2020-02-05 22:16:58 +00:00
|
|
|
// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
|
|
|
|
// Use of this source code is governed by a BSD-style
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
package ipnserver
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bufio"
|
|
|
|
"context"
|
2020-10-09 19:15:57 +00:00
|
|
|
"errors"
|
2020-02-05 22:16:58 +00:00
|
|
|
"fmt"
|
2020-09-11 22:11:28 +00:00
|
|
|
"io"
|
2020-11-02 17:52:59 +00:00
|
|
|
"io/ioutil"
|
2020-02-05 22:16:58 +00:00
|
|
|
"log"
|
|
|
|
"net"
|
2020-03-26 05:57:46 +00:00
|
|
|
"net/http"
|
2020-02-05 22:16:58 +00:00
|
|
|
"os"
|
|
|
|
"os/exec"
|
|
|
|
"os/signal"
|
2020-09-11 22:11:28 +00:00
|
|
|
"os/user"
|
|
|
|
"runtime"
|
ipn, ipnserver, cmd/tailscale: add "server mode" support on Windows
This partially (but not yet fully) migrates Windows to tailscaled's
StateStore storage system.
This adds a new bool Pref, ForceDaemon, defined as:
// ForceDaemon specifies whether a platform that normally
// operates in "client mode" (that is, requires an active user
// logged in with the GUI app running) should keep running after the
// GUI ends and/or the user logs out.
//
// The only current applicable platform is Windows. This
// forced Windows to go into "server mode" where Tailscale is
// running even with no users logged in. This might also be
// used for macOS in the future. This setting has no effect
// for Linux/etc, which always operate in daemon mode.
Then, when ForceDaemon becomes true, we now write use the StateStore
to track which user started it in server mode, and store their prefs
under that key.
The ipnserver validates the connections/identities and informs that
LocalBackend which userid is currently in charge.
The GUI can then enable/disable server mode at runtime, without using
the CLI.
But the "tailscale up" CLI was also fixed, so Windows users can use
authkeys or ACL tags, etc.
Updates #275
2020-10-12 21:28:21 +00:00
|
|
|
"strings"
|
2020-02-05 22:16:58 +00:00
|
|
|
"sync"
|
|
|
|
"syscall"
|
|
|
|
"time"
|
|
|
|
|
2021-02-15 18:41:52 +00:00
|
|
|
"go4.org/mem"
|
2020-09-11 22:11:28 +00:00
|
|
|
"inet.af/netaddr"
|
2020-02-05 22:16:58 +00:00
|
|
|
"tailscale.com/control/controlclient"
|
|
|
|
"tailscale.com/ipn"
|
2021-02-04 21:12:42 +00:00
|
|
|
"tailscale.com/ipn/ipnlocal"
|
2021-02-15 18:41:52 +00:00
|
|
|
"tailscale.com/ipn/localapi"
|
2020-10-29 22:02:04 +00:00
|
|
|
"tailscale.com/log/filelogger"
|
2020-02-05 22:16:58 +00:00
|
|
|
"tailscale.com/logtail/backoff"
|
2020-09-11 22:11:28 +00:00
|
|
|
"tailscale.com/net/netstat"
|
2020-02-05 22:16:58 +00:00
|
|
|
"tailscale.com/safesocket"
|
2020-07-02 18:26:33 +00:00
|
|
|
"tailscale.com/smallzstd"
|
2020-02-15 03:23:16 +00:00
|
|
|
"tailscale.com/types/logger"
|
2020-09-11 22:11:28 +00:00
|
|
|
"tailscale.com/util/pidowner"
|
2020-11-24 23:35:04 +00:00
|
|
|
"tailscale.com/util/systemd"
|
2020-02-16 02:14:50 +00:00
|
|
|
"tailscale.com/version"
|
2020-02-05 22:16:58 +00:00
|
|
|
"tailscale.com/wgengine"
|
|
|
|
)
|
|
|
|
|
2020-02-16 02:14:50 +00:00
|
|
|
// Options is the configuration of the Tailscale node agent.
