| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | package headscale | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | import ( | 
					
						
							|  |  |  | 	"encoding/binary" | 
					
						
							|  |  |  | 	"encoding/json" | 
					
						
							| 
									
										
										
										
											2021-06-24 15:44:19 +02:00
										 |  |  | 	"errors" | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 	"fmt" | 
					
						
							|  |  |  | 	"io" | 
					
						
							|  |  |  | 	"net/http" | 
					
						
							|  |  |  | 	"time" | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 	"github.com/rs/zerolog/log" | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 	"github.com/gin-gonic/gin" | 
					
						
							|  |  |  | 	"github.com/klauspost/compress/zstd" | 
					
						
							| 
									
										
										
										
											2021-06-24 15:44:19 +02:00
										 |  |  | 	"gorm.io/gorm" | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 	"tailscale.com/tailcfg" | 
					
						
							| 
									
										
										
										
											2021-06-25 18:57:08 +02:00
										 |  |  | 	"tailscale.com/types/wgkey" | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | ) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-02-28 00:58:09 +01:00
										 |  |  | // KeyHandler provides the Headscale pub key | 
					
						
							|  |  |  | // Listens in /key | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | func (h *Headscale) KeyHandler(c *gin.Context) { | 
					
						
							|  |  |  | 	c.Data(200, "text/plain; charset=utf-8", []byte(h.publicKey.HexString())) | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-02-28 00:58:09 +01:00
										 |  |  | // RegisterWebAPI shows a simple message in the browser to point to the CLI | 
					
						
							|  |  |  | // Listens in /register | 
					
						
							|  |  |  | func (h *Headscale) RegisterWebAPI(c *gin.Context) { | 
					
						
							|  |  |  | 	mKeyStr := c.Query("key") | 
					
						
							|  |  |  | 	if mKeyStr == "" { | 
					
						
							|  |  |  | 		c.String(http.StatusBadRequest, "Wrong params") | 
					
						
							|  |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	c.Data(http.StatusOK, "text/html; charset=utf-8", []byte(fmt.Sprintf(` | 
					
						
							|  |  |  | 	<html> | 
					
						
							|  |  |  | 	<body> | 
					
						
							|  |  |  | 	<h1>headscale</h1> | 
					
						
							|  |  |  | 	<p> | 
					
						
							| 
									
										
										
										
											2021-05-15 00:05:41 +02:00
										 |  |  | 		Run the command below in the headscale server to add this machine to your network: | 
					
						
							| 
									
										
										
										
											2021-02-28 00:58:09 +01:00
										 |  |  | 	</p> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	<p> | 
					
						
							|  |  |  | 		<code> | 
					
						
							| 
									
										
										
										
											2021-07-11 15:05:32 +02:00
										 |  |  | 			<b>headscale -n NAMESPACE nodes register %s</b> | 
					
						
							| 
									
										
										
										
											2021-02-28 00:58:09 +01:00
										 |  |  | 		</code> | 
					
						
							|  |  |  | 	</p> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	</body> | 
					
						
							|  |  |  | 	</html> | 
					
						
							| 
									
										
										
										
											2021-05-24 21:59:03 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-02-28 00:58:09 +01:00
										 |  |  | 	`, mKeyStr))) | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // RegistrationHandler handles the actual registration process of a machine | 
					
						
							|  |  |  | // Endpoint /machine/:id | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | func (h *Headscale) RegistrationHandler(c *gin.Context) { | 
					
						
							| 
									
										
										
										
											2021-02-21 23:54:15 +01:00
										 |  |  | 	body, _ := io.ReadAll(c.Request.Body) | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 	mKeyStr := c.Param("id") | 
					
						
							| 
									
										
										
										
											2021-06-25 18:57:08 +02:00
										 |  |  | 	mKey, err := wgkey.ParseHex(mKeyStr) | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 	if err != nil { | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 		log.Error(). | 
					
						
							| 
									
										
										
