2021-05-26 00:48:04 +08:00
package functions
import (
2022-01-29 04:33:30 +08:00
"crypto/rand"
2021-08-03 06:06:26 +08:00
"encoding/json"
2021-05-26 00:48:04 +08:00
"errors"
2021-07-26 02:22:20 +08:00
"fmt"
2022-04-21 03:44:33 +08:00
"io"
2021-11-04 03:43:10 +08:00
"log"
2022-04-21 03:44:33 +08:00
"net/http"
2022-09-14 03:25:56 +08:00
"os"
"os/signal"
2022-01-27 00:20:46 +08:00
"runtime"
2022-09-14 03:25:56 +08:00
"strings"
"syscall"
2021-11-04 03:43:10 +08:00
2022-09-14 03:25:56 +08:00
"github.com/gorilla/websocket"
2022-03-20 23:12:05 +08:00
"github.com/gravitl/netmaker/logger"
2022-03-24 02:06:26 +08:00
"github.com/gravitl/netmaker/logic"
2021-08-03 06:06:26 +08:00
"github.com/gravitl/netmaker/models"
2022-09-14 03:25:56 +08:00
"github.com/gravitl/netmaker/models/promodels"
2021-08-03 06:06:26 +08:00
"github.com/gravitl/netmaker/netclient/auth"
2021-07-26 02:22:20 +08:00
"github.com/gravitl/netmaker/netclient/config"
2021-09-20 02:03:47 +08:00
"github.com/gravitl/netmaker/netclient/daemon"
2022-09-14 03:25:56 +08:00
"github.com/gravitl/netmaker/netclient/global_settings"
2021-07-26 02:22:20 +08:00
"github.com/gravitl/netmaker/netclient/local"
2021-09-20 02:03:47 +08:00
"github.com/gravitl/netmaker/netclient/ncutils"
2021-07-26 02:22:20 +08:00
"github.com/gravitl/netmaker/netclient/wireguard"
2022-01-30 04:02:37 +08:00
"golang.org/x/crypto/nacl/box"
2022-09-14 03:25:56 +08:00
"golang.org/x/term"
2021-05-26 00:48:04 +08:00
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
)
2022-09-14 03:25:56 +08:00
// JoinViaSso - Handles the Single Sign-On flow on the end point VPN client side
// Contacts the server provided by the user (and thus specified in cfg.SsoServer)
// get the URL to authenticate with a provider and shows the user the URL.
// Then waits for user to authenticate with the URL.
// Upon user successful auth flow finished - server should return access token to the requested network
// Otherwise the error message is sent which can be displayed to the user
func JoinViaSSo ( cfg * config . ClientConfig , privateKey string ) error {
// User must tell us which network he is joining
if cfg . Node . Network == "" {
return errors . New ( "no network provided" )
}
// Prepare a channel for interrupt
// Channel to listen for interrupt signal to terminate gracefully
interrupt := make ( chan os . Signal , 1 )
// Notify the interrupt channel for SIGINT
signal . Notify ( interrupt , os . Interrupt )
// Web Socket is used, construct the URL accordingly ...
socketUrl := fmt . Sprintf ( "wss://%s/api/oauth/node-handler" , cfg . SsoServer )
// Dial the netmaker server controller
conn , _ , err := websocket . DefaultDialer . Dial ( socketUrl , nil )
if err != nil {
2022-09-15 22:23:19 +08:00
logger . Log ( 0 , fmt . Sprintf ( "error connecting to %s : %s" , cfg . Server . API , err . Error ( ) ) )
2022-09-14 03:25:56 +08:00
return err
}
// Don't forget to close when finished
defer conn . Close ( )
// Find and set node MacAddress
if cfg . Node . MacAddress == "" {
macs , err := ncutils . GetMacAddr ( )
if err != nil {
//if macaddress can't be found set to random string
cfg . Node . MacAddress = ncutils . MakeRandomString ( 18 )
} else {
cfg . Node . MacAddress = macs [ 0 ]
}
}
var loginMsg promodels . LoginMsg
loginMsg . Mac = cfg . Node . MacAddress
loginMsg . Network = cfg . Node . Network
if global_settings . User != "" {
fmt . Printf ( "Continuing with user, %s.\nPlease input password:\n" , global_settings . User )
pass , err := term . ReadPassword ( int ( syscall . Stdin ) )
if err != nil || string ( pass ) == "" {
logger . FatalLog ( "no password provided, exiting" )
}
loginMsg . User = global_settings . User
loginMsg . Password = string ( pass )
2022-09-20 03:37:00 +08:00
fmt . Println ( "attempting login..." )
2022-09-14 03:25:56 +08:00
}
msgTx , err := json . Marshal ( loginMsg )
if err != nil {
logger . Log ( 0 , fmt . Sprintf ( "failed to marshal message %+v" , loginMsg ) )
return err
}
err = conn . WriteMessage ( websocket . TextMessage , [ ] byte ( msgTx ) )
if err != nil {
logger . FatalLog ( "Error during writing to websocket:" , err . Error ( ) )
return err
}
// if user provided, server will handle authentication
if loginMsg . User == "" {
// We are going to get instructions on how to authenticate
// Wait to receive something from server
_ , msg , err := conn . ReadMessage ( )
if err != nil {
return err
}
// Print message from the netmaker controller to the user
fmt . Printf ( "Please visit:\n %s \n to authenticate" , string ( msg ) )
}
// Now the user is authenticating and we need to block until received
// An answer from the server.
