beenull/raspap-webgui-mirror
1
0
Fork 0
mirror of https://github.com/RaspAP/raspap-webgui.git synced 2024-11-25 09:00:25 +00:00
Code Issues Projects Releases Packages Wiki Activity

Improved private key handling (security)

Browse source
This commit is contained in:
billz 2021-03-04 23:44:45 +00:00
parent 6b002e3d4c
commit 4515ac95fb
5 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
ajax/networking/get_wgkey.php
View file

@ -15,7 +15,6 @@ if (isset($entity)) {
exec("sudo wg genkey | tee $privkey_tmp | wg pubkey > $pubkey_tmp", $return); exec("sudo wg genkey | tee $privkey_tmp | wg pubkey > $pubkey_tmp", $return);
$wgdata['pubkey'] = str_replace("\n",'',file_get_contents($pubkey_tmp)); $wgdata['pubkey'] = str_replace("\n",'',file_get_contents($pubkey_tmp));
$wgdata['privkey'] = str_replace("\n",'',file_get_contents($privkey_tmp));
exec("sudo mv $privkey_tmp $privkey", $return); exec("sudo mv $privkey_tmp $privkey", $return);
exec("sudo mv $pubkey_tmp $pubkey", $return); exec("sudo mv $pubkey_tmp $pubkey", $return);

1
app/js/custom.js
View file

@ -357,7 +357,6 @@ $('.wg-keygen').click(function(){
$.post('ajax/networking/get_wgkey.php',{'entity':entity_pub.attr('name') },function(data){ $.post('ajax/networking/get_wgkey.php',{'entity':entity_pub.attr('name') },function(data){
var jsonData = JSON.parse(data); var jsonData = JSON.parse(data);
entity_pub.val(jsonData.pubkey); entity_pub.val(jsonData.pubkey);
entity_priv.val(jsonData.privkey);
$('#' + updated).removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700); $('#' + updated).removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
}) })
}) })

8
includes/wireguard.php
View file

@ -110,11 +110,15 @@ function SaveWireGuardConfig($status)
} }
// Save settings // Save settings
if ($good_input) { if ($good_input) {
// fetch private keys from filesytem
$wg_srvprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-private.key', $return);
$wg_peerprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-peer-private.key', $return);
// server (wg0.conf) // server (wg0.conf)
$config[] = '[Interface]'; $config[] = '[Interface]';
$config[] = 'Address = '.$_POST['wg_srvipaddress']; $config[] = 'Address = '.$_POST['wg_srvipaddress'];
$config[] = 'ListenPort = '.$_POST['wg_srvport']; $config[] = 'ListenPort = '.$_POST['wg_srvport'];
$config[] = 'PrivateKey = '.$_POST['wg_srvprivkey']; $config[] = 'PrivateKey = '.$wg_srvprivkey;
$config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE'; $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE';
$config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE'; $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE';
$config[] = ''; $config[] = '';
@ -139,7 +143,7 @@ function SaveWireGuardConfig($status)
if ($_POST['wg_pendpoint'] !== '') { if ($_POST['wg_pendpoint'] !== '') {
$config[] = 'Address = '.trim($_POST['wg_pendpoint']); $config[] = 'Address = '.trim($_POST['wg_pendpoint']);
} }
$config[] = 'PrivateKey = '.$_POST['wg_peerprivkey']; $config[] = 'PrivateKey = '.$wg_peerprivkey;
$config[] = ''; $config[] = '';
$config[] = '[Peer]'; $config[] = '[Peer]';
$config[] = 'PublicKey = '.$_POST['wg-server']; $config[] = 'PublicKey = '.$_POST['wg-server'];

1
templates/wg/general.php
View file

@ -24,7 +24,6 @@
<button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button> <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
<span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span> <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
</div> </div>
<input type="hidden" name="wg_srvprivkey" value="<?php echo htmlspecialchars($wg_srvprivkey, ENT_QUOTES); ?>" />
</div> </div>
</div> </div>

1
templates/wg/peers.php
View file

@ -22,7 +22,6 @@
<button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button> <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
<span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span> <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
</div> </div>
<input type="hidden" name="wg_peerprivkey" value="<?php echo htmlspecialchars($wg_peerprivkey, ENT_QUOTES); ?>" />
</div> </div>
</div> </div>