										
											2021-08-05 20:57:47 +01:00
										 |  |  | 			Str("handler", "Registration"). | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 			Err(err). | 
					
						
							|  |  |  | 			Msg("Cannot parse machine key") | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 		c.String(http.StatusInternalServerError, "Sad!") | 
					
						
							|  |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	req := tailcfg.RegisterRequest{} | 
					
						
							|  |  |  | 	err = decode(body, &req, &mKey, h.privateKey) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 		log.Error(). | 
					
						
							| 
									
										
										
										
											2021-08-05 20:57:47 +01:00
										 |  |  | 			Str("handler", "Registration"). | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 			Err(err). | 
					
						
							|  |  |  | 			Msg("Cannot decode message") | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 		c.String(http.StatusInternalServerError, "Very sad!") | 
					
						
							|  |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2021-05-06 00:59:26 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-08-18 23:24:22 +01:00
										 |  |  | 	now := time.Now().UTC() | 
					
						
							| 
									
										
										
										
											2021-06-05 12:13:55 +02:00
										 |  |  | 	var m Machine | 
					
						
							| 
									
										
										
										
											2021-07-11 16:39:19 +02:00
										 |  |  | 	if result := h.db.Preload("Namespace").First(&m, "machine_key = ?", mKey.HexString()); errors.Is(result.Error, gorm.ErrRecordNotFound) { | 
					
						
							| 
									
										
										
										
											2021-08-05 20:57:47 +01:00
										 |  |  | 		log.Info().Str("machine", req.Hostinfo.Hostname).Msg("New machine") | 
					
						
							| 
									
										
										
										
											2021-06-05 12:13:55 +02:00
										 |  |  | 		m = Machine{ | 
					
						
							| 
									
										
										
										
											2021-08-18 23:24:22 +01:00
										 |  |  | 			Expiry:               &req.Expiry, | 
					
						
							|  |  |  | 			MachineKey:           mKey.HexString(), | 
					
						
							|  |  |  | 			Name:                 req.Hostinfo.Hostname, | 
					
						
							|  |  |  | 			NodeKey:              wgkey.Key(req.NodeKey).HexString(), | 
					
						
							|  |  |  | 			LastSuccessfulUpdate: &now, | 
					
						
							| 
									
										
										
										
											2021-06-05 12:13:55 +02:00
										 |  |  | 		} | 
					
						
							| 
									
										
										
										
											2021-07-04 21:40:46 +02:00
										 |  |  | 		if err := h.db.Create(&m).Error; err != nil { | 
					
						
							| 
									
										
										
										
											2021-08-05 18:16:21 +01:00
										 |  |  | 			log.Error(). | 
					
						
							| 
									
										
										
										
											2021-08-05 20:57:47 +01:00
										 |  |  | 				Str("handler", "Registration"). | 
					
						
							| 
									
										
										
										
											2021-08-05 18:16:21 +01:00
										 |  |  | 				Err(err). | 
					
						
							|  |  |  | 				Msg("Could not create row") | 
					
						
							| 
									
										
										
										
											2021-06-05 12:13:55 +02:00
										 |  |  | 			return | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	if !m.Registered && req.Auth.AuthKey != "" { | 
					
						
							| 
									
										
										
										
											2021-07-04 21:40:46 +02:00
										 |  |  | 		h.handleAuthKey(c, h.db, mKey, req, m) | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-05 12:13:55 +02:00
										 |  |  | 	resp := tailcfg.RegisterResponse{} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	// We have the updated key! | 
					
						
							| 
									
										
										
										
											2021-06-25 18:57:08 +02:00
										 |  |  | 	if m.NodeKey == wgkey.Key(req.NodeKey).HexString() { | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 		if m.Registered { | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 			log.Debug(). | 
					
						
							| 
									
										
										
										
											2021-08-05 20:57:47 +01:00
										 |  |  | 				Str("handler", "Registration"). | 
					
						
							|  |  |  | 				Str("machine", m.Name). | 
					
						
							| 
									
										
										
										
											2021-08-06 00:21:34 +02:00
										 |  |  | 				Msg("Client is registered and we have the current NodeKey. All clear to /map") | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 			resp.AuthURL = "" | 
					
						
							| 
									
										
										
