netmaker/netclient/ncutils/netclientutils.go

621 lines
14 KiB
Go
Raw Normal View History

2021-09-20 02:03:47 +08:00
package ncutils
2021-08-31 03:58:23 +08:00
import (
2022-01-30 04:02:37 +08:00
"bytes"
2022-01-29 04:33:30 +08:00
crand "crypto/rand"
2021-09-18 23:01:34 +08:00
"crypto/tls"
2022-01-30 04:02:37 +08:00
"encoding/gob"
2021-08-31 03:58:23 +08:00
"errors"
"fmt"
2021-09-20 02:03:47 +08:00
"io"
2021-08-31 03:58:23 +08:00
"log"
"math/rand"
"net"
"net/http"
"os"
2021-09-20 02:03:47 +08:00
"os/exec"
"path/filepath"
2021-11-16 00:42:52 +08:00
"regexp"
2021-08-31 03:58:23 +08:00
"runtime"
"strconv"
"strings"
"time"
2021-11-12 21:53:50 +08:00
2022-01-26 23:40:39 +08:00
"github.com/gravitl/netmaker/models"
2022-01-30 04:02:37 +08:00
"golang.org/x/crypto/nacl/box"
2021-08-31 03:58:23 +08:00
"golang.zx2c4.com/wireguard/wgctrl"
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
2021-09-18 23:01:34 +08:00
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
2021-08-31 03:58:23 +08:00
)
2022-02-04 04:33:19 +08:00
// Version - version of the netclient
var Version = "dev"
2021-12-09 05:52:32 +08:00
// MAX_NAME_LENGTH - maximum node name length
const MAX_NAME_LENGTH = 62
2021-10-09 03:07:12 +08:00
// NO_DB_RECORD - error message result
2021-08-31 03:58:23 +08:00
const NO_DB_RECORD = "no result found"
2021-10-09 03:07:12 +08:00
// NO_DB_RECORDS - error record result
2021-08-31 03:58:23 +08:00
const NO_DB_RECORDS = "could not find any records"
2021-10-09 03:07:12 +08:00
// LINUX_APP_DATA_PATH - linux path
2021-08-31 03:58:23 +08:00
const LINUX_APP_DATA_PATH = "/etc/netclient"
2021-10-09 03:07:12 +08:00
// WINDOWS_APP_DATA_PATH - windows path
2021-08-31 03:58:23 +08:00
const WINDOWS_APP_DATA_PATH = "C:\\ProgramData\\Netclient"
2021-10-09 03:07:12 +08:00
2021-11-15 05:50:20 +08:00
// WINDOWS_APP_DATA_PATH - windows path
2021-12-12 23:16:53 +08:00
const WINDOWS_WG_DPAPI_PATH = "C:\\Program Files\\WireGuard\\Data\\Configurations"
2021-11-15 05:50:20 +08:00
2021-10-09 03:07:12 +08:00
// WINDOWS_SVC_NAME - service name
2021-08-31 03:58:23 +08:00
const WINDOWS_SVC_NAME = "netclient"
2021-10-09 03:07:12 +08:00
// NETCLIENT_DEFAULT_PORT - default port
const NETCLIENT_DEFAULT_PORT = 51821
2021-10-09 03:07:12 +08:00
// DEFAULT_GC_PERCENT - garbage collection percent
const DEFAULT_GC_PERCENT = 10
2021-08-31 03:58:23 +08:00
2022-01-29 04:33:30 +08:00
// KEY_SIZE = ideal length for keys
2022-01-29 07:33:30 +08:00
const KEY_SIZE = 2048
2022-01-29 04:33:30 +08:00
2021-10-09 03:07:12 +08:00
// Log - logs a message
2021-08-31 03:58:23 +08:00
func Log(message string) {
log.SetFlags(log.Flags() &^ (log.Llongfile | log.Lshortfile))
log.Println("[netclient]", message)
}
2021-10-09 03:07:12 +08:00
// IsWindows - checks if is windows
2021-08-31 03:58:23 +08:00
func IsWindows() bool {
return runtime.GOOS == "windows"
}
2021-10-09 03:07:12 +08:00
// IsMac - checks if is a mac
2021-09-18 23:01:34 +08:00
func IsMac() bool {
2021-09-20 02:03:47 +08:00
return runtime.GOOS == "darwin"
2021-09-18 23:01:34 +08:00
}
2021-10-09 03:07:12 +08:00
// IsLinux - checks if is linux
2021-09-18 23:01:34 +08:00
func IsLinux() bool {
return runtime.GOOS == "linux"
}
2021-11-11 00:59:03 +08:00
// IsLinux - checks if is linux
func IsFreeBSD() bool {