// Server waits ~5 min - If takes too long timeout will be triggered by the server
done := make ( chan struct { } )
2022-09-15 22:23:19 +08:00
defer close ( done )
2022-09-14 03:25:56 +08:00
// Following code will run in a separate go routine
// it reads a message from the server which either contains 'AccessToken:' string or not
// if not - then it contains an Error to display.
// if yes - then AccessToken is to be used to proceed joining the network
go func ( ) {
for {
2022-09-15 22:23:19 +08:00
msgType , msg , err := conn . ReadMessage ( )
2022-09-14 03:25:56 +08:00
if err != nil {
2022-09-20 03:37:00 +08:00
if msgType < 0 {
logger . Log ( 1 , "received close message from server" )
done <- struct { } { }
return
}
2022-09-14 03:25:56 +08:00
// Error reading a message from the server
if ! strings . Contains ( err . Error ( ) , "normal" ) {
logger . Log ( 0 , "read:" , err . Error ( ) )
}
return
}
2022-09-15 22:23:19 +08:00
if msgType == websocket . CloseMessage {
logger . Log ( 1 , "received close message from server" )
done <- struct { } { }
return
}
2022-09-14 03:25:56 +08:00
// Get the access token from the response
if strings . Contains ( string ( msg ) , "AccessToken: " ) {
// Access was granted
rxToken := strings . TrimPrefix ( string ( msg ) , "AccessToken: " )
accesstoken , err := config . ParseAccessToken ( rxToken )
if err != nil {
2022-09-15 22:23:19 +08:00
logger . Log ( 0 , fmt . Sprintf ( "failed to parse received access token %s,err=%s\n" , accesstoken , err . Error ( ) ) )
2022-09-14 03:25:56 +08:00
return
}
cfg . Network = accesstoken . ClientConfig . Network
cfg . Node . Network = accesstoken . ClientConfig . Network
cfg . AccessKey = accesstoken . ClientConfig . Key
cfg . Node . LocalRange = accesstoken . ClientConfig . LocalRange
//cfg.Server.Server = accesstoken.ServerConfig.Server
cfg . Server . API = accesstoken . APIConnString
} else {
// Access was not granted. Display a message from the server
logger . Log ( 0 , "Message from server:" , string ( msg ) )
cfg . AccessKey = ""
return
}
}
} ( )
for {
select {
case <- done :
logger . Log ( 1 , "finished" )
return nil
case <- interrupt :
2022-09-15 22:23:19 +08:00
logger . Log ( 0 , "interrupt received, closing connection" )
2022-09-14 03:25:56 +08:00
// Cleanly close the connection by sending a close message and then
// waiting (with timeout) for the server to close the connection.
