for larepass

Author: 0x7fffff92

.github/workflows/windows-release-binaries.yml

@@ -0,0 +1,40 @@
+# Windows amd64: tailscaled.exe + tailscale-ffi.dll → Release assets on publish, or artifact on manual run.
+name: Windows release binaries
+
+on:
+  workflow_dispatch:
+  release:
+    types: [published]
+
+jobs:
+  build-and-upload:
+    runs-on: windows-2022
+
+    env:
+      CGO_ENABLED: "1"
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+          cache: true
+
+      - name: Build tailscaled.exe
+        run: go build -trimpath -ldflags="-s -w" -o tailscaled.exe ./cmd/tailscaled
+
+      - name: Build tailscale-ffi.dll
+        run: go build -trimpath -buildmode=c-shared -ldflags="-s -w" -o tailscale-ffi.dll ./cmd/tailscale-ffi
+
+      - if: github.event_name == 'release'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: gh release upload "${{ github.event.release.tag_name }}" tailscaled.exe tailscale-ffi.dll --clobber
+
+      - if: github.event_name == 'workflow_dispatch'
+        uses: actions/upload-artifact@v4
+        with:
+          name: windows-amd64-${{ github.run_id }}
+          path: |
+            tailscaled.exe
+            tailscale-ffi.dll

cmd/tailscale-ffi/README.md

@@ -0,0 +1,28 @@
+# tailscale-ffi
+
+Windows C-shared library (FFI) for Tailscale/LarePass, used by other languages or native apps to call into the client.
+
+## Build (Windows, amd64, cgo)
+
+```batch
+set GOOS=windows
+set GOARCH=amd64
+set CGO_ENABLED=1
+go build -v -buildmode=c-shared -o tailscale-ffi.dll ./cmd/tailscale-ffi
+```
+
+This produces `tailscale-ffi.dll` and `tailscale-ffi.h`. The package is Windows + CGO only; building elsewhere (or with `CGO_ENABLED=0`) fails on purpose.
+
+## Exported C API
+
+| Symbol | Purpose |
+|--------|---------|
+| `RunWithArgs(argstr *char)` | Run CLI with space-separated args; returns empty string on success. |
+| `WatchIPN(argstr *char, initial bool, callback Callback)` | Subscribe to IPN notifications; callback receives JSON. |
+| `SetCookie(cookiestr *char)` | Set dev store key `Cookie` (for control auth). |
+| `GetPrefs()` | Return current prefs as JSON string. |
+| `GetStatus()` | Return current status as JSON string. |
+| `GetNetcheck()` | Run netcheck and return report as JSON. |
+| `TailscalePing(ipStr *char, timeout int)` | Ping a Tailscale IP; timeout in seconds; returns JSON result. |
+
+The client uses `paths.DefaultTailscaledSocket()` so it talks to the same daemon (LarePass pipe) as the rest of the build.

