From 9b7d657cbe4ae7f648798a7080819f3863f6b7c8 Mon Sep 17 00:00:00 2001 From: Jamie Greeff Date: Wed, 29 Dec 2021 09:58:10 +0000 Subject: [PATCH] Return all peers instead of peers in same namespace --- dns.go | 6 +++- machine.go | 87 ++++++++++++++++++++++++++++++++++++++---------------- 2 files changed, 67 insertions(+), 26 deletions(-) diff --git a/dns.go b/dns.go index 8ecd993c..37daa884 100644 --- a/dns.go +++ b/dns.go @@ -163,7 +163,11 @@ func getMapResponseDNSConfig( dnsConfig = dnsConfigOrig.Clone() dnsConfig.Domains = append( dnsConfig.Domains, - fmt.Sprintf("%s.%s", machine.Namespace.Name, baseDomain), + fmt.Sprintf( + "%s.%s", + strings.Replace(machine.Namespace.Name, "@", ".", -1), // Replace @ with . for valid domain for machine + baseDomain, + ), ) namespaceSet := set.New(set.ThreadSafe) diff --git a/machine.go b/machine.go index 2b462985..aef310c5 100644 --- a/machine.go +++ b/machine.go @@ -119,6 +119,33 @@ func (machine Machine) isExpired() bool { return time.Now().UTC().After(*machine.Expiry) } +// Our Pineapple fork of Headscale ignores namespaces when dealing with peers +// and instead passes ALL peers across all namespaces to each client. Access between clients +// is then enforced with ACL policies. +func (h *Headscale) getAllPeers(machine *Machine) (Machines, error) { + log.Trace(). + Caller(). + Str("machine", machine.Name). + Msg("Finding all peers") + + machines := Machines{} + if err := h.db.Preload("Namespace").Where("machine_key <> ? AND registered", + machine.MachineKey).Find(&machines).Error; err != nil { + log.Error().Err(err).Msg("Error accessing db") + + return Machines{}, err + } + + sort.Slice(machines, func(i, j int) bool { return machines[i].ID < machines[j].ID }) + + log.Trace(). + Caller(). + Str("machine", machine.Name). + Msgf("Found all machines: %s", machines.String()) + + return machines, nil +} + func (h *Headscale) getDirectPeers(machine *Machine) (Machines, error) { log.Trace(). Caller(). @@ -206,7 +233,40 @@ func (h *Headscale) getSharedTo(machine *Machine) (Machines, error) { } func (h *Headscale) getPeers(machine *Machine) (Machines, error) { - direct, err := h.getDirectPeers(machine) + // direct, err := h.getDirectPeers(machine) + // if err != nil { + // log.Error(). + // Caller(). + // Err(err). + // Msg("Cannot fetch peers") + + // return Machines{}, err + // } + + // shared, err := h.getShared(machine) + // if err != nil { + // log.Error(). + // Caller(). + // Err(err). + // Msg("Cannot fetch peers") + + // return Machines{}, err + // } + + // sharedTo, err := h.getSharedTo(machine) + // if err != nil { + // log.Error(). + // Caller(). + // Err(err). + // Msg("Cannot fetch peers") + + // return Machines{}, err + // } + + // peers := append(direct, shared...) + // peers = append(peers, sharedTo...) + + peers, err := h.getAllPeers(machine) if err != nil { log.Error(). Caller(). @@ -216,29 +276,6 @@ func (h *Headscale) getPeers(machine *Machine) (Machines, error) { return Machines{}, err } - shared, err := h.getShared(machine) - if err != nil { - log.Error(). - Caller(). - Err(err). - Msg("Cannot fetch peers") - - return Machines{}, err - } - - sharedTo, err := h.getSharedTo(machine) - if err != nil { - log.Error(). - Caller(). - Err(err). - Msg("Cannot fetch peers") - - return Machines{}, err - } - - peers := append(direct, shared...) - peers = append(peers, sharedTo...) - sort.Slice(peers, func(i, j int) bool { return peers[i].ID < peers[j].ID }) log.Trace(). @@ -597,7 +634,7 @@ func (machine Machine) toNode( hostname = fmt.Sprintf( "%s.%s.%s", machine.Name, - machine.Namespace.Name, + strings.Replace(machine.Namespace.Name, "@", ".", -1), // Replace @ with . for valid domain for machine baseDomain, ) } else {