| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | // Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved. | 
					
						
							|  |  |  | // Use of this source code is governed by a BSD-style | 
					
						
							|  |  |  | // license that can be found in the LICENSE file. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | package ipn | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | import ( | 
					
						
							|  |  |  | 	"encoding/json" | 
					
						
							|  |  |  | 	"fmt" | 
					
						
							|  |  |  | 	"io/ioutil" | 
					
						
							|  |  |  | 	"log" | 
					
						
							|  |  |  | 	"os" | 
					
						
							|  |  |  | 	"path/filepath" | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-02-17 19:33:01 -08:00
										 |  |  | 	"github.com/tailscale/wireguard-go/wgcfg" | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	"tailscale.com/atomicfile" | 
					
						
							|  |  |  | 	"tailscale.com/control/controlclient" | 
					
						
							|  |  |  | ) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-02-17 15:45:30 -08:00
										 |  |  | // Prefs are the user modifiable settings of the Tailscale node agent. | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | type Prefs struct { | 
					
						
							| 
									
										
										
										
											2020-02-18 21:03:22 -08:00
										 |  |  | 	// ControlURL is the URL of the control server to use. | 
					
						
							|  |  |  | 	ControlURL string | 
					
						
							| 
									
										
										
										
											2020-02-17 15:45:30 -08:00
										 |  |  | 	// RouteAll specifies whether to accept subnet and default routes | 
					
						
							|  |  |  | 	// advertised by other nodes on the Tailscale network. | 
					
						
							|  |  |  | 	RouteAll bool | 
					
						
							|  |  |  | 	// AllowSingleHosts specifies whether to install routes for each | 
					
						
							|  |  |  | 	// node IP on the tailscale network, in addition to a route for | 
					
						
							|  |  |  | 	// the whole network. | 
					
						
							|  |  |  | 	// | 
					
						
							|  |  |  | 	// TODO(danderson): why do we have this? It dumps a lot of stuff | 
					
						
							|  |  |  | 	// into the routing table, and a single network route _should_ be | 
					
						
							|  |  |  | 	// all that we need. But when I turn this off in my tailscaled, | 
					
						
							|  |  |  | 	// packets stop flowing. What's up with that? | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	AllowSingleHosts bool | 
					
						
							| 
									
										
										
										
											2020-02-17 15:45:30 -08:00
										 |  |  | 	// CorpDNS specifies whether to install the Tailscale network's | 
					
						
							|  |  |  | 	// DNS configuration, if it exists. | 
					
						
							|  |  |  | 	CorpDNS bool | 
					
						
							|  |  |  | 	// WantRunning indicates whether networking should be active on | 
					
						
							|  |  |  | 	// this node. | 
					
						
							|  |  |  | 	WantRunning bool | 
					
						
							| 
									
										
										
										
											2020-04-29 02:37:35 -04:00
										 |  |  | 	// ShieldsUp indicates whether to block all incoming connections, | 
					
						
							|  |  |  | 	// regardless of the control-provided packet filter. If false, we | 
					
						
							|  |  |  | 	// use the packet filter as provided. If true, we block incoming | 
					
						
							|  |  |  | 	// connections. | 
					
						
							|  |  |  | 	ShieldsUp bool | 
					
						
							| 
									
										
										
										
											2020-02-17 15:45:30 -08:00
										 |  |  | 	// AdvertiseRoutes specifies CIDR prefixes to advertise into the | 
					
						
							|  |  |  | 	// Tailscale network as reachable through the current node. | 
					
						
							| 
									
										
										
										
											2020-02-17 19:33:01 -08:00
										 |  |  | 	AdvertiseRoutes []wgcfg.CIDR | 
					
						
							| 
									
										
										