err := conn . WriteMessage ( websocket . CloseMessage , websocket . FormatCloseMessage ( websocket . CloseNormalClosure , "" ) )
if err != nil {
logger . Log ( 0 , "write close:" , err . Error ( ) )
return err
}
return nil
}
}
}
2021-10-09 03:07:12 +08:00
// JoinNetwork - helps a client join a network
2022-04-22 17:21:35 +08:00
func JoinNetwork ( cfg * config . ClientConfig , privateKey string ) error {
2021-06-02 23:00:10 +08:00
if cfg . Node . Network == "" {
return errors . New ( "no network provided" )
}
2021-05-26 00:48:04 +08:00
2021-10-13 03:44:19 +08:00
var err error
2022-01-29 04:33:30 +08:00
if local . HasNetwork ( cfg . Network ) {
err := errors . New ( "ALREADY_INSTALLED. Netclient appears to already be installed for " + cfg . Network + ". To re-install, please remove by executing 'sudo netclient leave -n " + cfg . Network + "'. Then re-run the install command." )
return err
}
2021-11-12 21:53:50 +08:00
2022-03-21 12:43:17 +08:00
err = config . Write ( cfg , cfg . Network )
2022-01-29 04:33:30 +08:00
if err != nil {
return err
}
if cfg . Node . Password == "" {
2022-09-27 20:06:33 +08:00
cfg . Node . Password = logic . GenPassWord ( )
2022-01-29 04:33:30 +08:00
}
2022-06-01 20:00:22 +08:00
//check if ListenPort was set on command line
2022-05-20 20:38:32 +08:00
if cfg . Node . ListenPort != 0 {
cfg . Node . UDPHolePunch = "no"
}
2022-01-30 04:02:37 +08:00
var trafficPubKey , trafficPrivKey , errT = box . GenerateKey ( rand . Reader ) // generate traffic keys
if errT != nil {
return errT
2022-01-29 04:33:30 +08:00
}
2022-01-30 04:02:37 +08:00
// == handle keys ==
2022-01-29 05:28:21 +08:00
if err = auth . StoreSecret ( cfg . Node . Password , cfg . Node . Network ) ; err != nil {
return err
}
2022-01-30 04:02:37 +08:00
if err = auth . StoreTrafficKey ( trafficPrivKey , cfg . Node . Network ) ; err != nil {
return err
2021-10-13 03:44:19 +08:00
}
2022-01-30 04:02:37 +08:00
trafficPubKeyBytes , err := ncutils . ConvertKeyToBytes ( trafficPubKey )
if err != nil {
2022-01-29 05:28:21 +08:00
return err
2022-02-05 03:19:26 +08:00
} else if trafficPubKeyBytes == nil {
return fmt . Errorf ( "traffic key is nil" )
2022-01-29 05:28:21 +08:00
}
2021-10-13 03:44:19 +08:00
2022-01-30 04:02:37 +08:00
cfg . Node . TrafficKeys . Mine = trafficPubKeyBytes
cfg . Node . TrafficKeys . Server = nil
// == end handle keys ==
2022-02-06 03:26:19 +08:00
if cfg . Node . LocalAddress == "" {
2022-02-02 13:02:36 +08:00
intIP , err := getPrivateAddr ( )
if err == nil {
cfg . Node . LocalAddress = intIP
2022-02-06 03:26:19 +08:00
} else {
2022-07-23 20:54:20 +08:00
logger . Log ( 1 , "network:" , cfg . Network , "error retrieving private address: " , err . Error ( ) )
2022-02-02 13:02:36 +08:00
}
2021-05-26 00:48:04 +08:00
}
2021-09-11 03:48:18 +08:00
2021-09-20 02:03:47 +08:00
// set endpoint if blank. set to local if local net, retrieve from function if not
2021-07-26 02:22:20 +08:00
if cfg . Node . Endpoint == "" {
2021-05-26 00:48:04 +08:00
if cfg . Node . IsLocal == "yes" && cfg . Node . LocalAddress != "" {
cfg . Node . Endpoint = cfg . Node . LocalAddress
} else {
2022-08-18 04:58:55 +08:00
cfg . Node . Endpoint , err = ncutils . GetPublicIP ( cfg . Server . API )
2021-09-11 03:48:18 +08:00
}
if err != nil || cfg . Node . Endpoint == "" {
2022-07-23 20:54:20 +08:00
logger . Log ( 0 , "network:" , cfg . Network , "error setting cfg.Node.Endpoint." )
2021-09-11 03:48:18 +08:00
return err
2021-05-26 00:48:04 +08:00
}
2021-07-26 02:22:20 +08:00
}
2021-09-11 03:48:18 +08:00
// Generate and set public/private WireGuard Keys
2021-08-03 06:06:26 +08:00
if privateKey == "" {
