fixing permissions, logging on netclient

netclient/auth/auth.go

@@ -73,7 +73,7 @@ func AutoLogin(client nodepb.NodeServiceClient, network string) error {
 		return err
 	}
 	tokenstring := []byte(res.Data)
-	err = os.WriteFile(home+"nettoken-"+network, tokenstring, 0600) // TODO: Proper permissions?
+	err = os.WriteFile(home+"nettoken-"+network, tokenstring, 0600)
 	if err != nil {
 		return err
 	}

netclient/config/config.go

@@ -51,7 +51,7 @@ func Write(config *ClientConfig, network string) error {
 	}
 	_, err := os.Stat(ncutils.GetNetclientPath() + "/config")
 	if os.IsNotExist(err) {
-		os.MkdirAll(ncutils.GetNetclientPath()+"/config", 0744)
+		os.MkdirAll(ncutils.GetNetclientPath()+"/config", 0700)
 	} else if err != nil {
 		return err
 	}
@@ -79,7 +79,7 @@ func (config *ClientConfig) ReadConfig() {
 	home := ncutils.GetNetclientPathSpecific()
 	file := fmt.Sprintf(home + "netconfig-" + config.Network)
 	//f, err := os.Open(file)
-	f, err := os.OpenFile(file, os.O_RDONLY, 0666)
+	f, err := os.OpenFile(file, os.O_RDONLY, 0600)
 	if err != nil {
 		fmt.Println("trouble opening file")
 		fmt.Println(err)
@@ -134,7 +134,7 @@ func SaveBackup(network string) error {
 			ncutils.Log("failed to read " + configPath + " to make a backup")
 			return err
 		}
-		if err = os.WriteFile(backupPath, input, 0644); err != nil {
+		if err = os.WriteFile(backupPath, input, 0600); err != nil {
 			ncutils.Log("failed to copy backup to " + backupPath)
 			return err
 		}
@@ -152,7 +152,7 @@ func ReplaceWithBackup(network string) error {
 			ncutils.Log("failed to read file " + backupPath + " to backup network: " + network)
 			return err
 		}
-		if err = os.WriteFile(configPath, input, 0644); err != nil {
+		if err = os.WriteFile(configPath, input, 0600); err != nil {
 			ncutils.Log("failed backup " + backupPath + " to " + configPath)
 			return err
 		}

netclient/daemon/windows.go

@@ -56,7 +56,7 @@ func writeServiceConfig() error {
 </service>
 `, strings.Replace(ncutils.GetNetclientPathSpecific()+"netclient.exe", `\\`, `\`, -1))
 	if !ncutils.FileExists(serviceConfigPath) {
-		err := os.WriteFile(serviceConfigPath, []byte(scriptString), 0644)
+		err := os.WriteFile(serviceConfigPath, []byte(scriptString), 0600)
 		if err != nil {
 			return err
 		}

