More plumbing

go/cmd/zerotier/cli/help.go

@@ -44,7 +44,7 @@ Commands:
   addroot <locator> [name]             Add a VL1 root
   removeroot <name>                    Remove a VL1 root
   locator <command> [args]             Locator management commands
-    new <identity> <address> [...]     Create and sign a locator
+    new <identity> <address> [...]     Create and sign locator for identity
     newdnskey                          Create a secure DNS name and secret
     getdns <dns key> <locator>         Create secure DNS TXT records
   identity <command> [args]            Identity management commands
@@ -53,10 +53,10 @@ Commands:
     validate <identity>                Locally validate an identity
     sign <identity> <file>             Sign a file with an identity's key
     verify <identity> <file> <sig>     Verify a signature
-  networks                             Show joined VL2 virtual networks
+  networks                             List joined VL2 virtual networks
+  network <network ID>                 Show verbose network info
   join <network ID>                    Join a virtual network
   leave <network ID>                   Leave a virtual network
-  show <network ID>                    Show verbose network info
   set <network ID> <option> <value>    Set a network local config option
     manageips <boolean>                Is IP management allowed?
     manageroutes <boolean>             Is route management allowed?

go/cmd/zerotier/cli/identity.go

@@ -54,33 +54,13 @@ func Identity(args []string) {
 
 		case "getpublic":
 			if len(args) == 2 {
-				idData, err := ioutil.ReadFile(args[1])
-				if err != nil {
-					fmt.Printf("ERROR: unable to read identity: %s\n", err.Error())
-					os.Exit(1)
-				}
-				id, err := zerotier.NewIdentityFromString(string(idData))
-				if err != nil {
-					fmt.Printf("ERROR: identity in file '%s' invalid: %s\n", args[1], err.Error())
-					os.Exit(1)
-				}
-				fmt.Println(id.String())
+				fmt.Println(readIdentity(args[1]).String())
 				os.Exit(0)
 			}
 
 		case "validate":
 			if len(args) == 2 {
-				idData, err := ioutil.ReadFile(args[1])
-				if err != nil {
-					fmt.Printf("ERROR: unable to read identity: %s\n", err.Error())
-					os.Exit(1)
-				}
-				id, err := zerotier.NewIdentityFromString(string(idData))
-				if err != nil {
-					fmt.Printf("ERROR: identity in file '%s' invalid: %s\n", args[1], err.Error())
-					os.Exit(1)
-				}
-				if id.LocallyValidate() {
+				if readIdentity(args[1]).LocallyValidate() {
 					fmt.Println("OK")
 					os.Exit(0)
 				}
@@ -90,16 +70,7 @@ func Identity(args []string) {
 
 		case "sign", "verify":
 			if len(args) > 2 {
-				idData, err := ioutil.ReadFile(args[1])
-				if err != nil {
-					fmt.Printf("ERROR: unable to read identity: %s\n", err.Error())
-					os.Exit(1)
-				}
-				id, err := zerotier.NewIdentityFromString(string(idData))
-				if err != nil {
-					fmt.Printf("ERROR: identity in file '%s' invalid: %s\n", args[1], err.Error())
-					os.Exit(1)
-				}
+				id := readIdentity(args[1])
 				msg, err := ioutil.ReadFile(args[2])
 				if err != nil {
 					fmt.Printf("ERROR: unable to read input file: %s\n", err.Error())

go/cmd/zerotier/cli/join.go

@@ -13,6 +13,35 @@
 
 package cli
 
+import (
+	"fmt"
+	"os"
+	"strconv"
+
+	"zerotier/pkg/zerotier"
+)
+
 // Join CLI command
 func Join(basePath, authToken string, args []string) {
+	if len(args) != 1 {
+		Help()
+		os.Exit(1)
+	}
+
+	if len(args[0]) != 16 {
+		fmt.Printf("ERROR: invalid network ID: %s\n", args[0])
+		os.Exit(1)
+	}
+	nwid, err := strconv.ParseUint(args[0], 16, 64)
+	if err != nil {
+		fmt.Printf("ERROR: invalid network ID: %s\n", args[0])
+		os.Exit(1)
+	}
+	nwids := fmt.Sprintf("%.16x", nwid)
+
+	var network zerotier.APINetwork
+	network.ID = zerotier.NetworkID(nwid)
+	apiPost(basePath, authToken, "/network/"+nwids, &network, nil)
+	fmt.Printf("OK %s", nwids)
+	os.Exit(0)
 }

