zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-11-03 00:54:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

freebsd working

Browse Source
This commit is contained in:
afeiszli
2021-11-15 11:42:52 -05:00
parent 05d27c8af3
commit 84c8299bb0
12 changed files with 119 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/config.go
View File

@@ -44,6 +44,7 @@ type ServerConfig struct {
GRPCPort string `yaml:"grpcport"`
GRPCSecure string `yaml:"grpcsecure"`
MasterKey string `yaml:"masterkey"`
DNSKey string `yaml:"dnskey"`
AllowedOrigin string `yaml:"allowedorigin"`
NodeID string `yaml:"nodeid"`
RestBackend string `yaml:"restbackend"`

56
controllers/dnsHttpController.go
View File

@@ -3,6 +3,7 @@ package controller
import (
"encoding/json"
"net/http"
"strings"
"github.com/go-playground/validator/v10"
"github.com/gorilla/mux"
@@ -14,14 +15,14 @@ import (
func dnsHandlers(r *mux.Router) {
r.HandleFunc("/api/dns", securityCheck(true, http.HandlerFunc(getAllDNS))).Methods("GET")
r.HandleFunc("/api/dns/adm/{network}/nodes", securityCheck(false, http.HandlerFunc(getNodeDNS))).Methods("GET")
r.HandleFunc("/api/dns/adm/{network}/custom", securityCheck(false, http.HandlerFunc(getCustomDNS))).Methods("GET")
r.HandleFunc("/api/dns/adm/{network}", securityCheck(false, http.HandlerFunc(getDNS))).Methods("GET")
r.HandleFunc("/api/dns/{network}", securityCheck(false, http.HandlerFunc(createDNS))).Methods("POST")
r.HandleFunc("/api/dns/adm/pushdns", securityCheck(false, http.HandlerFunc(pushDNS))).Methods("POST")
r.HandleFunc("/api/dns/{network}/{domain}", securityCheck(false, http.HandlerFunc(deleteDNS))).Methods("DELETE")
r.HandleFunc("/api/dns/{network}/{domain}", securityCheck(false, http.HandlerFunc(updateDNS))).Methods("PUT")
r.HandleFunc("/api/dns", securityCheckDNS(true, true, http.HandlerFunc(getAllDNS))).Methods("GET")
r.HandleFunc("/api/dns/adm/{network}/nodes", securityCheckDNS(false, true, http.HandlerFunc(getNodeDNS))).Methods("GET")
r.HandleFunc("/api/dns/adm/{network}/custom", securityCheckDNS(false, true, http.HandlerFunc(getCustomDNS))).Methods("GET")
r.HandleFunc("/api/dns/adm/{network}", securityCheckDNS(false, true, http.HandlerFunc(getDNS))).Methods("GET")
r.HandleFunc("/api/dns/{network}", securityCheckDNS(false, false, http.HandlerFunc(createDNS))).Methods("POST")
r.HandleFunc("/api/dns/adm/pushdns", securityCheckDNS(false, false, http.HandlerFunc(pushDNS))).Methods("POST")
r.HandleFunc("/api/dns/{network}/{domain}", securityCheckDNS(false, false, http.HandlerFunc(deleteDNS))).Methods("DELETE")
r.HandleFunc("/api/dns/{network}/{domain}", securityCheckDNS(false, false, http.HandlerFunc(updateDNS))).Methods("PUT")
}
//Gets all nodes associated with network, including pending nodes
@@ -408,3 +409,42 @@ func ValidateDNSUpdate(change models.DNSEntry, entry models.DNSEntry) error {
}
return err
}
//Security check DNS is middleware for every DNS function and just checks to make sure that its the master or dns token calling
//Only admin should have access to all these network-level actions
//DNS token should have access to only read functions
func securityCheckDNS(reqAdmin bool, allowDNSToken bool, next http.Handler) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
var errorResponse = models.ErrorResponse{
Code: http.StatusUnauthorized, Message: "W1R3: It's not you it's me.",
}
var params = mux.Vars(r)
bearerToken := r.Header.Get("Authorization")
if allowDNSToken && authenticateDNSToken(bearerToken) {
r.Header.Set("user", "nameserver")
networks, _ := json.Marshal([]string{ALL_NETWORK_ACCESS})
r.Header.Set("networks", string(networks))
next.ServeHTTP(w, r)
} else {
err, networks, username := SecurityCheck(reqAdmin, params["networkname"], bearerToken)
if err != nil {
if strings.Contains(err.Error(), "does not exist") {
errorResponse.Code = http.StatusNotFound
}
errorResponse.Message = err.Error()
returnErrorResponse(w, r, errorResponse)
return
}
networksJson, err := json.Marshal(&networks)
if err != nil {
errorResponse.Message = err.Error()
returnErrorResponse(w, r, errorResponse)
return
}
r.Header.Set("user", username)
r.Header.Set("networks", string(networksJson))
next.ServeHTTP(w, r)
}
}
}