										
											2021-05-06 23:25:40 +02:00
										 |  |  | 			resp.MachineAuthorized = true | 
					
						
							| 
									
										
										
										
											2021-06-05 12:13:55 +02:00
										 |  |  | 			resp.User = *m.Namespace.toUser() | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 			respBody, err := encode(resp, &mKey, h.privateKey) | 
					
						
							|  |  |  | 			if err != nil { | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 				log.Error(). | 
					
						
							| 
									
										
										
										
											2021-08-05 20:57:47 +01:00
										 |  |  | 					Str("handler", "Registration"). | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 					Err(err). | 
					
						
							|  |  |  | 					Msg("Cannot encode message") | 
					
						
							| 
									
										
										
										
											2021-06-05 12:13:55 +02:00
										 |  |  | 				c.String(http.StatusInternalServerError, "") | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 				return | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 			c.Data(200, "application/json; charset=utf-8", respBody) | 
					
						
							|  |  |  | 			return | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 		log.Debug(). | 
					
						
							| 
									
										
										
										
											2021-08-05 20:57:47 +01:00
										 |  |  | 			Str("handler", "Registration"). | 
					
						
							|  |  |  | 			Str("machine", m.Name). | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 			Msg("Not registered and not NodeKey rotation. Sending a authurl to register") | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 		resp.AuthURL = fmt.Sprintf("%s/register?key=%s", | 
					
						
							|  |  |  | 			h.cfg.ServerURL, mKey.HexString()) | 
					
						
							|  |  |  | 		respBody, err := encode(resp, &mKey, h.privateKey) | 
					
						
							|  |  |  | 		if err != nil { | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 			log.Error(). | 
					
						
							| 
									
										
										
										
											2021-08-05 20:57:47 +01:00
										 |  |  | 				Str("handler", "Registration"). | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 				Err(err). | 
					
						
							|  |  |  | 				Msg("Cannot encode message") | 
					
						
							| 
									
										
										
										
											2021-06-05 12:13:55 +02:00
										 |  |  | 			c.String(http.StatusInternalServerError, "") | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 			return | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		c.Data(200, "application/json; charset=utf-8", respBody) | 
					
						
							|  |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-05 12:13:55 +02:00
										 |  |  | 	// The NodeKey we have matches OldNodeKey, which means this is a refresh after an key expiration | 
					
						
							| 
									
										
										
										
											2021-06-25 18:57:08 +02:00
										 |  |  | 	if m.NodeKey == wgkey.Key(req.OldNodeKey).HexString() { | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 		log.Debug(). | 
					
						
							| 
									
										
										
										
											2021-08-05 20:57:47 +01:00
										 |  |  | 			Str("handler", "Registration"). | 
					
						
							|  |  |  | 			Str("machine", m.Name). | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 			Msg("We have the OldNodeKey in the database. This is a key refresh") | 
					
						
							| 
									
										
										
										
											2021-06-25 18:57:08 +02:00
										 |  |  | 		m.NodeKey = wgkey.Key(req.NodeKey).HexString() | 
					
						
							| 
									
										
										
										
											2021-07-04 21:40:46 +02:00
										 |  |  | 		h.db.Save(&m) | 
					
						
							| 
									
										
										
										
											2021-06-05 12:13:55 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 		resp.AuthURL = "" | 
					
						
							| 
									
										
										
										
											2021-02-28 00:58:09 +01:00
										 |  |  | 		resp.User = *m.Namespace.toUser() | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 		respBody, err := encode(resp, &mKey, h.privateKey) | 
					
						
							|  |  |  | 		if err != nil { | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 			log.Error(). | 
					
						
							| 
									
										
										
										
											2021-08-05 20:57:47 +01:00
										 |  |  | 				Str("handler", "Registration"). | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 				Err(err). | 
					
						
							|  |  |  | 				Msg("Cannot encode message") | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 			c.String(http.StatusInternalServerError, "Extremely sad!") | 
					
						
							|  |  |  | 			return | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		c.Data(200, "application/json; charset=utf-8", respBody) | 
					
						
							|  |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-05 12:13:55 +02:00
										 |  |  | 	// We arrive here after a client is restarted without finalizing the authentication flow or | 
					
						
							|  |  |  | 	// when headscale is stopped in the middle of the auth process. | 
					
						
							|  |  |  | 	if m.Registered { | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 		log.Debug(). | 
					
						
							| 
									
										
										
