Devel (#120)

* back merge main onto devel (#94)

* Update main to latest (#77)

* Updated pkg-plist

* Makefile fix

* Experimenting with wireguard service

* Update README.md

Co-authored-by: vajonam <152501+vajonam@users.noreply.github.com>
Co-authored-by: Manojav Sridhar <manojav@manojav.com>

* docs: add theonemcdonald as a contributor (#84)

* docs: update README.md [skip ci]

* docs: create .all-contributorsrc [skip ci]

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>

* Update README.md

* Update README.md

* Update .all-contributorsrc

* Update .all-contributorsrc

* Update README.md

* Update README.md

* Update Makefile

* Cleanup

* Cleanup

* Clean upload of v0.1.2

* Create FUNDING.yml

* Add files via upload

Co-authored-by: vajonam <152501+vajonam@users.noreply.github.com>
Co-authored-by: Manojav Sridhar <manojav@manojav.com>
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>

* Clean ups

* Syntax

* Updated README

* Improve input error clarity

* Syntax

* More syntax

* Fix missing address, allowedip fields after tunnel or peer input errors

* Reorganized peer post validation

* Reorder all input errors to be consistent with UI order

* Fix input being flushed on peer validation error

* Fix

* Test

* Fix #98

* Also Fix #98

* v0.1.3 will be reserved for the next PR with Netgate

* Further fixes #98

* More fixes for #98...

* Removed exit() while working on #98

* Refactor wg_generate_tunnel_address_popover_link for readability

* Working on guiconfig cleaning

* Should fix #99

* Fix variable #99

* Fix re-saving unchanged tunnel or peer

* Fix broke status icon

* Back out some boiler plate code

* Relocate pf reload trigger on tunnel sync

* Test

* Fixes some php errors on newer PHP versions

* this has to be absolute apparently

* Can't redeclare this

* wg_clamp_key and wg_is_key_clamped functions

* wg_gen_publickey now detects if a privkey was clamped or not

* fix wg_gen_keypair to correctly consume new gen_publickey

* Bump net/wireguard-kmod to 0.0.20210606

* Fix some logic in new functioons

* syntax

* Clamp private keys on UI

* Don't block unclamped private keys in the UI

* Validate pre-shared key

* Missed a call that needs tweaking

* Slight cleanup

* Candidate 0.1.3 build for Netgate PR

* Small bump

* Tweak subsystem names

* Testing

* Add some comments to .conf files for the curious

* Add some useful debug bits to .conf files

* Testing extra services restart on apply

* We are now going to restart extra services (currently dpinger and unbound) on config apply (in addition to service restart)

* Bump v0.1.2_5

* Enable data-sortable on relevant tables

* Missed a table

* Peers should become unassigned when their tunnel is deleted

* allowedips needs to be an array even when empty

* Implement package apply conf on tunnels_edit.php

* Tweaks to form post handling

* Syntax

* Private and PSKs are now hidden by default

* Syntax

* sortable tables doesn't play nicely with popovers, will revisit in the future

* Slight UI tweaks

* syntax

* Improve sync logic

* Test

* Testing

* Implement conf file downloads from UI

* Fixed incorrect tunnel name variable

* Bump 0.1.2_6

* Testing

* fix plist

* Add timestamp to conf download

* Typo

* "

* Working on DNS race

* Syntax

* Working on DNS

* Syntax

* MVCd the settings page

* Syntax

* syntax

* More DNS work

* More DNS work

* Playing with DNS bits

* DNS testing

* More DNS work

* Working on DNS improvements

* Resync pakage on post

* DNS work

* A bit more DNS work

* DNS Testing

* DNS work

* Final DNS work

* Some  backend rewrites

* Cleanups

* Some more work

* Tweaks

* Fixed some variables

* Fix variable

* Work

* Testing some refactoring

* Fix some GUI stuff after refactor

* Fixes from refactoring

* Fix typo

* Typo fix

* Fix bug

* Fix gui bug

* This should be count() not max()

* Working on bug

* apply_list_add can now accept both single string or an array of strings

* Support for marking multiple tunnels for resync (needed for moving peers between tunnels)

* Fixed flipped params

* Convert to [ ] for destructuring arrays

Co-authored-by: vajonam <152501+vajonam@users.noreply.github.com>
Co-authored-by: Manojav Sridhar <manojav@manojav.com>
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>