netclient/functions/daemon.go

@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"log"
 	"os"
 	"os/signal"
 	"runtime"
@@ -103,14 +104,14 @@ func MessageQueue(ctx context.Context, network string) {
 	ncutils.Log("netclient go routine started for " + network)
 	var cfg config.ClientConfig
 	cfg.Network = network
-	cfg.ReadConfig()
 	ncutils.Log("pulling latest config for " + cfg.Network)
-	_, err := Pull(cfg.Network, true)
+	_, err := Pull(network, true)
 	if err != nil {
 		ncutils.Log(err.Error())
 		return
 	}
-	time.Sleep(2 * time.Second)
+	time.Sleep(time.Second << 1)
+	cfg.ReadConfig()
 	ncutils.Log("daemon started for network: " + network)
 	client := SetupMQTT(&cfg)
 	if cfg.DebugOn {
@@ -135,6 +136,7 @@ func MessageQueue(ctx context.Context, network string) {
 		ncutils.Log(fmt.Sprintf("subscribed to peer updates for node %s peers/%s/%s", cfg.Node.Name, cfg.Node.Network, cfg.Node.ID))
 	}
 	var id string
+	var found bool
 	for _, server := range cfg.NetworkSettings.DefaultServerAddrs {
 		if server.IsLeader {
 			id = server.ID
@@ -144,13 +146,15 @@ func MessageQueue(ctx context.Context, network string) {
 				ncutils.Log(token.Error().Error())
 				return
 			}
+			found = true
 			if cfg.DebugOn {
 				ncutils.Log("subscribed to server keepalives for server " + id)
 			}
-		} else {
-			ncutils.Log("leader not defined for network" + cfg.Network)
 		}
 	}
+	if !found {
+		ncutils.Log("leader not defined for network " + cfg.Network)
+	}
 	defer client.Disconnect(250)
 	go MonitorKeepalive(ctx, client, &cfg)
 	go Checkin(ctx, &cfg, network)
@@ -239,7 +243,7 @@ func NodeUpdate(client mqtt.Client, msg mqtt.Message) {
 		}
 		if ifaceDelta {
 			ncutils.Log("applying WG conf to " + file)
-			err = wireguard.ApplyWGQuickConf(file)
+			err = wireguard.ApplyWGQuickConf(file, cfg.Node.Interface)
 			if err != nil {
 				ncutils.Log("error restarting wg after node update " + err.Error())
 				return
@@ -334,10 +338,12 @@ func MonitorKeepalive(ctx context.Context, client mqtt.Client, cfg *config.Clien
 			if time.Since(keepalive[id]) > time.Second*200 { // more than 3+ minutes
 				ncutils.Log("server keepalive not recieved in more than minutes, resubscribe to message queue")
 				err := Resubscribe(client, cfg)
+				if err != nil {
 					ncutils.Log("closing " + err.Error())
 				}
 			}
 		}
+	}
 }
 
 // ServerKeepAlive -- handler to react to keepalive messages published by server
@@ -384,7 +390,8 @@ func Resubscribe(client mqtt.Client, cfg *config.ClientConfig) error {
 					ncutils.Log("subscribed to server keepalives for server " + id)
 				}
 			} else {
-				ncutils.Log("leader not defined for network" + cfg.Network)
+				log.Println(cfg.NetworkSettings.DefaultServerAddrs)
+				ncutils.Log("leader not defined for network " + cfg.Network)
 			}
 		}
 		ncutils.Log("finished re subbing")
@@ -469,11 +476,11 @@ func Checkin(ctx context.Context, cfg *config.ClientConfig, network string) {
 // PublishNodeUpdates -- saves node and pushes changes to broker
 func PublishNodeUpdate(cfg *config.ClientConfig) {
 	if err := config.Write(cfg, cfg.Network); err != nil {
-		ncutils.Log("error saving configuration" + err.Error())
+		ncutils.Log("error saving configuration: " + err.Error())
 	}
 	data, err := json.Marshal(cfg.Node)
 	if err != nil {
-		ncutils.Log("error marshling node update " + err.Error())
+		ncutils.Log("error marshling node update: " + err.Error())
 	}
 	if err = publish(cfg, fmt.Sprintf("update/%s", cfg.Node.ID), data); err != nil {
 		ncutils.Log(fmt.Sprintf("error publishing endpoint update, %v", err))

netclient/ncutils/iface.go

@@ -1,6 +1,8 @@
 package ncutils
 
 import (
+	"net"
+
 	"github.com/gravitl/netmaker/models"
 )
 
@@ -67,3 +69,17 @@ func StringSliceContains(slice []string, item string) bool {
 	}
 	return false
 }
+
+// IfaceExists - return true if you can find the iface
+func IfaceExists(ifacename string) bool {
+	localnets, err := net.Interfaces()
+	if err != nil {
+		return false
+	}
+	for _, localnet := range localnets {
+		if ifacename == localnet.Name {
+			return true
+		}
+	}
+	return false
+}