										
											2020-05-01 01:01:27 -04:00
										 |  |  | 	// AdvertiseTags specifies groups that this node wants to join, for | 
					
						
							|  |  |  | 	// purposes of ACL enforcement. These can be referenced from the ACL | 
					
						
							|  |  |  | 	// security policy. Note that advertising a tag doesn't guarantee that | 
					
						
							|  |  |  | 	// the control server will allow you to take on the rights for that | 
					
						
							|  |  |  | 	// tag. | 
					
						
							|  |  |  | 	AdvertiseTags []string | 
					
						
							| 
									
										
										
										
											2020-02-17 15:45:30 -08:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	// NotepadURLs is a debugging setting that opens OAuth URLs in | 
					
						
							|  |  |  | 	// notepad.exe on Windows, rather than loading them in a browser. | 
					
						
							|  |  |  | 	// | 
					
						
							| 
									
										
										
										
											2020-04-29 02:37:35 -04:00
										 |  |  | 	// apenwarr 2020-04-29: Unfortunately this is still needed sometimes. | 
					
						
							|  |  |  | 	// Windows' default browser setting is sometimes screwy and this helps | 
					
						
							| 
									
										
										
										
											2020-05-01 01:01:27 -04:00
										 |  |  | 	// users narrow it down a bit. | 
					
						
							| 
									
										
										
										
											2020-02-17 15:45:30 -08:00
										 |  |  | 	NotepadURLs bool | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-03-04 12:21:40 -08:00
										 |  |  | 	// DisableDERP prevents DERP from being used. | 
					
						
							|  |  |  | 	DisableDERP bool | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	// The Persist field is named 'Config' in the file for backward | 
					
						
							|  |  |  | 	// compatibility with earlier versions. | 
					
						
							|  |  |  | 	// TODO(apenwarr): We should move this out of here, it's not a pref. | 
					
						
							|  |  |  | 	//  We can maybe do that once we're sure which module should persist | 
					
						
							|  |  |  | 	//  it (backend or frontend?) | 
					
						
							|  |  |  | 	Persist *controlclient.Persist `json:"Config"` | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-02-03 10:35:52 -08:00
										 |  |  | // IsEmpty reports whether p is nil or pointing to a Prefs zero value. | 
					
						
							| 
									
										
										
										
											2020-02-17 15:01:23 -08:00
										 |  |  | func (p *Prefs) IsEmpty() bool { return p == nil || p.Equals(&Prefs{}) } | 
					
						
							| 
									
										
										
										
											2020-02-03 10:35:52 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-02-17 15:01:23 -08:00
										 |  |  | func (p *Prefs) Pretty() string { | 
					
						
							|  |  |  | 	var pp string | 
					
						
							|  |  |  | 	if p.Persist != nil { | 
					
						
							|  |  |  | 		pp = p.Persist.Pretty() | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	} else { | 
					
						
							| 
									
										
										
										
											2020-02-17 15:01:23 -08:00
										 |  |  | 		pp = "Persist=nil" | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	} | 
					
						
							| 
									
										
										
										
											2020-04-29 02:37:35 -04:00
										 |  |  | 	return fmt.Sprintf("Prefs{ra=%v mesh=%v dns=%v want=%v notepad=%v derp=%v shields=%v routes=%v %v}", | 
					
						
							| 
									
										
										
										
											2020-02-17 15:01:23 -08:00
										 |  |  | 		p.RouteAll, p.AllowSingleHosts, p.CorpDNS, p.WantRunning, | 
					
						
							| 
									
										
										
										
											2020-04-29 02:37:35 -04:00
										 |  |  | 		p.NotepadURLs, !p.DisableDERP, p.ShieldsUp, p.AdvertiseRoutes, pp) | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-02-17 15:01:23 -08:00
										 |  |  | func (p *Prefs) ToBytes() []byte { | 
					
						
							|  |  |  | 	data, err := json.MarshalIndent(p, "", "\t") | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		log.Fatalf("Prefs marshal: %v\n", err) | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	return data | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-02-17 15:01:23 -08:00
										 |  |  | func (p *Prefs) Equals(p2 *Prefs) bool { | 
					
						
							|  |  |  | 	if p == nil && p2 == nil { | 
					
						
							|  |  |  | 		return true | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	if p == nil || p2 == nil { | 
					
						
							|  |  |  | 		return false | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	return p != nil && p2 != nil && | 
					
						
							| 
									
										
										
