File Coverage

lib/Wireguard/WGmeta/Wrapper/Config.pm

Criterion	Covered	Total	%
statement	354	385	91.9
branch	84	114	73.6
condition	16	21	76.1
subroutine	40	43	93.0
pod	22	25	88.0
total	516	588	87.7

line	stmt	bran	cond	sub	pod	time	code
1							=pod
2
3							=head1 NAME
4
5							WGmeta::Wrapper::Config - Class for interfacing the wireguard configuration
6
7							=head1 SYNOPSIS
8
9							use Wireguard::WGmeta::Wrapper::Config;
10							my $wg_meta = Wireguard::WGmeta::Wrapper::Config->new('');
11
12							=head1 DESCRIPTION
13
14							This class provides wrapper-functions around a wireguard configuration parsed by L which
15							allow to edit, add and remove interfaces and peers.
16
17							=head1 CONCURRENCY
18
19							Please refer to L
20
21							=head1 EXAMPLES
22
23							use Wireguard::WGmeta::Wrapper::Config;
24							my $wg-meta = Wireguard::WGmeta::Wrapper::Config->new('');
25
26							# set an attribute (non wg-meta attributes forwarded to the original `wg set` command)
27							wg_meta->set('wg0', 'WG_0_PEER_A_PUBLIC_KEY', '', '');
28
29							# set an alias for a peer
30							wg_meta->set('wg0', 'WG_0_PEER_A_PUBLIC_KEY', 'alias', 'some_fancy_alias');
31
32							# disable peer (this comments out the peer in the configuration file)
33							wg_meta->disable('wg0', 'some_fancy_alias');
34
35							# write config (if parameter is set to True, the config is overwritten, if set to False the resulting file is suffixed with '.not_applied'
36							wg_meta->commit(1);
37
38							=head1 METHODS
39
40							=cut
41
42	5			5		239423	use v5.20.0;
	5					44
43							package Wireguard::WGmeta::Wrapper::Config;
44	5			5		29	use strict;
	5					10
	5					124
45	5			5		26	use warnings;
	5					10
	5					202
46	5			5		32	use experimental 'signatures';
	5					10
	5					33
47	5			5		3043	use Wireguard::WGmeta::Wrapper::Bridge;
	5					13
	5					334
48	5			5		2593	use Wireguard::WGmeta::Parser::Middleware;
	5					15
	5					306
49	5			5		39	use Wireguard::WGmeta::ValidAttributes;
	5					12
	5					339
50	5			5		36	use Wireguard::WGmeta::Utils;
	5					11
	5					290
51	5			5		103	use Wireguard::WGmeta::Parser::Conf qw(INTERNAL_KEY_PREFIX);
	5					17
	5					284
52
53							our $VERSION = "0.3.2"; # do not change manually, this variable is updated when calling make
54
55	5			5		32	use constant FALSE => 0;
	5					10
	5					288
56	5			5		31	use constant TRUE => 1;
	5					9
	5					29352
57
58							=head3 new($wireguard_home [, $wg_meta_prefix, $wg_meta_disabled_prefix, $custom_attributes])
59
60							Creates a new instance of this class.
61
62							B
63
64							=over 1
65
66							=item *
67
68							C<$wireguard_home> Path to Wireguard configuration files. Make sure the path ends with a `/`.
69
70							=item *
71
72							C<[$wg_meta_prefix]> A custom wg-meta comment prefix, has to begin with either `;` or `#`.
73							It is recommended to not change this setting, especially in a already deployed installation.
74
75							=item *
76
77							C<[$wg_meta_disabled_prefix]> A custom prefix for the commented out (disabled) sections,
78							has to begin with either `;` or `#` and must not be equal with C<$wg_meta_prefix>! (This is enforced and an exception is thrown if violated)
79							It is recommended to not change this setting, especially in an already deployed installation.
80
81							=item *
82
83							C<[$not_applied_suffix]> Suffix to add if C is set to not override an existing config.
84
85							=item *
86
87							C<[$custom_attributes]> A reference to a hash defining custom attributes. Expects the following structure:
88
89							{
90							'attr_key' => {
91							'validator' => 'Ref to validation function'
92							},
93							'example' => {
94							'validator' => sub ($attr, $value) {
95							return ($attr eq 'example') ? 1 : 0;
96							}
97							},
98							...
