wg-installer: rework code

Use shellcheck to rework the code. Use "export" to return variables from a function call. Further, fix typos. Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-01-19 18:40:16 +01:00 · 2022-01-19 18:40:16 +01:00 · 69c81790d1
commit 69c81790d1
parent 8ca0439f97
10 changed files with 122 additions and 160 deletions
--- a/net/wg-installer/common/wg.sh
+++ b/net/wg-installer/common/wg.sh
@ -6,9 +6,9 @@ next_port () {

 	ports=$(wg show all listen-port | awk '{print $2}')

-	for i in $(seq $port_start $port_end); do
-		if ! echo $ports | grep -q "$i"; then
-			echo $i
+	for i in $(seq "$port_start" "$port_end"); do
+		if ! echo "$ports" | grep -q "$i"; then
+			echo "$i"
 			return
 		fi
 	done
@ -25,15 +25,13 @@ delete_wg_interface() {
 }

 check_wg_neighbors() {
-    local phy
-
    wg_interfaces=$(ip link | grep wg | awk '{print $2}' | sed 's/://')
    for phy in $wg_interfaces; do
-        linklocal=$(ip -6 addr list dev $phy | grep "scope link" | awk '{print $2}' | sed 's/\/64//') 2>/dev/null
-        ips=$(ping ff02::1%$phy -w5 -W5 -c10 | awk '/from/{print($4)}' | sed 's/.$//') 2>/dev/null
+        linklocal=$(ip -6 addr list dev "$phy" | grep "scope link" | awk '{print $2}' | sed 's/\/64//') 2>/dev/null
+        ips=$(ping ff02::1%"$phy" -w5 -W5 -c10 | awk '/from/{print($4)}' | sed 's/.$//') 2>/dev/null
        delete=1
        for ip in $ips; do
-            if [ $ip != $linklocal ] && [ $(owipcalc $ip linklocal) -eq 1 ]; then
+            if [ "$ip" != "$linklocal" ] && [ "$(owipcalc $ip linklocal)" -eq 1 ]; then
                delete=0
                break
            fi
--- a/net/wg-installer/wg-client/config/wgclient.conf
+++ b/net/wg-installer/wg-client/config/wgclient.conf
@ -1,7 +1,4 @@
 config client
-    option wg_key '/root/wg.key'
-    option wg_pub '/root/wg.pub'
-    option base_prefix '2000::/64'
    option port_start '51820'
    option port_end '52820'
    option try_insecure '1'
--- a/net/wg-installer/wg-client/lib/rpcd_ubus.sh
+++ b/net/wg-installer/wg-client/lib/rpcd_ubus.sh
@ -1,3 +1,5 @@
+#!/bin/sh
+
 . /usr/share/libubox/jshn.sh

 query_gw () {
@ -5,26 +7,26 @@ query_gw () {
 	local req=$2
 	
 	# first try https
-	ret=$(curl https://$ip/ubus -d "$req") 2>/dev/null
+	ret=$(curl https://"$ip"/ubus -d "$req") 2>/dev/null
 	if [ $? -eq 0 ]; then
-		echo $ret
+		echo "$ret"
 		return 0
 	fi

 	# try with --insecure
-	if [ $(uci get wgclient.@client[0].try_insecure) == '1' ]; then
-		ret=$(curl --insecure https://$ip/ubus -d "$req") 2>/dev/null
+	if [ "$(uci get wgclient.@client[0].try_insecure)" -eq '1' ]; then
+		ret=$(curl --insecure https://"$ip"/ubus -d "$req") 2>/dev/null
 		if [ $? -eq 0 ]; then
-			echo $ret
+			echo "$ret"
 			return 0
 		fi
 	fi