go/cmd/zerotier/cli/leave.go

@@ -13,6 +13,31 @@
 
 package cli
 
+import (
+	"fmt"
+	"os"
+	"strconv"
+)
+
 // Leave CLI command
 func Leave(basePath, authToken string, args []string) {
+	if len(args) != 1 {
+		Help()
+		os.Exit(1)
+	}
+
+	if len(args[0]) != 16 {
+		fmt.Printf("ERROR: invalid network ID: %s\n", args[0])
+		os.Exit(1)
+	}
+	nwid, err := strconv.ParseUint(args[0], 16, 64)
+	if err != nil {
+		fmt.Printf("ERROR: invalid network ID: %s\n", args[0])
+		os.Exit(1)
+	}
+	nwids := fmt.Sprintf("%.16x", nwid)
+
+	apiDelete(basePath, authToken, "/network/"+nwids, nil)
+	fmt.Printf("OK %s", nwids)
+	os.Exit(0)
 }

go/cmd/zerotier/cli/locator.go

@@ -29,18 +29,9 @@ func locatorNew(args []string) {
 		os.Exit(1)
 	}
 
-	identityData, err := ioutil.ReadFile(args[0])
-	if err != nil {
-		fmt.Printf("FATAL: unable to read identity: %s\n", err.Error())
-		os.Exit(1)
-	}
-	identity, err := zerotier.NewIdentityFromString(string(identityData))
-	if err != nil {
-		fmt.Printf("FATAL: invalid identity: %s\n", err.Error())
-		os.Exit(1)
-	}
+	identity := readIdentity(args[0])
 	if !identity.HasPrivate() {
-		fmt.Println("FATAL: identity does not contain secret key")
+		fmt.Println("FATAL: identity does not contain a secret key (required to sign locator)")
 		os.Exit(1)
 	}
 

go/cmd/zerotier/cli/misc.go

@@ -16,8 +16,11 @@ package cli
 import (
 	"encoding/json"
 	"fmt"
+	"io/ioutil"
 	"net/http"
 	"os"
+	"strings"
+
 	"zerotier/pkg/zerotier"
 )
 
@@ -55,6 +58,23 @@ func apiPost(basePath, authToken, urlPath string, post, result interface{}) {
 	}
 }
 
+func apiDelete(basePath, authToken, urlPath string, result interface{}) {
+	statusCode, err := zerotier.APIDelete(basePath, zerotier.APISocketName, authToken, urlPath, result)
+	if err != nil {
+		fmt.Printf("FATAL: API response code %d: %s\n", statusCode, err.Error())
+		os.Exit(1)
+		return
+	}
+	if statusCode != http.StatusOK {
+		if statusCode == http.StatusUnauthorized {
+			fmt.Printf("FATAL: API response code %d: unauthorized (authorization token incorrect)\n", statusCode)
+		}
+		fmt.Printf("FATAL: API response code %d\n", statusCode)
+		os.Exit(1)
+		return
+	}
+}
+
 func enabledDisabled(f bool) string {
 	if f {
 		return "ENABLED"
@@ -66,3 +86,37 @@ func jsonDump(obj interface{}) string {
 	j, _ := json.MarshalIndent(obj, "", "  ")
 	return string(j)
 }
+
+func readIdentity(s string) *zerotier.Identity {
+	if strings.ContainsRune(s, ':') {
+		id, _ := zerotier.NewIdentityFromString(s)
+		if id != nil {
+			return id
+		}
+	}
+	idData, err := ioutil.ReadFile(s)
+	if err != nil {
+		fmt.Printf("FATAL: identity '%s' cannot be resolved as file or literal identity: %s", s, err.Error())
+		os.Exit(1)
+	}
+	id, err := zerotier.NewIdentityFromString(string(idData))
+	if err != nil {
+		fmt.Printf("FATAL: identity '%s' cannot be resolved as file or literal identity: %s", s, err.Error())
+		os.Exit(1)
+	}
+	return id
+}
+
+func networkStatusStr(int status) string {
+	switch status {
+	case zerotier.NetworkStatusNotFound:
+		return "NOTFOUND"
+	case zerotier.NetworkStatusAccessDenied:
+		return "DENIED"
+	case zerotier.NetworkStatusRequestConfiguration:
+		return "UPDATING"
+	case zerotier.NetworkStatusOK:
+		return "OK"
+	}
+	return "???"
+}

