1.3 will be reserved for the next PR with Netgate

* Further fixes #98

* More fixes for #98...

* Removed exit() while working on #98

* Refactor wg_generate_tunnel_address_popover_link for readability

* Working on guiconfig cleaning

* Should fix #99

* Fix variable #99

* Fix re-saving unchanged tunnel or peer

* Fix broke status icon

* Back out some boiler plate code

* Relocate pf reload trigger on tunnel sync

* Test

* Fixes some php errors on newer PHP versions

* this has to be absolute apparently

* Can't redeclare this

* wg_clamp_key and wg_is_key_clamped functions

* wg_gen_publickey now detects if a privkey was clamped or not

* fix wg_gen_keypair to correctly consume new gen_publickey

* Bump net/wireguard-kmod to 0.0.20210606

* Fix some logic in new functioons

* syntax

* Clamp private keys on UI

* Don't block unclamped private keys in the UI

* Validate pre-shared key

* Missed a call that needs tweaking

* Slight cleanup

* Candidate 0.1.3 build for Netgate PR

* Small bump

* Tweak subsystem names

* Testing

* Add some comments to .conf files for the curious

* Add some useful debug bits to .conf files

* Testing extra services restart on apply

* We are now going to restart extra services (currently dpinger and unbound) on config apply (in addition to service restart)

* Bump v0.1.2_5

* Enable data-sortable on relevant tables

* Missed a table

* Peers should become unassigned when their tunnel is deleted

* allowedips needs to be an array even when empty

* Implement package apply conf on tunnels_edit.php

* Tweaks to form post handling

* Syntax

* Private and PSKs are now hidden by default

* Syntax

* sortable tables doesn't play nicely with popovers, will revisit in the future

* Slight UI tweaks

* syntax

* Improve sync logic

* Test

* Testing

* Implement conf file downloads from UI

* Fixed incorrect tunnel name variable

* Bump 0.1.2_6

* Testing

* fix plist

* Add timestamp to conf download

* Typo

* "

* Working on DNS race

* Syntax

* Working on DNS

* Syntax

* MVCd the settings page

* Syntax

* syntax

* More DNS work

* More DNS work

* Playing with DNS bits

* DNS testing

* More DNS work

* Working on DNS improvements

* Resync pakage on post

* DNS work

* A bit more DNS work

* DNS Testing

* DNS work

* Final DNS work

* Some  backend rewrites

* Cleanups

* Some more work

* Tweaks

* Fixed some variables

* Fix variable

* Work

* Testing some refactoring

* Fix some GUI stuff after refactor

* Fixes from refactoring

* Fix typo

* Typo fix

* Fix bug

* Fix gui bug

* This should be count() not max()

* Working on bug

* apply_list_add can now accept both single string or an array of strings

* Support for marking multiple tunnels for resync (needed for moving peers between tunnels)

* Fixed flipped params

* Convert to [ ] for destructuring arrays

Co-authored-by: vajonam <[email protected]>
Co-authored-by: Manojav Sridhar <[email protected]>
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
  • Loading branch information
4 people authored Jun 21, 2021
1 parent 7791bb5 commit 3f9f260
Show file tree
Hide file tree
Showing 9 changed files with 49 additions and 70 deletions.
72 changes: 30 additions & 42 deletions net/pfSense-pkg-WireGuard/files/usr/local/pkg/wireguard/wg.inc
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ function wg_toggle_tunnel($tunnel_name) {

$input_errors = array();

if (list($tun_idx, $tunnel, $is_new) = wg_tunnel_get_config_by_name($tunnel_name)) {
if ([$tun_idx, $tunnel, $is_new] = wg_tunnel_get_config_by_name($tunnel_name)) {

$enabled = ($tunnel['enabled'] == 'yes');

Expand Down Expand Up @@ -77,13 +77,13 @@ function wg_toggle_tunnel($tunnel_name) {
$changes = true;

// What tunnel would we need to sync to apply these changes?
$tun_to_sync = $tunnel['name'];
$tuns_to_sync[] = $tunnel['name'];

}

}

return array('input_errors' => $input_errors, 'changes' => $changes, 'tun_to_sync' => $tun_to_sync);
return array('input_errors' => $input_errors, 'changes' => $changes, 'tuns_to_sync' => $tuns_to_sync);

}

Expand All @@ -101,7 +101,7 @@ function wg_toggle_peer($peer_idx) {

$input_errors = array();

if (list($peer_idx, $peer, $is_new) = wg_peer_get_config($peer_idx)) {
if ([$peer_idx, $peer, $is_new] = wg_peer_get_config($peer_idx)) {

$enabled = ($peer['enabled'] == 'yes');

Expand All @@ -126,15 +126,15 @@ function wg_toggle_peer($peer_idx) {
$changes = true;

