Release 1.1 (#5)

* Crash fix in management server * Openvpn scripts fixes some refactoring * deploy fix * Scripts fix for macos * OpenVpn runtime error codes handling * MacOS deploy script fix * easyrsa scripts for MacOS * Refactoring Ui improvements Bug fixes * new server page fix * Fix some warnings, fix installation scripts (macOS) * Fix crash on fatal error, remove moc files from Windows installation * ss files * Fix issue with easyrsa * ss files * shadowsocks impl * ss fix * ui fix * Macos doc icon * travis scripts * server scripts fix * icon changed * Server scripts fix * travis fix * Bug fixes: - auto install tap - share connectionState - service crash fix * travis release * macos deploy
2021-01-27 00:57:02 +03:00 · 2021-01-27 00:57:02 +03:00 · 0569c6411e
commit 0569c6411e
parent c2a7d66cb4
80 changed files with 2881 additions and 321 deletions
--- a/client/core/openvpnconfigurator.cpp
+++ b/client/core/openvpnconfigurator.cpp
@ -57,12 +57,9 @@ ErrorCode OpenVpnConfigurator::initPKI(const QString &path)
 {
    QProcess p;
    p.setProcessChannelMode(QProcess::MergedChannels);
-    p.setProcessEnvironment(prepareEnv());

 #ifdef Q_OS_WIN
-    //p.setProgram("sh.exe");
-    //p.setNativeArguments(getEasyRsaShPath() + " init-pki");
-
+    p.setProcessEnvironment(prepareEnv());
    p.setProgram("cmd.exe");
    p.setNativeArguments(QString("/C \"sh.exe %1\"").arg(getEasyRsaShPath() + " init-pki"));
 #else
@ -72,9 +69,9 @@ ErrorCode OpenVpnConfigurator::initPKI(const QString &path)

    p.setWorkingDirectory(path);

-//    QObject::connect(&p, &QProcess::channelReadyRead, [&](){
-//        qDebug().noquote() << p.readAll();
-//    });
+    //    QObject::connect(&p, &QProcess::channelReadyRead, [&](){
+    //        qDebug().noquote() << p.readAll();
+    //    });

    p.start();
    p.waitForFinished();
@ -87,12 +84,9 @@ ErrorCode OpenVpnConfigurator::genReq(const QString &path, const QString &client
 {
    QProcess p;
    p.setProcessChannelMode(QProcess::MergedChannels);
-    p.setProcessEnvironment(prepareEnv());

 #ifdef Q_OS_WIN
-    //p.setProgram("sh.exe");
-    //p.setNativeArguments(getEasyRsaShPath() + " gen-req " + clientId + " nopass");
-
+    p.setProcessEnvironment(prepareEnv());
    p.setProgram("cmd.exe");
    p.setNativeArguments(QString("/C \"sh.exe %1\"").arg(getEasyRsaShPath() + " gen-req " + clientId + " nopass"));
 #else
@ -125,15 +119,16 @@ OpenVpnConfigurator::ConnectionData OpenVpnConfigurator::createCertRequest()
    connData.clientId = getRandomString(32);

    QTemporaryDir dir;
-//    if (dir.isValid()) {
-//            // dir.path() returns the unique directory path
-//    }
+    //    if (dir.isValid()) {
+    //            // dir.path() returns the unique directory path
+    //    }

    QString path = dir.path();

    initPKI(path);
    ErrorCode errorCode = genReq(path, connData.clientId);

+    Q_UNUSED(errorCode)

    QFile req(path + "/pki/reqs/" + connData.clientId + ".req");
    req.open(QIODevice::ReadOnly);
@ -143,52 +138,85 @@ OpenVpnConfigurator::ConnectionData OpenVpnConfigurator::createCertRequest()
    key.open(QIODevice::ReadOnly);
    connData.privKey = key.readAll();

