Commit Graph

1695 Commits

Author SHA1 Message Date
442ba7cbc8 Add domain validation for nameserver groups (#1077)
This change ensures that domain names with uppercase 
letters are also considered valid, 
providing more flexibility in domain naming.
2023-08-16 11:25:38 +02:00
6c2b364966 Update client Dockerfile to use Alpine as base image and install necessary packages (#1078) v0.22.4 2023-08-12 16:12:09 +02:00
0f0c7ec2ed Routemgr error handling (#1073)
In case the route management feature is not supported 
then do not create unnecessary firewall and manager instances. 
This can happen if the nftables nor iptables is not available on the host OS.

- Move the error handling to upper layer
- Remove fake, useless implementations of interfaces
- Update go-iptables because In Docker the old version can not 
determine well the path of executable file
- update lib to 0.70
2023-08-12 11:42:36 +02:00
2dec016201 Fix/always on boot (#1062)
In case of 'always-on' feature has switched on, after the reboot the service do not start properly in all cases.
If the device is in offline state (no internet connection) the auth login steps will fail and the service will stop.
For the auth steps make no sense in this case because if the OS start the service we do not have option for
the user interaction.
2023-08-11 11:51:39 +02:00
06125acb8d Update new release banner (#1072) 2023-08-10 21:10:12 +02:00
a9b9b3fa0a Fix input reading for NetBird domain in getting-started-with-zitadel.sh (#1064) v0.22.3 2023-08-08 20:10:14 +02:00
cdf57275b7 Rename eBPF program to reflect better to NetBird (#1063)
Rename program name and map name
2023-08-08 19:53:51 +02:00
e5e69b1f75 Autopropagate peers by JWT groups (#1037)
Enhancements to Peer Group Assignment:

1. Auto-assigned groups are now applied to all peers every time a user logs into the network.
2. Feature activation is available in the account settings.
3. API modifications included to support these changes for account settings updates.
4. If propagation is enabled, updates to a user's auto-assigned groups are immediately reflected across all user peers.
5. With the JWT group sync feature active, auto-assigned groups are forcefully updated whenever a peer logs in using user credentials.
2023-08-07 19:44:51 +04:00
8eca83f3cb Fix/ebpf free (#1057)
* Fix ebpf free call

* Add debug logs
2023-08-07 11:43:32 +02:00
973316d194 Validate input of expiration time for setup-keys (#1053)
So far we accepted any value for setup keys, including negative values

Now we are checking if it is less than 1 day or greater than 365 days
v0.22.2
2023-08-04 23:54:51 +02:00
a0a6ced148 After add listener automatically trigger peer list change event (#1044)
In case of alway-on start the peer list was invalid on Android UI.
2023-08-04 14:14:08 +02:00
0fc6c477a9 Add features links to the features table in README (#1052) 2023-08-04 11:52:11 +02:00
401a462398 Update getting started docs (#1049) 2023-08-04 11:05:05 +02:00
a3839a6ef7 Fix error handling in iptables initialization (#1051)
* Fix error handling in iptables initialization

* Change log level
2023-08-03 22:12:36 +02:00
8aa4f240c7 Add getting started script with Zitadel (#1005)
add getting started script with zitadel

limit tests for infrastructure file workflow

limit release workflow based on relevant files
2023-08-03 19:19:17 +02:00
d9686bae92 Handle conn store in thread safe way (#1047)
* Handle conn store in thread safe way

* Change log line

* Fix proper error handling
2023-08-03 18:24:23 +02:00
24e19ae287 revert systemd changes (#1046) v0.22.1 2023-08-03 00:05:13 +02:00
74fde0ea2c Update setup key auto_groups description (#1042)
* Update setup key auto_groups description

* Update setup key auto_groups description
2023-08-02 17:50:00 +02:00
890e09b787 Keep confiured nameservers as fallback (#1036)
* keep existing nameserver as fallback when adding netbird resolver

* fix resolvconf

* fix imports
v0.22.0
2023-08-01 17:45:44 +02:00
48098c994d Handle authentication errors in PKCE flow (#1039)
* handle authentication errors in PKCE flow

* remove shadowing and replace TokenEndpoint for PKCE config

---------

Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
2023-07-31 14:22:38 +02:00
64f6343fcc Add html screen for pkce flow (#1034)
* add html screen for pkce flow

* remove unused CSS classes in pkce-auth-msg.html

* remove links to external sources
2023-07-28 18:10:12 +02:00
24713fbe59 Move ebpf code to its own package to avoid crash issues in Android (#1033)
* Move ebpf code to its own package to avoid crash issues in Android

Older versions of android crashes because of the bytecode files
Even when they aren't loaded as it was our case

* move c file to own folder

* fix lint
2023-07-27 15:34:27 +02:00
7794b744f8 Add PKCE authorization flow (#1012)
Enhance the user experience by enabling authentication to Netbird using Single Sign-On (SSO) with any Identity Provider (IDP) provider. Current client offers this capability through the Device Authorization Flow, however, is not widely supported by many IDPs, and even some that do support it do not provide a complete verification URL.