Author: 3 people

net/pfSense-pkg-WireGuard/files/usr/local/pkg/wireguard/wg.inc

@@ -48,7 +48,7 @@ function wg_toggle_tunnel($tunnel_name) {
 
 	$input_errors = array();
 
-	if (list($tun_idx, $tunnel, $is_new) = wg_tunnel_get_config_by_name($tunnel_name)) {
+	if ([$tun_idx, $tunnel, $is_new] = wg_tunnel_get_config_by_name($tunnel_name)) {
 
 		$enabled = ($tunnel['enabled'] == 'yes');
 
@@ -77,13 +77,13 @@ function wg_toggle_tunnel($tunnel_name) {
 			$changes = true;
 
 			// What tunnel would we need to sync to apply these changes?
-			$tun_to_sync = $tunnel['name'];
+			$tuns_to_sync[] = $tunnel['name'];
 
 		}
 
 	}
 
-	return array('input_errors' => $input_errors, 'changes' => $changes, 'tun_to_sync' => $tun_to_sync);
+	return array('input_errors' => $input_errors, 'changes' => $changes, 'tuns_to_sync' => $tuns_to_sync);
 
 }
 
@@ -101,7 +101,7 @@ function wg_toggle_peer($peer_idx) {
 
 	$input_errors = array();
 
-	if (list($peer_idx, $peer, $is_new) = wg_peer_get_config($peer_idx)) {
+	if ([$peer_idx, $peer, $is_new] = wg_peer_get_config($peer_idx)) {
 
 		$enabled = ($peer['enabled'] == 'yes');
 
@@ -126,15 +126,15 @@ function wg_toggle_peer($peer_idx) {
 				$changes = true;
 
 				// What tunnel would we need to sync to apply these changes?
-				$tun_to_sync = $peer['tun'];
+				$tuns_to_sync[] = $peer['tun'];
 
 			}
 
 		}
 
 	}
 
-	return array('input_errors' => $input_errors, 'changes' => $changes, 'tun_to_sync' => $tun_to_sync);
+	return array('input_errors' => $input_errors, 'changes' => $changes, 'tuns_to_sync' => $tuns_to_sync);
 
 }
 
@@ -151,7 +151,7 @@ function wg_delete_peer($peer_idx) {
 
 	$input_errors = array();
 
-	if (list($peer_idx, $peer, $is_new) = wg_peer_get_config($peer_idx)) {
+	if ([$peer_idx, $peer, $is_new] = wg_peer_get_config($peer_idx)) {
 
 		// Boilerplate...
 		if (empty($input_errors)) {
@@ -172,15 +172,15 @@ function wg_delete_peer($peer_idx) {
 				$changes = true;
 
 				// What tunnel would we need to sync to apply these changes?
-				$tun_to_sync = $peer['tun'];
+				$tuns_to_sync[] = $peer['tun'];
 
 			}
 
 		}
 
 	}
 
-	return array('input_errors' => $input_errors, 'changes' => $changes, 'tun_to_sync' => $tun_to_sync);
+	return array('input_errors' => $input_errors, 'changes' => $changes, 'tuns_to_sync' => $tuns_to_sync);
 
 }
 
@@ -197,7 +197,7 @@ function wg_delete_tunnel($tunnel_name) {
 
 	$input_errors = array();
 
-	if (list($tun_idx, $tunnel, $is_new) = wg_tunnel_get_config_by_name($tunnel_name)) {
+	if ([$tun_idx, $tunnel, $is_new] = wg_tunnel_get_config_by_name($tunnel_name)) {
 
 		// We can't delete assigned tunnels
 		if (is_wg_tunnel_assigned($tunnel['name'])) {
@@ -226,13 +226,13 @@ function wg_delete_tunnel($tunnel_name) {
 			$changes = true;
 
 			// What tunnel would we need to sync to apply these changes?
-			$tun_to_sync = $tunnel['name'];
+			$tuns_to_sync[] = $tunnel['name'];
 
 		}
 
 	}
 
-	return array('input_errors' => $input_errors, 'changes' => $changes, 'tun_to_sync' => $tun_to_sync);
+	return array('input_errors' => $input_errors, 'changes' => $changes, 'tuns_to_sync' => $tuns_to_sync);
 
 }
 
@@ -241,15 +241,14 @@ function wg_tunnel_unassign_peers($tunnel_name) {
 
 	wg_globals();
 
+	// Assume there is no peers to unassign...
 	$changes = false;
 