99							}
100
101							=back
102
103							B
104
105							An instance of WGmeta::Wrapper::Config
106
107							=cut
108	10			10	1	90	sub new($class, $wireguard_home, $wg_meta_prefix = '#+', $wg_meta_disabled_prefix = '#-', $not_applied_suffix = '.not_applied', $custom_attributes = undef) {
	10					24
	10					21
	10					22
	10					21
	10					18
	10					23
	10					15
109
110	10	50				39	if ($wg_meta_prefix eq $wg_meta_disabled_prefix) {
111	0					0	die '`$wg_meta_prefix` and `$wg_meta_disabled_prefix` have to be different';
112							}
113
114	10	100				114	my $self = {
115							'wireguard_home' => $wireguard_home,
116							'wg_meta_prefix' => $wg_meta_prefix,
117							'wg_meta_disabled_prefix' => $wg_meta_disabled_prefix,
118							'not_applied_suffix' => $not_applied_suffix,
119							'n_conf_files' => {},
120							'parsed_config' => {},
121							'reload_listeners' => {},
122							'custom_attributes' => defined $custom_attributes ? $custom_attributes : {}
123							};
124
125	10					44	_read_configs_from_folder2($self);
126
127	10					63	bless $self, $class;
128	10					49	return $self;
129							}
130
131	10			10		19	sub _read_configs_from_folder2($self) {
	10					29
	10					17
132	10					34	my ($all_dot_conf, $count) = get_all_conf_files($self->{wireguard_home});
133	10					22	for my $possible_config_path (@{$all_dot_conf}) {
	10					30
134	40					76	my $interface = $possible_config_path;
135	40					477	$interface =~ s/^\/\|\\\|.\/\|.\\\|.conf$//g;
136	40					170	may_reload_from_disk($self, $interface, TRUE, TRUE, TRUE);
137							}
138							}
139
140							=head3 set($interface, $identifier, $attribute, $value [, $unknown_callback])
141
142							Sets a value on a specific interface section. If C == C<$value> this sub is essentially a No-Op.
143
144							B
145
146							=over 1
147
148							=item *
149
150							C<$interface> Valid interface identifier (e.g 'wg0')
151
152							=item *
153
154							C<$identifier> Either an interface name, an alias or public-key of a peer
155
156							=item *
157
158							C<$attribute> Attribute name (case does matter!)
159
160							=item *
161
162							C<[$unknown_callback = undef]> A reference to a callback function which is fired when a previously unknown attribute is set.
163							Expected signature:
164
165							sub my_unknown_callback($attribute, $value) {
166							# Handling of this particular case
167							return $attribute, $value;
168							}
169
170							If not defined, a warning is emitted
171
172							=back
173
174							B
175
176							Exception if:
177
178							=over 1
179
180							=item *
181
182							Value is not defined
183
184							=item *
185
186							Interface is invalid
187
188							=item *
189
190							Identifier is invalid (also if alias translation fails)
191
192							=item *
193
194							Attribute is not valid for target section (Interface, Peer)
195
196							=item *
197
198							Validation for the attribute value fails
199
200							=back
201
202							B
203
204							None
205
206							=cut
207	42			42	1	2825	sub set($self, $interface, $identifier, $attribute, $value, $unknown_callback = undef) {
	42					80
	42					80
	42					60
	42					69
	42					62
	42					75
	42					58
208							# Assertions
209	42	50				102	die "Undefined value for `$attribute` in interface `$interface` NOT SET" unless defined($value);
210	42	50				130	die "Invalid interface name `$interface`" unless $self->is_valid_interface($interface);
211	42					348	$identifier = $self->try_translate_alias($interface, $identifier);
212	42	50				114	die "Invalid identifier `$identifier` for interface `$interface`" unless $self->is_valid_identifier($interface, $identifier);
213	42					156	my $attr_type = get_attr_type($attribute);
214	42	100				109	if ($interface eq $identifier) {
215							# We have an interface
216	6	100				24	die "Attribute `$attribute` it not valid for the interface section" if $attr_type == ATTR_TYPE_IS_WG_ORIG_PEER;
217							}
218							else {
219	36	100	66			175	die "Attribute `$attribute` is not valid for a peer section" if $attr_type == ATTR_TYPE_IS_WG_ORIG_INTERFACE or $attr_type == ATTR_TYPE_IS_WG_QUICK;
220							}
221
222							# skip if same value
223	40	50	66			187	if (exists $self->{parsed_config}{$interface}{$identifier}{$attribute} && $self->{parsed_config}{$interface}{$identifier}{$attribute} eq $value) {
224	0					0	return;
225							}
226
227							# Call attribute validation function
228	40	100				109	die "Invalid attribute value `$value` for `$attribute`" unless $self->attr_value_is_valid($attribute, $value);
229
230	39	100				130	unless (exists $self->{parsed_config}{$interface}{$identifier}{$attribute}) {