return runtime.GOOS == "freebsd"
}
2021-10-09 03:07:12 +08:00
// GetWireGuard - checks if wg is installed
2021-09-22 09:35:52 +08:00
func GetWireGuard() string {
userspace := os.Getenv("WG_QUICK_USERSPACE_IMPLEMENTATION")
if userspace != "" && (userspace == "boringtun" || userspace == "wireguard-go") {
return userspace
}
return "wg"
}
2021-10-09 03:07:12 +08:00
// IsKernel - checks if running kernel WireGuard
2021-09-20 02:03:47 +08:00
func IsKernel() bool {
//TODO
//Replace && true with some config file value
//This value should be something like kernelmode, which should be 'on' by default.
2021-09-22 09:35:52 +08:00
return IsLinux() && os.Getenv("WG_QUICK_USERSPACE_IMPLEMENTATION") == ""
2021-09-20 02:03:47 +08:00
}
2021-10-09 03:07:12 +08:00
// IsEmptyRecord - repeat from database
2021-08-31 03:58:23 +08:00
func IsEmptyRecord(err error) bool {
if err == nil {
return false
}
return strings.Contains(err.Error(), NO_DB_RECORD) || strings.Contains(err.Error(), NO_DB_RECORDS)
}
//generate an access key value
2021-10-09 03:07:12 +08:00
// GenPass - generates a pass
2021-08-31 03:58:23 +08:00
func GenPass() string {
var seededRand *rand.Rand = rand.New(
rand.NewSource(time.Now().UnixNano()))
length := 16
charset := "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
2021-08-31 03:58:23 +08:00
b := make([]byte, length)
for i := range b {
b[i] = charset[seededRand.Intn(len(charset))]
}
return string(b)
}
2021-10-09 03:07:12 +08:00
// GetPublicIP - gets public ip
2021-08-31 03:58:23 +08:00
func GetPublicIP() (string, error) {
2021-11-17 22:04:55 +08:00
iplist := []string{"https://ip.client.gravitl.com", "https://ifconfig.me", "https://api.ipify.org", "https://ipinfo.io/ip"}
2021-08-31 03:58:23 +08:00
endpoint := ""
var err error
for _, ipserver := range iplist {
resp, err := http.Get(ipserver)
if err != nil {
continue
}
defer resp.Body.Close()
if resp.StatusCode == http.StatusOK {
2022-01-07 04:05:38 +08:00
bodyBytes, err := io.ReadAll(resp.Body)
2021-08-31 03:58:23 +08:00
if err != nil {
continue
}
endpoint = string(bodyBytes)
break
}
}
if err == nil && endpoint == "" {
err = errors.New("public address not found")
}
return endpoint, err
}
2021-10-09 03:07:12 +08:00
// GetMacAddr - get's mac address
2021-08-31 03:58:23 +08:00
func GetMacAddr() ([]string, error) {
ifas, err := net.Interfaces()
if err != nil {
return nil, err
}
var as []string
for _, ifa := range ifas {
a := ifa.HardwareAddr.String()
if a != "" {
as = append(as, a)
}
}
return as, nil
}
func parsePeers(keepalive int32, peers []wgtypes.PeerConfig) (string, error) {
peersString := ""
if keepalive <= 0 {
2022-01-22 02:15:54 +08:00
keepalive = 0
2021-08-31 03:58:23 +08:00
}
2021-10-26 04:51:26 +08:00
2021-08-31 03:58:23 +08:00
for _, peer := range peers {
2021-10-26 04:51:26 +08:00
endpointString := ""
2021-10-15 21:29:55 +08:00
if peer.Endpoint != nil && peer.Endpoint.String() != "" {
endpointString += "Endpoint = " + peer.Endpoint.String()
}
2021-08-31 03:58:23 +08:00
newAllowedIps := []string{}
for _, allowedIP := range peer.AllowedIPs {
newAllowedIps = append(newAllowedIps, allowedIP.String())
}
peersString += fmt.Sprintf(`[Peer]
PublicKey = %s
AllowedIps = %s
PersistentKeepAlive = %s
2021-10-15 21:29:55 +08:00
%s
2021-08-31 03:58:23 +08:00
