Fulfills #3159.
This means the device ID is only tied to the Windows install instead of
the user account. I also fixed up the logs and errors for that module
real quick since I was already there.
Also refactored to extract an auth state machine. The auth logic
previously was scattered throughout the GUI module, which would make it
hard to audit. Because of the refactoring I was able to add some simple
unit tests.
Fulfills #3141
It took a little longer than I expected but since I'll be leaving the
client running all the time even on my dev laptop, I want to easily see
what version I built, even if I've changed branches since building it.
This isn't hooked up to the GUI yet, it's a debug subcommand.
I overheard that the other clients rebuild the tunnel when they change
networks, I think? And this might be useful for debugging the issue
where Chrome / other browsers don't flush their TCP connections when the
tunnel comes up. It's also reference code for how to use COM interfaces
in Rust. The official samples are a little sparse. So I wanted to get
this checked in.
Related to this discussion
https://github.com/firezone/firezone/pull/2990#discussion_r1439629571
Add a dependency on the `tracing-panic` crate. This is about 100 lines
of code that adds a panic handle so app panics get a line number, file
name, etc. in the logs. No backtrace I think since we stripe symbols for
release builds. I _think_ the line numbers are baked into the panic
macro so those might still stay.
@conectado I should remove the debug command before closing it, right?
I've also removed the 200 ms sleep I was using for debugging.
This does mean the GUI flashes through a bunch of messages when you
first open the tab. We could use a timer to hide those later on.
... and move its methods into ResourceDescription.
This was a TODO from some pull request in the last few days. I assume
the goal is to share this function between all clients if needed. It
doesn't reduce the number of lines of code, since I could have removed
ResourceDisplay and done this on-the-fly when building the systray menu,
as an alternative.
I found out `keyring-rs` wasn't doing "firezone/token" internally, so
our credential was just "token", which is too generic. I changed it to
use our domain so it's "dev.firezone.client/token".
Fixes#2948
So it seems that it's easiest just to use an old-fashioned semver
string. This means we'll need to keep a version matrix in the docs of
which components are supported and for how long, but it's better than
having different version schemes for different Firezone components
altogether.
Automatically write the wintun.dll file on startup and then detect
whether we need to elevate to admin privileges.
I check for privileges by making a test tunnel, so I did #2758 as part
of this, which bundles the DLL inside the exe, and then the exe deploys
it.
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Stacked on PR #2888
This will fix#2878 by setting some Windows security permissions to let
non-admin clients connect to a named pipe server owned by an admin
process.
It should also give us a path to fix 2808 (If I link it, Github assumes
this PR closes that issue?), since it'll be our own code instead of
tauri-plugin-deep-link, and we can just choose not to panic. I'm using
Tokio's `named_pipe` module where that panic happens, and Tokio is good
about just returning Results instead of panicking.
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Stacked on PR #2883
There will be more changes after this PR, these features are still
broken:
- Can't change filter at runtime yet, you have to restart the client app
- connlib and GUI are sending logs to the same connlib logs files, they
should be separated
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
It'll show UAC when you first run the app. After that we can open and
close the VPN network adapter without showing more UAC dialogs since we
have sudo powers.
It doesn't run with `--example` because Tauri's build process doesn't
seem to be compatible with that.
But it does build the permissions test exe in CI. I might change that a
general test exe later so that I don't have to add more build targets.
It adds about 5 minutes to the CI, sccache only seems to speed up the
build for the 2nd exe a tiny bit.
This PR changes the protocol and adds support for DNS subdomains, now
when a DNS resource is added all its subdomains are automatically
tunneled too. Later we will add support for `*.domain` or `?.domain` but
currently there is an Apple split tunnel implementation limitation which
is too labor-intensive to fix right away.
Fixes#2661
Co-authored-by: Andrew Dryga <andrew@dryga.com>
Many of these commits are in #2757 too.
This has changes like:
- Local webserver PoC
- API token is received from `firezone://` app link, saved in Windows
cred manager, and reloaded on future runs
- connlib GUI integration PoC
- Placeholder for Export Logs feature (just need to actually write the
zip file, and enable/disable the GUI buttons correctly)
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Trying to get CI/CD to produce firezone-windows-client.exe. Can't
remember if I need both a PR and a draft release or just the draft
release for that.
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