231
232	25	100				69	if (not exists $self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'observed_wg_meta_attrs'}{$attribute}) {
233	23	100				72	if (exists KNOWN_ATTRIBUTES->{$attribute}) {
		100
234							# we have to first occurrence of a known but yet unseen wg-meta attribute
235	14	100				52	$self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'observed_wg_meta_attrs'}{$attribute} = 1 if KNOWN_ATTRIBUTES->{$attribute}{type} == ATTR_TYPE_IS_WG_META;
236							}
237							elsif (exists $self->{custom_attributes}{$attribute}) {
238							# we have a registered custom attribute
239	1					3	$self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'observed_wg_meta_attrs'}{$attribute} = 1
240							}
241							else {
242							# we have a completely new, unknown attribute
243	8	50				23	if (defined $unknown_callback) {
244	8					16	($attribute, $value) = &{$unknown_callback}($attribute, $value);
	8					25
245							}
246							else {
247	0					0	warn "Attribute `$attribute` was previously not known on interface `$interface`";
248							}
249	7					66	$self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'observed_wg_meta_attrs'}{$attribute} = 1;
250							}
251							}
252							# the attribute does not (yet) exist in the configuration, lets add it to the list
253	24					184	push @{$self->{parsed_config}{$interface}{$identifier}{INTERNAL_KEY_PREFIX . 'order'}}, $attribute;
	24					97
254							}
255	38	100				100	if ($attribute eq 'alias') {
256	8					39	$self->_update_alias_map($interface, $identifier, $value);
257							}
258	37					88	$self->{parsed_config}{$interface}{$identifier}{$attribute} = $value;
259	37					134	$self->_set_changed($interface);
260							}
261
262							=head3 attr_value_is_valid($attribute, $value, $ref_valid_attrs)
263
264							Simply calls the C function defined in L or C<$custom_attributs>
265
266							B
267
268							=over 1
269
270							=item
271
272							C<$attribute> Attribute name
273
274							=item
275
276							C<$value> Attribute value
277
278							=back
279
280							B
281
282							True if validation was successful (or no validator function present), False if not.
283
284							=cut
285	40			40	1	60	sub attr_value_is_valid($self, $attribute, $value) {
	40					70
	40					63
	40					60
	40					57
286	40	100				112	return &{KNOWN_ATTRIBUTES->{$attribute}{validator}}($value) if exists KNOWN_ATTRIBUTES->{$attribute};
	28					97
287	12	100				38	return &{$self->{custom_attributes}{$attribute}{validator}}($value) if exists $self->{custom_attributes}{$attribute};
	1					4
288	11					30	return 1;
289							}
290
291	8			8		17	sub _update_alias_map($self, $interface, $identifier, $alias) {
	8					15
	8					14
	8					14
	8					22
	8					14
292	8	100				34	unless (exists $self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'alias_map'}{$alias}) {
293	7					34	$self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'alias_map'}{$alias} = $identifier;
294							}
295							else {
296	1					10	die "Alias `$alias` is already defined on interface `$interface`";
297							}
298							}
299
300
301							=head3 disable($interface, $identifier)
302
303							Disables an interface/peer and setting the wg-meta attribute `Disabled` to C<1>.
304
305							B
306
307							=over 1
308
309							=item *
310
311							C<$interface> Valid interface name (e.g 'wg0').
312
313							=item *
314
315							C<$identifier> A valid identifier (or alias): If the target section is a peer, this is usually the public key of this peer. If target is an interface,
316							its again the interface name.
317
318							=back
319
320							B
321
322							None
323
324							=cut
325	3			3	1	309	sub disable($self, $interface, $identifier,) {
	3					8
	3					6
	3					7
	3					6
326	3					10	$self->_toggle($interface, $identifier, TRUE);
327							}
328
329							=head3 enable($interface, $identifier)
330
331							Inverse method if L
332
333							=cut
334	7			7	1	17	sub enable($self, $interface, $identifier) {
	7					16
	7					13
	7					14
	7					14
335	7					24	$self->_toggle($interface, $identifier, FALSE);
336							}
337
338							# internal toggle method (DRY)
339	10			10		33	sub _toggle($self, $interface, $identifier, $enable) {
	10					19
	10					17
	10					15
	10					20
	10					29
340	10					27	$identifier = $self->try_translate_alias($interface, $identifier);
341							# we can bypass an "expensive" set() here
342	10					31	$self->{parsed_config}{$interface}{$identifier}{'disabled'} = $enable;
343	10					28	$self->_set_changed($interface);
344							}
345
346							=head3 is_valid_interface($interface)
