security/tinc: sync with master

2026-02-04 02:55:53 -06:00 · 2020-07-23 08:18:58 +02:00 · 2020-07-23 08:18:58 +02:00 · 1cf5016f77
commit 1cf5016f77
parent 16140e78d9
5 changed files with 35 additions and 8 deletions
--- a/security/tinc/Makefile
+++ b/security/tinc/Makefile
@ -1,5 +1,6 @@
 PLUGIN_NAME=		tinc
 PLUGIN_VERSION=		1.5
+PLUGIN_REVISION=	1
 PLUGIN_COMMENT=		Tinc VPN
 PLUGIN_DEPENDS=		tinc
 PLUGIN_MAINTAINER=	ad@opnsense.org
--- a/security/tinc/src/opnsense/mvc/app/models/OPNsense/Tinc/Tinc.xml
+++ b/security/tinc/src/opnsense/mvc/app/models/OPNsense/Tinc/Tinc.xml
@ -37,10 +37,18 @@
                    <WildcardEnabled>N</WildcardEnabled>
                </intaddress>
                <subnet type="NetworkField">
-                    <Required>Y</Required>
+                    <Required>N</Required>
                    <WildcardEnabled>N</WildcardEnabled>
                    <NetMaskRequired>Y</NetMaskRequired>
                    <FieldSeparator>,</FieldSeparator>
+                    <Constraints>
+                        <check001>
+                            <ValidationMessage>Subnet field must be set in router mode.</ValidationMessage>
+                            <type>SetIfConstraint</type>
+                            <field>mode</field>
+                            <check>router</check>
+                        </check001>
+                    </Constraints>
                </subnet>
                <pingtimeout type="IntegerField">
                    <Required>Y</Required>
@ -69,6 +77,11 @@
                      <router>router</router>
                      <switch>switch</switch>
                  </OptionValues>
+                  <Constraints>
+                      <check001>
+                          <reference>subnet.check001</reference>
+                      </check001>
+                  </Constraints>
                </mode>
                <PMTUDiscovery type="BooleanField">
                    <default>1</default>
@ -123,7 +136,7 @@
                    <mask>/^([0-9a-zA-Z\.,_\-:]){0,1024}$/u</mask>
                </extaddress>
                <subnet type="NetworkField">
-                    <Required>Y</Required>
+                    <Required>N</Required>
                    <WildcardEnabled>N</WildcardEnabled>
                    <NetMaskRequired>Y</NetMaskRequired>
                    <FieldSeparator>,</FieldSeparator>
--- a/security/tinc/src/opnsense/scripts/OPNsense/Tinc/lib/objects.py
+++ b/security/tinc/src/opnsense/scripts/OPNsense/Tinc/lib/objects.py
@ -123,7 +123,6 @@ class Host(NetwConfObject):
    def __init__(self):
        super(Host, self).__init__()
        self._connectTo = "0"
-        self._payload['subnet'] = None
        self._payload['pubkey'] = None
        self._payload['cipher'] = None

@ -139,9 +138,10 @@ class Host(NetwConfObject):
    def config_text(self):
        result = list()
        result.append('Address=%(address)s %(port)s'%self._payload)
-        networks = self._payload['subnet'].split(',')
-        for network in networks:
-            result.append('Subnet=%s' % network)
+        if 'subnet' in self._payload:
+            networks = self._payload['subnet'].split(',')
+            for network in networks:
+                result.append('Subnet=%s' % network)
        result.append('Cipher=%(cipher)s'%self._payload)
        result.append('Digest=sha256')
        result.append(self._payload['pubkey'])
--- a/security/tinc/src/opnsense/scripts/OPNsense/Tinc/tincd.py
+++ b/security/tinc/src/opnsense/scripts/OPNsense/Tinc/tincd.py
@ -86,11 +86,14 @@ def deploy(config_filename):

        # write tinc-up file
        interface_address = network.get_local_address()
-        interface_family = "inet6" if ipaddress.ip_network(interface_address, False).version == 6 else "inet"
+        interface_network = ipaddress.ip_network(interface_address, False)
+        interface_family = "inet6" if interface_network.version == 6 else "inet"
+        interface_configd = "newipv6" if interface_network.version == 6 else "newip"

        if_up = list()
        if_up.append("#!/bin/sh")
-        if_up.append("ifconfig %s %s %s " % (interface_name, interface_family, pipes.quote(interface_address)))
+        if_up.append("ifconfig %s %s %s" % (interface_name, interface_family, pipes.quote(interface_address)))
+        if_up.append("configctl interface %s %s" % (interface_configd, interface_name))
        write_file("%s/tinc-up" % network.get_basepath(), '\n'.join(if_up) + "\n", 0o700)

        # configure and rename new tun device, place all in group "tinc" symlink associated tun device
@ -108,6 +111,10 @@ if len(sys.argv) > 1:
    if sys.argv[1] == 'stop':
        for instance in glob.glob('/usr/local/etc/tinc/*'):
            subprocess.run(['/usr/local/sbin/tincd','-n',instance.split('/')[-1], '-k'])
+            if os.path.exists('%s/tinc.conf' % instance):
+                interface_name  = open('%s/tinc.conf' % instance).read().split('Device=')[-1].split()[0].split('/')[-1]
+                if interface_name.startswith('tinc'):
+                    subprocess.run(['/sbin/ifconfig',interface_name,'destroy'])
    elif sys.argv[1] == 'start':
        for netwrk in deploy('/usr/local/etc/tinc_deploy.xml'):
            subprocess.run(['/usr/local/sbin/tincd','-n',netwrk.get_network(), '-R', '-d', netwrk.get_debuglevel()])
--- a/security/tinc/src/opnsense/service/templates/OPNsense/Syslog/local/tinc.conf
+++ b/security/tinc/src/opnsense/service/templates/OPNsense/Syslog/local/tinc.conf
@ -0,0 +1,6 @@
+###################################################################
+# Local syslog-ng configuration filter definition [tinc].
+###################################################################
+filter f_local_tinc {
+    program("tinc.*");
+};