From 7c0ef494e063dcff663a96dea5eda45dd0e90024 Mon Sep 17 00:00:00 2001 From: Sebastian Holmin Date: Fri, 17 Nov 2023 15:15:41 +0100 Subject: [PATCH] Add `mullvad debug block-connection` command --- mullvad-cli/src/cmds/debug.rs | 40 +++++++++++++++++++++++++++++++++++ mullvad-cli/src/cmds/mod.rs | 4 ++-- mullvad-cli/src/main.rs | 9 +++++++- 3 files changed, 50 insertions(+), 3 deletions(-) create mode 100644 mullvad-cli/src/cmds/debug.rs diff --git a/mullvad-cli/src/cmds/debug.rs b/mullvad-cli/src/cmds/debug.rs new file mode 100644 index 000000000000..47db11ee0576 --- /dev/null +++ b/mullvad-cli/src/cmds/debug.rs @@ -0,0 +1,40 @@ +use anyhow::Result; +use mullvad_management_interface::MullvadProxyClient; +use mullvad_types::relay_constraints::{Constraint, RelayConstraints, RelaySettings}; + +#[derive(clap::Subcommand, Debug)] +pub enum DebugCommands { + /// Block all internet connection by setting an invalid relay constraint. + BlockConnection, +} + +impl DebugCommands { + pub async fn handle(self) -> Result<()> { + match self { + DebugCommands::BlockConnection => { + let mut rpc = MullvadProxyClient::new().await?; + let settings = rpc.get_settings().await?; + + let relay_settings = settings.get_relay_settings(); + let mut constraints = match relay_settings { + RelaySettings::Normal(normal) => normal, + RelaySettings::CustomTunnelEndpoint(_custom) => { + println!("Removing custom relay settings"); + RelayConstraints::default() + } + }; + constraints.location = Constraint::Only( + mullvad_types::relay_constraints::LocationConstraint::Location( + mullvad_types::relay_constraints::GeographicLocationConstraint::Country( + "xx".into(), + ), + ), + ); + rpc.set_relay_settings(RelaySettings::Normal(constraints)) + .await?; + eprintln!("WARNING: ENTERED BLOCKED MODE"); + Ok(()) + } + } + } +} diff --git a/mullvad-cli/src/cmds/mod.rs b/mullvad-cli/src/cmds/mod.rs index 7944e8bdc07a..1984f1493bc2 100644 --- a/mullvad-cli/src/cmds/mod.rs +++ b/mullvad-cli/src/cmds/mod.rs @@ -1,6 +1,5 @@ use clap::builder::{PossibleValuesParser, TypedValueParser, ValueParser}; -use std::io::stdin; -use std::ops::Deref; +use std::{io::stdin, ops::Deref}; pub mod account; pub mod api_access; @@ -8,6 +7,7 @@ pub mod auto_connect; pub mod beta_program; pub mod bridge; pub mod custom_list; +pub mod debug; pub mod dns; pub mod import_settings; pub mod lan; diff --git a/mullvad-cli/src/main.rs b/mullvad-cli/src/main.rs index 669445c93381..83bd28389223 100644 --- a/mullvad-cli/src/main.rs +++ b/mullvad-cli/src/main.rs @@ -31,6 +31,13 @@ enum Cli { #[clap(subcommand)] LockdownMode(lockdown::LockdownMode), + /// Debug commands used for internal testing of the app. + /// + /// These commands will likely set the app in an invalid state, which is + /// used to test security under various edge cases. + #[clap(subcommand, hide = true)] + Debug(debug::DebugCommands), + /// Configure DNS servers to use when connected #[clap(subcommand)] Dns(dns::Dns), @@ -70,7 +77,6 @@ enum Cli { /// Manage relay and tunnel constraints #[clap(subcommand)] Relay(relay::Relay), - /// Manage Mullvad API access methods. /// /// Access methods are used to connect to the the Mullvad API via one of @@ -148,6 +154,7 @@ async fn main() -> Result<()> { Cli::Bridge(cmd) => cmd.handle().await, Cli::Connect { wait } => tunnel_state::connect(wait).await, Cli::Reconnect { wait } => tunnel_state::reconnect(wait).await, + Cli::Debug(cmd) => cmd.handle().await, Cli::Disconnect { wait } => tunnel_state::disconnect(wait).await, Cli::AutoConnect(cmd) => cmd.handle().await, Cli::BetaProgram(cmd) => cmd.handle().await,