347
348							Checks if an interface name is valid (present in parsed config)
349
350							B
351
352							=over 1
353
354							=item
355
356							C<$interface> An interface name
357
358							=back
359
360							B
361
362							True if present, undef if not.
363
364							=cut
365	60			60	1	93	sub is_valid_interface($self, $interface) {
	60					92
	60					104
	60					83
366	60					257	return (exists $self->{parsed_config}{$interface});
367							}
368
369
370							=head3 is_valid_alias($interface, $alias)
371
372							Simply checks if an alias is valid for a given interface
373
374							=cut
375	2			2	1	5	sub is_valid_alias($self, $interface, $alias) {
	2					6
	2					13
	2					6
	2					4
376	2					14	return exists $self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'alias_map'}{$alias}
377							}
378
379							=head3 is_valid_identifier($interface, $identifier)
380
381							Checks if an identifier is valid for a given interface
382
383							B
384
385							=over 1
386
387							=item
388
389							C<$interface> An interface name
390
391							=item
392
393							C<$identifier> An identifier (no alias!)
394
395							=back
396
397							B
398
399							True if present, undef if not.
400
401							=cut
402	52			52	1	82	sub is_valid_identifier($self, $interface, $identifier) {
	52					81
	52					78
	52					76
	52					78
403	52					196	return (exists $self->{parsed_config}{$interface}{$identifier});
404							}
405
406							=head3 try_translate_alias($interface, $may_alias)
407
408							Tries to translate an identifier (which may be an alias).
409							no exception is thrown on failure, instead the C<$may_alias> is returned.
410
411							B
412
413							=over 1
414
415							=item
416
417							C<$interface> A valid interface name
418
419							=item
420
421							C<$may_alias> An identifier which could be a valid alias for this interface
422
423							=back
424
425							B
426
427							If the alias is valid for the specified interface, the corresponding identifier is returned, else C<$may_alias>
428
429							=cut
430	63			63	1	110	sub try_translate_alias($self, $interface, $may_alias) {
	63					105
	63					97
	63					99
	63					102
431	63	100				173	if (exists $self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'alias_map'}{$may_alias}) {
432	5					18	return $self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'alias_map'}{$may_alias};
433							}
434							else {
435	58					159	return $may_alias;
436							}
437							}
438
439							=head3 get_all_conf_files($wireguard_home)
440
441							Returns a list of all files in C<$wireguard_home> matching I.
442
443							B
444
445							=over 1
446
447							=item
448
449							C<$wireguard_home> Path to a folder where wireguard configuration files are located
450
451							=back
452
453							B
454
455							A reference to a list with absolute paths to the config files (possibly empty)
456
457							=cut
458	10			10	1	20	sub get_all_conf_files($wireguard_home) {
	10					18
	10					18
459	10					72	my @config_files = read_dir($wireguard_home, qr/.*\.conf$/);
460	10	50				57	if (@config_files == 0) {
461	0					0	die "No matching interface configuration(s) in " . $wireguard_home;
462							}
463	10					27	my $count = @config_files;
464	10					41	return \@config_files, $count;
465							}
466
467
468							=head3 commit([$is_hot_config = FALSE, $no_checksum = FALSE])
469
470							Writes down the parsed config to the wireguard configuration folder
471
472							B
473
474							=over 1
475
476							=item
477
478							C<[$is_hot_config = FALSE])> If set to TRUE, the existing configuration is overwritten (and possibly existing, not applied configs are deleted). Otherwise,
479							the suffix '.not_applied' is appended to the filename
480
481							=item
482
483							C<[$no_checksum = FALSE])> If set to TRUE, no checksum is written
484
485							=back
486
487							B
488
489							Exception if: Folder or file is not writeable
490
491							B
492
493							None
494
495							=cut
496	7			7	1	330	sub commit($self, $is_hot_config = FALSE, $no_checksum = FALSE) {
	7					12
	7					10
	7					12
	7					11
497	7					12	for my $interface (keys %{$self->{parsed_config}}) {
	7					30
498	14	100				41	if ($self->_has_changed($interface)) {
499	7					33	my $new_config = create_wg_config2($self->{parsed_config}{$interface}, $self->{wg_meta_prefix}, $self->{wg_meta_disabled_prefix}, $no_checksum);
500	7					13	my $fh;
501	7					22	my $hot_path = $self->{wireguard_home} . $interface . '.conf';
502	7					34	my $safe_path = $self->{wireguard_home} . $interface . $self->{not_applied_suffix};
503	7	100				21	if ($is_hot_config == TRUE) {
504	6	50				556	open $fh, '>', $hot_path or die $!;
505	6					45	$self->{parsed_config}->{$interface}{INTERNAL_KEY_PREFIX . 'is_hot_config'} = 1;
506							}
507							else {
508	1	50				125	open $fh, '>', $safe_path or die $!;
509	1					7	$self->{parsed_config}->{$interface}{INTERNAL_KEY_PREFIX . 'is_hot_config'} = 0;
510							}
511							# write down to file
512	7					89	print $fh $new_config;
513	7					35	$self->_reset_changed($interface);
514	7	50				660	close $fh or die $!;
515
516							# if there is an not applied version around delete it (if is_hot_config = True)
517	7	100	100			137	if (-e $safe_path && $is_hot_config) {
518	1					73	unlink $safe_path;
519							}
520							# Notify listeners about a file change
521	7					37	$self->_call_reload_listeners($interface);
522							}
523							}
524							}
525
526
527							=head3 get_interface_list()