										
											2020-02-18 21:03:22 -08:00
										 |  |  | 		p.ControlURL == p2.ControlURL && | 
					
						
							| 
									
										
										
										
											2020-02-17 15:01:23 -08:00
										 |  |  | 		p.RouteAll == p2.RouteAll && | 
					
						
							|  |  |  | 		p.AllowSingleHosts == p2.AllowSingleHosts && | 
					
						
							|  |  |  | 		p.CorpDNS == p2.CorpDNS && | 
					
						
							|  |  |  | 		p.WantRunning == p2.WantRunning && | 
					
						
							|  |  |  | 		p.NotepadURLs == p2.NotepadURLs && | 
					
						
							| 
									
										
										
										
											2020-03-04 12:21:40 -08:00
										 |  |  | 		p.DisableDERP == p2.DisableDERP && | 
					
						
							| 
									
										
										
										
											2020-04-29 02:37:35 -04:00
										 |  |  | 		p.ShieldsUp == p2.ShieldsUp && | 
					
						
							| 
									
										
										
										
											2020-02-17 15:01:23 -08:00
										 |  |  | 		compareIPNets(p.AdvertiseRoutes, p2.AdvertiseRoutes) && | 
					
						
							| 
									
										
										
										
											2020-05-01 01:01:27 -04:00
										 |  |  | 		compareStrings(p.AdvertiseTags, p2.AdvertiseTags) && | 
					
						
							| 
									
										
										
										
											2020-02-17 15:01:23 -08:00
										 |  |  | 		p.Persist.Equals(p2.Persist) | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-02-17 19:33:01 -08:00
										 |  |  | func compareIPNets(a, b []wgcfg.CIDR) bool { | 
					
						
							| 
									
										
										
										
											2020-02-17 15:01:23 -08:00
										 |  |  | 	if len(a) != len(b) { | 
					
						
							|  |  |  | 		return false | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	for i := range a { | 
					
						
							| 
									
										
										
										
											2020-03-16 20:27:00 -07:00
										 |  |  | 		if !a[i].IP.Equal(b[i].IP) || a[i].Mask != b[i].Mask { | 
					
						
							| 
									
										
										
										
											2020-02-17 15:01:23 -08:00
										 |  |  | 			return false | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	return true | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-05-01 01:01:27 -04:00
										 |  |  | func compareStrings(a, b []string) bool { | 
					
						
							|  |  |  | 	if len(a) != len(b) { | 
					
						
							|  |  |  | 		return false | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	for i := range a { | 
					
						
							|  |  |  | 		if a[i] != b[i] { | 
					
						
							|  |  |  | 			return false | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	return true | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-02-20 11:07:00 -08:00
										 |  |  | func NewPrefs() *Prefs { | 
					
						
							|  |  |  | 	return &Prefs{ | 
					
						
							|  |  |  | 		// Provide default values for options which might be missing | 
					
						
							|  |  |  | 		// from the json data for any reason. The json can still | 
					
						
							|  |  |  | 		// override them to false. | 
					
						
							| 
									
										
										
										
											2020-02-18 21:03:22 -08:00
										 |  |  | 		ControlURL:       "https://login.tailscale.com", | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 		RouteAll:         true, | 
					
						
							|  |  |  | 		AllowSingleHosts: true, | 
					
						
							|  |  |  | 		CorpDNS:          true, | 
					
						
							|  |  |  | 		WantRunning:      true, | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-02-20 11:07:00 -08:00
										 |  |  | // PrefsFromBytes deserializes Prefs from a JSON blob. If | 
					
						
							|  |  |  | // enforceDefaults is true, Prefs.RouteAll and Prefs.AllowSingleHosts | 
					
						
							|  |  |  | // are forced on. | 
					
						
							|  |  |  | func PrefsFromBytes(b []byte, enforceDefaults bool) (*Prefs, error) { | 
					
						
							| 
									
										
										