10
controllers/networkHttpController.go
View File

@@ -116,10 +116,12 @@ func SecurityCheck(reqAdmin bool, netname string, token string) (error, []string
//Consider a more secure way of setting master key
func authenticateMaster(tokenString string) bool {
if tokenString == servercfg.GetMasterKey() {
return true
}
return false
return tokenString == servercfg.GetMasterKey()
}
//Consider a more secure way of setting master key
func authenticateDNSToken(tokenString string) bool {
return tokenString == servercfg.GetDNSKey()
}
//simple get all networks function

2
controllers/relay.go
View File

@@ -37,7 +37,7 @@ func createRelay(w http.ResponseWriter, r *http.Request) {
// CreateRelay - creates a relay
func CreateRelay(relay models.RelayRequest) (models.Node, error) {
node, err := logic.GetNodeByMacAddress(relay.NetID, relay.NodeID)
if node.OS == "windows" || node.OS == "macos" { // add in darwin later
if node.OS == "macos" { // add in darwin later
return models.Node{}, errors.New(node.OS + " is unsupported for relay")
}
if err != nil {

1
go.mod
View File

@@ -3,6 +3,7 @@ module github.com/gravitl/netmaker
go 1.15
require (
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/go-playground/validator/v10 v10.9.0
github.com/golang-jwt/jwt/v4 v4.1.0
github.com/golang/protobuf v1.5.2 // indirect

2
logic/wireguard.go
View File

@@ -150,7 +150,7 @@ func initWireguard(node *models.Node, privkey string, peers []wgtypes.PeerConfig
if node.PostDown != "" {
runcmds := strings.Split(node.PostDown, "; ")
_ = ncutils.RunCmds(runcmds, true)
_ = ncutils.RunCmds(runcmds, false)
}
// set MTU of node interface
if _, err := ncutils.RunCmd(ipExec+" link set mtu "+strconv.Itoa(int(node.MTU))+" up dev "+ifacename, true); err != nil {

3
models/node.go
View File

@@ -13,6 +13,7 @@ import (
const charset = "abcdefghijklmnopqrstuvwxyz" + "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
const TEN_YEARS_IN_SECONDS = 300000000
const MAX_NAME_LENGTH = 62
// == ACTIONS == (can only be set by GRPC)
const NODE_UPDATE_KEY = "updatekey"
@@ -30,7 +31,7 @@ type Node struct {
Address string `json:"address" bson:"address" yaml:"address" validate:"omitempty,ipv4"`
Address6 string `json:"address6" bson:"address6" yaml:"address6" validate:"omitempty,ipv6"`
LocalAddress string `json:"localaddress" bson:"localaddress" yaml:"localaddress" validate:"omitempty,ip"`
Name string `json:"name" bson:"name" yaml:"name" validate:"omitempty,max=32,in_charset"`
Name string `json:"name" bson:"name" yaml:"name" validate:"omitempty,max=62,in_charset"`
NetworkSettings Network `json:"networksettings" bson:"networksettings" yaml:"networksettings" validate:"-"`
ListenPort int32 `json:"listenport" bson:"listenport" yaml:"listenport" validate:"omitempty,numeric,min=1024,max=65535"`
PublicKey string `json:"publickey" bson:"publickey" yaml:"publickey" validate:"required,base64"`

17
netclient/config/config.go
View File

@@ -24,13 +24,14 @@ type GlobalConfig struct {
// ClientConfig - struct for dealing with client configuration
type ClientConfig struct {
Server ServerConfig `yaml:"server"`
Node models.Node `yaml:"node"`
Network string `yaml:"network"`
Daemon string `yaml:"daemon"`
OperatingSystem string `yaml:"operatingsystem"`
DebugJoin bool `yaml:"debugjoin"`
FWMark int32 `yaml:"fwmark"`
Server ServerConfig `yaml:"server"`
Node models.Node `yaml:"node"`
NetworkSettings models.Network `yaml:"networksettings"`
Network string `yaml:"network"`
Daemon string `yaml:"daemon"`
OperatingSystem string `yaml:"operatingsystem"`
DebugJoin bool `yaml:"debugjoin"`
FWMark int32 `yaml:"fwmark"`
}
// ServerConfig - struct for dealing with the server information for a netclient
@@ -192,6 +193,7 @@ func (config *ClientConfig) ReadConfig() {
// ModConfig - overwrites the node inside client config on disk
func ModConfig(node *models.Node) error {
network := node.Network
networksettings := node.NetworkSettings
if network == "" {
return errors.New("no network provided")
}
@@ -206,6 +208,7 @@ func ModConfig(node *models.Node) error {
}
modconfig.Node = (*node)
modconfig.NetworkSettings = (networksettings)
err = Write(&modconfig, network)
return err
}

22
netclient/functions/join.go
View File

@@ -25,7 +25,6 @@ import (
// JoinNetwork - helps a client join a network
func JoinNetwork(cfg config.ClientConfig, privateKey string) error {
if cfg.Node.Network == "" {
return errors.New("no network provided")
}
@@ -102,9 +101,9 @@ func JoinNetwork(cfg config.ClientConfig, privateKey string) error {
if ncutils.IsFreeBSD() {
cfg.Node.UDPHolePunch = "no"
cfg.Node.IsStatic = "yes"
}
// make sure name is appropriate, if not, give blank name
cfg.Node.Name = formatName(cfg.Node)
// differentiate between client/server here
var node models.Node // fill this node with appropriate calls
postnode := &models.Node{
@@ -233,3 +232,20 @@ func JoinNetwork(cfg config.ClientConfig, privateKey string) error {
return err
}
// format name appropriately. Set to blank on failure
func formatName(node models.Node) string {
// Logic to properly format name
if !node.NameInNodeCharSet() {
node.Name = ncutils.DNSFormatString(node.Name)
}
if len(node.Name) > models.MAX_NAME_LENGTH {
node.Name = ncutils.ShortenString(node.Name, models.MAX_NAME_LENGTH)
}
if !node.NameInNodeCharSet() || len(node.Name) > models.MAX_NAME_LENGTH {
ncutils.PrintLog("could not properly format name: "+node.Name, 1)
ncutils.PrintLog("setting name to blank", 1)
node.Name = ""
}
return node.Name
}

2
netclient/main.go
View File

@@ -10,7 +10,6 @@ import (
"os/signal"
"runtime/debug"
"strconv"
"strings"
"syscall"
"github.com/gravitl/netmaker/netclient/command"
@@ -31,7 +30,6 @@ func main() {
if err != nil {
hostname = ""
}
hostname = strings.Split(hostname, ".")[0]
cliFlags := []cli.Flag{
&cli.StringFlag{

18
netclient/ncutils/netclientutils.go
View File

@@ -12,6 +12,7 @@ import (
"net/http"
"os"
"os/exec"
"regexp"
"runtime"
"strconv"
"strings"
@@ -496,3 +497,20 @@ func stringAfter(original string, substring string) string {
}
return original[adjustedPosition:]
}
func ShortenString(input string, length int) string {
output := input
if len(input) > length {
output = input[0:length]
}
return output
}
func DNSFormatString(input string) string {
reg, err := regexp.Compile("[^a-zA-Z0-9-]+")
if err != nil {
Log("error with regex: " + err.Error())
return ""
}
return reg.ReplaceAllString(input, "")
}

12
servercfg/serverconf.go
View File

@@ -33,6 +33,7 @@ func GetServerConfig() config.ServerConfig {
cfg.GRPCHost = GetGRPCHost()
cfg.GRPCPort = GetGRPCPort()
cfg.MasterKey = "(hidden)"
cfg.DNSKey = "(hidden)"
cfg.AllowedOrigin = GetAllowedOrigin()
cfg.RestBackend = "off"
cfg.Verbosity = GetVerbose()
@@ -250,6 +251,17 @@ func GetMasterKey() string {
return key
}
// GetDNSKey - gets the configured dns key of server
func GetDNSKey() string {
key := "secretkey"
if os.Getenv("DNS_KEY") != "" {
key = os.Getenv("DNS_KEY")
} else if config.Config.Server.DNSKey != "" {
key = config.Config.Server.DNSKey
}
return key
}
// GetAllowedOrigin - get the allowed origin
func GetAllowedOrigin() string {
allowedorigin := "*"