|
2020-02-05 22:16:58 +00:00
|
|
|
type Options struct {
|
2020-02-18 20:33:28 +00:00
|
|
|
// SocketPath, on unix systems, is the unix socket path to listen
|
|
|
|
// on for frontend connections.
|
|
|
|
SocketPath string
|
2020-07-08 21:15:33 +00:00
|
|
|
|
2020-02-18 20:33:28 +00:00
|
|
|
// Port, on windows, is the localhost TCP port to listen on for
|
|
|
|
// frontend connections.
|
|
|
|
Port int
|
2020-07-08 21:15:33 +00:00
|
|
|
|
2020-02-16 02:14:50 +00:00
|
|
|
// StatePath is the path to the stored agent state.
|
|
|
|
StatePath string
|
2020-07-08 21:15:33 +00:00
|
|
|
|
2020-02-16 02:14:50 +00:00
|
|
|
// AutostartStateKey, if non-empty, immediately starts the agent
|
|
|
|
// using the given StateKey. If empty, the agent stays idle and
|
|
|
|
// waits for a frontend to start it.
|
|
|
|
AutostartStateKey ipn.StateKey
|
2020-07-08 21:15:33 +00:00
|
|
|
|
2020-02-20 07:23:34 +00:00
|
|
|
// LegacyConfigPath optionally specifies the old-style relaynode
|
|
|
|
// relay.conf location. If both LegacyConfigPath and
|
|
|
|
// AutostartStateKey are specified and the requested state doesn't
|
|
|
|
// exist in the backend store, the backend migrates the config
|
|
|
|
// from LegacyConfigPath.
|
|
|
|
//
|
|
|
|
// TODO(danderson): remove some time after the transition to
|
|
|
|
// tailscaled is done.
|
|
|
|
LegacyConfigPath string
|
2020-07-08 21:15:33 +00:00
|
|
|
|
2020-02-16 02:14:50 +00:00
|
|
|
// SurviveDisconnects specifies how the server reacts to its
|
|
|
|
// frontend disconnecting. If true, the server keeps running on
|
|
|
|
// its existing state, and accepts new frontend connections. If
|
|
|
|
// false, the server dumps its state and becomes idle.
|
2020-07-15 19:23:36 +00:00
|
|
|
//
|
ipn, ipnserver, cmd/tailscale: add "server mode" support on Windows
This partially (but not yet fully) migrates Windows to tailscaled's
StateStore storage system.
This adds a new bool Pref, ForceDaemon, defined as:
// ForceDaemon specifies whether a platform that normally
// operates in "client mode" (that is, requires an active user
// logged in with the GUI app running) should keep running after the
// GUI ends and/or the user logs out.
//
// The only current applicable platform is Windows. This
// forced Windows to go into "server mode" where Tailscale is
// running even with no users logged in. This might also be
// used for macOS in the future. This setting has no effect
// for Linux/etc, which always operate in daemon mode.
Then, when ForceDaemon becomes true, we now write use the StateStore
to track which user started it in server mode, and store their prefs
under that key.
The ipnserver validates the connections/identities and informs that
LocalBackend which userid is currently in charge.
The GUI can then enable/disable server mode at runtime, without using
the CLI.
But the "tailscale up" CLI was also fixed, so Windows users can use
authkeys or ACL tags, etc.
Updates #275
2020-10-12 21:28:21 +00:00
|
|
|
// This is effectively whether the platform is in "server
|
|
|
|
// mode" by default. On Linux, it's true; on Windows, it's
|
|
|
|
// false. But on some platforms (currently only Windows), the
|
|
|
|
// "server mode" can be overridden at runtime with a change in
|
|
|
|
// Prefs.ForceDaemon/WantRunning.
|
|
|
|
//
|
2020-07-15 19:23:36 +00:00
|
|
|
// To support CLI connections (notably, "tailscale status"),
|
|
|
|
// the actual definition of "disconnect" is when the
|
|
|
|
// connection count transitions from 1 to 0.
