wireguard.cgi: Add a basic CGI to configure the global settings

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface
index 816241daee36e8a4414c4e9273ba8f170807a9c6..aa31491d24e1022febaf1ff4fdc2db45eece1ec5 100644 (file)
--- a/config/rootfiles/common/web-user-interface
+++ b/config/rootfiles/common/web-user-interface
@@ -87,6 +87,7 @@ srv/web/ipfire/cgi-bin/wakeonlan.cgi
 srv/web/ipfire/cgi-bin/webaccess.cgi
 #srv/web/ipfire/cgi-bin/wio.cgi
 #srv/web/ipfire/cgi-bin/wiographs.cgi
+srv/web/ipfire/cgi-bin/wireguard.cgi
 srv/web/ipfire/cgi-bin/wireless.cgi
 srv/web/ipfire/cgi-bin/wirelessclient.cgi
 #srv/web/ipfire/cgi-bin/wlanap.cgi

diff --git a/doc/language_issues.de b/doc/language_issues.de
index b5309f41ba1f6907215c711193dad4224ec56476..12ccc22c8b25b50aaa8bbfee17022f5dcfa376ad 100644 (file)
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -1012,6 +1012,7 @@ WARNING: untranslated string: oops something went wrong = Oops, something went w
 WARNING: untranslated string: optional = Optional
 WARNING: untranslated string: ovpn roadwarrior server = OpenVPN Roadwarrior Server
 WARNING: untranslated string: pakfire invalid tree = Invalid repository selected
+WARNING: untranslated string: public key = unknown string
 WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS)
 WARNING: untranslated string: regenerate host certificate = Renew Host Certificate
 WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025.

diff --git a/doc/language_issues.en b/doc/language_issues.en
index 28eb622a69220ee857cec24a9cfd2bf0991fa1ed..ef477b13af6de9d6fd1ea2537efe1196ee6f0158 100644 (file)
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -1533,6 +1533,7 @@ WARNING: untranslated string: proxy reports today = Today
 WARNING: untranslated string: proxy reports weekly = Weekly reports
 WARNING: untranslated string: ptr = PTR
 WARNING: untranslated string: ptr lookup failed = Reverse lookup failed
+WARNING: untranslated string: public key = unknown string
 WARNING: untranslated string: pulse = Pulse
 WARNING: untranslated string: pulse dial = Pulse dial:
 WARNING: untranslated string: qos enter bandwidths = You will need to enter your downstream and upstream bandwidth!

diff --git a/doc/language_issues.es b/doc/language_issues.es
index 00297e3ec90e9963a1e2df1b0890ddd00e5458ee..b77ea1e2545ac64d731ba70d300e507fbd58f5bb 100644 (file)
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -1077,6 +1077,7 @@ WARNING: untranslated string: ovpn roadwarrior server = OpenVPN Roadwarrior Serv
 WARNING: untranslated string: pakfire ago = ago.
 WARNING: untranslated string: password has quotation mark = Password contains an illegal double quotation mark.
 WARNING: untranslated string: processors = Processors
+WARNING: untranslated string: public key = unknown string
 WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS)
 WARNING: untranslated string: regenerate host certificate = Renew Host Certificate
 WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025.

diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 2ffa0a8dd3065b6985fa158ec5ede927a5b404bc..0262b2e4bb3952149e3098a7be411e0f0e803b02 100644 (file)
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -1025,6 +1025,7 @@ WARNING: untranslated string: ovpn roadwarrior server = OpenVPN Roadwarrior Serv
 WARNING: untranslated string: pakfire ago = ago.
 WARNING: untranslated string: password has quotation mark = Password contains an illegal double quotation mark.
 WARNING: untranslated string: processors = Processors
+WARNING: untranslated string: public key = unknown string
 WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS)
 WARNING: untranslated string: routing config added = unknown string
 WARNING: untranslated string: routing config changed = unknown string

diff --git a/doc/language_issues.it b/doc/language_issues.it
index 46f735637357482fed35bfb3eac97bd94426d578..459e8de869b0efa178ae64b8fb56890706da10ab 100644 (file)
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -1287,6 +1287,7 @@ WARNING: untranslated string: pptp route = PPTP Route
 WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations
 WARNING: untranslated string: processors = Processors
 WARNING: untranslated string: ptr = PTR
+WARNING: untranslated string: public key = unknown string
 WARNING: untranslated string: rdns = rDNS
 WARNING: untranslated string: reboot fsck = Reboot & run ‘fsck’
 WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check

diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index c1b076dccdcf7d047da76546509d7f1a03ea2505..999097cca11cb4c8b5fe1ca129c1761187d35256 100644 (file)
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -1310,6 +1310,7 @@ WARNING: untranslated string: pptp route = PPTP Route
 WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations
 WARNING: untranslated string: processors = Processors
 WARNING: untranslated string: ptr = PTR
+WARNING: untranslated string: public key = unknown string
 WARNING: untranslated string: rdns = rDNS
 WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check
 WARNING: untranslated string: received = Received

diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 8bf0fa0dbe10f9604134292a39b0cb17ae256207..a47f83697dbe9a5075e43be15cc52435612dfab2 100644 (file)
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -1486,6 +1486,7 @@ WARNING: untranslated string: proxy reports monthly = Monthly reports
 WARNING: untranslated string: proxy reports today = Today
 WARNING: untranslated string: proxy reports weekly = Weekly reports
 WARNING: untranslated string: ptr = PTR
+WARNING: untranslated string: public key = unknown string
 WARNING: untranslated string: qos enter bandwidths = You will need to enter your downstream and upstream bandwidth!
 WARNING: untranslated string: rdns = rDNS
 WARNING: untranslated string: reboot fsck = Reboot & run ‘fsck’

diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index bce016c27708e5ca19fc207730e4c78f57a069a9..5cb6b64744eec8a39df4464438ddc7036fdd2eb7 100644 (file)
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -1479,6 +1479,7 @@ WARNING: untranslated string: proxy reports monthly = Monthly reports
 WARNING: untranslated string: proxy reports today = Today
 WARNING: untranslated string: proxy reports weekly = Weekly reports
 WARNING: untranslated string: ptr = PTR
+WARNING: untranslated string: public key = unknown string
 WARNING: untranslated string: qos enter bandwidths = You will need to enter your downstream and upstream bandwidth!
 WARNING: untranslated string: rdns = rDNS
 WARNING: untranslated string: reboot fsck = Reboot & run ‘fsck’

diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 8dc81778d8e0c219fb02f99e04227ed81b6d5e95..f2136be156bbfba36c22551f6b876ff263074735 100644 (file)
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -1197,6 +1197,7 @@ WARNING: untranslated string: please reboot to apply your changes = Please reboo
 WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations
 WARNING: untranslated string: processors = Processors
 WARNING: untranslated string: ptr = PTR
+WARNING: untranslated string: public key = unknown string
 WARNING: untranslated string: reboot fsck = Reboot & run ‘fsck’
 WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check
 WARNING: untranslated string: received = Received