528
529							Return a list of all interfaces.
530
531							B
532
533							A list of all valid interface names. If no interfaces are available, an empty list is returned
534
535							=cut
536	4			4	1	25	sub get_interface_list($self) {
	4					6
	4					8
537	4					5	return sort keys %{$self->{parsed_config}};
	4					30
538							}
539
540							=head3 get_interface_section($interface, $identifier)
541
542							Returns a hash representing a section of a given interface
543
544							B
545
546							=over 1
547
548							=item *
549
550							C<$interface> Valid interface name
551
552							=item *
553
554							C<$identifier> Valid section identifier
555
556							=back
557
558							B
559
560							A hash containing the requested section. If the requested section/interface is not present, an empty hash is returned.
561
562							=cut
563	3			3	1	16	sub get_interface_section($self, $interface, $identifier) {
	3					7
	3					5
	3					6
	3					5
564	3					10	$identifier = $self->try_translate_alias($interface, $identifier);
565	3	50				10	if (exists $self->{parsed_config}{$interface}{$identifier}) {
566	3					6	my %r = %{$self->{parsed_config}{$interface}{$identifier}};
	3					25
567	3					27	return %r;
568							}
569							else {
570	0					0	return ();
571							}
572							}
573
574							=head3 get_section_list($interface)
575
576							Returns a list of valid sections of an interface (ordered as in the original config file).
577
578							B
579
580							=over 1
581
582							=item *
583
584							C<$interface> A valid interface name
585
586							=back
587
588							B
589
590							A list of all sections of an interface. If interface is not present, an empty list is returned.
591
592							=cut
593	5			5	1	1697	sub get_section_list($self, $interface) {
	5					11
	5					9
	5					9
594	5	100				14	if ($self->is_valid_interface($interface)) {
595	4					114	return @{$self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'section_order'}};
	4					29
596							}
597							else {
598	1					4	return ();
599							}
600							}
601
602	0			0	0	0	sub get_wg_meta_prefix($self) {
	0					0
	0					0
603	0					0	return $self->{wg_meta_prefix};
604							}
605
606	0			0	0	0	sub get_disabled_prefix($self) {
	0					0
	0					0
607	0					0	return $self->{wg_meta_disabled_prefix};
608							}
609
610							=head3 add_interface($interface_name, $ip_address, $listen_port, $private_key)
611
612							Adds a (minimally configured) interface. If more attributes are needed, please set them using the C method.
613
614							B No validation is performed on the values!
615
616							B
617
618							=over 1
619
620							=item *
621
622							C<$interface_name> A new interface name, must be unique.
623
624							=item *
625
626							C<$ip_address> A string describing the ip net(s) (e.g '10.0.0.0/24, fdc9:281f:04d7:9ee9::2/64')
627
628							=item *
629
630							C<$listen_port> The listen port for this interface.
631
632							=item *
633
634							C<$private_key> A private key for this interface
635
636							=back
637
638							B
639
640							An exception if the interface name already exists.
641
642							B
643
644							None
645
646							=cut
647	1			1	1	3	sub add_interface($self, $interface_name, $ip_address, $listen_port, $private_key) {
	1					3
	1					3
	1					3
	1					2
	1					3
	1					1
648	1	50				7	if ($self->is_valid_interface($interface_name)) {
649	0					0	die "Interface `$interface_name` already exists";
650							}
651	1					8	my %interface = (
652							'address' => $ip_address,
653							'listen-port' => $listen_port,
654							'private-key' => $private_key,
655							INTERNAL_KEY_PREFIX . 'type' => 'Interface',
656							INTERNAL_KEY_PREFIX . 'order' => [ 'address', 'listen-port', 'private-key' ]
657							);
658	1					5	$self->{parsed_config}{$interface_name}{$interface_name} = \%interface;
659	1					4	$self->{parsed_config}{$interface_name}{INTERNAL_KEY_PREFIX . 'alias_map'} = {};
660	1					5	$self->{parsed_config}{$interface_name}{INTERNAL_KEY_PREFIX . 'section_order'} = [ $interface_name ];
661	1					4	$self->{parsed_config}{$interface_name}{checksum} = 'none';
662	1					3	$self->{parsed_config}{$interface_name}{INTERNAL_KEY_PREFIX . 'mtime'} = 0.0;
663	1					5	$self->{parsed_config}{$interface_name}{INTERNAL_KEY_PREFIX . 'config_path'} = $self->{wireguard_home} . $interface_name . '.conf';
664	1					5	$self->{parsed_config}{$interface_name}{has_changed} = 1;
665
666							}
667
668							=head3 add_peer($interface, $ip_address, $public_key [, $alias, $preshared_key])