-	foreach (wg_tunnel_get_peers_config($tunnel_name) as $peer_config) {
-
-		list($peer_idx, $peer, $is_new) = $peer_config;
+	foreach (wg_tunnel_get_peers_config($tunnel_name) as [$peer_idx, $peer, $is_new]) {
 
 		$wgg['peers'][$peer_idx]['tun'] = 'unassigned';
 
-		// We need to sync with backend
+		// We've got at least one, so we need to resync with the backend...
 		$changes = true;
 
 	}
@@ -512,7 +511,7 @@ function wg_do_peer_post($post) {
 	// Assume no changes will be made...
 	$changes = false;
 
-	list($peer_idx, $pconfig, $is_new) = wg_peer_get_config($post['index'], true);
+	[$peer_idx, $pconfig, $is_new] = wg_peer_get_config($post['index'], true);
 
 	// We need to save the "old config" to compare against later...
 	$old_pconfig = $pconfig;
@@ -565,18 +564,15 @@ function wg_do_peer_post($post) {
 
 				$changes = ($pconfig != $old_pconfig) || $is_new;
 
-				$tun_to_sync = $tun;
-
-				// We found it...
-				break;
+				$tuns_to_sync[] = $tun;
 
 			}
 
 		}
 
 	}
 
-	return array('input_errors' => $input_errors, 'changes' => $changes, 'tun_to_sync' => $tun_to_sync, 'pconfig' => $pconfig);
+	return array('input_errors' => $input_errors, 'changes' => $changes, 'tuns_to_sync' => $tuns_to_sync, 'pconfig' => $pconfig);
 
 }
 
@@ -593,7 +589,7 @@ function wg_do_tunnel_post($post) {
 	// Assume no changes will be made...
 	$changes = false;
 
-	list($tun_idx, $pconfig, $is_new) = wg_tunnel_get_config($post['index'], true);
+	[$tun_idx, $pconfig, $is_new] = wg_tunnel_get_config($post['index'], true);
 
 	// We need to save the "old config" to compare against later...
 	$old_pconfig = $pconfig;
@@ -632,11 +628,11 @@ function wg_do_tunnel_post($post) {
 		$changes = ($pconfig != $old_pconfig);
 
 		// What tunnel would we need to sync to apply these changes?
-		$tun_to_sync = $pconfig['name'];
+		$tuns_to_sync[] = $pconfig['name'];
 
 	}
 
-	return array('input_errors' => $input_errors, 'changes' => $changes, 'tun_to_sync' => $tun_to_sync, 'pconfig' => $pconfig);
+	return array('input_errors' => $input_errors, 'changes' => $changes, 'tuns_to_sync' => $tuns_to_sync, 'pconfig' => $pconfig);
 
 }
 
@@ -651,10 +647,11 @@ function wg_apply_list_get($list, $delete_after_get = true) {
 
 		if (file_exists($listpath)) {
 
-			$toapplylist = unserialize(file_get_contents($listpath));
+			$toapplylist = (array) unserialize(file_get_contents($listpath));
 
 		}
 
+		// Usually just want to delete the apply list after we read it...
 		if ($delete_after_get) {
 
 			unlink_if_exists($listpath);
@@ -667,7 +664,7 @@ function wg_apply_list_get($list, $delete_after_get = true) {
 
 }
 
-function wg_apply_list_add($entry, $list) {
+function wg_apply_list_add($list, $entries) {
 	global $wgg;
 
 	$toapplylist = array();
@@ -676,17 +673,11 @@ function wg_apply_list_add($entry, $list) {
 
 		$listpath = $wgg['applylist'][$list];
 
-		if (file_exists($listpath)) {
-
-			$toapplylist = unserialize(file_get_contents($listpath));
-
-		}
-
-		if (!in_array($entry, $toapplylist)) {
+		// Get the current list without deleting it...
+		$toapplylist = wg_apply_list_get($list, false);
 
-			$toapplylist[] = $entry;
-
-		}
+		// Need to type cast $entires to array and remove duplicates
+		$toapplylist = array_unique(array_merge($toapplylist, (array) $entries));
 
 		file_put_contents($listpath, serialize($toapplylist));
 
@@ -802,7 +793,7 @@ function wg_tunnel_sync_by_name($tunnel_name, $json = false) {
 	$cmds = $errors = $tunnel = array();
 
 	// We've got a tunnel that we need to build...
-	if (list($tun_idx, $tunnel, $is_new) = wg_tunnel_get_config_by_name($tunnel_name)) {
+	if ([$tun_idx, $tunnel, $is_new] = wg_tunnel_get_config_by_name($tunnel_name)) {
 