go/cmd/zerotier/cli/network.go

@@ -0,0 +1,105 @@
+/*
+ * Copyright (c)2019 ZeroTier, Inc.
+ *
+ * Use of this software is governed by the Business Source License included
+ * in the LICENSE.TXT file in the project's root directory.
+ *
+ * Change Date: 2023-01-01
+ *
+ * On the date above, in accordance with the Business Source License, use
+ * of this software will be governed by version 2.0 of the Apache License.
+ */
+/****/
+
+package cli
+
+import (
+	"fmt"
+	"os"
+	"strconv"
+
+	"zerotier/pkg/zerotier"
+)
+
+// Network CLI command
+func Network(basePath, authToken string, args []string, jsonOutput bool) {
+	if len(args) != 1 {
+		Help()
+		os.Exit(1)
+	}
+
+	if len(args[0]) != 16 {
+		fmt.Printf("ERROR: invalid network ID: %s\n", args[0])
+		os.Exit(1)
+	}
+	nwid, err := strconv.ParseUint(args[0], 16, 64)
+	if err != nil {
+		fmt.Printf("ERROR: invalid network ID: %s\n", args[0])
+		os.Exit(1)
+	}
+	nwids := fmt.Sprintf("%.16x", nwid)
+
+	var network zerotier.APINetwork
+	apiGet(basePath, authToken, "/network/"+nwids, &network)
+
+	if jsonOutput {
+		fmt.Println(jsonDump(&network))
+	} else {
+		fmt.Printf("%s: %s\n", nwids, network.Config.Name)
+		fmt.Printf("\tstatus:\t%s\n", networkStatusStr(network.Config.Status))
+		enabled := "no"
+		if network.TapDeviceEnabled {
+			enabled = "yes"
+		}
+		bridge := "no"
+		if network.Config.Bridge {
+			bridge = "yes"
+		}
+		broadcast := "off"
+		if network.Config.BroadcastEnabled {
+			broadcast = "on"
+		}
+		fmt.Printf("\tport:\t%s dev %s type %s mtu %d enabled %s bridge %s broadcast %s\n", network.Config.MAC.String(), network.TapDeviceName, network.TapDeviceType, network.Config.MTU, enabled, bridge, broadcast)
+		fmt.Printf("\tmanaged addresses:\t")
+		for i, a := range network.Config.AssignedAddresses {
+			if i > 0 {
+				fmt.Print(' ')
+			}
+			fmt.Print(a.String())
+		}
+		fmt.Printf("\n\tmanaged routes:\t")
+		for i, r := range network.Config.Routes {
+			if i > 0 {
+				fmt.Print(' ')
+			}
+			fmt.Print(r.Target.String())
+			if r.Via == nil {
+				fmt.Print("->LAN")
+			} else {
+				fmt.Printf("->%s", r.Via.String())
+			}
+		}
+		managedIPs := "disabled"
+		if network.Settings.AllowManagedIPs {
+			managedIPs = "enabled"
+		}
+		managedIPsGlobal := "disabled"
+		if network.Settings.AllowGlobalIPs {
+			managedIPsGlobal = "enabled"
+		}
+		fmt.Printf("\n\tmanaged address local permissions:\t%s global %s\n", managedIPs, managedIPsGlobal)
+		managedRoutes := "diabled"
+		if network.Settings.AllowManagedRoutes {
+			managedRoutes = "enabled"
+		}
+		managedGlobalRoutes := "disabled"
+		if network.Settings.AllowGlobalRoutes {
+			managedGlobalRoutes = "enabled"
+		}
+		managedDefaultRoute := "disabled"
+		if network.Settings.AllowDefaultRouteOverride {
+			managedDefaultRoute = "enabled"
+		}
+		fmt.Printf("\tmanaged route local permissions:\t%s global %s default %s\n", managedRoutes, managedGlobalRoutes, managedDefaultRoute)
+	}
+}