										
											2021-08-05 20:57:47 +01:00
										 |  |  | 			Str("handler", "Registration"). | 
					
						
							|  |  |  | 			Str("machine", m.Name). | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 			Msg("The node is sending us a new NodeKey, but machine is registered. All clear for /map") | 
					
						
							| 
									
										
										
										
											2021-06-05 12:13:55 +02:00
										 |  |  | 		resp.AuthURL = "" | 
					
						
							|  |  |  | 		resp.MachineAuthorized = true | 
					
						
							|  |  |  | 		resp.User = *m.Namespace.toUser() | 
					
						
							|  |  |  | 		respBody, err := encode(resp, &mKey, h.privateKey) | 
					
						
							|  |  |  | 		if err != nil { | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 			log.Error(). | 
					
						
							| 
									
										
										
										
											2021-08-05 20:57:47 +01:00
										 |  |  | 				Str("handler", "Registration"). | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 				Err(err). | 
					
						
							|  |  |  | 				Msg("Cannot encode message") | 
					
						
							| 
									
										
										
										
											2021-06-05 12:13:55 +02:00
										 |  |  | 			c.String(http.StatusInternalServerError, "") | 
					
						
							|  |  |  | 			return | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		c.Data(200, "application/json; charset=utf-8", respBody) | 
					
						
							|  |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	log.Debug(). | 
					
						
							| 
									
										
										
										
											2021-08-05 20:57:47 +01:00
										 |  |  | 		Str("handler", "Registration"). | 
					
						
							|  |  |  | 		Str("machine", m.Name). | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 		Msg("The node is sending us a new NodeKey, sending auth url") | 
					
						
							| 
									
										
										
										
											2021-06-05 12:13:55 +02:00
										 |  |  | 	resp.AuthURL = fmt.Sprintf("%s/register?key=%s", | 
					
						
							|  |  |  | 		h.cfg.ServerURL, mKey.HexString()) | 
					
						
							|  |  |  | 	respBody, err := encode(resp, &mKey, h.privateKey) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 		log.Error(). | 
					
						
							| 
									
										
										
										
											2021-08-05 20:57:47 +01:00
										 |  |  | 			Str("handler", "Registration"). | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 			Err(err). | 
					
						
							|  |  |  | 			Msg("Cannot encode message") | 
					
						
							| 
									
										
										
										
											2021-06-05 12:13:55 +02:00
										 |  |  | 		c.String(http.StatusInternalServerError, "") | 
					
						
							|  |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	c.Data(200, "application/json; charset=utf-8", respBody) | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-25 18:57:08 +02:00
										 |  |  | func (h *Headscale) getMapResponse(mKey wgkey.Key, req tailcfg.MapRequest, m Machine) (*[]byte, error) { | 
					
						
							| 
									
										
										
										
											2021-08-05 21:47:06 +01:00
										 |  |  | 	log.Trace(). | 
					
						
							|  |  |  | 		Str("func", "getMapResponse"). | 
					
						
							|  |  |  | 		Str("machine", req.Hostinfo.Hostname). | 
					
						
							|  |  |  | 		Msg("Creating Map response") | 
					
						
							| 
									
										
										
										
											2021-10-02 11:20:42 +02:00
										 |  |  | 	node, err := h.toNode(m, true) | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 	if err != nil { | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 		log.Error(). | 
					
						
							| 
									
										
										
										
											2021-08-05 20:57:47 +01:00
										 |  |  | 			Str("func", "getMapResponse"). | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 			Err(err). | 
					
						
							|  |  |  | 			Msg("Cannot convert to node") | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 		return nil, err | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	peers, err := h.getPeers(m) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 		log.Error(). | 
					
						
							| 
									
										
										