// What tunnel would we need to sync to apply these changes?
$tun_to_sync = $peer['tun'];
$tuns_to_sync[] = $peer['tun'];

}

}

}

return array('input_errors' => $input_errors, 'changes' => $changes, 'tun_to_sync' => $tun_to_sync);
return array('input_errors' => $input_errors, 'changes' => $changes, 'tuns_to_sync' => $tuns_to_sync);

}

Expand All @@ -151,7 +151,7 @@ function wg_delete_peer($peer_idx) {

$input_errors = array();

if (list($peer_idx, $peer, $is_new) = wg_peer_get_config($peer_idx)) {
if ([$peer_idx, $peer, $is_new] = wg_peer_get_config($peer_idx)) {

// Boilerplate...
if (empty($input_errors)) {
Expand All @@ -172,15 +172,15 @@ function wg_delete_peer($peer_idx) {
$changes = true;

// What tunnel would we need to sync to apply these changes?
$tun_to_sync = $peer['tun'];
$tuns_to_sync[] = $peer['tun'];

}

}

}

return array('input_errors' => $input_errors, 'changes' => $changes, 'tun_to_sync' => $tun_to_sync);
return array('input_errors' => $input_errors, 'changes' => $changes, 'tuns_to_sync' => $tuns_to_sync);

}

Expand All @@ -197,7 +197,7 @@ function wg_delete_tunnel($tunnel_name) {

$input_errors = array();

if (list($tun_idx, $tunnel, $is_new) = wg_tunnel_get_config_by_name($tunnel_name)) {
if ([$tun_idx, $tunnel, $is_new] = wg_tunnel_get_config_by_name($tunnel_name)) {

// We can't delete assigned tunnels
if (is_wg_tunnel_assigned($tunnel['name'])) {
Expand Down Expand Up @@ -226,13 +226,13 @@ function wg_delete_tunnel($tunnel_name) {
$changes = true;

// What tunnel would we need to sync to apply these changes?
$tun_to_sync = $tunnel['name'];
$tuns_to_sync[] = $tunnel['name'];

}

}

return array('input_errors' => $input_errors, 'changes' => $changes, 'tun_to_sync' => $tun_to_sync);
return array('input_errors' => $input_errors, 'changes' => $changes, 'tuns_to_sync' => $tuns_to_sync);

}

Expand All @@ -241,15 +241,14 @@ function wg_tunnel_unassign_peers($tunnel_name) {

wg_globals();

// Assume there is no peers to unassign...
$changes = false;

foreach (wg_tunnel_get_peers_config($tunnel_name) as $peer_config) {

list($peer_idx, $peer, $is_new) = $peer_config;
foreach (wg_tunnel_get_peers_config($tunnel_name) as [$peer_idx, $peer, $is_new]) {

$wgg['peers'][$peer_idx]['tun'] = 'unassigned';

// We need to sync with backend
// We've got at least one, so we need to resync with the backend...
$changes = true;

}
Expand Down Expand Up @@ -512,7 +511,7 @@ function wg_do_peer_post($post) {
// Assume no changes will be made...
$changes = false;

list($peer_idx, $pconfig, $is_new) = wg_peer_get_config($post['index'], true);
[$peer_idx, $pconfig, $is_new] = wg_peer_get_config($post['index'], true);

// We need to save the "old config" to compare against later...
$old_pconfig = $pconfig;
Expand Down Expand Up @@ -565,18 +564,15 @@ function wg_do_peer_post($post) {

$changes = ($pconfig != $old_pconfig) || $is_new;

$tun_to_sync = $tun;

// We found it...
break;
$tuns_to_sync[] = $tun;

}

}

}

return array('input_errors' => $input_errors, 'changes' => $changes, 'tun_to_sync' => $tun_to_sync, 'pconfig' => $pconfig);
return array('input_errors' => $input_errors, 'changes' => $changes, 'tuns_to_sync' => $tuns_to_sync, 'pconfig' => $pconfig);

}

Expand All @@ -593,7 +589,7 @@ function wg_do_tunnel_post($post) {
// Assume no changes will be made...
$changes = false;

list($tun_idx, $pconfig, $is_new) = wg_tunnel_get_config($post['index'], true);
[$tun_idx, $pconfig, $is_new] = wg_tunnel_get_config($post['index'], true);

// We need to save the "old config" to compare against later...
$old_pconfig = $pconfig;
Expand Down Expand Up @@ -632,11 +628,11 @@ function wg_do_tunnel_post($post) {
$changes = ($pconfig != $old_pconfig);

// What tunnel would we need to sync to apply these changes?
$tun_to_sync = $pconfig['name'];
$tuns_to_sync[] = $pconfig['name'];