 		// Determine desired state of the tunnel
 		$state = (isset($tunnel['enabled']) && $tunnel['enabled'] == 'yes');
@@ -1094,10 +1085,7 @@ function wg_make_tunnel_conf_file($tunnel, $include_endpoint = false) {
 	$txt .= "\n";
 
 	// Process peers section
-	foreach (wg_tunnel_get_peers_config($tunnel['name']) as $peer_config) {
-
-		// Pull out relevant bits
-		list($peer_idx, $peer, $is_new) = $peer_config;
+	foreach (wg_tunnel_get_peers_config($tunnel['name']) as [$peer_idx, $peer, $is_new]) {
 
 		if (isset($peer['enabled']) && $peer['enabled'] == 'yes') {
 

net/pfSense-pkg-WireGuard/files/usr/local/pkg/wireguard/wg_api.inc

@@ -272,7 +272,7 @@ function wg_interface_update_addresses($if_name, &$cmds = null) {
 	$res = true;
 
 	if (wg_is_valid_tunnel($if_name, true)
-		&& (list($tun_idx, $tunnel, $is_new) = wg_tunnel_get_config_by_name($if_name))) {
+		&& ([$tun_idx, $tunnel, $is_new] = wg_tunnel_get_config_by_name($if_name))) {
 
 		// Assigned tunnel interfaces are handled by pfSense and should be ignored here
 		if (!is_wg_tunnel_assigned($tunnel['name'])) {
@@ -993,18 +993,14 @@ function wg_tunnel_get_peers_config($tunnel_name) {
 
 	$ret_peers = array();
 
-	if (list($tun_idx, $tunnel, $is_new) = wg_tunnel_get_config_by_name($tunnel_name)) {
-
-		if (isset($wgg['peers']) && is_array($wgg['peers'])) {
-
-			// Look through array of peers for matching tunnel name
-			foreach ($wgg['peers'] as $peer_idx => $peer) {
+	if (isset($wgg['peers']) && is_array($wgg['peers'])) {
 
-				if ($peer['tun'] == $tunnel['name']) {
+		// Look through array of peers for matching tunnel name
+		foreach ($wgg['peers'] as $peer_idx => $peer) {
 
-					$ret_peers[] = wg_peer_get_config($peer_idx, false);
+			if ($peer['tun'] == $tunnel_name) {
 
-				}
+				$ret_peers[] = wg_peer_get_config($peer_idx, false);
 
 			}
 
@@ -1049,7 +1045,7 @@ function wg_tunnel_get_peers_config_keys($tunnel_name) {
 	// Pull out the public keys
 	$keys = array_map(function($s) { 
 
-		list($peer_idx, $peer, $is_new) = $s;
+		[$peer_idx, $peer, $is_new] = $s;
 
 		return $peer['publickey'];
 

net/pfSense-pkg-WireGuard/files/usr/local/pkg/wireguard/wg_guiconfig.inc

@@ -293,7 +293,7 @@ function wg_peer_status_class($peer = null) {
 		$tunnel_state = true;
 
 		// We want to visually disable peers if the tunnel is disabled...
-		if (list($tun_idx, $tunnel, $is_new) = wg_tunnel_get_config_by_name($peer['tun'])) {
+		if ([$tun_idx, $tunnel, $is_new] = wg_tunnel_get_config_by_name($peer['tun'])) {
 
 			$tunnel_state = ($tunnel['enabled'] == 'yes');
 
@@ -341,7 +341,7 @@ function wg_generate_tunnel_address_popover_link($tunnel_name) {
 
 	$hsc = fn($s) => htmlspecialchars($s);
 
-	if (list($tun_idx, $tunnel, $is_new) = wg_tunnel_get_config_by_name($tunnel_name, false)) {
+	if ([$tun_idx, $tunnel, $is_new] = wg_tunnel_get_config_by_name($tunnel_name, false)) {
 
 		$addresses = $tunnel['addresses']['row'];
 
@@ -435,7 +435,7 @@ function wg_generate_peer_allowedips_popup_link($peer_idx) {
 
 	$hsc= fn($s) => htmlspecialchars($s);
 
-	if (list($peer_idx, $peer, $is_new) = wg_peer_get_config($peer_idx, false)) {
+	if ([$peer_idx, $peer, $is_new] = wg_peer_get_config($peer_idx, false)) {
 