 	# try with http
-	if [ $(uci get wgclient.@client[0].try_http) == '1' ]; then
-		ret=$(curl http://$ip/ubus -d "$req") 2>/dev/null
+	if [ "$(uci get wgclient.@client[0].try_http)" -eq '1' ]; then
+		ret=$(curl http://"$ip"/ubus -d "$req") 2>/dev/null
 		if [ $? -eq 0 ]; then
-			echo $ret
+			echo "$ret"
 			return 0
 		fi
 	fi
@ -46,13 +48,13 @@ request_token () {
 	json_add_string "" "session"
 	json_add_string "" "login"
 	json_add_object
-	json_add_string "username" $user
-	json_add_string "password" $password
+	json_add_string "username" "$user"
+	json_add_string "password" "$password"
 	json_close_object
 	json_close_array
 	req=$(json_dump)
-	ret=$(query_gw $ip "$req") 2>/dev/null
-	if [ $? != 0 ]; then
+	ret=$(query_gw "$ip" "$req") 2>/dev/null
+	if [ $? -ne 0 ]; then
 		return 1
 	fi
 	json_load "$ret"
@ -60,7 +62,7 @@ request_token () {
 	json_select result
 	json_select 2
 	json_get_var ubus_rpc_session ubus_rpc_session
-	echo $ubus_rpc_session
+	echo "$ubus_rpc_session"
 }

 wg_rpcd_get_usage () {
@ -73,18 +75,17 @@ wg_rpcd_get_usage () {
 	json_add_int "id" "1"
 	json_add_string "method" "call"
 	json_add_array "params"
-	json_add_string "" $token
+	json_add_string "" "$token"
 	json_add_string "" "wginstaller"
 	json_add_string "" "get_usage"
 	json_add_object
 	json_close_object
 	json_close_array
 	req=$(json_dump)
-	ret=$(query_gw $ip "$req") 2>/dev/null
-	if [ $? != 0 ]; then
+	ret=$(query_gw "$ip" "$req") 2>/dev/null
+	if [ $? -ne 0 ]; then
 		return 1
 	fi
-
 	# return values
 	json_load "$ret"
 	json_get_vars result result
@ -95,40 +96,39 @@ wg_rpcd_get_usage () {
 }

 wg_rpcd_register () {
-	local token=$1
-	local ip=$2
-	local uplink_bw=$3
-	local mtu=$4
-	local public_key=$5
+	local token=$5
+	local ip=$6
+	local mtu=$7
+	local public_key=$8

 	json_init
 	json_add_string "jsonrpc" "2.0"
 	json_add_int "id" "1"
 	json_add_string "method" "call"
 	json_add_array "params"
-	json_add_string "" $token
+	json_add_string "" "$token"
 	json_add_string "" "wginstaller"
 	json_add_string "" "register"
 	json_add_object
-	json_add_int "uplink_bw" $uplink_bw
-	json_add_int "mtu" $mtu
-	json_add_string "public_key" $public_key
+	json_add_int "mtu" "$mtu"
+	json_add_string "public_key" "$public_key"
 	json_close_object
 	json_close_array
 	req=$(json_dump)
-	ret=$(query_gw $ip "$req") 2>/dev/null
-	if [ $? != 0 ]; then
+	ret=$(query_gw "$ip" "$req") 2>/dev/null
+	if [ $? -ne 0 ]; then
 		return 1
 	fi
-
 	json_load "$ret"
 	json_get_vars result result
 	json_select result
 	json_select 2
-	json_get_var pubkey pubkey
-	json_get_var gw_ip gw_ip
-	json_get_var port port
-	echo "pubkey: ${pubkey}"
-	echo "gw_ip: ${gw_ip}"
-	echo "port: ${port}"
+	json_get_var gw_pubkey gw_pubkey
+	json_get_var gw_ipv4 gw_ipv4
+	json_get_var gw_ipv6 gw_ipv6
+	json_get_var gw_port gw_port
+	export "$1=$gw_pubkey"
+	export "$2=$gw_ipv4"
+	export "$3=$gw_ipv6"
+	export "$4=$gw_port"
 }
--- a/net/wg-installer/wg-client/wg-client-installer.sh
+++ b/net/wg-installer/wg-client/wg-client-installer.sh
@ -12,8 +12,8 @@ while true; do
 		echo "help"
 		shift 1
 		;;
-	-i | --ip)
-		IP=$2
+	--endpoint)
+		ENDPOINT=$2
 		shift 2
 		;;
 	--user)
@ -24,10 +24,6 @@ while true; do
 		PASSWORD=$2
 		shift 2
 		;;
-	--bandwidth)
-		BANDWIDTH=$2
-		shift 2
-		;;
 	--mtu)
 		WG_MTU=$2
 		shift 2
@ -45,86 +41,56 @@ while true; do
 	esac
 done