}

return array('input_errors' => $input_errors, 'changes' => $changes, 'tun_to_sync' => $tun_to_sync, 'pconfig' => $pconfig);
return array('input_errors' => $input_errors, 'changes' => $changes, 'tuns_to_sync' => $tuns_to_sync, 'pconfig' => $pconfig);

}

Expand All @@ -651,10 +647,11 @@ function wg_apply_list_get($list, $delete_after_get = true) {

if (file_exists($listpath)) {

$toapplylist = unserialize(file_get_contents($listpath));
$toapplylist = (array) unserialize(file_get_contents($listpath));

}

// Usually just want to delete the apply list after we read it...
if ($delete_after_get) {

unlink_if_exists($listpath);
Expand All @@ -667,7 +664,7 @@ function wg_apply_list_get($list, $delete_after_get = true) {

}

function wg_apply_list_add($entry, $list) {
function wg_apply_list_add($list, $entries) {
global $wgg;

$toapplylist = array();
Expand All @@ -676,17 +673,11 @@ function wg_apply_list_add($entry, $list) {

$listpath = $wgg['applylist'][$list];

if (file_exists($listpath)) {

$toapplylist = unserialize(file_get_contents($listpath));

}

if (!in_array($entry, $toapplylist)) {
// Get the current list without deleting it...
$toapplylist = wg_apply_list_get($list, false);

$toapplylist[] = $entry;

}
// Need to type cast $entires to array and remove duplicates
$toapplylist = array_unique(array_merge($toapplylist, (array) $entries));

file_put_contents($listpath, serialize($toapplylist));

Expand Down Expand Up @@ -802,7 +793,7 @@ function wg_tunnel_sync_by_name($tunnel_name, $json = false) {
$cmds = $errors = $tunnel = array();

// We've got a tunnel that we need to build...
if (list($tun_idx, $tunnel, $is_new) = wg_tunnel_get_config_by_name($tunnel_name)) {
if ([$tun_idx, $tunnel, $is_new] = wg_tunnel_get_config_by_name($tunnel_name)) {

// Determine desired state of the tunnel
$state = (isset($tunnel['enabled']) && $tunnel['enabled'] == 'yes');
Expand Down Expand Up @@ -1094,10 +1085,7 @@ function wg_make_tunnel_conf_file($tunnel, $include_endpoint = false) {
$txt .= "\n";

// Process peers section
foreach (wg_tunnel_get_peers_config($tunnel['name']) as $peer_config) {

// Pull out relevant bits
list($peer_idx, $peer, $is_new) = $peer_config;
foreach (wg_tunnel_get_peers_config($tunnel['name']) as [$peer_idx, $peer, $is_new]) {

if (isset($peer['enabled']) && $peer['enabled'] == 'yes') {

Expand Down
18 changes: 7 additions & 11 deletions net/pfSense-pkg-WireGuard/files/usr/local/pkg/wireguard/wg_api.inc
Original file line number Diff line number Diff line change
Expand Up @@ -272,7 +272,7 @@ function wg_interface_update_addresses($if_name, &$cmds = null) {
$res = true;

if (wg_is_valid_tunnel($if_name, true)
&& (list($tun_idx, $tunnel, $is_new) = wg_tunnel_get_config_by_name($if_name))) {
&& ([$tun_idx, $tunnel, $is_new] = wg_tunnel_get_config_by_name($if_name))) {

// Assigned tunnel interfaces are handled by pfSense and should be ignored here
if (!is_wg_tunnel_assigned($tunnel['name'])) {
Expand Down Expand Up @@ -993,18 +993,14 @@ function wg_tunnel_get_peers_config($tunnel_name) {

$ret_peers = array();

if (list($tun_idx, $tunnel, $is_new) = wg_tunnel_get_config_by_name($tunnel_name)) {

if (isset($wgg['peers']) && is_array($wgg['peers'])) {

// Look through array of peers for matching tunnel name
foreach ($wgg['peers'] as $peer_idx => $peer) {
if (isset($wgg['peers']) && is_array($wgg['peers'])) {

if ($peer['tun'] == $tunnel['name']) {
// Look through array of peers for matching tunnel name
foreach ($wgg['peers'] as $peer_idx => $peer) {

$ret_peers[] = wg_peer_get_config($peer_idx, false);
if ($peer['tun'] == $tunnel_name) {

}
$ret_peers[] = wg_peer_get_config($peer_idx, false);

}

Expand Down Expand Up @@ -1049,7 +1045,7 @@ function wg_tunnel_get_peers_config_keys($tunnel_name) {
// Pull out the public keys
$keys = array_map(function($s) {

list($peer_idx, $peer, $is_new) = $s;
[$peer_idx, $peer, $is_new] = $s;

return $peer['publickey'];

