security/softether: new plugin (#956)

(cherry picked from commit 023fd97be1)
(cherry picked from commit 8c934b93e7)

README.md

@@ -74,6 +74,7 @@ security/intrusion-detection-content-et-pro -- IDS Proofpoint ET Pro ruleset (ne
 security/intrusion-detection-content-pt-open -- IDS PT Research ruleset (only for non-commercial use)
 security/intrusion-detection-content-snort-vrt -- IDS Snort VRT ruleset (needs registration or subscription)
 security/openconnect -- OpenConnect Client
+security/softether -- Cross-platform Multi-protocol VPN Program
 security/tinc -- Tinc VPN
 security/tor -- The Onion Router
 sysutils/api-backup -- Provide the functionality to download the config.xml

security/softether/Makefile

@@ -0,0 +1,8 @@
+PLUGIN_NAME=		softether
+PLUGIN_VERSION=		0.1
+PLUGIN_COMMENT=		Cross-platform Multi-protocol VPN Program
+PLUGIN_DEPENDS=		softether
+PLUGIN_MAINTAINER=	m.muenz@gmail.com
+PLUGIN_DEVEL=		yes
+
+.include "../../Mk/plugins.mk"

security/softether/pkg-descr

@@ -0,0 +1,8 @@
+SoftEther VPN ("SoftEther" means "Software Ethernet") is one of
+the world's most powerful and easy-to-use multi-protocol VPN
+software. It runs on Windows, Linux, Mac, FreeBSD and Solaris.
+
+SoftEther VPN is open source. You can use SoftEther for any
+personal or commercial use for free charge.
+
+WWW: https://www.softether.org/

security/softether/src/etc/inc/plugins.inc.d/softether.inc

@@ -0,0 +1,54 @@
+<?php
+
+/*
+    Copyright (C) 2018 Michael Muenz <m.muenz@gmail.com>
+    All rights reserved.
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+*/
+
+function softether_enabled()
+{
+    $model = new \OPNsense\Softether\General();
+    return (string)$model->enabled == '1';
+}
+
+function softether_services()
+{
+    $services = array();
+
+    if (!softether_enabled()) {
+        return $services;
+    }
+
+    $services[] = array(
+        'description' => gettext('SoftEther VPN'),
+        'configd' => array(
+            'restart' => array('softether restart'),
+            'start' => array('softether start'),
+            'stop' => array('softether stop'),
+        ),
+        'name' => 'vpnserver'
+    );
+
+    return $services;
+}

security/softether/src/opnsense/mvc/app/controllers/OPNsense/Softether/Api/GeneralController.php

@@ -0,0 +1,39 @@
+<?php
+
+/**
+ *    Copyright (C) 2018 Michael Muenz <m.muenz@gmail.com>
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+namespace OPNsense\Softether\Api;
+
+use OPNsense\Base\ApiMutableModelControllerBase;
+
+class GeneralController extends ApiMutableModelControllerBase
+{
+    static protected $internalModelClass = '\OPNsense\Softether\General';
+    static protected $internalModelName = 'general';
+}

security/softether/src/opnsense/mvc/app/controllers/OPNsense/Softether/Api/ServiceController.php

@@ -0,0 +1,47 @@
+<?php
+
+/**
+ *    Copyright (C) 2018 Michael Muenz <m.muenz@gmail.com>
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+namespace OPNsense\Softether\Api;
+
+use OPNsense\Base\ApiMutableServiceControllerBase;
+use OPNsense\Core\Backend;
+use OPNsense\Softether\General;
+
+/**
+ * Class ServiceController
+ * @package OPNsense\Softether
+ */
+class ServiceController extends ApiMutableServiceControllerBase
+{
+    static protected $internalServiceClass = '\OPNsense\Softether\General';
+    static protected $internalServiceTemplate = 'OPNsense/Softether';
+    static protected $internalServiceEnabled = 'enabled';
+    static protected $internalServiceName = 'softether';
+}

security/softether/src/opnsense/mvc/app/controllers/OPNsense/Softether/GeneralController.php

@@ -0,0 +1,38 @@
+<?php
+
+/*
+    Copyright (C) 2018 Michael Muenz <m.muenz@gmail.com>
+    All rights reserved.
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+*/
+
+namespace OPNsense\Softether;
+
+class GeneralController extends \OPNsense\Base\IndexController
+{
+    public function indexAction()
+    {
+        $this->view->generalForm = $this->getForm("general");
+        $this->view->pick('OPNsense/Softether/general');
+    }
+}

security/softether/src/opnsense/mvc/app/controllers/OPNsense/Softether/forms/general.xml