-escape_ip () {
-	local gw_ip=$1
-
-	# ipv4 processing
-	ret_ip=$(echo $gw_ip | tr '.' '_')
-
-	# ipv6 processing
-	ret_ip=$(echo $ret_ip | tr ':' '_')
-	ret_ip=$(echo $ret_ip | cut -d '[' -f 2)
-	ret_ip=$(echo $ret_ip | cut -d ']' -f 1)
-
-	echo $ret_ip
-}
-
 register_client_interface () {
-	local privkey=$1
-	local pubkey=$2
-	local gw_ip=$3
-	local gw_port=$4
-	local endpoint=$5
-	local mtu_client=$6
+	local endpoint=$2
+	local mtu_client=$3
+	local privkey=$4
+	local pubkey=$5
+	local gw_port=$6

 	port_start=$(uci get wgclient.@client[0].port_start)
 	port_end=$(uci get wgclient.@client[0].port_end)
-	base_prefix=$(uci get wgclient.@client[0].base_prefix)

-	port=$(next_port $port_start $port_end)
+	port=$(next_port "$port_start" "$port_end")
 	ifname="wg_$port"

-	offset=$(($port - $port_start))
-	client_ip=$(owipcalc $base_prefix add $offset next 128)
-	client_ip_assign="${client_ip}/128"
+	ip link add dev "$ifname" type wireguard
+	ip -6 addr add dev "$ifname" fe80::2/64
+	wg set "$ifname" listen-port "$port" private-key "$privkey" peer "$pubkey" allowed-ips 0.0.0.0/0,::0/0 endpoint "${endpoint}:${gw_port}"
+	ip link set up dev "$ifname"
+	ip link set mtu "$mtu_client" dev "$ifname"

-	echo "Installing Interface With:"
-	echo "Endpoint ${endpoint}"
-	echo "Client IP ${client_ip}"
-	echo "Port ${port}"
-	echo "Pubkey ${pubkey}"
-
-	ip link add dev $ifname type wireguard
-
-	ip -6 addr add dev $ifname $client_ip
-	ip -6 addr add dev $ifname fe80::2/64
-	wg set $ifname listen-port $port private-key $privkey peer $pubkey allowed-ips 0.0.0.0/0,::0/0 endpoint "${endpoint}:${gw_port}"
-	ip link set up dev $ifname
-	ip link set mtu $mtu_client dev $ifname # configure mtu here!
+	export "$1=$ifname"
 }

 # rpc login
-token="$(request_token $IP $USER $PASSWORD)"
-if [ $? != 0 ]; then
-	echo "failed to register token"
+token="$(request_token "$ENDPOINT" "$USER" "$PASSWORD")"
+if [ $? -ne 0 ]; then
+	logger -t "wg-client-installer" "Failed to register token!"
 	exit 1
 fi

 # now call procedure
 case $CMD in
 "get_usage")
-	wg_rpcd_get_usage $token $IP
+	wg_rpcd_get_usage "$token" "$ENDPOINT"
 	;;
 "register")

-	if [ ! -z "$WG_KEY_FILE" ]; then
-		wg_priv_key_file=$WG_KEY_FILE
-		wg_pub_key=$(wg pubkey < $WG_KEY_FILE)
-	else
-		wg_priv_key_file=$(uci get wgclient.@client[0].wg_key)
-		wg_pub_key=$(cat $(uci get wgclient.@client[0].wg_pub))
+	if [ -n "$WG_KEY_FILE" ]; then
+		wg_priv_key_file="$WG_KEY_FILE"
+		wg_pub_key=$(wg pubkey < "$WG_KEY_FILE")
 	fi