`,
peer.PublicKey.String(),
strings.Join(newAllowedIps, ","),
strconv.Itoa(int(keepalive)),
2021-10-15 21:29:55 +08:00
endpointString,
2021-08-31 03:58:23 +08:00
)
}
return peersString, nil
}
2021-10-09 03:07:12 +08:00
// GetLocalIP - gets local ip of machine
2021-08-31 03:58:23 +08:00
func GetLocalIP(localrange string) (string, error) {
_, localRange, err := net.ParseCIDR(localrange)
if err != nil {
return "", err
}
ifaces, err := net.Interfaces()
if err != nil {
return "", err
}
var local string
found := false
for _, i := range ifaces {
if i.Flags&net.FlagUp == 0 {
continue // interface down
}
if i.Flags&net.FlagLoopback != 0 {
continue // loopback interface
}
addrs, err := i.Addrs()
if err != nil {
return "", err
}
for _, addr := range addrs {
var ip net.IP
switch v := addr.(type) {
case *net.IPNet:
if !found {
ip = v.IP
local = ip.String()
found = localRange.Contains(ip)
}
case *net.IPAddr:
if !found {
ip = v.IP
local = ip.String()
found = localRange.Contains(ip)
}
}
}
}
if !found || local == "" {
return "", errors.New("Failed to find local IP in range " + localrange)
}
return local, nil
}
//GetNetworkIPMask - Pulls the netmask out of the network
2021-11-15 08:17:30 +08:00
func GetNetworkIPMask(networkstring string) (string, string, error) {
ip, ipnet, err := net.ParseCIDR(networkstring)
if err != nil {
return "", "", err
}
ipstring := ip.String()
2021-11-18 12:45:40 +08:00
mask := ipnet.Mask
maskstring := fmt.Sprintf("%d.%d.%d.%d", mask[0], mask[1], mask[2], mask[3])
//maskstring := ipnet.Mask.String()
2021-11-15 08:17:30 +08:00
return ipstring, maskstring, err
}
2021-10-09 03:07:12 +08:00
// GetFreePort - gets free port of machine
2021-08-31 03:58:23 +08:00
func GetFreePort(rangestart int32) (int32, error) {
if rangestart == 0 {
rangestart = NETCLIENT_DEFAULT_PORT
}
2021-08-31 03:58:23 +08:00
wgclient, err := wgctrl.New()
if err != nil {
return 0, err
}
2021-12-11 04:01:10 +08:00
defer wgclient.Close()
2021-08-31 03:58:23 +08:00
devices, err := wgclient.Devices()
if err != nil {
return 0, err
}
2021-10-27 22:02:39 +08:00
for x := rangestart; x <= 65535; x++ {
2021-08-31 03:58:23 +08:00
conflict := false
for _, i := range devices {
if int32(i.ListenPort) == x {
conflict = true
break
}
}
if conflict {
continue
}
return int32(x), nil
2021-08-31 03:58:23 +08:00
}
return rangestart, err
2021-08-31 03:58:23 +08:00
}
// == OS PATH FUNCTIONS ==
2021-10-09 03:07:12 +08:00
// GetHomeDirWindows - gets home directory in windows
2021-08-31 03:58:23 +08:00
func GetHomeDirWindows() string {
if IsWindows() {
home := os.Getenv("HOMEDRIVE") + os.Getenv("HOMEPATH")
if home == "" {
home = os.Getenv("USERPROFILE")
}
return home
}
return os.Getenv("HOME")
}
2021-10-09 03:07:12 +08:00
// GetNetclientPath - gets netclient path locally
2021-08-31 03:58:23 +08:00
func GetNetclientPath() string {
if IsWindows() {
return WINDOWS_APP_DATA_PATH
2021-09-20 02:03:47 +08:00
} else if IsMac() {
return "/etc/netclient/"
2021-08-31 03:58:23 +08:00
} else {
return LINUX_APP_DATA_PATH
}
}
2022-02-06 03:26:19 +08:00
// GetFileWithRetry - retry getting file X number of times before failing
func GetFileWithRetry(path string, retryCount int) ([]byte, error) {
var data []byte
var err error
for count := 0; count < retryCount; count++ {
