Add ssh related flags

# Conflicts:
#	client/proto/daemon.pb.go
#	client/proto/daemon.proto
#	client/server/server.go

client/cmd/login.go

@@ -115,6 +115,24 @@ func doDaemonLogin(ctx context.Context, cmd *cobra.Command, providedSetupKey str
 		loginRequest.OptionalPreSharedKey = &preSharedKey
 	}
 
+	// set the new config
+	cfg, err := client.GetConfig(ctx, &proto.GetConfigRequest{
+		ProfileName: activeProf.Name,
+		Username:    username,
+	})
+	if err != nil {
+		return fmt.Errorf("get config from daemon: %v", err)
+	}
+
+	req := setupSetConfigReqForLogin(cfg, activeProf.Name, username)
+	if _, err := client.SetConfig(ctx, req); err != nil {
+		if st, ok := gstatus.FromError(err); ok && st.Code() == codes.Unavailable {
+			log.Warnf("setConfig method is not available in the daemon")
+		} else {
+			return fmt.Errorf("call service setConfig method: %v", err)
+		}
+	}
+
 	var loginErr error
 
 	var loginResp *proto.LoginResponse
@@ -398,3 +416,34 @@ func setEnvAndFlags(cmd *cobra.Command) error {
 
 	return nil
 }
+
+func setupSetConfigReqForLogin(cfg *proto.GetConfigResponse, profileName, username string) *proto.SetConfigRequest {
+	var req proto.SetConfigRequest
+	req.ProfileName = profileName
+	req.Username = username
+
+	req.ManagementUrl = managementURL
+	req.AdminURL = adminURL
+
+	req.RosenpassEnabled = &cfg.RosenpassEnabled
+	req.RosenpassPermissive = &cfg.RosenpassPermissive
+	req.DisableAutoConnect = &cfg.DisableAutoConnect
+	req.ServerSSHAllowed = &cfg.ServerSSHAllowed
+	req.NetworkMonitor = &cfg.NetworkMonitor
+	req.DisableClientRoutes = &cfg.DisableClientRoutes
+	req.DisableServerRoutes = &cfg.DisableServerRoutes
+	req.DisableDns = &cfg.DisableDns
+	req.DisableFirewall = &cfg.DisableFirewall
+	req.BlockLanAccess = &cfg.BlockLanAccess
+	req.DisableNotifications = &cfg.DisableNotifications
+	req.LazyConnectionEnabled = &cfg.LazyConnectionEnabled
+	req.BlockInbound = &cfg.BlockInbound
+	req.DisableSSHAuth = &cfg.DisableSSHAuth
+	req.EnableSSHRoot = &cfg.EnableSSHRoot
+	req.EnableSSHSFTP = &cfg.EnableSSHSFTP
+	req.EnableSSHLocalPortForwarding = &cfg.EnableSSHLocalPortForwarding
+	req.EnableSSHRemotePortForwarding = &cfg.EnableSSHRemotePortForwarding
+	req.SshJWTCacheTTL = &cfg.SshJWTCacheTTL
+
+	return &req
+}

client/proto/daemon.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.36.6
-// 	protoc        v3.21.12
+// 	protoc        v6.33.1
 // source: daemon.proto
 
 package proto
@@ -1265,6 +1265,7 @@ type GetConfigResponse struct {
 	EnableSSHRemotePortForwarding bool   `protobuf:"varint,23,opt,name=enableSSHRemotePortForwarding,proto3" json:"enableSSHRemotePortForwarding,omitempty"`
 	DisableSSHAuth                bool   `protobuf:"varint,25,opt,name=disableSSHAuth,proto3" json:"disableSSHAuth,omitempty"`
 	SshJWTCacheTTL                int32  `protobuf:"varint,26,opt,name=sshJWTCacheTTL,proto3" json:"sshJWTCacheTTL,omitempty"`
+	DisableFirewall               bool   `protobuf:"varint,27,opt,name=disable_firewall,json=disableFirewall,proto3" json:"disable_firewall,omitempty"`
 	unknownFields                 protoimpl.UnknownFields
 	sizeCache                     protoimpl.SizeCache
 }
@@ -1481,6 +1482,13 @@ func (x *GetConfigResponse) GetSshJWTCacheTTL() int32 {
 	return 0
 }
 
+func (x *GetConfigResponse) GetDisableFirewall() bool {
+	if x != nil {
+		return x.DisableFirewall
+	}
+	return false
+}
+
 // PeerState contains the latest state of a peer
 type PeerState struct {
 	state                      protoimpl.MessageState `protogen:"open.v1"`
@@ -5625,7 +5633,7 @@ const file_daemon_proto_rawDesc = "" +
 	"\fDownResponse\"P\n" +
 	"\x10GetConfigRequest\x12 \n" +
 	"\vprofileName\x18\x01 \x01(\tR\vprofileName\x12\x1a\n" +
-	"\busername\x18\x02 \x01(\tR\busername\"\xdb\b\n" +
+	"\busername\x18\x02 \x01(\tR\busername\"\x86\t\n" +
 	"\x11GetConfigResponse\x12$\n" +
 	"\rmanagementUrl\x18\x01 \x01(\tR\rmanagementUrl\x12\x1e\n" +
 	"\n" +
@@ -5656,7 +5664,8 @@ const file_daemon_proto_rawDesc = "" +
 	"\x1cenableSSHLocalPortForwarding\x18\x16 \x01(\bR\x1cenableSSHLocalPortForwarding\x12D\n" +
 	"\x1denableSSHRemotePortForwarding\x18\x17 \x01(\bR\x1denableSSHRemotePortForwarding\x12&\n" +
 	"\x0edisableSSHAuth\x18\x19 \x01(\bR\x0edisableSSHAuth\x12&\n" +
-	"\x0esshJWTCacheTTL\x18\x1a \x01(\x05R\x0esshJWTCacheTTL\"\xfe\x05\n" +
+	"\x0esshJWTCacheTTL\x18\x1a \x01(\x05R\x0esshJWTCacheTTL\x12)\n" +
+	"\x10disable_firewall\x18\x1b \x01(\bR\x0fdisableFirewall\"\xfe\x05\n" +
 	"\tPeerState\x12\x0e\n" +
 	"\x02IP\x18\x01 \x01(\tR\x02IP\x12\x16\n" +
 	"\x06pubKey\x18\x02 \x01(\tR\x06pubKey\x12\x1e\n" +

client/proto/daemon.proto

@@ -303,6 +303,8 @@ message GetConfigResponse {
   bool disableSSHAuth = 25;
 
   int32 sshJWTCacheTTL = 26;
+
+  bool disable_firewall = 27;
 }
 
 // PeerState contains the latest state of a peer

client/server/server.go

@@ -1386,6 +1386,7 @@ func (s *Server) GetConfig(ctx context.Context, req *proto.GetConfigRequest) (*p
 	disableClientRoutes := cfg.DisableClientRoutes
 	disableServerRoutes := cfg.DisableServerRoutes
 	blockLANAccess := cfg.BlockLANAccess
+	disableFirewall := cfg.DisableFirewall
 
 	enableSSHRoot := false
 	if cfg.EnableSSHRoot != nil {
@@ -1442,6 +1443,7 @@ func (s *Server) GetConfig(ctx context.Context, req *proto.GetConfigRequest) (*p
 		EnableSSHRemotePortForwarding: enableSSHRemotePortForwarding,
 		DisableSSHAuth:                disableSSHAuth,
 		SshJWTCacheTTL:                sshJWTCacheTTL,
+		DisableFirewall:               disableFirewall,
 	}, nil
 }