669
670							Adds a peer to an exiting interface.
671
672							B
673
674							=over 1
675
676							=item *
677
678							C<$interface> A valid interface.
679
680							=item *
681
682							C<$ip_address> A string describing the ip-address(es) of this this peer.
683
684							=item *
685
686							C<$public_key> Public-key for this interface. This becomes the identifier of this peer.
687
688							=item *
689
690							C<[$preshared_key]> Optional argument defining the psk.
691
692							=item *
693
694							C<[$alias]> Optional argument defining an alias for this peer (wg-meta)
695
696							=back
697
698							B
699
700							An exception if either the interface is invalid, the alias is already assigned or the public-key is
701							already present on an other peer.
702
703							B
704
705							A tuple consisting of the iface private-key and listen port
706
707							=cut
708	5			5	1	1534	sub add_peer($self, $interface, $ip_address, $public_key, $alias = undef, $preshared_key = undef) {
	5					12
	5					10
	5					10
	5					11
	5					9
	5					11
	5					9
709							# generate new key pair if not defined
710	5	50				23	if ($self->is_valid_interface($interface)) {
711	5	50				24	if ($self->is_valid_identifier($interface, $public_key)) {
712	0					0	die "An interface with this public-key already exists on `$interface`";
713							}
714							# generate peer config
715	5					16	my %peer = ();
716	5					19	$self->{parsed_config}{$interface}{$public_key} = \%peer;
717	5					38	$self->set($interface, $public_key, 'public-key', $public_key);
718	5					25	$self->set($interface, $public_key, 'allowed-ips', $ip_address);
719	5	100				16	if (defined $alias) {
720	4					12	$self->set($interface, $public_key, 'alias', $alias);
721							}
722	5	50				22	if (defined $preshared_key) {
723	0					0	$self->set($interface, $public_key, 'preshared-key', $preshared_key);
724							}
725	5					24	$self->enable($interface, $public_key);
726							# set type to to Peer
727	5					15	$self->{parsed_config}{$interface}{$public_key}{INTERNAL_KEY_PREFIX . 'type'} = 'Peer';
728							# add section to global section list
729	5					10	push @{$self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'section_order'}}, $public_key;
	5					20
730	5					29	return $self->{parsed_config}{$interface}{$interface}{'private-key'}, $self->{parsed_config}{$interface}{$interface}{'listen-port'};
731							}
732							else {
733	0					0	die "Invalid interface `$interface`";
734							}
735							}
736
737							=head3 remove_peer($interface, $identifier)
738
739							Removes a peer (identified by it's public key or alias) from an interface.
740
741							B
742
743							=over 1
744
745							=item
746
747							C<$interface> A valid interface name
748
749							=item
750
751							C<$identifier> A valid identifier (or an alias)
752
753							=back
754
755							B
756
757							Exception if interface or identifier is invalid
758
759							B
760
761							None
762
763							=cut
764	2			2	1	511	sub remove_peer($self, $interface, $identifier) {
	2					5
	2					6
	2					4
	2					4
765	2	50				7	if ($self->is_valid_interface($interface)) {
766	2					9	$identifier = $self->try_translate_alias($interface, $identifier);
767	2	50				8	if ($self->is_valid_identifier($interface, $identifier)) {
768
769							# delete section
770	2					12	delete $self->{parsed_config}{$interface}{$identifier};
771
772							# delete from section list
773	2					6	$self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'section_order'} = [ grep {$_ ne $identifier} @{$self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'section_order'}} ];
	5					46
	2					9
774
775							# decrease peer count
776	2					11	$self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'n_peers'}--;
777
778							# delete alias (if exists)
779	2					6	while (my ($alias, $a_identifier) = each %{$self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'alias_map'}}) {
	5					31
780	3	100				24	if ($a_identifier eq $identifier) {
781	2					15	delete $self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'alias_map'}{$alias};
782							}
783							}
784	2					10	$self->_set_changed($interface);
785							}
786							else {
787	0					0	die "Invalid identifier `$identifier` for `$interface`";
788							}
789							}
790							else {
791	0					0	die "Invalid interface `$interface`";
792							}
793							}
794
795							=head3 remove_interface($interface [, $keep_file = FALSE])