go/cmd/zerotier/cli/networks.go

@@ -13,6 +13,37 @@
 
 package cli
 
+import (
+	"fmt"
+	"os"
+
+	"zerotier/pkg/zerotier"
+)
+
 // Networks CLI command
-func Networks(basePath, authToken string, args []string) {
+func Networks(basePath, authToken string, args []string, jsonOutput bool) {
+	var networks []zerotier.APINetwork
+	apiGet(basePath, authToken, "/network", &networks)
+
+	if jsonOutput {
+		fmt.Println(jsonDump(networks))
+	} else {
+		fmt.Printf("%-16s %-24s %-17s %-8s <type>  <device>         <managed IP(s)>\n", "<id>", "<name>", "<mac>", "<status>")
+		for _, nw := range networks {
+			t := "PRIVATE"
+			if nw.Config.Type == zerotier.NetworkTypePublic {
+				t = "PUBLIC"
+			}
+			fmt.Printf("%.16x %-24s %-17s %-16s %-7s %-16s ", uint64(nw.ID), nw.Config.Name, nw.Config.MAC.String(), networkStatusStr(nw.Config.Status), t, nw.TapDeviceName)
+			for i, ip := range nw.Config.AssignedAddresses {
+				if i > 0 {
+					fmt.Print(',')
+				}
+				fmt.Print(ip.String())
+			}
+			fmt.Print("\n")
+		}
+	}
+
+	os.Exit(0)
 }

go/cmd/zerotier/cli/peers.go

@@ -28,7 +28,7 @@ func Peers(basePath, authToken string, args []string, jsonOutput bool) {
 	if jsonOutput {
 		fmt.Println(jsonDump(&peers))
 	} else {
-		fmt.Printf("<ztaddr>   <ver>   <role> <lat> <link> <lastTX> <lastRX> <path(s)>\n")
+		fmt.Printf("<address>  <ver>   <role> <lat> <link> <lastTX> <lastRX> <path(s)>\n")
 		for _, peer := range peers {
 			role := "LEAF"
 			link := "RELAY"

go/cmd/zerotier/cli/removeroot.go

@@ -13,6 +13,27 @@
 
 package cli
 
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"os"
+	"strings"
+
+	"zerotier/pkg/zerotier"
+)
+
 // RemoveRoot CLI command
 func RemoveRoot(basePath, authToken string, args []string) {
+	if len(args) != 1 {
+		Help()
+		os.Exit(1)
+	}
+	result, _ := zerotier.APIDelete(basePath, zerotier.APISocketName, authToken, "/root/"+url.PathEscape(strings.TrimSpace(args[0])), nil)
+	if result == http.StatusOK {
+		fmt.Printf("%s removed\n", args[0])
+		os.Exit(0)
+	}
+	fmt.Printf("ERROR: root %s not found or another error occurred: status code %d\n", args[0], result)
+	os.Exit(1)
 }

go/cmd/zerotier/cli/roots.go

@@ -28,7 +28,7 @@ func Roots(basePath, authToken string, args []string, jsonOutput bool) {
 	if jsonOutput {
 		fmt.Println(jsonDump(roots))
 	} else {
-		fmt.Printf("%32s <ztaddr>   <address(es)>\n", "<name>")
+		fmt.Printf("%32s <address>  <physical/virtual>\n", "<name>")
 		for _, r := range roots {
 			rn := r.Name
 			if len(rn) > 32 {

go/cmd/zerotier/cli/show.go

@@ -1,18 +0,0 @@
-/*
- * Copyright (c)2019 ZeroTier, Inc.
- *
- * Use of this software is governed by the Business Source License included
- * in the LICENSE.TXT file in the project's root directory.
- *
- * Change Date: 2023-01-01
- *
- * On the date above, in accordance with the Business Source License, use
- * of this software will be governed by version 2.0 of the Apache License.
- */
-/****/
-
-package cli
-
-// Show CLI command
-func Show(basePath, authToken string, args []string) {
-}