To address these challenges, this pull request enable Authorization Code Flow with Proof Key for Code Exchange (PKCE) for client logins, which is a more widely adopted and secure approach to facilitate SSO with various IDP providers.
2023-07-27 11:31:07 +02:00
0d0c30c16d Avoid compiling linux NewFactory for Android (#1032) 2023-07-26 16:21:04 +02:00
b0364da67c Wg ebpf proxy (#911)
EBPF proxy between TURN (relay) and WireGuard to reduce number of used ports used by the NetBird agent.
- Separate the wg configuration from the proxy logic
- In case if eBPF type proxy has only one single proxy instance
- In case if the eBPF is not supported fallback to the original proxy Implementation

Between the signature of eBPF type proxy and original proxy has 
differences so this is why the factory structure exists
2023-07-26 14:00:47 +02:00
6dee89379b Feat optimize acl performance iptables (#1025)
* use ipset for iptables

* Update unit-tests for iptables

* Remove debug code

* Update dependencies

* Create separate sets for dPort and sPort rules

* Fix iptables tests

* Fix 0.0.0.0 processing in iptables with ipset
v0.21.11
2023-07-24 13:00:23 +02:00
76db4f801a Record idp manager type (#1027)
This allows to define priority on support different managers
2023-07-22 19:30:59 +02:00
6c2ed4b4f2 Add default forward rule (#1021)
* Add default forward rule

* Fix

* Add multiple forward rules

* Fix delete rule error handling
2023-07-22 18:39:23 +02:00
2541c78dd0 Use error level for JWT parsing error logs (#1026) 2023-07-22 17:56:27 +02:00
97b6e79809 Fix DefaultAccountManager GetGroupsFromTheToken false positive tests (#1019)
This fixes the test logic creates copy of account with empty id and
re-pointing the indices to it.

Also, adds additional check for empty ID in SaveAccount method of FileStore.
2023-07-22 15:54:08 +04:00
6ad3847615 Fix nfset not binds to the rule (#1024) v0.21.10 2023-07-21 17:45:58 +02:00
a4d830ef83 Fix Okta IDP device authorization (#1023)
* hide okta netbird attributes fields

* fix: update full user profile
v0.21.9
2023-07-21 09:34:49 +02:00
9e540cd5b4 Merge pull request #1016 from surik/filestore-index-deletion-optimisation
Do not persist filestore when deleting indices
2023-07-20 18:07:33 +02:00
3027d8f27e Sync the iptables/nftables usage with acl logic (#1017) 2023-07-19 19:10:27 +02:00
e69ec6ab6a Optimize ACL performance (#994)
* Optimize rules with All groups

* Use IP sets in ACLs (nftables implementation)

* Fix squash rule when we receive optimized rules list from management
2023-07-18 13:12:50 +04:00
7ddde41c92 Do not persist filestore when deleting indices
As both TokenID2UserID and HashedPAT2TokenID are in-memory indices and
not stored in the file.
2023-07-17 11:52:45 +02:00
7ebe58f20a Feature/permanent dns (#967)
* Add DNS list argument for mobile client

* Write testable code

Many places are checked the wgInterface != nil condition.
It is doing it just because to avoid the real wgInterface creation for tests.
Instead of this involve a wgInterface interface what is moc-able.

* Refactor the DNS server internal code structure

With the fake resolver has been involved several
if-else statement and generated some unused
variables to distinguish the listener and fake
resolver solutions at running time. With this
commit the fake resolver and listener based
solution has been moved into two separated
structure. Name of this layer is the 'service'.
With this modification the unit test looks
simpler and open the option to add new logic for
the permanent DNS service usage for mobile
systems.



* Remove is running check in test

We can not ensure the state well so remove this
check. The test will fail if the server is not
running well.
2023-07-14 21:56:22 +02:00
9c2c0e7934 Check links of groups before delete it (#1010)
* Check links of groups before delete it

* Add delete group handler test

* Rename dns error msg

* Add delete group test

* Remove rule check

The policy cover this scenario

* Fix test

* Check disabled management grps

* Change error message

* Add new activity for group delete event
2023-07-14 20:45:40 +02:00
c6af1037d9 FIx error on ip6tables not available (#999)
* adding check operation to confirm if ip*tables is available

* linter

* linter
2023-07-14 20:44:35 +02:00
5cb9a126f1 Fix pre-shared key not persistent (#1011)
* update pre-shared key if new key is not empty

* add unit test for empty pre-shared key
2023-07-13 10:49:15 +02:00
f40951cdf5 Merge pull request #991 from netbirdio/fix/improve_uspfilter_performance
Improve userspace filter performance
2023-07-12 18:02:29 +02:00
6e264d9de7 fix rule order to solve DNS resolver issue 2023-07-11 19:58:21 +02:00
42db9773f4 Remove unused netbird UI dependencies (#1007)
* remove unused netbird-ui dependencies in deb package

* build netbird-ui with support for legacy appindicator

* add rpm package dendencies

* add binary build package

* remove dependencies
2023-07-10 21:09:16 +02:00
bb9f6f6d0a Add API Endpoint for Resending User Invitations in Auth0 (#989)
* add request handler for sending invite

* add InviteUser method to account manager interface

* add InviteUser mock

* add invite user endpoint to user handler

* add InviteUserByID to manager interface

* implement InviteUserByID in all idp managers

* resend user invitation

* add invite user handler tests

* refactor

* user userID for sending invitation

* fix typo

* refactor

* pass userId in url params
2023-07-03 12:20:19 +02:00
829ce6573e Fix broken links in README.md (#992) 2023-06-29 11:42:55 +02:00
a366d9e208 Prevent sending nameserver configuration when peer is set as NS (#962)
* Prevent sending nameserver configuration when peer is set as NS

* Add DNS filter tests
v0.21.8
2023-06-28 17:29:02 +02:00
e074c24487 add type for RuleSet 2023-06-28 14:09:23 +02:00
54fe05f6d8 fix test 2023-06-28 10:35:29 +02:00
33a155d9aa fix all rules check 2023-06-28 03:03:01 +02:00
51878659f8 remove Rule index map 2023-06-28 02:50:12 +02:00