 		$allowedips = $peer['allowedips']['row'];
 

net/pfSense-pkg-WireGuard/files/usr/local/pkg/wireguard/wg_install.inc

@@ -124,7 +124,7 @@ function wg_upgrade_allowedips() {
 
 			foreach ($peer['allowedips']['item'] as $a_index => $item) {
 
-				list($addr, $addr_mask) 			= explode('/', $item['addr']);
+				[$addr, $addr_mask] 				= explode('/', $item['addr']);
 
 				$tmp_addrs['row'][$a_index]['address'] 		= $addr;
 
@@ -231,7 +231,7 @@ function wg_upgrade_addresses() {
 
 			foreach ($tunnel['addresses']['item'] as $a_index => $item) {
 
-				list($addr, $addr_mask) 			= explode('/', $item['addr']);
+				[$addr, $addr_mask] 				= explode('/', $item['addr']);
 
 				$tmp_addrs['row'][$a_index]['address'] 		= $addr;
 

net/pfSense-pkg-WireGuard/files/usr/local/pkg/wireguard/wg_validate.inc

@@ -170,10 +170,7 @@ function wg_validate_peer_post($pconfig, $posted_peer_idx) {
 
 	} elseif (!empty($pconfig['tun'])) {
 
-		foreach (wg_tunnel_get_peers_config($pconfig['tun']) as $peer_config) {
-
-			// Pull out relevant bits
-			list($peer_idx, $peer, $is_new) = $peer_config;
+		foreach (wg_tunnel_get_peers_config($pconfig['tun']) as [$peer_idx, $peer, $is_new]) {
 
 			// We don't want duplicate public keys per tunnel, but re-saving is okay...
 			if (($peer['publickey'] == $pconfig['publickey']) && ($peer_idx != $posted_peer_idx)) {

net/pfSense-pkg-WireGuard/files/usr/local/www/wg/vpn_wg_peers.php

@@ -103,7 +103,7 @@
 				mark_subsystem_dirty($wgg['subsystems']['wg']);
 
 				// Add tunnel to the list to apply
-				wg_apply_list_add($res['tun_to_sync'], 'tunnels');
+				wg_apply_list_add('tunnels', $res['tuns_to_sync']);
 
 			}
 

net/pfSense-pkg-WireGuard/files/usr/local/www/wg/vpn_wg_peers_edit.php

@@ -74,7 +74,7 @@
 					mark_subsystem_dirty($wgg['subsystems']['wg']);
 
 					// Add tunnel to the list to apply
-					wg_apply_list_add($res['tun_to_sync'], 'tunnels');
+					wg_apply_list_add('tunnels', $res['tuns_to_sync']);
 
 				}
 

net/pfSense-pkg-WireGuard/files/usr/local/www/wg/vpn_wg_tunnels.php

@@ -113,7 +113,7 @@
 				mark_subsystem_dirty($wgg['subsystems']['wg']);
 
 				// Add tunnel to the list to apply
-				wg_apply_list_add($res['tun_to_sync'], 'tunnels');
+				wg_apply_list_add('tunnels', $res['tuns_to_sync']);
 
 			}
 

net/pfSense-pkg-WireGuard/files/usr/local/www/wg/vpn_wg_tunnels_edit.php

@@ -100,7 +100,7 @@
 						mark_subsystem_dirty($wgg['subsystems']['wg']);
 
 						// Add tunnel to the list to apply
-						wg_apply_list_add($res['tun_to_sync'], 'tunnels');
+						wg_apply_list_add('tunnels', $res['tuns_to_sync']);
 
 					}
 
@@ -176,7 +176,7 @@
 				mark_subsystem_dirty($wgg['subsystems']['wg']);
 
 				// Add tunnel to the list to apply
-				wg_apply_list_add($res['tun_to_sync'], 'tunnels');
+				wg_apply_list_add('tunnels', $res['tuns_to_sync']);
 
 			}
 
@@ -467,9 +467,7 @@
 <?php
 	if (!$is_new):
 
-		foreach (wg_tunnel_get_peers_config($pconfig['name']) as $peer_config):
-
-			list($peer_idx, $peer, $is_new) = $peer_config;
+		foreach (wg_tunnel_get_peers_config($pconfig['name']) as [$peer_idx, $peer, $is_new]):
 ?>
 				<tr ondblclick="document.location='<?="vpn_wg_peers_edit.php?peer={$peer_idx}"?>';" class="<?=wg_peer_status_class($peer)?>">
 					<td><?=htmlspecialchars($peer['descr'])?></td>