wgPrivatekey , err := wgtypes . GeneratePrivateKey ( )
2021-05-26 00:48:04 +08:00
if err != nil {
log . Fatal ( err )
}
2021-08-03 06:06:26 +08:00
privateKey = wgPrivatekey . String ( )
cfg . Node . PublicKey = wgPrivatekey . PublicKey ( ) . String ( )
2021-05-26 00:48:04 +08:00
}
2021-09-11 03:48:18 +08:00
// Find and set node MacAddress
2021-05-26 00:48:04 +08:00
if cfg . Node . MacAddress == "" {
2021-09-20 02:03:47 +08:00
macs , err := ncutils . GetMacAddr ( )
2022-08-28 20:14:01 +08:00
if err != nil || len ( macs ) == 0 {
2022-02-15 03:13:18 +08:00
//if macaddress can't be found set to random string
cfg . Node . MacAddress = ncutils . MakeRandomString ( 18 )
2021-05-26 00:48:04 +08:00
} else {
2021-07-26 02:22:20 +08:00
cfg . Node . MacAddress = macs [ 0 ]
2021-05-26 00:48:04 +08:00
}
}
2022-01-11 23:44:49 +08:00
2021-11-11 00:59:03 +08:00
if ncutils . IsFreeBSD ( ) {
cfg . Node . UDPHolePunch = "no"
2022-08-04 03:18:04 +08:00
cfg . Node . FirewallInUse = models . FIREWALL_IPTABLES // nftables not supported by FreeBSD
2021-11-11 00:59:03 +08:00
}
2022-08-03 06:01:45 +08:00
2022-08-04 03:18:04 +08:00
if cfg . Node . FirewallInUse == "" {
2022-08-25 20:37:26 +08:00
if ncutils . IsNFTablesPresent ( ) {
2022-08-24 20:03:31 +08:00
cfg . Node . FirewallInUse = models . FIREWALL_NFTABLES
2022-08-25 20:37:26 +08:00
} else if ncutils . IsIPTablesPresent ( ) {
cfg . Node . FirewallInUse = models . FIREWALL_IPTABLES
2022-08-20 03:32:25 +08:00
} else {
cfg . Node . FirewallInUse = models . FIREWALL_NONE
2022-08-03 06:01:45 +08:00
}
}
2021-11-16 00:42:52 +08:00
// make sure name is appropriate, if not, give blank name
cfg . Node . Name = formatName ( cfg . Node )
2022-04-21 03:44:33 +08:00
cfg . Node . OS = runtime . GOOS
cfg . Node . Version = ncutils . Version
2022-06-01 00:07:56 +08:00
cfg . Node . AccessKey = cfg . AccessKey
2022-04-21 03:44:33 +08:00
//not sure why this is needed ... setnode defaults should take care of this on server
cfg . Node . IPForwarding = "yes"
logger . Log ( 0 , "joining " + cfg . Network + " at " + cfg . Server . API )
url := "https://" + cfg . Server . API + "/api/nodes/" + cfg . Network
2022-06-01 00:07:56 +08:00
response , err := API ( cfg . Node , http . MethodPost , url , cfg . AccessKey )
2022-01-27 00:20:46 +08:00
if err != nil {
2022-04-21 03:44:33 +08:00
return fmt . Errorf ( "error creating node %w" , err )
}
defer response . Body . Close ( )
if response . StatusCode != http . StatusOK {
bodybytes , _ := io . ReadAll ( response . Body )
return fmt . Errorf ( "error creating node %s %s" , response . Status , string ( bodybytes ) )
}
2022-04-26 04:30:18 +08:00
var nodeGET models . NodeGet
if err := json . NewDecoder ( response . Body ) . Decode ( & nodeGET ) ; err != nil {
2022-04-21 03:44:33 +08:00
//not sure the next line will work as response.Body probably needs to be reset before it can be read again
2022-04-26 07:28:56 +08:00
bodybytes , _ := io . ReadAll ( response . Body )
2022-04-21 03:44:33 +08:00
return fmt . Errorf ( "error decoding node from server %w %s" , err , string ( bodybytes ) )
2021-07-26 02:22:20 +08:00
}
2022-04-26 04:30:18 +08:00
node := nodeGET . Node
2022-04-26 07:33:31 +08:00
if nodeGET . Peers == nil {
nodeGET . Peers = [ ] wgtypes . PeerConfig { }
}
2022-06-01 00:07:56 +08:00
2021-09-11 03:48:18 +08:00
// safety check. If returned node from server is local, but not currently configured as local, set to local addr
if cfg . Node . IsLocal != "yes" && node . IsLocal == "yes" && node . LocalRange != "" {
2021-09-20 02:03:47 +08:00
node . LocalAddress , err = ncutils . GetLocalIP ( node . LocalRange )
