From c6ad8a442bcc50a9e15228dfd9566a7dadf5c5a2 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Wed, 6 Sep 2023 15:16:04 +0200 Subject: [PATCH] security/tinc: add routes to remote subnets with "subnet-up" script. for https://github.com/opnsense/plugins/pull/3539 --- security/tinc/Makefile | 2 +- .../src/opnsense/scripts/OPNsense/Tinc/tincd.py | 16 +++++++++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/security/tinc/Makefile b/security/tinc/Makefile index ecc4f25f3..7d631fc77 100644 --- a/security/tinc/Makefile +++ b/security/tinc/Makefile @@ -1,6 +1,6 @@ PLUGIN_NAME= tinc PLUGIN_VERSION= 1.6 -PLUGIN_REVISION= 5 +PLUGIN_REVISION= 6 PLUGIN_COMMENT= Tinc VPN PLUGIN_DEPENDS= tinc PLUGIN_MAINTAINER= ad@opnsense.org diff --git a/security/tinc/src/opnsense/scripts/OPNsense/Tinc/tincd.py b/security/tinc/src/opnsense/scripts/OPNsense/Tinc/tincd.py index 3f5f887f4..d9020a76c 100755 --- a/security/tinc/src/opnsense/scripts/OPNsense/Tinc/tincd.py +++ b/security/tinc/src/opnsense/scripts/OPNsense/Tinc/tincd.py @@ -30,10 +30,10 @@ """ import os import sys -import tempfile import glob import pipes import xml.etree.ElementTree +import shutil import subprocess import ipaddress from lib import objects @@ -96,6 +96,20 @@ def deploy(config_filename): if_up.append("configctl interface %s %s" % (interface_configd, interface_name)) write_file("%s/tinc-up" % network.get_basepath(), '\n'.join(if_up) + "\n", 0o700) + # write subnet-up file and ship required binaries into the chroot + chroot_needs = set(['/bin/sh', '/sbin/route', '/libexec/ld-elf.so.1']) + for item in list(chroot_needs): + for line in subprocess.run(['/usr/bin/ldd', item], capture_output=True, text=True).stdout.split('\n'): + if line.find('=>') > 0: + chroot_needs.add(line.split('=>')[1].strip().split()[0]) + for filename in chroot_needs: + os.makedirs('%s%s' % (network.get_basepath(), os.path.dirname(filename)), exist_ok=True) + shutil.copy(filename, '%s/%s' % (network.get_basepath(), filename)) + write_file("%s/subnet-up" % network.get_basepath(), '\n'.join([ + "#!/bin/sh", + "route add $SUBNET -iface %s\n" % interface_name + ]), 0o700) + # configure and rename new tun device, place all in group "tinc" symlink associated tun device if interface_name not in interfaces: tundev = subprocess.run(['/sbin/ifconfig', interface_type, 'create'],