prevent nodes from changing address out of range or to .0 or .255 addresses

controllers/auth_grpc.go

@@ -82,7 +82,6 @@ func grpcAuthorize(ctx context.Context) error {
 	if err != nil {
 		return status.Errorf(codes.Unauthenticated, "Unauthorized. Network does not exist: "+network)
 	}
-	emptynode := models.Node{}
 	node, err := logic.GetNodeByIDorMacAddress(nodeID, mac, network)
 	if database.IsEmptyRecord(err) {
 		// == DELETE replace logic after 2 major version updates ==
@@ -94,7 +93,7 @@ func grpcAuthorize(ctx context.Context) error {
 		}
 		return status.Errorf(codes.Unauthenticated, "Empty record")
 	}
-	if err != nil || node.MacAddress == emptynode.MacAddress {
+	if err != nil || node.ID == "" {
 		return status.Errorf(codes.Unauthenticated, "Node does not exist.")
 	}
 

controllers/node.go

@@ -570,7 +570,7 @@ func updateNode(w http.ResponseWriter, r *http.Request) {
 		returnErrorResponse(w, r, formatError(err, "internal"))
 		return
 	}
-	logger.Log(1, r.Header.Get("user"), "updated node", node.MacAddress, "on network", node.Network)
+	logger.Log(1, r.Header.Get("user"), "updated node", node.ID)
 	w.WriteHeader(http.StatusOK)
 	json.NewEncoder(w).Encode(newNode)
 }

controllers/server_util.go

@@ -3,10 +3,13 @@ package controller
 import (
 	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/logic"
+	"github.com/gravitl/netmaker/servercfg"
 )
 
 func runServerPeerUpdate(network string, shouldPeerUpdate bool) error {
-
+	if servercfg.IsClientMode() != "on" {
+		return nil
+	}
 	var currentServerNodeID, err = logic.GetNetworkServerNodeID(network)
 	if err != nil {
 		return err

logic/nodes.go

@@ -111,6 +111,13 @@ func IsLeader(node *models.Node) bool {
 
 // UpdateNode - takes a node and updates another node with it's values
 func UpdateNode(currentNode *models.Node, newNode *models.Node) error {
+	if newNode.Address != currentNode.Address {
+		if network, err := GetParentNetwork(newNode.Network); err == nil {
+			if !IsAddressInCIDR(newNode.Address, network.AddressRange) {
+				return fmt.Errorf("invalid address provided; out of network range for node %s", newNode.ID)
+			}
+		}
+	}
 	newNode.Fill(currentNode)
 	if err := ValidateNode(newNode, true); err != nil {
 		return err

logic/util.go

@@ -4,7 +4,9 @@ package logic
 import (
 	"encoding/base64"
 	"encoding/json"
+	"fmt"
 	"math/rand"
+	"net"
 	"os"
 	"strconv"
 	"strings"
@@ -39,6 +41,29 @@ func FileExists(f string) bool {
 	return !info.IsDir()
 }
 
+// IsAddressInCIDR - util to see if an address is in a cidr or not
+func IsAddressInCIDR(address, cidr string) bool {
+	var _, currentCIDR, cidrErr = net.ParseCIDR(cidr)
+	if cidrErr != nil {
+		return false
+	}
+	var addrParts = strings.Split(address, ".")
+	var addrPartLength = len(addrParts)
+	if addrPartLength != 4 {
+		return false
+	} else {
+		if addrParts[addrPartLength-1] == "0" ||
+			addrParts[addrPartLength-1] == "255" {
+			return false
+		}
+	}
+	ip, _, err := net.ParseCIDR(fmt.Sprintf("%s/32", address))
+	if err != nil {
+		return false
+	}
+	return currentCIDR.Contains(ip)
+}
+
 // DeleteNodeByMacAddress - deletes a node from database or moves into delete nodes table
 func DeleteNodeByMacAddress(node *models.Node, exterminate bool) error {
 	var err error

servercfg/serverconf.go

@@ -310,20 +310,11 @@ func IsAgentBackend() bool {
 // IsClientMode - checks if it should run in client mode
 func IsClientMode() string {
 	isclient := "on"
-	if os.Getenv("CLIENT_MODE") != "" {
-		if os.Getenv("CLIENT_MODE") == "off" {
-			isclient = "off"
-		}
-		if os.Getenv("CLIENT_MODE") == "contained" {
-			isclient = "contained"
-		}
-	} else if config.Config.Server.ClientMode != "" {
-		if config.Config.Server.ClientMode == "off" {
-			isclient = "off"
-		}
-		if config.Config.Server.ClientMode == "contained" {
-			isclient = "contained"
-		}
+	if os.Getenv("CLIENT_MODE") == "off" {
+		isclient = "off"
+	}
+	if config.Config.Server.ClientMode == "off" {
+		isclient = "off"
 	}
 	return isclient
 }