796
797							Removes an interface. This command deletes the config file immediately. I.e no rollback possible!
798
799							B
800
801							=over 1
802
803							=item
804
805							C<$interface> A valid interface name
806
807							=back
808
809							B
810
811							Exception if interface or identifier is invalid
812
813							B
814
815							None
816
817							=cut
818	3			3	1	870	sub remove_interface($self, $interface) {
	3					6
	3					5
	3					7
819	3	50				9	if ($self->is_valid_interface($interface)) {
820							# delete interface
821	3					24	delete $self->{parsed_config}{$interface};
822	3	50				66	if (-e "$self->{wireguard_home}$interface.conf") {
823	3	50				288	unlink "$self->{wireguard_home}$interface.conf" or warn "Could not delete `$self->{wireguard_home}$interface.conf` do you have the needed permissions?";
824							}
825	3					21	$self->{n_conf_files}--;
826							}
827							}
828
829							=head3 get_peer_count([$interface = undef])
830
831							Returns the number of peers.
832
833							B Does return the count represented in the current (parsed) configuration state.
834
835							B
836
837							=over 1
838
839							=item
840
841							C<[$interface = undef]> If defined and valid, only return counts for this specific interface
842
843							=back
844
845							B
846
847							Number of peers
848
849							=cut
850	3			3	1	753	sub get_peer_count($self, $interface = undef) {
	3					6
	3					7
	3					5
851	3	100	66			15	if (defined $interface && $self->is_valid_interface($interface)) {
852	2					10	return $self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'n_peers'};
853							}
854							else {
855	1					1	my $count = 0;
856	1					4	for ($self->get_interface_list()) {
857	2					5	$count += $self->{parsed_config}{$_}{INTERNAL_KEY_PREFIX . 'n_peers'};
858							}
859	1					6	return $count;
860							}
861							}
862
863							=head3 may_reload_from_disk($interface [, $new = FALSE])
864
865							Method to reload an interface configuration from disk. Also useful to add an new (externally) created
866							interface on-the-fly. If a config file with a I<.not_applied> suffix is present (and its mtime is newer
867							than the original one), it is taken as source for reloading the configuration data.
868
869							B
870
871							=over 1
872
873							=item *
874
875							C<$interface> A valid interface name
876
877							=item *
878
879							C<[$new = FALSE]> If set to True, the parser looks at C<$wireguard_home> for this new interface config.
880
881							=item *
882
883							C<[$force = FALSE]> When set to True, the configuration is reloaded regardless of its mtime.
884
885							=back
886
887							B
888
889							Exception: If the interface is invalid (or the config file is not found)
890
891							B
892
893							None, or undef if C<$new == True> and the interface is in fact not a wg config.
894
895							=cut
896	149			149	1	269	sub may_reload_from_disk($self, $interface, $new = FALSE, $force = FALSE, $_init = FALSE) {
	149					269
	149					240
	149					255
	149					219
	149					247
	149					203
897	149					441	my $config_path = $self->{wireguard_home} . $interface . '.conf';
898							# check if there is a newer, not applied version, if yes prefer this version
899	149					324	my $not_applied_path = $self->{wireguard_home} . $interface . $self->{not_applied_suffix};
900	149	100				2163	if (-e $not_applied_path) {
901	1	50				6	if (get_mtime($not_applied_path) > get_mtime($config_path)) {
902	1					3	$config_path = $not_applied_path;
903							}
904							}
905	149	100				532	if ($new == FALSE) {
906							# do not use is_valid_interface() here otherwise there is a risk of infinite recursion (in a concurrent environment)
907	54	50				161	if (exists $self->{parsed_config}{$interface}) {
908							# we only reload if the on-disk version is newer than our local one
909							# There is however one exception: The local config is based on a not applied version and this file somehow
910							# unexpectedly deleted (e.g by a sysadmin..)