data, err = os.ReadFile(path)
if err == nil {
return data, err
} else {
PrintLog("failed to retrieve file "+path+", retrying...", 1)
time.Sleep(time.Second >> 2)
}
}
return data, err
}
2021-10-09 03:07:12 +08:00
// GetNetclientPathSpecific - gets specific netclient config path
2021-08-31 03:58:23 +08:00
func GetNetclientPathSpecific() string {
if IsWindows() {
return WINDOWS_APP_DATA_PATH + "\\"
2021-09-20 02:03:47 +08:00
} else if IsMac() {
return "/etc/netclient/config/"
2021-08-31 03:58:23 +08:00
} else {
return LINUX_APP_DATA_PATH + "/config/"
2021-08-31 03:58:23 +08:00
}
}
// GetNewIface - Gets the name of the real interface created on Mac
2022-01-12 07:28:41 +08:00
func GetNewIface(dir string) (string, error) {
files, _ := os.ReadDir(dir)
2022-01-12 07:28:41 +08:00
var newestFile string
var newestTime int64 = 0
var err error
for _, f := range files {
fi, err := os.Stat(dir + f.Name())
if err != nil {
return "", err
}
currTime := fi.ModTime().Unix()
if currTime > newestTime && strings.Contains(f.Name(), ".sock") {
newestTime = currTime
newestFile = f.Name()
}
}
resultArr := strings.Split(newestFile, ".")
if resultArr[0] == "" {
err = errors.New("sock file does not exist")
}
return resultArr[0], err
}
// GetFileAsString - returns the string contents of a given file
2022-01-12 07:28:41 +08:00
func GetFileAsString(path string) (string, error) {
content, err := os.ReadFile(path)
if err != nil {
return "", err
}
return string(content), err
2022-01-12 07:28:41 +08:00
}
2021-11-15 05:50:20 +08:00
// GetNetclientPathSpecific - gets specific netclient config path
func GetWGPathSpecific() string {
if IsWindows() {
2021-12-12 23:16:53 +08:00
return WINDOWS_APP_DATA_PATH + "\\"
2021-11-15 05:50:20 +08:00
} else {
return "/etc/wireguard/"
}
}
2021-10-09 03:07:12 +08:00
// GRPCRequestOpts - gets grps request opts
func GRPCRequestOpts(isSecure string) grpc.DialOption {
var requestOpts grpc.DialOption
requestOpts = grpc.WithInsecure()
if isSecure == "on" {
h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
requestOpts = grpc.WithTransportCredentials(h2creds)
}
return requestOpts
}
2021-09-20 02:03:47 +08:00
2021-10-09 03:07:12 +08:00
// Copy - copies a src file to dest
2021-11-12 21:53:50 +08:00
func Copy(src, dst string) error {
2021-09-20 02:03:47 +08:00
sourceFileStat, err := os.Stat(src)
if err != nil {
2021-11-12 21:53:50 +08:00
return err
2021-09-20 02:03:47 +08:00
}
if !sourceFileStat.Mode().IsRegular() {
2021-11-12 21:53:50 +08:00
return errors.New(src + " is not a regular file")
2021-09-20 02:03:47 +08:00
}
source, err := os.Open(src)
if err != nil {
2021-11-12 21:53:50 +08:00
return err
2021-09-20 02:03:47 +08:00
}
defer source.Close()
destination, err := os.Create(dst)
if err != nil {
2021-11-12 21:53:50 +08:00
return err
2021-09-20 02:03:47 +08:00
}
defer destination.Close()
2021-11-12 21:53:50 +08:00
_, err = io.Copy(destination, source)
2021-09-20 02:03:47 +08:00
if err != nil {
2021-11-12 21:53:50 +08:00
return err
2021-09-20 02:03:47 +08:00
}
2021-11-12 21:53:50 +08:00
err = os.Chmod(dst, 0755)
2022-02-06 03:26:19 +08:00
2021-11-12 21:53:50 +08:00
return err
2021-09-20 02:03:47 +08:00
}
2021-10-09 03:07:12 +08:00
// RunsCmds - runs cmds
2021-09-20 02:03:47 +08:00
func RunCmds(commands []string, printerr bool) error {