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -293,7 +293,7 @@ function wg_peer_status_class($peer = null) {
$tunnel_state = true;

// We want to visually disable peers if the tunnel is disabled...
if (list($tun_idx, $tunnel, $is_new) = wg_tunnel_get_config_by_name($peer['tun'])) {
if ([$tun_idx, $tunnel, $is_new] = wg_tunnel_get_config_by_name($peer['tun'])) {

$tunnel_state = ($tunnel['enabled'] == 'yes');

Expand Down Expand Up @@ -341,7 +341,7 @@ function wg_generate_tunnel_address_popover_link($tunnel_name) {

$hsc = fn($s) => htmlspecialchars($s);

if (list($tun_idx, $tunnel, $is_new) = wg_tunnel_get_config_by_name($tunnel_name, false)) {
if ([$tun_idx, $tunnel, $is_new] = wg_tunnel_get_config_by_name($tunnel_name, false)) {

$addresses = $tunnel['addresses']['row'];

Expand Down Expand Up @@ -435,7 +435,7 @@ function wg_generate_peer_allowedips_popup_link($peer_idx) {

$hsc= fn($s) => htmlspecialchars($s);

if (list($peer_idx, $peer, $is_new) = wg_peer_get_config($peer_idx, false)) {
if ([$peer_idx, $peer, $is_new] = wg_peer_get_config($peer_idx, false)) {

$allowedips = $peer['allowedips']['row'];

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ function wg_upgrade_allowedips() {

foreach ($peer['allowedips']['item'] as $a_index => $item) {

list($addr, $addr_mask) = explode('/', $item['addr']);
[$addr, $addr_mask] = explode('/', $item['addr']);

$tmp_addrs['row'][$a_index]['address'] = $addr;

Expand Down Expand Up @@ -231,7 +231,7 @@ function wg_upgrade_addresses() {

foreach ($tunnel['addresses']['item'] as $a_index => $item) {

list($addr, $addr_mask) = explode('/', $item['addr']);
[$addr, $addr_mask] = explode('/', $item['addr']);

$tmp_addrs['row'][$a_index]['address'] = $addr;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -170,10 +170,7 @@ function wg_validate_peer_post($pconfig, $posted_peer_idx) {

} elseif (!empty($pconfig['tun'])) {

foreach (wg_tunnel_get_peers_config($pconfig['tun']) as $peer_config) {

// Pull out relevant bits
list($peer_idx, $peer, $is_new) = $peer_config;
foreach (wg_tunnel_get_peers_config($pconfig['tun']) as [$peer_idx, $peer, $is_new]) {

// We don't want duplicate public keys per tunnel, but re-saving is okay...
if (($peer['publickey'] == $pconfig['publickey']) && ($peer_idx != $posted_peer_idx)) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@
mark_subsystem_dirty($wgg['subsystems']['wg']);

// Add tunnel to the list to apply
wg_apply_list_add($res['tun_to_sync'], 'tunnels');
wg_apply_list_add('tunnels', $res['tuns_to_sync']);

}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@
mark_subsystem_dirty($wgg['subsystems']['wg']);

// Add tunnel to the list to apply
wg_apply_list_add($res['tun_to_sync'], 'tunnels');
wg_apply_list_add('tunnels', $res['tuns_to_sync']);

}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@
mark_subsystem_dirty($wgg['subsystems']['wg']);

// Add tunnel to the list to apply
wg_apply_list_add($res['tun_to_sync'], 'tunnels');
wg_apply_list_add('tunnels', $res['tuns_to_sync']);

}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@
mark_subsystem_dirty($wgg['subsystems']['wg']);

// Add tunnel to the list to apply
wg_apply_list_add($res['tun_to_sync'], 'tunnels');
wg_apply_list_add('tunnels', $res['tuns_to_sync']);

}

Expand Down Expand Up @@ -176,7 +176,7 @@
mark_subsystem_dirty($wgg['subsystems']['wg']);

// Add tunnel to the list to apply
wg_apply_list_add($res['tun_to_sync'], 'tunnels');
wg_apply_list_add('tunnels', $res['tuns_to_sync']);

}

Expand Down Expand Up @@ -467,9 +467,7 @@
<?php
if (!$is_new):

foreach (wg_tunnel_get_peers_config($pconfig['name']) as $peer_config):

list($peer_idx, $peer, $is_new) = $peer_config;
foreach (wg_tunnel_get_peers_config($pconfig['name']) as [$peer_idx, $peer, $is_new]):
?>
<tr ondblclick="document.location='<?="vpn_wg_peers_edit.php?peer={$peer_idx}"?>';" class="<?=wg_peer_status_class($peer)?>">
<td><?=htmlspecialchars($peer['descr'])?></td>
Expand Down

0 comments on commit 3f9f260

Please sign in to comment.