go/cmd/zerotier/cli/status.go

@@ -33,39 +33,39 @@ func Status(basePath, authToken string, args []string, jsonOutput bool) {
 			online = "OFFLINE"
 		}
 		fmt.Printf("%.10x: %s %s\n", uint64(status.Address), online, status.Version)
-		fmt.Printf("\tports: %d %d %d\n", status.Config.Settings.PrimaryPort, status.Config.Settings.SecondaryPort, status.Config.Settings.TertiaryPort)
-		fmt.Printf("\tport search: %s\n", enabledDisabled(status.Config.Settings.PortSearch))
-		fmt.Printf("\tport mapping (uPnP/NAT-PMP): %s\n", enabledDisabled(status.Config.Settings.PortMapping))
-		fmt.Printf("\tmultipath mode: %d\n", status.Config.Settings.MuiltipathMode)
-		fmt.Printf("\tblacklisted interface prefixes: ")
+		fmt.Printf("\tports:\t%d %d %d\n", status.Config.Settings.PrimaryPort, status.Config.Settings.SecondaryPort, status.Config.Settings.TertiaryPort)
+		fmt.Printf("\tport search:\t%s\n", enabledDisabled(status.Config.Settings.PortSearch))
+		fmt.Printf("\tport mapping (uPnP/NAT-PMP):\t%s\n", enabledDisabled(status.Config.Settings.PortMapping))
+		fmt.Printf("\tmultipath mode:\t%d\n", status.Config.Settings.MuiltipathMode)
+		fmt.Printf("\tblacklisted interface prefixes:\t")
 		for i, bl := range status.Config.Settings.InterfacePrefixBlacklist {
 			if i > 0 {
-				fmt.Print(',')
+				fmt.Print(' ')
 			}
 			fmt.Print(bl)
 		}
 		fmt.Printf("\n\texplicit external addresses: ")
 		for i, ea := range status.Config.Settings.ExplicitAddresses {
 			if i > 0 {
-				fmt.Print(',')
+				fmt.Print(' ')
 			}
 			fmt.Print(ea.String())
 		}
 		fmt.Printf("\n\tsystem interface addresses: ")
 		for i, a := range status.InterfaceAddresses {
 			if i > 0 {
-				fmt.Print(',')
+				fmt.Print(' ')
 			}
 			fmt.Print(a.String())
 		}
 		fmt.Printf("\n\tmapped external addresses: ")
 		for i, a := range status.MappedExternalAddresses {
 			if i > 0 {
-				fmt.Print(',')
+				fmt.Print(' ')
 			}
 			fmt.Print(a.String())
 		}
-		fmt.Printf("\n\tidentity: %s\n", status.Identity.String())
+		fmt.Printf("\n\tidentity:\t%s\n", status.Identity.String())
 	}
 
 	os.Exit(0)

go/cmd/zerotier/zerotier.go

@@ -85,6 +85,11 @@ func main() {
 		cmdArgs = args[1:]
 	}
 
+	if *hflag {
+		cli.Help()
+		os.Exit(0)
+	}
+
 	basePath := zerotier.PlatformDefaultHomePath
 	if len(*pflag) > 0 {
 		basePath = *pflag
@@ -128,16 +133,16 @@ func main() {
 		cli.Identity(cmdArgs)
 	case "networks", "listnetworks":
 		authTokenRequired(authToken)
-		cli.Networks(basePath, authToken, cmdArgs)
+		cli.Networks(basePath, authToken, cmdArgs, *jflag)
+	case "network":
+		authTokenRequired(authToken)
+		cli.Network(basePath, authToken, cmdArgs, *jflag)
 	case "join":
 		authTokenRequired(authToken)
 		cli.Join(basePath, authToken, cmdArgs)
 	case "leave":
 		authTokenRequired(authToken)
 		cli.Leave(basePath, authToken, cmdArgs)
-	case "show":
-		authTokenRequired(authToken)
-		cli.Show(basePath, authToken, cmdArgs)
 	case "set":
 		authTokenRequired(authToken)
 		cli.Set(basePath, authToken, cmdArgs)