-	register_output=$(wg_rpcd_register $token $IP $BANDWIDTH $WG_MTU $wg_pub_key)
-	if [ $? != 0 ]; then
-		echo "Failed to Register!"
+	wg_rpcd_register __gw_pubkey __gw_ipv4 __gw_ipv6 __gw_port "$token" "$ENDPOINT" "$WG_MTU" "$wg_pub_key"
+	if [ $? -ne 0 ]; then
+		logger -t "wg-client-installer" "Failed to Register!"
 		exit 1
 	fi
-	pubkey=$(echo $register_output | awk '{print $2}')
-	ip_addr=$(echo $register_output | awk '{print $4}')
-	port=$(echo $register_output | awk '{print $6}')
-	client_ip=$(echo $register_output | awk '{print $8}')
-	register_client_interface $wg_priv_key_file $pubkey $ip_addr $port $IP $WG_MTU
+
+	register_client_interface __interface "$ENDPOINT" "$WG_MTU" "$wg_priv_key_file" "$__gw_pubkey" "$__gw_port"
+	logger -t "wg-client-installer" "Registered: $__interface"
+	echo $__interface
 	;;
-*) echo "Usage: wg-client-installer [cmd] --ip [2001::1] --user wginstaller --password wginstaller" ;;
+*) echo "Usage: wg-client-installer [cmd] --endpoint [2001::1] --mtu 1500 --user wginstaller --password wginstaller" ;;
 esac
--- a/net/wg-installer/wg-server/config/wgserver.conf
+++ b/net/wg-installer/wg-server/config/wgserver.conf
@ -1,8 +1,8 @@
 config server
    option port_start '51820'
    option port_end '52820'
-    option base_prefix '2002::/64'
-    option base_v4prefix '10.0.0.1/24'
+    option base_prefix_ipv4 '10.0.0.1/24'
+    option base_prefix_ipv6 '2002::/64'
    option wg_key '/root/wg.key'
    option wg_pub '/root/wg.pub'
    option wg_tmp_key '1'
--- a/net/wg-installer/wg-server/hotplug.d/99-mesh-babeld
+++ b/net/wg-installer/wg-server/hotplug.d/99-mesh-babeld
@ -6,31 +6,31 @@ if [ "${DEVTYPE}" != "wireguard" ]; then
 fi

 # check if correct naming
-slicedint=$(echo $INTERFACE | cut -c1-3)
+slicedint=$(echo "$INTERFACE" | cut -c1-3)
 if [ "${slicedint}" != "wg_" ]; then
 	exit 0
 fi

-if [ "${ACTION}" == "add" ]; then
+if [ "${ACTION}" = "add" ]; then
 	uci add babeld interface
 	uci set babeld.@interface[-1].ifname="${INTERFACE}"
 	uci get wgserver.@babeld_hotplug[0].rxcost
-	if [ $? ]; then
+	if [ $? -eq 0 ]; then
 		babeld_rxcost="$(uci get wgserver.@babeld_hotplug[0].rxcost)"
 		uci set babeld.@interface[-1].rxcost="$babeld_rxcost"
 	fi
-	uci -c "$(dirname $(realpath /etc/config/babeld))" commit babeld
+	uci -c "$(dirname "$(realpath /etc/config/babeld)")" commit babeld
 	/etc/init.d/babeld reload
 fi

-if [ "${ACTION}" == "remove" ]; then
+if [ "${ACTION}" = "remove" ]; then
 	i=0
 	while uci get babeld.@interface[$i] &> /dev/null ; do
-		if [ "$(uci get babeld.@interface[$i].ifname)" == "${INTERFACE}" ]; then
+		if [ "$(uci get babeld.@interface[$i].ifname)" = "${INTERFACE}" ]; then
 			uci delete babeld.@interface[$i]
 		fi
 		i=$((i+1));
 	done
-	uci -c "$(dirname $(realpath /etc/config/babeld))" commit babeld
+	uci -c "$(dirname "$(realpath /etc/config/babeld)")" commit babeld
 	/etc/init.d/babeld reload
 fi
--- a/net/wg-installer/wg-server/hotplug.d/99-mesh-olsrd
+++ b/net/wg-installer/wg-server/hotplug.d/99-mesh-olsrd
@ -6,15 +6,15 @@ if [ "${DEVTYPE}" != "wireguard" ]; then
 fi

 # check if correct naming
-slicedint=$(echo $INTERFACE | cut -c1-3)
+slicedint=$(echo "$INTERFACE" | cut -c1-3)
 if [ "${slicedint}" != "wg_" ]; then
 	exit 0
 fi

