Wireguard protocol + refactoring

2021-06-12 11:59:36 +03:00 · 2021-06-12 11:59:36 +03:00 · 2f6fb0d557
commit 2f6fb0d557
parent 8bdfe1741a
41 changed files with 1245 additions and 152 deletions
--- a/client/configurators/openvpn_configurator.cpp
+++ b/client/configurators/openvpn_configurator.cpp
@ -5,11 +5,11 @@
 #include <QTemporaryDir>
 #include <QDebug>
 #include <QTemporaryFile>
-#include <utils.h>

 #include "core/server_defs.h"
 #include "protocols/protocols_defs.h"
 #include "core/scripts_registry.h"
+#include "utils.h"

 QString OpenVpnConfigurator::getEasyRsaShPath()
 {
@ -227,7 +227,7 @@ QString OpenVpnConfigurator::processConfigWithLocalSettings(QString config)
    config.replace("$PRIMARY_DNS", m_settings().primaryDns());
    config.replace("$SECONDARY_DNS", m_settings().secondaryDns());

-    if (m_settings().routeMode() == Settings::VpnOnlyForwardSites) {
+    if (m_settings().routeMode() != Settings::VpnAllSites) {
        config.replace("redirect-gateway def1 bypass-dhcp", "");
    }
    else {
@ -266,40 +266,6 @@ QString OpenVpnConfigurator::processConfigWithExportSettings(QString config)
    return config;
 }

-QString OpenVpnConfigurator::convertOpenSShKey(const QString &key)
-{
-    QProcess p;
-    p.setProcessChannelMode(QProcess::MergedChannels);
-
-    QTemporaryFile tmp;
-#ifdef QT_DEBUG
-    tmp.setAutoRemove(false);
-#endif
-    tmp.open();
-    tmp.write(key.toUtf8());
-    tmp.close();
-
-    // ssh-keygen -p -P "" -N "" -m pem -f id_ssh
-
-#ifdef Q_OS_WIN
-    p.setProcessEnvironment(prepareEnv());
-    p.setProgram("cmd.exe");
-    p.setNativeArguments(QString("/C \"ssh-keygen.exe -p -P \"\" -N \"\" -m pem -f \"%1\"\"").arg(tmp.fileName()));
-#else
-    p.setProgram("ssh-keygen");
-    p.setArguments(QStringList() << "-p" << "-P" << "" << "-N" << "" << "-m" << "pem" << "-f" << tmp.fileName());
-#endif
-
-    p.start();
-    p.waitForFinished();
-
-    qDebug().noquote() << "OpenVpnConfigurator::convertOpenSShKey" << p.exitCode() << p.exitStatus() << p.readAll();
-
-    tmp.open();
-
-    return tmp.readAll();
-}
-
 ErrorCode OpenVpnConfigurator::signCert(DockerContainer container,
    const ServerCredentials &credentials, QString clientId)
 {
--- a/client/configurators/openvpn_configurator.h
+++ b/client/configurators/openvpn_configurator.h
@ -28,8 +28,6 @@ public:
    static QString processConfigWithLocalSettings(QString config);
    static QString processConfigWithExportSettings(QString config);

-    static QString convertOpenSShKey(const QString &key);
-
    static ErrorCode signCert(DockerContainer container,
        const ServerCredentials &credentials, QString clientId);