cmd/tailscale-ffi/tailscale-ffi.go

@@ -0,0 +1,306 @@
+//go:build windows && cgo
+
+/*
+  set GOOS=windows
+  set GOARCH=amd64
+  set CGO_ENABLED=1
+  go build -v -buildmode=c-shared -ldflags="-s -w" -o tailscale-ffi.dll ./cmd/tailscale-ffi
+*/
+
+package main
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"log"
+	"net/http"
+	"net/netip"
+	"os"
+	"strings"
+	"time"
+	"unsafe"
+
+	"tailscale.com/client/local"
+	cli "tailscale.com/cmd/tailscale/cli"
+	"tailscale.com/envknob"
+	"tailscale.com/ipn"
+	"tailscale.com/net/netcheck"
+	"tailscale.com/net/netmon"
+	"tailscale.com/net/portmapper"
+	"tailscale.com/paths"
+	"tailscale.com/tailcfg"
+	"tailscale.com/types/logger"
+	"tailscale.com/util/eventbus"
+)
+
+/*
+#include <stdio.h>
+
+// Inline C stubs for function pointers
+typedef void (*Callback)();
+static inline void call_out(Callback ptr, void *data) {
+    (ptr)(data);
+}
+*/
+import "C"
+
+func main() {
+	// fmt.Println(RunWithArgs(C.CString("aaaa"), C.CString("bbbb")))
+}
+
+//export RunWithArgs
+func RunWithArgs(argstr *C.char) string {
+	arg_str := C.GoString(argstr)
+	fmt.Printf("args: %v\n", arg_str)
+	args := strings.Split(arg_str, " ")
+	fmt.Println(args)
+	if err := cli.Run(args); err != nil {
+		log.Printf("cli.Run error: %+v\n", err)
+		//        os.Exit(1)
+		return "some error"
+	}
+
+	return ""
+}
+
+var localClient local.Client
+
+func init() {
+	localClient.Socket = paths.DefaultTailscaledSocket()
+}
+
+//export WatchIPN
+func WatchIPN(argstr *C.char, initial bool, callback C.Callback) *C.char {
+	go func() {
+		var watchIPNArgs struct {
+			netmap         bool
+			initial        bool
+			showPrivateKey bool
+		}
+		watchIPNArgs.netmap = true
+		watchIPNArgs.initial = initial
+		watchIPNArgs.showPrivateKey = false
+
+		ctx := context.Background()
+
+		var mask ipn.NotifyWatchOpt
+		if watchIPNArgs.initial {
+			mask = ipn.NotifyInitialState | ipn.NotifyInitialPrefs | ipn.NotifyInitialNetMap
+		}
+		if !watchIPNArgs.showPrivateKey {
+			mask |= ipn.NotifyNoPrivateKeys
+		}
+		watcher, err := localClient.WatchIPNBus(ctx, mask)
+		if err != nil {
+			log.Println("WatchIPNBus", err)
+			return
+		}
+		defer watcher.Close()
+		log.Printf("Connected.\n")
+		for {
+			n, err := watcher.Next()
+			if err != nil {
+				log.Println("watcher.Next() -> ", err)
+				j, _ := json.MarshalIndent(n, "", "\t")
+				//printf("%s\n", j)
+
+				C.call_out(callback, unsafe.Pointer(C.CString(string(j))))
+				return
+			}
+			if !watchIPNArgs.netmap {
+				n.NetMap = nil
+			}
+			j, _ := json.MarshalIndent(n, "", "\t")
+			//printf("%s\n", j)
+
+			C.call_out(callback, unsafe.Pointer(C.CString(string(j))))
+			if initial {
+				break
+			}
+		}
+	}()
+	return C.CString("") //C.CString(string(j))
+}
+
+//export SetCookie
+func SetCookie(cookiestr *C.char) bool {
+	cookie := C.GoString(cookiestr)
+	fmt.Printf("args: %v\n", cookie)
+	ctx := context.Background()
+	err := localClient.SetDevStoreKeyValue(ctx, "Cookie", cookie)
+	if err != nil {
+		log.Println("SetDevStoreKeyValue", err)
+		return false
+	}
+
+	log.Println("set cookie successful")
+	return true
+}
+
+//export GetPrefs
+func GetPrefs() *C.char {
+	ctx := context.Background()
+	prefs, err := localClient.GetPrefs(ctx)
+	if err != nil {
+		return C.CString("{}")
+	}
+
+	j, _ := json.MarshalIndent(prefs, "", "\t")
+	log.Println(string(j))
+
+	return C.CString(string(j))
+}
+
+//export GetStatus
+func GetStatus() *C.char {
+	ctx := context.Background()
+	st, err := localClient.Status(ctx)
+	if err != nil {
+		return C.CString("{}")
+	}
+
+	j, _ := json.MarshalIndent(st, "", "  ")
+	log.Println(string(j))
+
+	return C.CString(string(j))
+}
+
+var netcheckArgs struct {
+	format  string
+	every   time.Duration
+	verbose bool
+}
+
+//export GetNetcheck
+func GetNetcheck() *C.char {
+	netcheckArgs.format = "json"
+	netcheckArgs.every = 0
+	netcheckArgs.verbose = false
+
+	ctx := context.Background()
+	logf := logger.WithPrefix(log.Printf, "portmap: ")
+	bus := eventbus.New()
+	netMon, err := netmon.New(bus, logf)
+	if err != nil {
+		//return err
+		return C.CString("{}")
+	}