-//    qDebug().noquote() << connData.request;
-//    qDebug().noquote() << connData.privKey;
+    //    qDebug().noquote() << connData.request;
+    //    qDebug().noquote() << connData.privKey;

    return connData;
 }

-OpenVpnConfigurator::ConnectionData OpenVpnConfigurator::prepareOpenVpnConfig(const ServerCredentials &credentials, ErrorCode *errorCode)
+OpenVpnConfigurator::ConnectionData OpenVpnConfigurator::prepareOpenVpnConfig(const ServerCredentials &credentials,
+    Protocol proto, ErrorCode *errorCode)
 {
    OpenVpnConfigurator::ConnectionData connData = OpenVpnConfigurator::createCertRequest();
    connData.host = credentials.hostName;

    if (connData.privKey.isEmpty() || connData.request.isEmpty()) {
-       *errorCode = ErrorCode::EasyRsaExecutableMissing;
+        if (errorCode) *errorCode = ErrorCode::EasyRsaExecutableMissing;
        return connData;
    }

    QString reqFileName = QString("/opt/amneziavpn_data/clients/%1.req").arg(connData.clientId);
-    ErrorCode e = ServerController::uploadTextFileToContainer(credentials, connData.request, reqFileName);
-    if (e) {
-        *errorCode = e;
+
+    DockerContainer container;
+    if (proto == Protocol::OpenVpn) container = DockerContainer::OpenVpn;
+    else if (proto == Protocol::ShadowSocks) container = DockerContainer::ShadowSocks;
+    else {
+        if (errorCode) *errorCode = ErrorCode::InternalError;
        return connData;
    }

-    ServerController::signCert(credentials, connData.clientId);
-
-    connData.caCert = ServerController::getTextFileFromContainer(credentials, ServerController::caCertPath(), &e);
-    connData.clientCert = ServerController::getTextFileFromContainer(credentials, ServerController::clientCertPath() + QString("%1.crt").arg(connData.clientId), &e);
+    ErrorCode e = ServerController::uploadTextFileToContainer(container, credentials, connData.request, reqFileName);
    if (e) {
-        *errorCode = e;
+        if (errorCode) *errorCode = e;
        return connData;
    }

-    connData.taKey = ServerController::getTextFileFromContainer(credentials, ServerController::taKeyPath(), &e);
+    e = ServerController::signCert(container, credentials, connData.clientId);
+    if (e) {
+        if (errorCode) *errorCode = e;
+        return connData;
+    }
+
+    connData.caCert = ServerController::getTextFileFromContainer(container, credentials, ServerController::caCertPath(), &e);
+    connData.clientCert = ServerController::getTextFileFromContainer(container, credentials, ServerController::clientCertPath() + QString("%1.crt").arg(connData.clientId), &e);
+    if (e) {
+        if (errorCode) *errorCode = e;
+        return connData;
+    }
+
+    connData.taKey = ServerController::getTextFileFromContainer(container, credentials, ServerController::taKeyPath(), &e);
+
+    if (connData.caCert.isEmpty() || connData.clientCert.isEmpty() || connData.taKey.isEmpty()) {
+        if (errorCode) *errorCode = ErrorCode::RemoteProcessCrashError;
+    }
+
+    ServerController::setupServerFirewall(credentials);

    return connData;
 }

-QString OpenVpnConfigurator::genOpenVpnConfig(const ServerCredentials &credentials, ErrorCode *errorCode)
+QString OpenVpnConfigurator::genOpenVpnConfig(const ServerCredentials &credentials,
+    Protocol proto, ErrorCode *errorCode)
 {
-    QFile configTemplFile(":/server_scripts/template.ovpn");
+    QFile configTemplFile;
+    if (proto == Protocol::OpenVpn)
+        configTemplFile.setFileName(":/server_scripts/template_openvpn.ovpn");
+    else if (proto == Protocol::ShadowSocks) {
+        configTemplFile.setFileName(":/server_scripts/template_shadowsocks.ovpn");
+    }
+
    configTemplFile.open(QIODevice::ReadOnly);
    QString config = configTemplFile.readAll();

-    ConnectionData connData = prepareOpenVpnConfig(credentials, errorCode);
+    ConnectionData connData = prepareOpenVpnConfig(credentials, proto, errorCode);
+
+    if (proto == Protocol::OpenVpn)
+        config.replace("$PROTO", "udp");
+    else if (proto == Protocol::ShadowSocks) {
+        config.replace("$PROTO", "tcp");
+        config.replace("$LOCAL_PROXY_PORT", QString::number(ServerController::ssContainerPort()));
+    }

-    config.replace("$PROTO", "udp");
    config.replace("$REMOTE_HOST", connData.host);
    config.replace("$REMOTE_PORT", "1194");
    config.replace("$CA_CERT", connData.caCert);