//go:build linux // +build linux package aghnet import ( "bufio" "fmt" "io" "net" "os" "path/filepath" "strings" "github.com/AdguardTeam/AdGuardHome/internal/aghio" "github.com/AdguardTeam/AdGuardHome/internal/aghos" "github.com/AdguardTeam/AdGuardHome/internal/aghstrings" "github.com/AdguardTeam/golibs/errors" "github.com/google/renameio/maybe" "golang.org/x/sys/unix" ) // recurrentChecker is used to check all the files which may include references // for other ones. type recurrentChecker struct { // checker is the function to check if r's stream contains the desired // attribute. It must return all the patterns for files which should // also be checked and each of them should be valid for filepath.Glob // function. checker func(r io.Reader, desired string) (patterns []string, has bool, err error) // initPath is the path of the first member in the sequence of checked // files. initPath string } // maxCheckedFileSize is the maximum length of the file that recurrentChecker // may check. const maxCheckedFileSize = 1024 * 1024 // checkFile tries to open and to check single file located on the sourcePath. func (rc *recurrentChecker) checkFile(sourcePath, desired string) ( subsources []string, has bool, err error, ) { var f *os.File f, err = os.Open(sourcePath) if err != nil { return nil, false, err } defer func() { err = errors.WithDeferred(err, f.Close()) }() var r io.Reader r, err = aghio.LimitReader(f, maxCheckedFileSize) if err != nil { return nil, false, err } subsources, has, err = rc.checker(r, desired) if err != nil { return nil, false, err } if has { return nil, true, nil } return subsources, has, nil } // handlePatterns parses the patterns and takes care of duplicates. func (rc *recurrentChecker) handlePatterns(sourcesSet *aghstrings.Set, patterns []string) ( subsources []string, err error, ) { subsources = make([]string, 0, len(patterns)) for _, p := range patterns { var matches []string matches, err = filepath.Glob(p) if err != nil { return nil, fmt.Errorf("invalid pattern %q: %w", p, err) } for _, m := range matches { if sourcesSet.Has(m) { continue } sourcesSet.Add(m) subsources = append(subsources, m) } } return subsources, nil } // check walks through all the files searching for the desired attribute. func (rc *recurrentChecker) check(desired string) (has bool, err error) { var i int sources := []string{rc.initPath} defer func() { if i >= len(sources) { return } err = errors.Annotate(err, "checking %q: %w", sources[i]) }() var patterns, subsources []string // The slice of sources is separate from the set of sources to keep the // order in which the files are walked. for sourcesSet := aghstrings.NewSet(rc.initPath); i < len(sources); i++ { patterns, has, err = rc.checkFile(sources[i], desired) if err != nil { if errors.Is(err, os.ErrNotExist) { continue } return false, err } if has { return true, nil } subsources, err = rc.handlePatterns(sourcesSet, patterns) if err != nil { return false, err } sources = append(sources, subsources...) } return false, nil } func ifaceHasStaticIP(ifaceName string) (has bool, err error) { // TODO(a.garipov): Currently, this function returns the first // definitive result. So if /etc/dhcpcd.conf has a static IP while // /etc/network/interfaces doesn't, it will return true. Perhaps this // is not the most desirable behavior. for _, rc := range []*recurrentChecker{{ checker: dhcpcdStaticConfig, initPath: "/etc/dhcpcd.conf", }, { checker: ifacesStaticConfig, initPath: "/etc/network/interfaces", }} { has, err = rc.check(ifaceName) if err != nil { return false, err } if has { return true, nil } } return false, ErrNoStaticIPInfo } func canBindPrivilegedPorts() (can bool, err error) { cnbs, err := unix.PrctlRetInt(unix.PR_CAP_AMBIENT, unix.PR_CAP_AMBIENT_IS_SET, unix.CAP_NET_BIND_SERVICE, 0, 0) // Don't check the error because it's always nil on Linux. adm, _ := aghos.HaveAdminRights() return cnbs == 1 || adm, err } // findIfaceLine scans s until it finds the line that declares an interface with // the given name. If findIfaceLine can't find the line, it returns false. func findIfaceLine(s *bufio.Scanner, name string) (ok bool) { for s.Scan() { line := strings.TrimSpace(s.Text()) fields := strings.Fields(line) if len(fields) == 2 && fields[0] == "interface" && fields[1] == name { return true } } return false } // dhcpcdStaticConfig checks if interface is configured by /etc/dhcpcd.conf to // have a static IP. func dhcpcdStaticConfig(r io.Reader, ifaceName string) (subsources []string, has bool, err error) { s := bufio.NewScanner(r) ifaceFound := findIfaceLine(s, ifaceName) if !ifaceFound { return nil, false, s.Err() } for s.Scan() { line := strings.TrimSpace(s.Text()) fields := strings.Fields(line) if len(fields) >= 2 && fields[0] == "static" && strings.HasPrefix(fields[1], "ip_address=") { return nil, true, s.Err() } if len(fields) > 0 && fields[0] == "interface" { // Another interface found. break } } return nil, false, s.Err() } // ifacesStaticConfig checks if the interface is configured by any file of // /etc/network/interfaces format to have a static IP. func ifacesStaticConfig(r io.Reader, ifaceName string) (subsources []string, has bool, err error) { s := bufio.NewScanner(r) for s.Scan() { line := strings.TrimSpace(s.Text()) if aghstrings.IsCommentOrEmpty(line) { continue } // TODO(e.burkov): As man page interfaces(5) says, a line may be // extended across multiple lines by making the last character a // backslash. Provide extended lines and "source-directory" // stanzas support. fields := strings.Fields(line) fieldsNum := len(fields) // Man page interfaces(5) declares that interface definition // should consist of the key word "iface" followed by interface // name, and method at fourth field. if fieldsNum >= 4 && fields[0] == "iface" && fields[1] == ifaceName && fields[3] == "static" { return nil, true, nil } if fieldsNum >= 2 && fields[0] == "source" { subsources = append(subsources, fields[1]) } } return subsources, false, s.Err() } // ifaceSetStaticIP configures the system to retain its current IP on the // interface through dhcpdc.conf. func ifaceSetStaticIP(ifaceName string) (err error) { ipNet := GetSubnet(ifaceName) if ipNet.IP == nil { return errors.Error("can't get IP address") } gatewayIP := GatewayIP(ifaceName) add := dhcpcdConfIface(ifaceName, ipNet, gatewayIP, ipNet.IP) body, err := os.ReadFile("/etc/dhcpcd.conf") if err != nil && !errors.Is(err, os.ErrNotExist) { return err } body = append(body, []byte(add)...) err = maybe.WriteFile("/etc/dhcpcd.conf", body, 0o644) if err != nil { return fmt.Errorf("writing conf: %w", err) } return nil } // dhcpcdConfIface returns configuration lines for the dhcpdc.conf files that // configure the interface to have a static IP. func dhcpcdConfIface(ifaceName string, ipNet *net.IPNet, gatewayIP, dnsIP net.IP) (conf string) { var body []byte add := fmt.Sprintf( "\n# %[1]s added by AdGuard Home.\ninterface %[1]s\nstatic ip_address=%s\n", ifaceName, ipNet) body = append(body, []byte(add)...) if gatewayIP != nil { add = fmt.Sprintf("static routers=%s\n", gatewayIP) body = append(body, []byte(add)...) } add = fmt.Sprintf("static domain_name_servers=%s\n\n", dnsIP) body = append(body, []byte(add)...) return string(body) }