										
											2021-08-05 20:57:47 +01:00
										 |  |  | 			Str("func", "getMapResponse"). | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 			Err(err). | 
					
						
							|  |  |  | 			Msg("Cannot fetch peers") | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 		return nil, err | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2021-07-11 16:39:19 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	profile := tailcfg.UserProfile{ | 
					
						
							|  |  |  | 		ID:          tailcfg.UserID(m.NamespaceID), | 
					
						
							|  |  |  | 		LoginName:   m.Namespace.Name, | 
					
						
							|  |  |  | 		DisplayName: m.Namespace.Name, | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-10-02 12:13:19 +02:00
										 |  |  | 	var dnsConfig *tailcfg.DNSConfig | 
					
						
							|  |  |  | 	if h.cfg.DNSConfig.Proxied { // if MagicDNS is enabled | 
					
						
							|  |  |  | 		// TODO(juanfont): We should not be regenerating this all the time | 
					
						
							|  |  |  | 		// And we should only send the domains of the peers (this own namespace + those from the shared peers) | 
					
						
							|  |  |  | 		namespaces, err := h.ListNamespaces() | 
					
						
							|  |  |  | 		if err != nil { | 
					
						
							|  |  |  | 			return nil, err | 
					
						
							|  |  |  | 		} | 
					
						
							| 
									
										
										
										
											2021-10-02 13:03:08 +02:00
										 |  |  | 		dnsConfig = h.cfg.DNSConfig.Clone() | 
					
						
							| 
									
										
										
										
											2021-10-02 12:13:19 +02:00
										 |  |  | 		for _, ns := range *namespaces { | 
					
						
							|  |  |  | 			dnsConfig.Domains = append(dnsConfig.Domains, fmt.Sprintf("%s.%s", ns.Name, h.cfg.BaseDomain)) | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} else { | 
					
						
							|  |  |  | 		dnsConfig = h.cfg.DNSConfig | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 	resp := tailcfg.MapResponse{ | 
					
						
							| 
									
										
										
										
											2021-10-02 11:20:42 +02:00
										 |  |  | 		KeepAlive:    false, | 
					
						
							|  |  |  | 		Node:         node, | 
					
						
							|  |  |  | 		Peers:        *peers, | 
					
						
							| 
									
										
										
										
											2021-10-02 12:13:19 +02:00
										 |  |  | 		DNSConfig:    dnsConfig, | 
					
						
							| 
									
										
										
										
											2021-10-02 11:20:42 +02:00
										 |  |  | 		Domain:       h.cfg.BaseDomain, | 
					
						
							| 
									
										
										
										
											2021-07-04 13:24:05 +02:00
										 |  |  | 		PacketFilter: *h.aclRules, | 
					
						
							| 
									
										
										
										
											2021-02-20 23:57:06 +01:00
										 |  |  | 		DERPMap:      h.cfg.DerpMap, | 
					
						
							| 
									
										
										
										
											2021-07-11 16:39:19 +02:00
										 |  |  | 		UserProfiles: []tailcfg.UserProfile{profile}, | 
					
						
							| 
									
										
										
										
											2021-02-24 00:31:58 +01:00
										 |  |  | 	} | 
					
						
							| 
									
										
										
										
											2021-08-13 10:33:19 +01:00
										 |  |  | 	log.Trace(). | 
					
						
							|  |  |  | 		Str("func", "getMapResponse"). | 
					
						
							|  |  |  | 		Str("machine", req.Hostinfo.Hostname). | 
					
						
							|  |  |  | 		Msgf("Generated map response: %s", tailMapResponseToString(resp)) | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	var respBody []byte | 
					
						
							|  |  |  | 	if req.Compress == "zstd" { | 
					
						
							|  |  |  | 		src, _ := json.Marshal(resp) | 
					
						
							| 
									
										
										
										
											2021-08-13 10:33:19 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 		encoder, _ := zstd.NewWriter(nil) | 
					
						
							|  |  |  | 		srcCompressed := encoder.EncodeAll(src, nil) | 
					
						
							|  |  |  | 		respBody, err = encodeMsg(srcCompressed, &mKey, h.privateKey) | 
					
						
							|  |  |  | 		if err != nil { | 
					
						
							|  |  |  | 			return nil, err | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} else { | 
					
						
							|  |  |  | 		respBody, err = encode(resp, &mKey, h.privateKey) | 
					
						
							|  |  |  | 		if err != nil { | 
					
						
							|  |  |  | 			return nil, err | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	// declare the incoming size on the first 4 bytes | 
					
						
							|  |  |  | 	data := make([]byte, 4) | 
					
						
							|  |  |  | 	binary.LittleEndian.PutUint32(data, uint32(len(respBody))) | 
					
						
							|  |  |  | 	data = append(data, respBody...) | 
					
						
							|  |  |  | 	return &data, nil | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-25 18:57:08 +02:00
										 |  |  | func (h *Headscale) getMapKeepAliveResponse(mKey wgkey.Key, req tailcfg.MapRequest, m Machine) (*[]byte, error) { | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 	resp := tailcfg.MapResponse{ | 
					
						
							|  |  |  | 		KeepAlive: true, | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	var respBody []byte | 
					
						
							|  |  |  | 	var err error | 
					
						
							|  |  |  | 	if req.Compress == "zstd" { | 
					
						
							|  |  |  | 		src, _ := json.Marshal(resp) | 
					
						
							|  |  |  | 		encoder, _ := zstd.NewWriter(nil) | 
					
						
							|  |  |  | 		srcCompressed := encoder.EncodeAll(src, nil) | 
					
						
							|  |  |  | 		respBody, err = encodeMsg(srcCompressed, &mKey, h.privateKey) | 
					
						
							|  |  |  | 		if err != nil { | 
					
						
							|  |  |  | 			return nil, err | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} else { | 
					
						
							|  |  |  | 		respBody, err = encode(resp, &mKey, h.privateKey) | 
					
						
							|  |  |  | 		if err != nil { | 
					
						
							|  |  |  | 			return nil, err | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	data := make([]byte, 4) | 
					
						
							|  |  |  | 	binary.LittleEndian.PutUint32(data, uint32(len(respBody))) | 
					
						
							|  |  |  | 	data = append(data, respBody...) | 
					
						
							|  |  |  | 	return &data, nil | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-25 18:57:08 +02:00
										 |  |  | func (h *Headscale) handleAuthKey(c *gin.Context, db *gorm.DB, idKey wgkey.Key, req tailcfg.RegisterRequest, m Machine) { | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 	log.Debug(). | 
					
						
							| 
									
										
										
										
											2021-08-05 20:57:47 +01:00
										 |  |  | 		Str("func", "handleAuthKey"). | 
					
						
							|  |  |  | 		Str("machine", req.Hostinfo.Hostname). | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 		Msgf("Processing auth key for %s", req.Hostinfo.Hostname) | 
					
						
							| 
									
										
										
										
											2021-05-06 00:59:26 +02:00
										 |  |  | 	resp := tailcfg.RegisterResponse{} | 
					
						
							| 
									
										
										
										
											2021-06-05 12:13:55 +02:00
										 |  |  | 	pak, err := h.checkKeyValidity(req.Auth.AuthKey) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		resp.MachineAuthorized = false | 
					
						
							| 
									
										
										
										
											2021-05-06 00:59:26 +02:00
										 |  |  | 		respBody, err := encode(resp, &idKey, h.privateKey) | 
					
						
							|  |  |  | 		if err != nil { | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 			log.Error(). | 
					
						
							| 
									
										
										
										
											2021-08-05 20:57:47 +01:00
										 |  |  | 				Str("func", "handleAuthKey"). | 
					
						
							|  |  |  | 				Str("machine", m.Name). | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 				Err(err). | 
					
						
							|  |  |  | 				Msg("Cannot encode message") | 
					
						
							| 
									
										
										
										
											2021-06-05 12:13:55 +02:00
										 |  |  | 			c.String(http.StatusInternalServerError, "") | 
					
						
							| 
									
										
										
										
											2021-05-06 00:59:26 +02:00
										 |  |  | 			return | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		c.Data(200, "application/json; charset=utf-8", respBody) | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 		log.Error(). | 
					
						
							| 
									
										
										