-if [ "${ACTION}" == "add" ]; then
-	ubus call olsrd add_interface '{"ifname":'\"$INTERFACE\"'}'
+if [ "${ACTION}" = "add" ]; then
+	ubus call olsrd add_interface '{"ifname":'\""$INTERFACE"\"'}'
 fi

-if [ "${ACTION}" == "remove" ]; then
-	ubus call olsrd del_interface '{"ifname":'\"$INTERFACE\"'}'
+if [ "${ACTION}" = "remove" ]; then
+	ubus call olsrd del_interface '{"ifname":'\""$INTERFACE"\"'}'
 fi
--- a/net/wg-installer/wg-server/lib/install_wginstaller_user.sh
+++ b/net/wg-installer/wg-server/lib/install_wginstaller_user.sh
@ -1,7 +1,7 @@
 #!/bin/sh

 # do not override already existing user!!!
-[ "$(uci show rpcd | grep wginstaller)" ] && exit 0
+uci show rpcd | grep -q wginstaller && exit 0

 # install wginstaller user with standard credentials
 # user: wginstaller
@ -10,7 +10,7 @@ uci add rpcd login
 uci set rpcd.@login[-1].username='wginstaller'

 password=$(uhttpd -m wginstaller)
-uci set rpcd.@login[-1].password=$password
+uci set rpcd.@login[-1].password="$password"
 uci add_list rpcd.@login[-1].read='wginstaller'
 uci add_list rpcd.@login[-1].write='wginstaller'
 uci commit rpcd
--- a/net/wg-installer/wg-server/lib/wg_functions.sh
+++ b/net/wg-installer/wg-server/lib/wg_functions.sh
@ -1,13 +1,15 @@
+#!/bin/sh
+
 . /usr/share/libubox/jshn.sh
 . /usr/share/wginstaller/wg.sh

 wg_timeout () {
 	local int=$1

-	handshake=$(wg show $int latest-handshakes | awk '{print $2}')
+	handshake=$(wg show "$int" latest-handshakes | awk '{print $2}')
 	timeout=$(uci get wgserver.@server[0].timeout_handshake)

-	if [ $handshake -ge $timeout ]; then
+	if [ "$handshake" -ge "$timeout" ]; then
 		echo "1"
 	else
 		echo "0"
@ -16,23 +18,23 @@ wg_timeout () {

 wg_check_interface () {
 	local int=$1
-	if [ $(wg_timeout $int) -eq "1" ]; then
-		ip link del dev $int
+	if [ "$(wg_timeout "$int")" -eq "1" ]; then
+		ip link del dev "$int"
 	fi
 }

 wg_check_interfaces () {
 	wg_interfaces=$(wg show interfaces)
 	for interface in $wg_interfaces; do
-		wg_check_interface $interface
+		wg_check_interface "$interface"
 	done
 }

 wg_get_usage () {
 	num_interfaces=$(wg show interfaces | wc -w)
 	json_init
-	json_add_int "num_interfaces" $num_interfaces
-	echo $(json_dump)
+	json_add_int "num_interfaces" "$num_interfaces"
+	json_dump
 }

 wg_register () {
@ -40,52 +42,52 @@ wg_register () {
 	local mtu=$2
 	local public_key=$3

-	base_prefix=$(uci get wgserver.@server[0].base_prefix)
+	base_prefix_ipv6=$(uci get wgserver.@server[0].base_prefix_ipv6)
 	port_start=$(uci get wgserver.@server[0].port_start)
 	port_end=$(uci get wgserver.@server[0].port_end)

-	port=$(next_port $port_start $port_end)
+	port=$(next_port "$port_start" "$port_end")
 	ifname="wg_$port"

-	offset=$(($port - $port_start))
-	gw_ip=$(owipcalc $base_prefix add $offset next 128) # gateway ip
-	gw_ip_assign="${gw_ip}/128"
+	offset=$((port - port_start))
+	gw_ipv6=$(owipcalc "$base_prefix_ipv6" add "$offset" next 128) # gateway ip
+	gw_ipv6_assign="${gw_ipv6}/128"

 	gw_key=$(uci get wgserver.@server[0].wg_key)
 	gw_pub=$(uci get wgserver.@server[0].wg_pub)