--- a/client/configurators/ssh_configurator.cpp
+++ b/client/configurators/ssh_configurator.cpp
@ -0,0 +1,95 @@
+#include "ssh_configurator.h"
+#include <QApplication>
+#include <QProcess>
+#include <QString>
+#include <QTemporaryDir>
+#include <QDebug>
+#include <QTemporaryFile>
+#include <QThread>
+#include <QObject>
+#include <QTextEdit>
+#include <QPlainTextEdit>
+#include <qtimer.h>
+
+#include "core/server_defs.h"
+#include "utils.h"
+
+using namespace QSsh;
+
+
+QString SshConfigurator::convertOpenSShKey(const QString &key)
+{
+    QProcess p;
+    p.setProcessChannelMode(QProcess::MergedChannels);
+
+    QTemporaryFile tmp;
+#ifdef QT_DEBUG
+    tmp.setAutoRemove(false);
+#endif
+    tmp.open();
+    tmp.write(key.toUtf8());
+    tmp.close();
+
+    // ssh-keygen -p -P "" -N "" -m pem -f id_ssh
+
+#ifdef Q_OS_WIN
+    p.setProcessEnvironment(prepareEnv());
+    p.setProgram("cmd.exe");
+    p.setNativeArguments(QString("/C \"ssh-keygen.exe -p -P \"\" -N \"\" -m pem -f \"%1\"\"").arg(tmp.fileName()));
+#else
+    p.setProgram("ssh-keygen");
+    p.setArguments(QStringList() << "-p" << "-P" << "" << "-N" << "" << "-m" << "pem" << "-f" << tmp.fileName());
+#endif
+
+    p.start();
+    p.waitForFinished();
+
+    qDebug().noquote() << "OpenVpnConfigurator::convertOpenSShKey" << p.exitCode() << p.exitStatus() << p.readAll();
+
+    tmp.open();
+
+    return tmp.readAll();
+}
+
+void SshConfigurator::openSshTerminal(const ServerCredentials &credentials)
+{
+    QProcess *p = new QProcess();
+    p->setReadChannelMode(QProcess::SeparateChannels);
+
+#ifdef Q_OS_WIN
+    p->setProcessEnvironment(prepareEnv());
+    p->setProgram(qApp->applicationDirPath() + "\\cygwin\\putty.exe");
+
+    if (credentials.password.contains("PRIVATE KEY")) {
+        // todo: connect by key
+//        p->setNativeArguments(QString("%1@%2")
+//            .arg(credentials.userName).arg(credentials.hostName).arg(credentials.password));
+    }
+    else {
+        p->setNativeArguments(QString("%1@%2 -pw %3")
+            .arg(credentials.userName).arg(credentials.hostName).arg(credentials.password));
+    }
+#else
+    p.setProgram("/bin/bash");
+#endif
+
+    p->startDetached();
+}
+
+QProcessEnvironment SshConfigurator::prepareEnv()
+{
+    QProcessEnvironment env = QProcessEnvironment::systemEnvironment();
+    QString pathEnvVar = env.value("PATH");
+
+#ifdef Q_OS_WIN
+    pathEnvVar.clear();
+    pathEnvVar.prepend(QDir::toNativeSeparators(QApplication::applicationDirPath()) + "\\cygwin;");
+    pathEnvVar.prepend(QDir::toNativeSeparators(QApplication::applicationDirPath()) + "\\openvpn;");
+#else
+    pathEnvVar.prepend(QDir::toNativeSeparators(QApplication::applicationDirPath()) + "/Contents/MacOS");
+#endif
+
+    env.insert("PATH", pathEnvVar);
+    //qDebug().noquote() << "ENV PATH" << pathEnvVar;
+    return env;
+}
--- a/client/configurators/ssh_configurator.h
+++ b/client/configurators/ssh_configurator.h
@ -0,0 +1,20 @@
+#ifndef SSH_CONFIGURATOR_H
+#define SSH_CONFIGURATOR_H
+
+#include <QObject>
+#include <QProcessEnvironment>
+
+#include "core/defs.h"
+#include "settings.h"
+#include "core/servercontroller.h"
+
+class SshConfigurator
+{
+public:
+    static QProcessEnvironment prepareEnv();
+    static QString convertOpenSShKey(const QString &key);
+    static void openSshTerminal(const ServerCredentials &credentials);
+
+};
+
+#endif // SSH_CONFIGURATOR_H
--- a/client/configurators/wireguard_configurator.cpp
+++ b/client/configurators/wireguard_configurator.cpp
@ -0,0 +1,178 @@
+#include "wireguard_configurator.h"