										
											2020-02-17 15:01:23 -08:00
										 |  |  | 	p := NewPrefs() | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	if len(b) == 0 { | 
					
						
							| 
									
										
										
										
											2020-02-17 15:01:23 -08:00
										 |  |  | 		return p, nil | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	} | 
					
						
							|  |  |  | 	persist := &controlclient.Persist{} | 
					
						
							|  |  |  | 	err := json.Unmarshal(b, persist) | 
					
						
							|  |  |  | 	if err == nil && (persist.Provider != "" || persist.LoginName != "") { | 
					
						
							|  |  |  | 		// old-style relaynode config; import it | 
					
						
							| 
									
										
										
										
											2020-02-17 15:01:23 -08:00
										 |  |  | 		p.Persist = persist | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	} else { | 
					
						
							| 
									
										
										
										
											2020-02-17 15:01:23 -08:00
										 |  |  | 		err = json.Unmarshal(b, &p) | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 		if err != nil { | 
					
						
							|  |  |  | 			log.Printf("Prefs parse: %v: %v\n", err, b) | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	if enforceDefaults { | 
					
						
							| 
									
										
										
										
											2020-02-17 15:01:23 -08:00
										 |  |  | 		p.RouteAll = true | 
					
						
							|  |  |  | 		p.AllowSingleHosts = true | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	} | 
					
						
							| 
									
										
										
										
											2020-02-17 15:01:23 -08:00
										 |  |  | 	return p, err | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-02-27 12:20:29 -08:00
										 |  |  | // Clone returns a deep copy of p. | 
					
						
							|  |  |  | func (p *Prefs) Clone() *Prefs { | 
					
						
							|  |  |  | 	// TODO: write a faster/non-Fatal-y Clone implementation? | 
					
						
							| 
									
										
										
										
											2020-02-17 15:01:23 -08:00
										 |  |  | 	p2, err := PrefsFromBytes(p.ToBytes(), false) | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		log.Fatalf("Prefs was uncopyable: %v\n", err) | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2020-02-20 11:07:00 -08:00
										 |  |  | 	return p2 | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-02-20 11:07:00 -08:00
										 |  |  | // LoadLegacyPrefs loads a legacy relaynode config file into Prefs | 
					
						
							|  |  |  | // with sensible migration defaults set. If enforceDefaults is true, | 
					
						
							|  |  |  | // Prefs.RouteAll and Prefs.AllowSingleHosts are forced on. | 
					
						
							|  |  |  | func LoadPrefs(filename string, enforceDefaults bool) (*Prefs, error) { | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	data, err := ioutil.ReadFile(filename) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							| 
									
										
										
										
											2020-02-20 11:07:00 -08:00
										 |  |  | 		return nil, fmt.Errorf("loading prefs from %q: %v", filename, err) | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	} | 
					
						
							| 
									
										
										
										
											2020-02-20 11:07:00 -08:00
										 |  |  | 	p, err := PrefsFromBytes(data, false) | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	if err != nil { | 
					
						
							| 
									
										
										
										
											2020-02-20 11:07:00 -08:00
										 |  |  | 		return nil, fmt.Errorf("decoding prefs in %q: %v", filename, err) | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	} | 
					
						
							| 
									
										
										
										
											2020-02-20 11:07:00 -08:00
										 |  |  | 	return p, nil | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-02-17 15:01:23 -08:00
										 |  |  | func SavePrefs(filename string, p *Prefs) { | 
					
						
							|  |  |  | 	log.Printf("Saving prefs %v %v\n", filename, p.Pretty()) | 
					
						
							|  |  |  | 	data := p.ToBytes() | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	os.MkdirAll(filepath.Dir(filename), 0700) | 
					
						
							|  |  |  | 	if err := atomicfile.WriteFile(filename, data, 0666); err != nil { | 
					
						
							|  |  |  | 		log.Printf("SavePrefs: %v\n", err) | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | } |