diff --git a/netclient/functions/daemon.go b/netclient/functions/daemon.go index 16d686aa..17875f8a 100644 --- a/netclient/functions/daemon.go +++ b/netclient/functions/daemon.go @@ -276,7 +276,7 @@ func NewTLSConfig(cfg *config.ClientConfig, server string) *tls.Config { if cfg != nil { server = cfg.Server.Server } - file = "/etc/netclient/" + server + "/root.pem" + file = ncutils.GetNetclientServerPath(server) + "/root.pem" certpool := x509.NewCertPool() ca, err := os.ReadFile(file) if err != nil { @@ -286,7 +286,7 @@ func NewTLSConfig(cfg *config.ClientConfig, server string) *tls.Config { if !ok { logger.Log(0, "failed to append cert") } - clientKeyPair, err := tls.LoadX509KeyPair("/etc/netclient/"+server+"/client.pem", "/etc/netclient/client.key") + clientKeyPair, err := tls.LoadX509KeyPair(ncutils.GetNetclientServerPath(server)+"/client.pem", ncutils.GetNetclientPath()+"/client.key") if err != nil { log.Fatalf("could not read client cert/key %v \n", err) } @@ -303,7 +303,7 @@ func NewTLSConfig(cfg *config.ClientConfig, server string) *tls.Config { logger.Log(0, "VerifyConnection - certifiate mismatch") return errors.New("certificate doesn't match server") } - ca, err := ssl.ReadCert("/etc/netclient/" + cs.ServerName + "/root.pem") + ca, err := ssl.ReadCert(ncutils.GetNetclientServerPath(cs.ServerName) + "/root.pem") if err != nil { logger.Log(0, "VerifyConnection - unable to read ca", err.Error()) return errors.New("unable to read ca") diff --git a/netclient/functions/register.go b/netclient/functions/register.go index 71267883..04058259 100644 --- a/netclient/functions/register.go +++ b/netclient/functions/register.go @@ -25,13 +25,13 @@ func Register(cfg *config.ClientConfig) error { return errors.New("no access key provided") } //generate new key if one doesn' exist - private, err := tls.ReadKey("/etc/netclient/client.key") + private, err := tls.ReadKey(ncutils.GetNetclientPath() + "/client.key") if err != nil { _, *private, err = ed25519.GenerateKey(rand.Reader) if err != nil { return err } - if err := tls.SaveKey(ncutils.GetNetclientPath(), "client.key", *private); err != nil { + if err := tls.SaveKey(ncutils.GetNetclientPath(), "/client.key", *private); err != nil { return err } } @@ -67,10 +67,10 @@ func Register(cfg *config.ClientConfig) error { //the pubkeys are included in the response so the values in the certificate can be updated appropriately resp.CA.PublicKey = resp.CAPubKey resp.Cert.PublicKey = resp.CertPubKey - if err := tls.SaveCert(ncutils.GetNetclientPath()+cfg.Server.Server+"/", "root.pem", &resp.CA); err != nil { + if err := tls.SaveCert(ncutils.GetNetclientServerPath(cfg.Server.Server)+"/", "root.pem", &resp.CA); err != nil { return err } - if err := tls.SaveCert(ncutils.GetNetclientPath()+cfg.Server.Server+"/", "client.pem", &resp.Cert); err != nil { + if err := tls.SaveCert(ncutils.GetNetclientServerPath(cfg.Server.Server)+"/", "client.pem", &resp.Cert); err != nil { return err } logger.Log(0, "certificates/key saved ") diff --git a/netclient/ncutils/netclientutils.go b/netclient/ncutils/netclientutils.go index 763ee0c2..3c65e459 100644 --- a/netclient/ncutils/netclientutils.go +++ b/netclient/ncutils/netclientutils.go @@ -40,7 +40,7 @@ const NO_DB_RECORD = "no result found" const NO_DB_RECORDS = "could not find any records" // LINUX_APP_DATA_PATH - linux path -const LINUX_APP_DATA_PATH = "/etc/netclient/" +const LINUX_APP_DATA_PATH = "/etc/netclient" // WINDOWS_APP_DATA_PATH - windows path const WINDOWS_APP_DATA_PATH = "C:\\ProgramData\\Netclient" @@ -317,6 +317,17 @@ func GetFileWithRetry(path string, retryCount int) ([]byte, error) { return data, err } +// GetNetclientServerPath - gets netclient server path +func GetNetclientServerPath(server string) string { + if IsWindows() { + return WINDOWS_APP_DATA_PATH + "\\" + server + "\\" + } else if IsMac() { + return "/etc/netclient/" + server + "/" + } else { + return LINUX_APP_DATA_PATH + "/" + server + } +} + // GetNetclientPathSpecific - gets specific netclient config path func GetNetclientPathSpecific() string { if IsWindows() {