+#include <QApplication>
+#include <QProcess>
+#include <QString>
+#include <QTemporaryDir>
+#include <QDebug>
+#include <QTemporaryFile>
+
+#include "sftpdefs.h"
+
+#include "core/server_defs.h"
+#include "protocols/protocols_defs.h"
+#include "core/scripts_registry.h"
+#include "utils.h"
+
+QProcessEnvironment WireguardConfigurator::prepareEnv()
+{
+    QProcessEnvironment env = QProcessEnvironment::systemEnvironment();
+    QString pathEnvVar = env.value("PATH");
+
+#ifdef Q_OS_WIN
+    pathEnvVar.clear();
+    pathEnvVar.prepend(QDir::toNativeSeparators(QApplication::applicationDirPath()) + "\\wireguard;");
+#else
+    pathEnvVar.prepend(QDir::toNativeSeparators(QApplication::applicationDirPath()) + "/Contents/MacOS");
+#endif
+
+    env.insert("PATH", pathEnvVar);
+    qDebug().noquote() << "ENV PATH" << pathEnvVar;
+    return env;
+}
+
+WireguardConfigurator::ConnectionData WireguardConfigurator::genClientKeys()
+{
+    ConnectionData connData;
+
+    QString program;
+#ifdef Q_OS_WIN
+    program = QDir::toNativeSeparators(QApplication::applicationDirPath()) + "\\wireguard\\wg.exe";
+#else
+    program = QDir::toNativeSeparators(QApplication::applicationDirPath()) + "/Contents/MacOS/wg";
+#endif
+
+    // Priv
+    {
+        QProcess p;
+        p.setProcessEnvironment(prepareEnv());
+        p.setProcessChannelMode(QProcess::MergedChannels);
+        p.setProgram(program);
+
+        p.setArguments(QStringList() << "genkey");
+
+        p.start();
+        p.waitForFinished();
+
+        connData.clientPrivKey = QString(p.readAll());
+        connData.clientPrivKey.replace("\r", "");
+        connData.clientPrivKey.replace("\n", "");
+    }
+
+    // Pub
+    {
+        QProcess p;
+        p.setProcessEnvironment(prepareEnv());
+        p.setProcessChannelMode(QProcess::MergedChannels);
+        p.setProgram(program);
+
+        p.setArguments(QStringList() << "pubkey");
+
+        p.start();
+        p.write(connData.clientPrivKey.toUtf8());
+        p.closeWriteChannel();
+        p.waitForFinished();
+
+        connData.clientPubKey = QString(p.readAll());
+        connData.clientPubKey.replace("\r", "");
+        connData.clientPubKey.replace("\n", "");
+    }
+
+    return connData;
+}
+
+WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardConfig(const ServerCredentials &credentials,
+    DockerContainer container, ErrorCode *errorCode)
+{
+    WireguardConfigurator::ConnectionData connData = WireguardConfigurator::genClientKeys();
+    connData.host = credentials.hostName;
+
+    if (connData.clientPrivKey.isEmpty() || connData.clientPubKey.isEmpty()) {
+        if (errorCode) *errorCode = ErrorCode::EasyRsaExecutableMissing;
+        return connData;
+    }
+
+    ErrorCode e = ErrorCode::NoError;
+    connData.serverPubKey = ServerController::getTextFileFromContainer(container, credentials, amnezia::protocols::wireguard::serverPublicKeyPath, &e);
+    connData.serverPubKey.replace("\n", "");
+    if (e) {
+        if (errorCode) *errorCode = e;
+        return connData;
+    }
+
+    connData.pskKey = ServerController::getTextFileFromContainer(container, credentials, amnezia::protocols::wireguard::serverPskKeyPath, &e);
+    connData.pskKey.replace("\n", "");
+
+    if (e) {
+        if (errorCode) *errorCode = e;
+        return connData;
+    }
+
+
+    QString configPart = QString(
+        "[Peer]\n"
+        "PublicKey = %1\n"
+        "PresharedKey = %2\n"
+        "AllowedIPs = $WIREGUARD_SUBNET_IP/$WIREGUARD_SUBNET_CIDR\n\n").
+            arg(connData.clientPubKey).
+            arg(connData.pskKey);