netclient/ncwindows/windows.go

@@ -28,7 +28,7 @@ func InitWindows() {
 				log.Println("failed to find netclient.exe")
 				return
 			}
-			if err = os.WriteFile(ncutils.GetNetclientPathSpecific()+"netclient.exe", input, 0644); err != nil {
+			if err = os.WriteFile(ncutils.GetNetclientPathSpecific()+"netclient.exe", input, 0600); err != nil {
 				log.Println("failed to copy netclient.exe to", ncutils.GetNetclientPath())
 				return
 			}

netclient/wireguard/common.go

@@ -277,7 +277,7 @@ func ApplyConf(node models.Node, ifacename string, confPath string) error {
 	case "darwin":
 		_ = ApplyMacOSConf(node, ifacename, confPath)
 	default:
-		err = ApplyWGQuickConf(confPath)
+		err = ApplyWGQuickConf(confPath, ifacename)
 	}
 	return err
 }

netclient/wireguard/mac.go

@@ -99,7 +99,7 @@ func addInterface(iface string) (string, error) {
 	realIface, err := ncutils.GetNewIface("/var/run/wireguard/")
 	if iface != "" && err == nil {
 		ifacePath := "/var/run/wireguard/" + iface + ".name"
-		err = os.WriteFile(ifacePath, []byte(realIface), 0644)
+		err = os.WriteFile(ifacePath, []byte(realIface), 0600)
 	}
 	return realIface, err
 }
@@ -210,7 +210,7 @@ func addRoute(addr string, iface string) error {
 // setConfig - sets configuration of the wireguard interface from the config file
 func setConfig(realIface string, confPath string) error {
 	confString := getConfig(confPath)
-	err := os.WriteFile(confPath+".tmp", []byte(confString), 0644)
+	err := os.WriteFile(confPath+".tmp", []byte(confString), 0600)
 	if err != nil {
 		return err
 	}

netclient/wireguard/unix.go

@@ -52,20 +52,17 @@ func SetWGKeyConfig(network string, serveraddr string) error {
 }
 
 // ApplyWGQuickConf - applies wg-quick commands if os supports
-func ApplyWGQuickConf(confPath string) error {
+func ApplyWGQuickConf(confPath string, ifacename string) error {
 	_, err := os.Stat(confPath)
 	if err != nil {
 		ncutils.Log(confPath + " does not exist " + err.Error())
 		return err
 	}
-	_, err = ncutils.RunCmd("wg-quick down "+confPath, true)
-	if err != nil {
-		ncutils.Log("err running wg-quick down " + confPath + ": " + err.Error())
+	if ncutils.IfaceExists(ifacename) {
+		ncutils.RunCmd("wg-quick down "+confPath, true)
 	}
 	_, err = ncutils.RunCmd("wg-quick up "+confPath, true)
-	if err != nil {
-		ncutils.Log("err runinng wg-quick up " + confPath + ": " + err.Error())
-	}
+
 	return err
 }
 
@@ -90,7 +87,7 @@ func SyncWGQuickConf(iface string, confPath string) error {
 	}
 	regex := regexp.MustCompile(".*Warning.*\n")
 	conf := regex.ReplaceAllString(confRaw, "")
-	err = os.WriteFile(tmpConf, []byte(conf), 0644)
+	err = os.WriteFile(tmpConf, []byte(conf), 0600)
 	if err != nil {
 		return err
 	}
@@ -98,7 +95,7 @@ func SyncWGQuickConf(iface string, confPath string) error {
 	if err != nil {
 		log.Println(err.Error())
 		ncutils.Log("error syncing conf, resetting")
-		err = ApplyWGQuickConf(confPath)
+		err = ApplyWGQuickConf(confPath, iface)
 	}
 	errN := os.Remove(tmpConf)
 	if errN != nil {
@@ -117,7 +114,7 @@ func RemoveWGQuickConf(confPath string, printlog bool) error {
 func StorePrivKey(key string, network string) error {
 	var err error
 	d1 := []byte(key)
-	err = os.WriteFile(ncutils.GetNetclientPathSpecific()+"wgkey-"+network, d1, 0644)
+	err = os.WriteFile(ncutils.GetNetclientPathSpecific()+"wgkey-"+network, d1, 0600)
 	return err
 }