var err error
for _, command := range commands {
args := strings.Fields(command)
out, err := exec.Command(args[0], args[1:]...).CombinedOutput()
if err != nil && printerr {
log.Println("error running command:", command)
log.Println(strings.TrimSuffix(string(out), "\n"))
}
}
return err
}
2021-10-09 03:07:12 +08:00
// FileExists - checks if file exists locally
2021-09-20 02:03:47 +08:00
func FileExists(f string) bool {
info, err := os.Stat(f)
if os.IsNotExist(err) {
return false
}
2021-10-27 04:12:13 +08:00
if err != nil && strings.Contains(err.Error(), "not a directory") {
return false
}
if err != nil {
Log("error reading file: " + f + ", " + err.Error())
}
2021-09-20 02:03:47 +08:00
return !info.IsDir()
}
2021-10-09 03:07:12 +08:00
// PrintLog - prints log
2021-09-20 02:03:47 +08:00
func PrintLog(message string, loglevel int) {
log.SetFlags(log.Flags() &^ (log.Llongfile | log.Lshortfile))
if loglevel < 2 {
log.Println("[netclient]", message)
}
}
2021-10-09 03:07:12 +08:00
// GetSystemNetworks - get networks locally
func GetSystemNetworks() ([]string, error) {
2022-02-01 01:58:51 +08:00
var networks []string
files, err := filepath.Glob(GetNetclientPathSpecific() + "netconfig-*")
if err != nil {
return nil, err
}
for _, file := range files {
//don't want files such as *.bak, *.swp
2022-02-01 01:58:51 +08:00
if filepath.Ext(file) != "" {
continue
}
2022-02-01 01:58:51 +08:00
file := filepath.Base(file)
temp := strings.Split(file, "-")
2022-02-01 05:36:37 +08:00
networks = append(networks, strings.Join(temp[1:], "-"))
}
2022-02-01 01:58:51 +08:00
return networks, nil
}
func stringAfter(original string, substring string) string {
position := strings.LastIndex(original, substring)
if position == -1 {
return ""
}
adjustedPosition := position + len(substring)
if adjustedPosition >= len(original) {
return ""
}
2021-10-09 03:07:12 +08:00
return original[adjustedPosition:]
}
2021-11-16 00:42:52 +08:00
// ShortenString - Brings string down to specified length. Stops names from being too long
2021-11-16 00:42:52 +08:00
func ShortenString(input string, length int) string {
output := input
if len(input) > length {
output = input[0:length]
}
return output
}
// DNSFormatString - Formats a string with correct usage for DNS
2021-11-16 00:42:52 +08:00
func DNSFormatString(input string) string {
reg, err := regexp.Compile("[^a-zA-Z0-9-]+")
if err != nil {
Log("error with regex: " + err.Error())
return ""
}
return reg.ReplaceAllString(input, "")
}
2021-12-09 05:52:32 +08:00
// GetHostname - Gets hostname of machine
2021-12-09 05:52:32 +08:00
func GetHostname() string {
hostname, err := os.Hostname()
if err != nil {
return ""
}
if len(hostname) > MAX_NAME_LENGTH {
hostname = hostname[0:MAX_NAME_LENGTH]
}
return hostname
}
// CheckUID - Checks to make sure user has root privileges
2021-12-09 05:52:32 +08:00
func CheckUID() {
// start our application
out, err := RunCmd("id -u", true)
if err != nil {
log.Fatal(out, err)
}
id, err := strconv.Atoi(string(out[:len(out)-1]))
if err != nil {
log.Fatal(err)
}
if id != 0 {
log.Fatal("This program must be run with elevated privileges (sudo). This program installs a SystemD service and configures WireGuard and networking rules. Please re-run with sudo/root.")
