gf4
/
wagon
2
0
Fork 0
Code Issues 3 Pull Requests Projects Releases Wiki Activity
wagon/back/lib/admin/peer/add

123 lines
5.5 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# FILE: admin/peer/add
# DESCRIPTION: Add a new peer from the admin UI
# USAGE: add $remote_ip $querystring
# QUERYSTRING: ?t=$token&host=$newhostname&user=$username&num=$usernumber
source /etc/wagon/config
ip="${1}"; qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
# Check token
token_fail(){
printf 'Rejecting admin %s request for new peer due to %s token\n' "${ip}" "${1}" >&2
printf 'Invalid token\n' | /usr/lib/wagon/http_res 403; exit 1
}
saved_token="$(grep "${ip}" /var/local/wagon/tokens | cut -f2)"
[ "${saved_token}" == "" ] && token_fail 'missing'
<<<"${qs}" grep -qx "t=${saved_token}" || token_fail 'mismatched'
printf '%s token was valid\n' "${ip}" >&2
# Parse new hostname and username and usernumber
hostname="$(<<<"${qs}" grep -oP 'host=(.*)' | sed 's/^host=//' | xargs | tr -dc 'a-z0-9' | head -c10)"
username="$(<<<"${qs}" grep -oP 'user=(.*)' | sed 's/^user=//')"
usernumber="$(<<<"${qs}" grep -oP 'num=(.*)' | sed 's/^num=//')"
if ! domain="${hostname:?}.${username:?}.${TLD:?}"; then
printf 'ERROR! Hostname "%s" or username "%s" or tld "%s" missing!\n' "${hostname}" "${username}" "${TLD}" >&2
printf 'Hostname or username missing!\n' | /usr/lib/wagon/http_res 400; exit
elif [[ "${usernumber}" == "" ]]; then
printf 'Usernumber missing!\n' | tee >(cat 1>&2) | /usr/lib/wagon/http_res 400; exit
else
printf 'Admin %s requested new peer %s for user number %s\n' "${ip}" "${domain}" "${usernumber}" >&2
fi
# Check hostname length
if ! [[ ${#hostname} -ge 3 ]]; then
printf 'Rejecting hostname %s because it is too short.\n' "${hostname}" >&2
printf 'Hostname too short\n' | /usr/lib/wagon/http_res 400; exit
fi
# Check if new peer already exists
if /usr/lib/wagon/ns_lookup_send "${domain}" >/dev/null; then
printf 'Host %s already exists!\n' "${domain}" | tee >(cat 1>&2) | /usr/lib/wagon/http_res 409; exit
fi
# Get all peer IPs
if ! wg_output="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
printf 'ERROR! Wireguard failed!\n' >&2
/usr/lib/wagon/http_res 500; exit
fi
# Filter out the user's
user_peers="$(grep "${IPV4_NET%.*.*}.${usernumber}." <<<"${wg_output}" 2>/dev/null)"
if [ "${user_peers}" == "" ]; then
printf "ERROR! Couldn't find any peers for %s!\n" "${IPV4_NET%.*.*}.${usernumber}." >&2
/usr/lib/wagon/http_res 500; exit
fi
# Get user peer domains
if ! peers="$(/usr/lib/wagon/ips_to_peers tsv <<<"${user_peers}")"; then
printf 'ERROR! Failed to retrieve peers for %s!\n' "${IPV4_NET%.*.*}.${usernumber}" >&2
/usr/lib/wagon/http_res 500; exit
fi
# Create new IPs
ipv4s="$(<<<"${peers}" awk '{print $2}')"
#ipv6s="$(<<<"${peers}" awk '{print $3}')"
# Increment hostnumber from 1 until an unused one is found
used_hostnumbers="$(<<<"${ipv4s}" cut -d'.' -f4 | sort | uniq)"
hostnumber=1; while <<<"${used_hostnumbers}" grep -q "${hostnumber}"
do ((hostnumber++))
done
ipv4="${IPV4_NET%.*.*}.${usernumber}.${hostnumber}"
ipv6="${IPV6_NET%:*:*}:${usernumber}:${hostnumber}"
if ! printf 'IP addresses for %s created: %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" >&2; then
printf 'ERROR! Failed to create IP addresses for %s!' "${domain}" >&2
/usr/lib/wagon/http_res 500; exit
fi
# Create wg config
privkey="$(/usr/bin/wg genkey)"
pubkey="$(echo "${privkey}" | /usr/bin/wg pubkey)"
address="${ipv4}/${IPV4_NET##*/},${ipv6}/${IPV6_NET##*/}"
# Update nameserver
if /usr/lib/wagon/ns_update_add "${domain:?}" "${ipv4:?}" "${ipv6:?}"
then printf 'Successfully added %s to DNS server.\n' "${domain}" >&2
else printf 'ERROR! Failed to add %s %s %s to DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >&2
fi &
# Create SSL cert
if /usr/lib/wagon/ssl_peer_add "${hostname:?}" "${username:?}" "IP:${ipv4},IP:${ipv6}"
then printf 'Successfully signed SSL certs for %s\n' "${domain}" >&2
else printf 'ERROR! Failed to create certs for %s with IPS: %s %s!\n' "${domain}" "${ipv4}" "${ipv6}" >&2
fi
# Do the wireguard and tell the user
server_blocks=''
while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey server_endpoint server_url server_secret; do
[[ ${server_hostname:0:1} = \# ]] && continue
server_psk="$(/usr/bin/wg genpsk)"
# Local server
if [ "${server_hostname}" == "${LOCAL_SERVER}" ]; then
server_blocks="${server_blocks}\n[Peer] # ${server_hostname}.${TLD}\nPublicKey=${server_pubkey}\nPresharedKey=${server_psk}\nAllowedIPs=${server_ipv4}/${IPV4_NET#*/},${server_ipv6}/${IPV6_NET#*/}\nEndpoint=${server_endpoint}\n"
# Add new user to local wireguard
if /usr/lib/wagon/wg_peer_add "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128"; then
printf 'Added %s to local wireguard server.\n' "${domain}" >&2
else
printf 'ERROR! Failed to add %s to local wireguard server!\n' "${domain}" >&2
/usr/lib/wagon/http_res 500; exit
fi
# Remote server
else
server_blocks="${server_blocks}\n[Peer] # ${server_hostname}.${TLD}\nPublicKey=${server_pubkey}\nPresharedKey=${server_psk}\nAllowedIPs=${server_ipv4}/32,${server_ipv6}/128\nEndpoint=${server_endpoint}\n"
# Send new user config to federated server
if /usr/lib/wagon/fed_peer_add "${server_url}" "${server_secret}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"; then
printf 'Sent %s to remote wireguard server %s.\n' "${domain}" "${server_hostname}" >&2
else
printf 'ERROR! Failed to send %s to remote wireguard server %s!\n' "${domain}" "${server_hostname}" >&2
fi
fi
done </etc/wagon/servers
wg_config="[Interface] # ${hostname}.${username}.${TLD}\nPrivateKey=${privkey:?}\nAddress=${address:?}\n${WG_DNS}\n${server_blocks:?}"
<<<"${wg_config}" /usr/lib/wagon/http_res 202
Reference in New Issue View Git Blame Copy Permalink