@@ -0,0 +1,8 @@
+<form>
+    <field>
+        <id>general.enabled</id>
+        <label>Enable SoftEther</label>
+        <type>checkbox</type>
+        <help>This will activate SoftEther vpnserver process.</help>
+    </field>
+</form>

security/softether/src/opnsense/mvc/app/models/OPNsense/Softether/ACL/ACL.xml

@@ -0,0 +1,9 @@
+<acl>
+   <page-softether-config>
+      <name>VPN: SoftEther</name>
+      <patterns>
+         <pattern>ui/softether/*</pattern>
+         <pattern>api/softether/*</pattern>
+      </patterns>
+   </page-softether-config>
+</acl>

security/softether/src/opnsense/mvc/app/models/OPNsense/Softether/General.php

@@ -0,0 +1,35 @@
+<?php
+
+/*
+    Copyright (C) 2018 Michael Muenz <m.muenz@gmail.com>
+    All rights reserved.
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+*/
+
+namespace OPNsense\Softether;
+
+use OPNsense\Base\BaseModel;
+
+class General extends BaseModel
+{
+}

security/softether/src/opnsense/mvc/app/models/OPNsense/Softether/General.xml

@@ -0,0 +1,11 @@
+<model>
+    <mount>//OPNsense/softether/general</mount>
+    <description>Softether configuration</description>
+    <version>0.0.1</version>
+    <items>
+        <enabled type="BooleanField">
+            <default>0</default>
+            <Required>Y</Required>
+        </enabled>
+    </items>
+</model>

security/softether/src/opnsense/mvc/app/models/OPNsense/Softether/Menu/Menu.xml

@@ -0,0 +1,5 @@
+<menu>
+    <VPN>
+        <SoftEther cssClass="fa fa-lock fa-fw" url="/ui/softether/general/index" order="50" />
+    </VPN>
+</menu>

security/softether/src/opnsense/mvc/app/views/OPNsense/Softether/general.volt

@@ -0,0 +1,68 @@
+{#
+
+OPNsense® is Copyright © 2014 – 2018 by Deciso B.V.
+This file is Copyright © 2018 by Michael Muenz <m.muenz@gmail.com>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+1.  Redistributions of source code must retain the above copyright notice,
+    this list of conditions and the following disclaimer.
+
+2.  Redistributions in binary form must reproduce the above copyright notice,
+    this list of conditions and the following disclaimer in the documentation
+    and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+#}
+
+<!-- Navigation bar -->
+<ul class="nav nav-tabs" data-tabs="tabs" id="maintabs">
+    <li class="active"><a data-toggle="tab" href="#general">{{ lang._('General') }}</a></li>
+</ul>
+
+<div class="tab-content content-box tab-content">
+    <div id="general" class="tab-pane fade in active">
+        <div class="content-box" style="padding-bottom: 1.5em;">
+            {{ partial("layout_partials/base_form",['fields':generalForm,'id':'frm_general_settings'])}}
+            <div class="col-md-12">
+                <hr />
+                <button class="btn btn-primary" id="saveAct" type="button"><b>{{ lang._('Save') }}</b> <i id="saveAct_progress"></i></button>
+            </div>
+        </div>
+    </div>
+</div>
+
+<script>
+$( document ).ready(function() {
+    var data_get_map = {'frm_general_settings':"/api/softether/general/get"};
+    mapDataToFormUI(data_get_map).done(function(data){
+        formatTokenizersUI();
+        $('.selectpicker').selectpicker('refresh');
+    });
+
+    updateServiceControlUI('softether');
+
+    $("#saveAct").click(function(){
+        saveFormToEndpoint(url="/api/softether/general/set", formid='frm_general_settings',callback_ok=function(){
+        $("#saveAct_progress").addClass("fa fa-spinner fa-pulse");
+            ajaxCall(url="/api/softether/service/reconfigure", sendData={}, callback=function(data,status) {
+                updateServiceControlUI('softether');
+                $("#saveAct_progress").removeClass("fa fa-spinner fa-pulse");
+            });
+        });
+    });
+
+});
+</script>

security/softether/src/opnsense/scripts/OPNsense/Softether/setup.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+mkdir -p /var/db/softether
+mkdir -p /var/log/softether

security/softether/src/opnsense/service/conf/actions.d/actions_softether.conf

@@ -0,0 +1,23 @@
+[start]
+command:/usr/local/opnsense/scripts/OPNsense/Softether/setup.sh;/usr/local/etc/rc.d/softether_server start
+parameters:
+type:script
+message:starting softether
+
+[stop]
+command:/usr/local/etc/rc.d/softether_server stop
+parameters:
+type:script
+message:stopping softether
+
+[restart]
+command:/usr/local/opnsense/scripts/OPNsense/Softether/setup.sh;/usr/local/etc/rc.d/softether_server restart
+parameters:
+type:script
+message:restarting softether
+
+[status]
+command:sh /usr/local/etc/rc.d/softether_server status;exit 0
+parameters:
+type:script_output
+message:softether status

security/softether/src/opnsense/service/templates/OPNsense/Softether/+TARGETS

@@ -0,0 +1 @@
+softether_server:/etc/rc.conf.d/softether_server

security/softether/src/opnsense/service/templates/OPNsense/Softether/softether_server

@@ -0,0 +1,6 @@
+{% if helpers.exists('OPNsense.softether.general.enabled') and OPNsense.softether.general.enabled == '1' %}
+softether_server_var_script="/usr/local/opnsense/scripts/OPNsense/Softether/setup.sh"
+softether_server_enable="YES"
+{% else %}
+softether_server_enable="NO"
+{% endif %}