										
											2021-08-05 20:57:47 +01:00
										 |  |  | 			Str("func", "handleAuthKey"). | 
					
						
							|  |  |  | 			Str("machine", m.Name). | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 			Msg("Failed authentication via AuthKey") | 
					
						
							| 
									
										
										
										
											2021-06-05 12:13:55 +02:00
										 |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	log.Debug(). | 
					
						
							| 
									
										
										
										
											2021-08-05 20:57:47 +01:00
										 |  |  | 		Str("func", "handleAuthKey"). | 
					
						
							|  |  |  | 		Str("machine", m.Name). | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 		Msg("Authentication key was valid, proceeding to acquire an IP address") | 
					
						
							| 
									
										
										
										
											2021-06-05 12:13:55 +02:00
										 |  |  | 	ip, err := h.getAvailableIP() | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 		log.Error(). | 
					
						
							| 
									
										
										
										
											2021-08-05 20:57:47 +01:00
										 |  |  | 			Str("func", "handleAuthKey"). | 
					
						
							|  |  |  | 			Str("machine", m.Name). | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 			Msg("Failed to find an available IP") | 
					
						
							| 
									
										
										
										
											2021-05-06 00:59:26 +02:00
										 |  |  | 		return | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 	} | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 	log.Info(). | 
					
						
							| 
									
										
										
										
											2021-08-05 20:57:47 +01:00
										 |  |  | 		Str("func", "handleAuthKey"). | 
					
						
							|  |  |  | 		Str("machine", m.Name). | 
					
						
							|  |  |  | 		Str("ip", ip.String()). | 
					
						
							| 
									
										
										
										
											2021-08-18 23:24:22 +01:00
										 |  |  | 		Msgf("Assigning %s to %s", ip, m.Name) | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-05 12:13:55 +02:00
										 |  |  | 	m.AuthKeyID = uint(pak.ID) | 
					
						
							|  |  |  | 	m.IPAddress = ip.String() | 
					
						
							|  |  |  | 	m.NamespaceID = pak.NamespaceID | 
					
						
							| 
									
										
										
										
											2021-06-25 18:57:08 +02:00
										 |  |  | 	m.NodeKey = wgkey.Key(req.NodeKey).HexString() // we update it just in case | 
					
						
							| 
									
										
										
										
											2021-06-05 12:13:55 +02:00
										 |  |  | 	m.Registered = true | 
					
						
							|  |  |  | 	m.RegisterMethod = "authKey" | 
					
						
							|  |  |  | 	db.Save(&m) | 
					
						
							| 
									
										
										
										
											2021-05-06 00:59:26 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-05 12:13:55 +02:00
										 |  |  | 	resp.MachineAuthorized = true | 
					
						
							|  |  |  | 	resp.User = *pak.Namespace.toUser() | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 	respBody, err := encode(resp, &idKey, h.privateKey) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 		log.Error(). | 
					
						
							| 
									
										
										
										
											2021-08-05 20:57:47 +01:00
										 |  |  | 			Str("func", "handleAuthKey"). | 
					
						
							|  |  |  | 			Str("machine", m.Name). | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 			Err(err). | 
					
						
							|  |  |  | 			Msg("Cannot encode message") | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | 		c.String(http.StatusInternalServerError, "Extremely sad!") | 
					
						
							|  |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	c.Data(200, "application/json; charset=utf-8", respBody) | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 	log.Info(). | 
					
						
							| 
									
										
										
										
											2021-08-05 20:57:47 +01:00
										 |  |  | 		Str("func", "handleAuthKey"). | 
					
						
							|  |  |  | 		Str("machine", m.Name). | 
					
						
							|  |  |  | 		Str("ip", ip.String()). | 
					
						
							| 
									
										
										
										
											2021-08-05 18:11:26 +01:00
										 |  |  | 		Msg("Successfully authenticated via AuthKey") | 
					
						
							| 
									
										
										
										
											2020-06-21 12:32:08 +02:00
										 |  |  | } |