diff --git a/html/cgi-bin/wireguard.cgi b/html/cgi-bin/wireguard.cgi
new file mode 100644 (file)
index 0000000..c49f116
--- /dev/null
+++ b/html/cgi-bin/wireguard.cgi
@@ -0,0 +1,195 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2024 Michael Tremer <michael.tremer@ipfire.org>               #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+use strict;
+
+# enable only the following on debugging purpose
+use warnings;
+use CGI::Carp 'fatalsToBrowser';
+
+require "/var/ipfire/general-functions.pl";
+require "${General::swroot}/header.pl";
+
+my @errormessages = ();
+
+# Read the global configuration
+my %settings = ();
+&General::readhash("/var/ipfire/wireguard/settings", \%settings);
+
+# Set any defaults
+&General::set_defaults(\%settings, {
+       "ENABLED" => "off",
+       "PORT"    => 51820,
+});
+
+# Generate keys
+&generate_keys();
+
+# Fetch CGI parameters
+my %cgiparams = ();
+&Header::getcgihash(\%cgiparams);
+
+# Save on main page
+if ($cgiparams{"ACTION"} eq $Lang::tr{'save'}) {
+       # Store whether enabled or not
+       if ($cgiparams{'ENABLED'} =~ m/^(on|off)$/) {
+               $settings{'ENABLED'} = $cgiparams{'ENABLED'};
+       }
+
+       # Check port
+       if (&General::validport($cgiparams{'PORT'})) {
+               $settings{'PORT'} = $cgiparams{'PORT'};
+       } else {
+               push(@errormessages, $Lang::tr{'invalid port'});
+       }
+
+       # Don't continue on error
+       goto MAIN if (@errormessages);
+
+       # Store the configuration file
+       &General::writehash("/var/ipfire/wireguard/settings", \%settings);
+
+       # Start if enabled
+       if ($settings{'ENABLED'} eq "on") {
+               &General::system("/usr/local/bin/wireguardctl", "start");
+       } else {
+               &General::system("/usr/local/bin/wireguardctl", "stop");
+       }
+}
+
+# The main page starts here
+MAIN:
+       # Send HTTP Headers
+       &Header::showhttpheaders();
+
+       # Open the page
+       &Header::openpage($Lang::tr{'wireguard'}, 1, '');
+
+       # Show any error messages
+       &Header::errorbox(@errormessages);
+
+       # Open a box for Global Settings
+       &Header::openbox('100%', '', $Lang::tr{'global settings'});
+
+       my %checked = {
+               "ENABLED" => ($settings{'ENABLED'} eq "on") ? "checked" : "",
+       };
+
+       print <<END;
+               <form method="POST" action="">
+                       <table class="form">
+                               <tr>
+                                       <td>$Lang::tr{'enabled'}</td>
+                                       <td>
+                                               <input type="checkbox" name="ENABLED" $checked{'ENABLED'} />
+                                       </td>
+                               </tr>
+
+                               <tr>
+                                       <td>$Lang::tr{'public key'}</td>
+                                       <td>
+                                               <input type="text" name="PUBLIC_KEY" value="$settings{'PUBLIC_KEY'}" readonly />
+                                       </td>
+                               </tr>
+
+                               <tr>
+                                       <td>$Lang::tr{'port'}</td>
+                                       <td>
+                                               <input type="number" name="PORT" value="$settings{'PORT'}"
+                                                       min="1024" max="65535" />
+                                       </td>
+                               </tr>
+
+                               <tr class="action">
+                                       <td colspan="2">
+                                               <input type='submit' name='ACTION' value='$Lang::tr{'save'}' />
+                                       </td>
+                               </tr>
+                       </table>
+               </form>
+END
+
+       &Header::closebox();
+       &Header::closepage();
+
+# This function generates a set of keys for this host if none exist
+sub generate_keys($) {
+       my $force = shift || 0;
+       my @output = ();
+
+       # Reset any previous keys if re-generation forced
+       if ($force) {
+               $settings{"PRIVATE_KEY"} = undef;
+               $settings{"PUBLIC_KEY"}  = undef;
+       }
+
+       # Return if we already have keys
+       return if (defined $settings{"PRIVATE_KEY"} && defined $settings{"PUBLIC_KEY"});
+
+       # Generate a new private key
+       unless (defined $settings{'PRIVATE_KEY'}) {
+               # Generate a new private key
+               @output = &General::system_output("wg", "genkey");
+
+               # Store the key
+               foreach (@output) {
+                       chomp;
+
+                       $settings{"PRIVATE_KEY"} = $_;
+                       last;
+               }
+
+               # Reset the public key
+               $settings{"PUBLIC_KEY"} = undef;
+       }
+
+       # Derive the public key
+       unless (defined $settings{"PUBLIC_KEY"}) {
+               # Derive the public key
+               $settings{"PUBLIC_KEY"} = &derive_public_key($settings{"PRIVATE_KEY"});
+       }
+
+       # Store the configuration file
+       &General::writehash("/var/ipfire/wireguard/settings", \%settings);
+}
+
+sub derive_public_key($) {
+       my $private_key = shift;
+       my @output = ();
+
+       # Derive the public key
+       if (open(STDIN, "-|")) {
+               @output = &General::system_output("wg", "pubkey");
+       } else {
+               print $private_key . "\n";
+               exit (0);
+       }
+
+       # Return the first line
+       foreach (@output) {
+               chomp;
+
+               return $_;
+       }
+
+       # Return on undefined on error
+       return undef;
+}