+	// New API: portmapper requires Config with EventBus (replaces old NewClient(logger.Discard, netMon, nil, nil))
+	pm := portmapper.NewClient(portmapper.Config{
+		EventBus: bus,
+		Logf:     logger.Discard,
+		NetMon:   netMon,
+	})
+	pm.SetGatewayLookupFunc(netMon.GatewayAndSelfIP)
+
+	c := &netcheck.Client{
+		PortMapper:  pm,
+		UseDNSCache: false, // always resolve, don't cache
+	}
+	if netcheckArgs.verbose {
+		c.Logf = logger.WithPrefix(log.Printf, "netcheck: ")
+		c.Verbose = true
+	} else {
+		c.Logf = logger.Discard
+	}
+
+	if strings.HasPrefix(netcheckArgs.format, "json") {
+		fmt.Fprintln(os.Stderr, "# Warning: this JSON format is not yet considered a stable interface")
+	}
+
+	if err := c.Standalone(ctx, envknob.String("TS_DEBUG_NETCHECK_UDP_BIND")); err != nil {
+		fmt.Fprintln(os.Stderr, "netcheck: UDP test failure:", err)
+	}
+
+	dm, err := localClient.CurrentDERPMap(ctx)
+	noRegions := dm != nil && len(dm.Regions) == 0
+	if noRegions {
+		log.Printf("No DERP map from tailscaled; using default.")
+	}
+	if err != nil || noRegions {
+		dm, err = prodDERPMap(ctx, http.DefaultClient)
+		if err != nil {
+			//return err
+			return C.CString("{}")
+		}
+	}
+
+	t0 := time.Now()
+	report, err := c.GetReport(ctx, dm, nil) // new API: third arg opts *GetReportOpts
+	d := time.Since(t0)
+	if netcheckArgs.verbose {
+		c.Logf("GetReport took %v; err=%v", d.Round(time.Millisecond), err)
+	}
+	if err != nil {
+		//return fmt.Errorf("netcheck: %w", err)
+		return C.CString("{}")
+	}
+	j, _ := json.MarshalIndent(report, "", "\t")
+	log.Println(string(j))
+
+	return C.CString(string(j))
+}
+
+func portMapping(r *netcheck.Report) string {
+	if !r.AnyPortMappingChecked() {
+		return "not checked"
+	}
+	var got []string
+	if r.UPnP.EqualBool(true) {
+		got = append(got, "UPnP")
+	}
+	if r.PMP.EqualBool(true) {
+		got = append(got, "NAT-PMP")
+	}
+	if r.PCP.EqualBool(true) {
+		got = append(got, "PCP")
+	}
+	return strings.Join(got, ", ")
+}
+
+func prodDERPMap(ctx context.Context, httpc *http.Client) (*tailcfg.DERPMap, error) {
+	req, err := http.NewRequestWithContext(ctx, "GET", ipn.DefaultControlURL+"/derpmap/default", nil)
+	if err != nil {
+		return nil, fmt.Errorf("create prodDERPMap request: %w", err)
+	}
+	res, err := httpc.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("fetch prodDERPMap failed: %w", err)
+	}
+	defer res.Body.Close()
+	b, err := io.ReadAll(io.LimitReader(res.Body, 1<<20))
+	if err != nil {
+		return nil, fmt.Errorf("fetch prodDERPMap failed: %w", err)
+	}
+	if res.StatusCode != 200 {
+		return nil, fmt.Errorf("fetch prodDERPMap: %v: %s", res.Status, b)
+	}
+	var derpMap tailcfg.DERPMap
+	if err = json.Unmarshal(b, &derpMap); err != nil {
+		return nil, fmt.Errorf("fetch prodDERPMap: %w", err)
+	}
+	return &derpMap, nil
+}
+
+//export TailscalePing
+func TailscalePing(ipStr *C.char, timeout int) *C.char {
+	ip := C.GoString(ipStr)
+	fmt.Printf("args: %v\n", ip)
+	ctx, cancel := context.WithTimeout(context.Background(), time.Duration(timeout)*time.Second)
+	st, err := localClient.Ping(ctx, netip.MustParseAddr(ip), tailcfg.PingDisco)
+	cancel()
+	if err != nil {
+		if errors.Is(err, context.DeadlineExceeded) {
+			fmt.Printf("ping %q time out\n", ip)
+		}
+		return C.CString("{}")
+	}
+
+	j, _ := json.MarshalIndent(st, "", "  ")
+	log.Println(string(j))
+
+	return C.CString(string(j))
+}

cmd/tailscaled/tailscaled.go

@@ -72,7 +72,7 @@ func defaultTunName() string {
 	case "openbsd":
 		return "tun"
 	case "windows":
-		return "Tailscale"
+		return "LarePass"
 	case "darwin":
 		// "utun" is recognized by wireguard-go/tun/tun_darwin.go
 		// as a magic value that uses/creates any free number.
@@ -373,7 +373,7 @@ func ipnServerOpts() (o serverOptions) {
 	// If an absolute --state is provided but not --statedir, try to derive
 	// a state directory.
 	if o.VarRoot == "" && filepath.IsAbs(args.statepath) {
-		if dir := filepath.Dir(args.statepath); strings.EqualFold(filepath.Base(dir), "tailscale") {
+		if dir := filepath.Dir(args.statepath); strings.EqualFold(filepath.Base(dir), "larepass") {
 			o.VarRoot = dir
 		}
 	}