2021-05-26 00:48:04 +08:00
if err != nil {
return err
}
2021-08-03 06:06:26 +08:00
node . Endpoint = node . LocalAddress
2021-05-26 00:48:04 +08:00
}
2021-11-11 00:59:03 +08:00
if ncutils . IsFreeBSD ( ) {
node . UDPHolePunch = "no"
cfg . Node . IsStatic = "yes"
}
2022-06-01 00:07:56 +08:00
cfg . Server = nodeGET . ServerConfig
2021-11-11 00:59:03 +08:00
2022-01-27 00:20:46 +08:00
err = wireguard . StorePrivKey ( privateKey , cfg . Network )
if err != nil {
return err
}
if node . IsPending == "yes" {
2022-07-23 20:54:20 +08:00
logger . Log ( 0 , "network:" , cfg . Network , "node is marked as PENDING." )
logger . Log ( 0 , "network:" , cfg . Network , "awaiting approval from Admin before configuring WireGuard." )
2022-01-27 00:20:46 +08:00
if cfg . Daemon != "off" {
2022-06-24 02:06:26 +08:00
return daemon . InstallDaemon ( )
2021-11-04 03:43:10 +08:00
}
2021-05-26 00:48:04 +08:00
}
2022-07-23 20:54:20 +08:00
logger . Log ( 1 , "network:" , cfg . Node . Network , "node created on remote server...updating configs" )
2022-07-07 03:20:28 +08:00
err = ncutils . ModPort ( & node )
if err != nil {
return err
}
2022-07-07 21:52:20 +08:00
informPortChange ( & node )
2022-07-07 03:20:28 +08:00
err = config . ModNodeConfig ( & node )
2022-06-01 00:07:56 +08:00
if err != nil {
return err
}
err = config . ModServerConfig ( & cfg . Server , node . Network )
2022-01-27 00:20:46 +08:00
if err != nil {
return err
}
// attempt to make backup
if err = config . SaveBackup ( node . Network ) ; err != nil {
2022-07-23 20:54:20 +08:00
logger . Log ( 0 , "network:" , node . Network , "failed to make backup, node will not auto restore if config is corrupted" )
2022-01-27 00:20:46 +08:00
}
2022-08-23 22:12:13 +08:00
2022-09-20 04:14:51 +08:00
local . SetNetmakerDomainRoute ( cfg . Server . API )
2022-08-24 02:18:12 +08:00
cfg . Node = node
2022-03-20 23:12:05 +08:00
logger . Log ( 0 , "starting wireguard" )
2022-08-20 02:19:46 +08:00
err = wireguard . InitWireguard ( & node , privateKey , nodeGET . Peers [ : ] )
2021-07-26 02:22:20 +08:00
if err != nil {
return err
}
2022-05-31 00:39:33 +08:00
if cfg . Server . Server == "" {
2022-06-04 13:40:50 +08:00
return errors . New ( "did not receive broker address from registration" )
2022-05-31 00:39:33 +08:00
}
2022-05-13 21:35:00 +08:00
if cfg . Daemon == "install" || ncutils . IsFreeBSD ( ) {
2022-06-24 02:06:26 +08:00
err = daemon . InstallDaemon ( )
2022-02-19 09:21:03 +08:00
if err != nil {
return err
}
2021-07-26 02:22:20 +08:00
}
2022-05-13 21:35:00 +08:00
2022-07-15 01:48:11 +08:00
if err := daemon . Restart ( ) ; err != nil {
2022-09-07 20:09:11 +08:00
logger . Log ( 3 , "daemon restart failed:" , err . Error ( ) )
2022-07-15 01:48:11 +08:00
if err := daemon . Start ( ) ; err != nil {
return err
}
}
2022-02-19 09:21:03 +08:00
return nil
2021-05-26 00:48:04 +08:00
}
2021-11-16 00:42:52 +08:00
// format name appropriately. Set to blank on failure
func formatName ( node models . Node ) string {
// Logic to properly format name
if ! node . NameInNodeCharSet ( ) {
node . Name = ncutils . DNSFormatString ( node . Name )
}
if len ( node . Name ) > models . MAX_NAME_LENGTH {
node . Name = ncutils . ShortenString ( node . Name , models . MAX_NAME_LENGTH )
}
if ! node . NameInNodeCharSet ( ) || len ( node . Name ) > models . MAX_NAME_LENGTH {
2022-07-23 20:54:20 +08:00
logger . Log ( 1 , "network:" , node . Network , "could not properly format name: " + node . Name )
logger . Log ( 1 , "network:" , node . Network , "setting name to blank" )
2021-11-16 00:42:52 +08:00
node . Name = ""
}
return node . Name
}
