From c0261d9b96f55a954ee63ad9115db6d2a5636c38 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Fri, 6 Dec 2024 19:56:05 +0100 Subject: [PATCH] wireguard.cgi: No longer store the private keys for RW peers Signed-off-by: Michael Tremer --- config/cfgroot/wireguard-functions.pl | 3 ++- html/cgi-bin/wireguard.cgi | 15 ++++++++------- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/config/cfgroot/wireguard-functions.pl b/config/cfgroot/wireguard-functions.pl index bfed3f4a5..a571f262e 100644 --- a/config/cfgroot/wireguard-functions.pl +++ b/config/cfgroot/wireguard-functions.pl @@ -392,6 +392,7 @@ sub generate_net_configuration($$) { sub generate_host_configuration($) { my $key = shift; + my $private_key = shift; # Load the peer my %peer = &load_peer($key); @@ -429,7 +430,7 @@ sub generate_host_configuration($) { my @conf = ( "[Interface]", - "PrivateKey = $peer{'PRIVATE_KEY'}", + "PrivateKey = $private_key", "Address = $peer{'CLIENT_ADDRESS'}", ); diff --git a/html/cgi-bin/wireguard.cgi b/html/cgi-bin/wireguard.cgi index a98a6f680..61818eb35 100644 --- a/html/cgi-bin/wireguard.cgi +++ b/html/cgi-bin/wireguard.cgi @@ -456,6 +456,7 @@ END } } elsif ($cgiparams{"ACTION"} eq "SAVE-PEER-HOST") { + my $private_key; my @free_addresses = (); my @local_subnets = (); @@ -508,10 +509,10 @@ END # Generate things for a new peer if ($is_new) { # Generate a new private key - $cgiparams{"PRIVATE_KEY"} = &Wireguard::generate_private_key(); + $private_key = &Wireguard::generate_private_key(); # Derive the public key - $cgiparams{"PUBLIC_KEY"} = &Wireguard::derive_public_key($cgiparams{"PRIVATE_KEY"}); + $cgiparams{"PUBLIC_KEY"} = &Wireguard::derive_public_key($private_key); # Generate a new PSK $cgiparams{"PSK"} = &Wireguard::generate_private_key(); @@ -525,7 +526,6 @@ END # Fetch some configuration parts } else { $cgiparams{"PUBLIC_KEY"} = $Wireguard::peers{$key}[3]; - $cgiparams{"PRIVATE_KEY"} = $Wireguard::peers{$key}[4]; $cgiparams{'CLIENT_ADDRESS'} = $Wireguard::peers{$key}[8]; $cgiparams{"PSK"} = $Wireguard::peers{$key}[11]; } @@ -541,7 +541,7 @@ END # 3 = Public Key $cgiparams{"PUBLIC_KEY"}, # 4 = Private Key - $cgiparams{"PRIVATE_KEY"}, + "", # 5 = Port "", # 6 = Endpoint Address @@ -569,7 +569,7 @@ END } # Show the client configuration when creating a new peer - &show_peer_configuration($key) if ($is_new); + &show_peer_configuration($key, $private_key) if ($is_new); } elsif ($cgiparams{"ACTION"} eq $Lang::tr{'add'}) { if ($cgiparams{"TYPE"} eq "net") { @@ -1356,8 +1356,9 @@ END exit(0); -sub show_peer_configuration($) { +sub show_peer_configuration($$) { my $key = shift; + my $private_key = shift; # The generated QR code my $qrcode; @@ -1372,7 +1373,7 @@ sub show_peer_configuration($) { my %peer = &Wireguard::load_peer($key); # Generate the client configuration - my $config = &Wireguard::generate_host_configuration($key); + my $config = &Wireguard::generate_host_configuration($key, $private_key); # Create a QR code generator my $qrgen = Imager::QRCode->new( -- 2.39.5