-	if [ $(uci get wgserver.@server[0].wg_tmp_key) -eq 1 ]; then
+	if [ "$(uci get wgserver.@server[0].wg_tmp_key)" -eq 1 ]; then
 		[ -d "/tmp/run/wgserver" ] || mkdir -p /tmp/run/wgserver
 		gw_key="/tmp/run/wgserver/${ifname}.key"
 		gw_pub="/tmp/run/wgserver/${ifname}.pub"
-		wg genkey | tee $gw_key | wg pubkey > $gw_pub
+		wg genkey | tee "$gw_key" | wg pubkey > "$gw_pub"
 	fi
-	wg_server_pubkey=$(cat $gw_pub)
+	wg_server_pubkey=$(cat "$gw_pub")

 	# create wg tunnel
-	ip link add dev $ifname type wireguard
-	wg set $ifname listen-port $port private-key $gw_key peer $public_key allowed-ips 0.0.0.0/0,::0/0
-	ip -6 addr add $gw_ip_assign dev $ifname
-	ip -6 addr add fe80::1/64 dev $ifname
+	ip link add dev "$ifname" type wireguard
+	wg set "$ifname" listen-port "$port" private-key "$gw_key" peer "$public_key" allowed-ips 0.0.0.0/0,::0/0
+	ip -6 addr add "$gw_ipv6_assign" dev "$ifname"
+	ip -6 addr add fe80::1/64 dev "$ifname"

-	v4prefix=$(uci get wgserver.@server[0].base_v4prefix)
+	base_prefix_ipv4=$(uci get wgserver.@server[0].base_prefix_ipv4)
 	if [ $? -eq 0 ]; then
-		gw_ipv4=$(owipcalc $v4prefix add $offset next 32) # gateway ip
+		gw_ipv4=$(owipcalc "$base_prefix_ipv4" add "$offset" next 32) # gateway ip
 		gw_ipv4_assign="${gw_ipv4}/32"
-		ip addr add $gw_ipv4_assign broadcast 255.255.255.255 dev $ifname
+		ip addr add "$gw_ipv4_assign" broadcast 255.255.255.255 dev "$ifname"
 	fi

-	ip link set up dev $ifname
-	ip link set mtu $mtu dev $ifname
+	ip link set up dev "$ifname"
+	ip link set mtu "$mtu" dev "$ifname"

 	# craft return address
 	json_init
-	json_add_string "pubkey" $wg_server_pubkey
-	json_add_string "gw_ip" $gw_ip_assign
+	json_add_string "gw_pubkey" "$wg_server_pubkey"
 	if test -n "${gw_ipv4_assign-}"; then
-		json_add_string "gw_ipv4" $gw_ipv4_assign
+		json_add_string "gw_ipv4" "$gw_ipv4_assign"
 	fi
-	json_add_int "port" $port
+	json_add_string "gw_ipv6" "$gw_ipv6_assign"
+	json_add_int "gw_port" "$port"

-	echo $(json_dump)
+	json_dump
 }
--- a/net/wg-installer/wg-server/wginstaller.sh
+++ b/net/wg-installer/wg-server/wginstaller.sh
@ -6,26 +6,25 @@
 case "$1" in
 list)
 	cmd='{ "get_usage": {},'
-	cmd=$(echo $cmd ' "register": {"uplink_bw":"10", "mtu":"1400", "public_key": "xyz"} }')
-	echo $cmd
+	cmd=$(echo "$cmd" ' "register": {"mtu":"1400", "public_key": "xyz"} }')
+	echo "$cmd"
 	;;
 call)
 	case "$2" in
 	get_usage)
-		read input
+		read -r input
 		logger -t "wginstaller" "call" "$2" "$input"
 		wg_get_usage
 		;;
 	register)
-		read input
+		read -r input
 		logger -t "wginstaller" "call" "$2" "$input"

 		json_load "$input"
-		json_get_var uplink_bw uplink_bw
 		json_get_var mtu mtu
 		json_get_var public_key public_key

-		wg_register $uplink_bw $mtu $public_key
+		wg_register "$uplink_bw" "$mtu" "$public_key"
 		;;
 	esac
 	;;