|
2020-02-05 22:16:58 +00:00
|
|
|
SurviveDisconnects bool
|
2020-03-26 05:57:46 +00:00
|
|
|
|
|
|
|
// DebugMux, if non-nil, specifies an HTTP ServeMux in which
|
|
|
|
// to register a debug handler.
|
|
|
|
DebugMux *http.ServeMux
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
|
|
|
|
2020-07-15 19:23:36 +00:00
|
|
|
// server is an IPN backend and its set of 0 or more active connections
|
|
|
|
// talking to an IPN backend.
|
|
|
|
type server struct {
|
2021-02-04 21:12:42 +00:00
|
|
|
b *ipnlocal.LocalBackend
|
ipn, ipnserver, cmd/tailscale: add "server mode" support on Windows
This partially (but not yet fully) migrates Windows to tailscaled's
StateStore storage system.
This adds a new bool Pref, ForceDaemon, defined as:
// ForceDaemon specifies whether a platform that normally
// operates in "client mode" (that is, requires an active user
// logged in with the GUI app running) should keep running after the
// GUI ends and/or the user logs out.
//
// The only current applicable platform is Windows. This
// forced Windows to go into "server mode" where Tailscale is
// running even with no users logged in. This might also be
// used for macOS in the future. This setting has no effect
// for Linux/etc, which always operate in daemon mode.
Then, when ForceDaemon becomes true, we now write use the StateStore
to track which user started it in server mode, and store their prefs
under that key.
The ipnserver validates the connections/identities and informs that
LocalBackend which userid is currently in charge.
The GUI can then enable/disable server mode at runtime, without using
the CLI.
But the "tailscale up" CLI was also fixed, so Windows users can use
authkeys or ACL tags, etc.
Updates #275
2020-10-12 21:28:21 +00:00
|
|
|
logf logger.Logf
|
|
|
|
// resetOnZero is whether to call bs.Reset on transition from
|
|
|
|
// 1->0 connections. That is, this is whether the backend is
|
|
|
|
// being run in "client mode" that requires an active GUI
|
|
|
|
// connection (such as on Windows by default). Even if this
|
|
|
|
// is true, the ForceDaemon pref can override this.
|
|
|
|
resetOnZero bool
|
2020-07-15 19:23:36 +00:00
|
|
|
|
|
|
|
bsMu sync.Mutex // lock order: bsMu, then mu
|
|
|
|
bs *ipn.BackendServer
|
2020-02-05 22:16:58 +00:00
|
|
|
|
ipn, ipnserver, cmd/tailscale: add "server mode" support on Windows
This partially (but not yet fully) migrates Windows to tailscaled's
StateStore storage system.
This adds a new bool Pref, ForceDaemon, defined as:
// ForceDaemon specifies whether a platform that normally
// operates in "client mode" (that is, requires an active user
// logged in with the GUI app running) should keep running after the
// GUI ends and/or the user logs out.
//
// The only current applicable platform is Windows. This
// forced Windows to go into "server mode" where Tailscale is
// running even with no users logged in. This might also be
// used for macOS in the future. This setting has no effect
// for Linux/etc, which always operate in daemon mode.
Then, when ForceDaemon becomes true, we now write use the StateStore
to track which user started it in server mode, and store their prefs
under that key.
The ipnserver validates the connections/identities and informs that
LocalBackend which userid is currently in charge.
The GUI can then enable/disable server mode at runtime, without using
the CLI.
But the "tailscale up" CLI was also fixed, so Windows users can use
authkeys or ACL tags, etc.