+
+    configPart = ServerController::replaceVars(configPart, ServerController::genVarsForScript(credentials, container));
+
+    qDebug().noquote() << "Adding wg conf part to server" << configPart;
+
+    e = ServerController::uploadTextFileToContainer(container, credentials, configPart,
+        protocols::wireguard::serverConfigPath, QSsh::SftpOverwriteMode::SftpAppendToExisting);
+
+    if (e) {
+        if (errorCode) *errorCode = e;
+        return connData;
+    }
+
+    e = ServerController::runScript(ServerController::sshParams(credentials),
+        ServerController::replaceVars("sudo docker exec -i $CONTAINER_NAME bash -c 'wg syncconf wg0 <(wg-quick strip /opt/amnezia/wireguard/wg0.conf)'",
+            ServerController::genVarsForScript(credentials, container)));
+
+    return connData;
+}
+
+Settings &WireguardConfigurator::m_settings()
+{
+    static Settings s;
+    return s;
+}
+
+QString WireguardConfigurator::genWireguardConfig(const ServerCredentials &credentials,
+    DockerContainer container, const QJsonObject &containerConfig, ErrorCode *errorCode)
+{
+    QString config = ServerController::replaceVars(amnezia::scriptData(ProtocolScriptType::wireguard_template, container),
+            ServerController::genVarsForScript(credentials, container, containerConfig));
+
+    ConnectionData connData = prepareWireguardConfig(credentials, container, errorCode);
+    if (errorCode && *errorCode) {
+        return "";
+    }
+
+    config.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", connData.clientPrivKey);
+    config.replace("$WIREGUARD_SERVER_PUBLIC_KEY", connData.serverPubKey);
+    config.replace("$WIREGUARD_PSK", connData.pskKey);
+
+    qDebug().noquote() << config;
+    return config;
+}
+
+QString WireguardConfigurator::processConfigWithLocalSettings(QString config)
+{
+    // TODO replace DNS if it already set
+    config.replace("$PRIMARY_DNS", m_settings().primaryDns());
+    config.replace("$SECONDARY_DNS", m_settings().secondaryDns());
+
+    return config;
+}
+
+QString WireguardConfigurator::processConfigWithExportSettings(QString config)
+{
+    config.replace("$PRIMARY_DNS", m_settings().primaryDns());
+    config.replace("$SECONDARY_DNS", m_settings().secondaryDns());
+
+    return config;
+}
--- a/client/configurators/wireguard_configurator.h
+++ b/client/configurators/wireguard_configurator.h
@ -0,0 +1,41 @@
+#ifndef WIREGUARD_CONFIGURATOR_H
+#define WIREGUARD_CONFIGURATOR_H
+
+#include <QObject>
+#include <QProcessEnvironment>
+
+#include "core/defs.h"
+#include "settings.h"
+#include "core/servercontroller.h"
+
+class WireguardConfigurator
+{
+public:
+
+    struct ConnectionData {
+        QString clientPrivKey; // client private key
+        QString clientPubKey; // client public key
+        QString serverPubKey; // tls-auth key
+        QString pskKey; // preshared key
+        QString host; // host ip
+    };
+
+    static QString genWireguardConfig(const ServerCredentials &credentials, DockerContainer container,
+        const QJsonObject &containerConfig, ErrorCode *errorCode = nullptr);
+
+    static QString processConfigWithLocalSettings(QString config);
+    static QString processConfigWithExportSettings(QString config);
+
+
+private:
+    static QProcessEnvironment prepareEnv();
+
+    static ConnectionData prepareWireguardConfig(const ServerCredentials &credentials,
+        DockerContainer container, ErrorCode *errorCode = nullptr);
+
+    static ConnectionData genClientKeys();
+
+    static Settings &m_settings();
+};
+
+#endif // WIREGUARD_CONFIGURATOR_H