}
}
// CheckWG - Checks if WireGuard is installed. If not, exit
func CheckWG() {
var _, err = exec.LookPath("wg")
uspace := GetWireGuard()
if err != nil {
if uspace == "wg" {
PrintLog(err.Error(), 0)
log.Fatal("WireGuard not installed. Please install WireGuard (wireguard-tools) and try again.")
}
PrintLog("Running with userspace wireguard: "+uspace, 0)
} else if uspace != "wg" {
log.Println("running userspace WireGuard with " + uspace)
}
}
2022-01-26 11:14:31 +08:00
2022-01-30 04:02:37 +08:00
// ConvertKeyToBytes - util to convert a key to bytes to use elsewhere
func ConvertKeyToBytes(key *[32]byte) ([]byte, error) {
var buffer bytes.Buffer
var enc = gob.NewEncoder(&buffer)
if err := enc.Encode(key); err != nil {
return nil, err
2022-01-29 13:11:11 +08:00
}
2022-01-30 04:02:37 +08:00
return buffer.Bytes(), nil
2022-01-29 13:11:11 +08:00
}
2022-01-30 04:02:37 +08:00
// ConvertBytesToKey - util to convert bytes to a key to use elsewhere
func ConvertBytesToKey(data []byte) (*[32]byte, error) {
var buffer = bytes.NewBuffer(data)
var dec = gob.NewDecoder(buffer)
var result = new([32]byte)
var err = dec.Decode(result)
if err != nil {
return nil, err
2022-01-29 13:11:11 +08:00
}
2022-01-30 04:02:37 +08:00
return result, err
2022-01-29 13:11:11 +08:00
}
2022-01-30 04:02:37 +08:00
// ServerAddrSliceContains - sees if a string slice contains a string element
func ServerAddrSliceContains(slice []models.ServerAddr, item models.ServerAddr) bool {
for _, s := range slice {
if s.Address == item.Address && s.IsLeader == item.IsLeader {
return true
2022-01-29 13:11:11 +08:00
}
}
2022-01-30 04:02:37 +08:00
return false
2022-01-29 13:11:11 +08:00
}
2022-01-30 04:02:37 +08:00
// BoxEncrypt - encrypts traffic box
func BoxEncrypt(message []byte, recipientPubKey *[32]byte, senderPrivateKey *[32]byte) ([]byte, error) {
var nonce [24]byte // 192 bits of randomization
if _, err := io.ReadFull(crand.Reader, nonce[:]); err != nil {
2022-01-29 04:33:30 +08:00
return nil, err
}
2022-01-29 13:11:11 +08:00
2022-01-30 04:02:37 +08:00
encrypted := box.Seal(nonce[:], message, &nonce, recipientPubKey, senderPrivateKey)
return encrypted, nil
2022-01-29 04:33:30 +08:00
}
2022-01-30 04:02:37 +08:00
// BoxDecrypt - decrypts traffic box
func BoxDecrypt(encrypted []byte, senderPublicKey *[32]byte, recipientPrivateKey *[32]byte) ([]byte, error) {
var decryptNonce [24]byte
copy(decryptNonce[:], encrypted[:24])
decrypted, ok := box.Open(nil, encrypted[24:], &decryptNonce, senderPublicKey, recipientPrivateKey)
if !ok {
return nil, fmt.Errorf("could not decrypt message")
2022-01-29 04:33:30 +08:00
}
2022-01-30 04:02:37 +08:00
return decrypted, nil
2022-01-29 04:33:30 +08:00
}