911	54					199	my $on_disk_mtime = get_mtime($config_path);
912							my $unexpected_delete = (exists $self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'is_hot_config'}
913							&& $self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'is_hot_config'} == 0
914	54		66			363	&& $self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'mtime'} > $on_disk_mtime);
915
916	54	100	66			497	if ($force \|\| $unexpected_delete \|\| $self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'mtime'} < $on_disk_mtime) {
			100
917	11					55	my $contents = read_file($config_path);
918	11					71	$self->{parsed_config}{$interface} = parse_wg_config2($contents, $interface, $self->{wg_meta_prefix}, $self->{wg_meta_disabled_prefix}, FALSE);
919	11					35	$self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'config_path'} = $config_path;
920	11					45	$self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'mtime'} = get_mtime($config_path);
921	11	100				130	$self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'is_hot_config'} = ($config_path =~ /$self->{not_applied_suffix}/) ? 0 : 1;
922	11	50				75	$self->_call_reload_listeners($interface) if $_init == FALSE;
923							}
924							}
925							else {
926	0					0	die "Invalid interface $interface - if this is a new interface, set `\$new` to True";
927							}
928							}
929							# We have a completely new interface
930							else {
931	95	50				1267	if (-e $config_path) {
932	95					418	my $contents = read_file($config_path);
933	95					466	my $maybe_new_config = parse_wg_config2($contents, $interface, $self->{wg_meta_prefix}, $self->{wg_meta_disabled_prefix}, FALSE);
934	95	100				242	if (defined $maybe_new_config) {
935	21					47	$self->{n_conf_files}++;
936	21					58	$self->{parsed_config}{$interface} = $maybe_new_config;
937	21					53	$self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'config_path'} = $config_path;
938	21					118	$self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'mtime'} = get_mtime($config_path);
939	21	50				196	$self->{parsed_config}{$interface}{INTERNAL_KEY_PREFIX . 'is_hot_config'} = ($config_path =~ /$self->{not_applied_suffix}/) ? 0 : 1;
940	21	100				111	$self->_call_reload_listeners($interface) if $_init == FALSE;;
941							}
942							else {
943	74					276	return undef;
944							}
945							}
946							else {
947	0					0	die "The interface $interface was not found in $self->{wireguard_home}";
948							}
949
950							}
951
952							}
953
954							# internal method to create a configuration file (this method exists primarily for testing purposes)
955	4			4	0	593	sub create_config($self, $interface, $plain = FALSE) {
	4					8
	4					5
	4					8
	4					6
956							return create_wg_config2(
957							$self->{parsed_config}{$interface},
958							$self->{wg_meta_prefix},
959							$self->{wg_meta_disabled_prefix},
960	4					17	$plain = $plain)
961							}
962
963	40			40		108	sub _has_changed($self, $interface) {
	40					69
	40					83
	40					57
964	40					252	return exists $self->{parsed_config}{$interface}{has_changed};
965							}
966
967	49			49		77	sub _set_changed($self, $interface) {
	49					76
	49					81
	49					68
968	49					161	$self->{parsed_config}{$interface}{has_changed} = 1;
969							}
970
971	17			17		34	sub _reset_changed($self, $interface) {
	17					32
	17					32
	17					30
972	17	50				90	delete $self->{parsed_config}{$interface}{has_changed} if (exists $self->{parsed_config}{$interface}{has_changed});
973							}
974
975							=head3 register_on_reload_listener($ref_handler, $handler_id [, $ref_listener_args = []])
976
977							Register your callback handlers for the C event here. Your handler is called
978							B the reload happened, is blocking and exceptions are caught in an C environment.
979
980							B
981
982							=over 1
983
984							=item
985
986							C<$ref_handler> Reference to a handler function. The following signature is expected:
987
988							sub my_handler_function($interface, $ref_list_args){
989							...
990							}
991
992							=item
993
994							C<$handler_id> An identifier for you handler function. Must be unique!
995
996							=item
997
998							C<[$ref_listener_args = []]> A reference to an argument list for your handler function
999
1000							=back
1001
1002							B
1003
1004							None, exception if C<$handler_id> is already present.
1005
1006							=cut
1007	1			1	1	502	sub register_on_reload_listener($self, $ref_handler, $handler_id, $ref_listener_args = []) {
	1					3
	1					2
	1					2
	1					2
	1					1
1008	1	50				5	unless ($self->{reload_listeners}{$handler_id}) {
1009	1					4	my $listener_data = {
1010							'handler' => $ref_handler,
1011							'args' => $ref_listener_args
1012							};
1013	1					5	$self->{reload_listeners}{$handler_id} = $listener_data;
1014							}
1015							else {
1016	0					0	die "Handler id $handler_id already present";
1017							}
1018
1019							}
1020
1021							=head3 remove_on_reload_listener($handler_id)
1022
1023							Removes a reload callback handler by it's C<$handler_id>.
1024
1025							B
1026
1027							=over 1
1028
1029							=item
1030
1031							C<$handler_id> A valid handler id
1032
1033							=back
1034
1035							B
1036
1037							1 on success, undef on failure.
1038
1039							=cut
1040	0			0	1	0	sub remove_on_reload_listener($self, $handler_id) {
	0					0
	0					0
	0					0
1041	0	0				0	if (exists $self->{reload_listeners}{$handler_id}) {
1042	0					0	delete $self->{reload_listeners}{$handler_id};
1043	0					0	return 1;
1044							}
1045							else {
1046	0					0	return undef;
1047							}
1048							}
1049
1050	29			29		55	sub _call_reload_listeners($self, $interface) {
	29					57
	29					56
	29					42
1051	29					57	for my $listener_id (keys %{$self->{reload_listeners}}) {
	29					181
1052	1					3	eval {
1053	1					3	&{$self->{reload_listeners}{$listener_id}{handler}}($interface, $self->{reload_listeners}{$listener_id}{args});
	1					3
1054							};
1055	1	50				19	if ($@) {
1056	0						warn "Call to reload_listener $listener_id failed: $@";
1057							}
1058							}
1059							}
1060
1061
1062							1;