Updates #275
2020-10-12 21:28:21 +00:00
|
|
|
mu sync.Mutex
|
2020-11-02 17:52:59 +00:00
|
|
|
serverModeUser *user.User // or nil if not in server mode
|
|
|
|
lastUserID string // tracks last userid; on change, Reset state for paranoia
|
|
|
|
allClients map[net.Conn]connIdentity // HTTP or IPN
|
|
|
|
clients map[net.Conn]bool // subset of allClients; only IPN protocol
|
|
|
|
disconnectSub map[chan<- struct{}]struct{} // keys are subscribers of disconnects
|
2020-07-15 19:23:36 +00:00
|
|
|
}
|
|
|
|
|
2020-10-09 19:15:57 +00:00
|
|
|
// connIdentity represents the owner of a localhost TCP connection.
|
|
|
|
type connIdentity struct {
|
2021-01-29 21:18:23 +00:00
|
|
|
Unknown bool
|
|
|
|
Pid int
|
|
|
|
UserID string
|
|
|
|
User *user.User
|
|
|
|
IsUnixSock bool
|
2020-10-09 19:15:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// getConnIdentity returns the localhost TCP connection's identity information
|
|
|
|
// (pid, userid, user). If it's not Windows (for now), it returns a nil error
|
|
|
|
// and a ConnIdentity with Unknown set true. It's only an error if we expected
|
|
|
|
// to be able to map it and couldn't.
|
2020-10-29 16:57:21 +00:00
|
|
|
func (s *server) getConnIdentity(c net.Conn) (ci connIdentity, err error) {
|
2020-10-09 19:15:57 +00:00
|
|
|
if runtime.GOOS != "windows" { // for now; TODO: expand to other OSes
|
2021-01-29 21:18:23 +00:00
|
|
|
ci = connIdentity{Unknown: true}
|
|
|
|
_, ci.IsUnixSock = c.(*net.UnixConn)
|
|
|
|
return ci, nil
|
2020-10-09 19:15:57 +00:00
|
|
|
}
|
|
|
|
la, err := netaddr.ParseIPPort(c.LocalAddr().String())
|
|
|
|
if err != nil {
|
|
|
|
return ci, fmt.Errorf("parsing local address: %w", err)
|
|
|
|
}
|
|
|
|
ra, err := netaddr.ParseIPPort(c.RemoteAddr().String())
|
|
|
|
if err != nil {
|
|
|
|
return ci, fmt.Errorf("parsing local remote: %w", err)
|
|
|
|
}
|
|
|
|
if !la.IP.IsLoopback() || !ra.IP.IsLoopback() {
|
|
|
|
return ci, errors.New("non-loopback connection")
|
|
|
|
}
|
|
|
|
tab, err := netstat.Get()
|
|
|
|
if err != nil {
|
|
|
|
return ci, fmt.Errorf("failed to get local connection table: %w", err)
|
|
|
|
}
|
|
|
|
pid := peerPid(tab.Entries, la, ra)
|
|
|
|
if pid == 0 {
|
|
|
|
return ci, errors.New("no local process found matching localhost connection")
|
|
|
|
}
|
|
|
|
ci.Pid = pid
|
|
|
|
uid, err := pidowner.OwnerOfPID(pid)
|
|
|
|
if err != nil {
|
|
|
|
var hint string
|
|
|
|
if runtime.GOOS == "windows" {
|
|
|
|
hint = " (WSL?)"
|
|
|
|
}
|
|
|
|
return ci, fmt.Errorf("failed to map connection's pid to a user%s: %w", hint, err)
|
|
|
|
}
|
|
|
|
ci.UserID = uid
|
2020-10-29 16:57:21 +00:00
|
|
|
u, err := s.lookupUserFromID(uid)
|
2020-10-09 19:15:57 +00:00
|
|
|
if err != nil {
|
|
|
|
return ci, fmt.Errorf("failed to look up user from userid: %w", err)
|
|
|
|
}
|
|
|
|
ci.User = u
|
|
|
|
return ci, nil
|
|
|
|
}
|
2020-09-11 22:11:28 +00:00
|
|
|
|
2020-10-29 16:57:21 +00:00
|
|
|
func (s *server) lookupUserFromID(uid string) (*user.User, error) {
|
|
|
|
u, err := user.LookupId(uid)
|
|
|
|
if err != nil && runtime.GOOS == "windows" && errors.Is(err, syscall.Errno(0x534)) {
|
|
|
|
s.logf("[warning] issue 869: os/user.LookupId failed; ignoring")
|
|
|
|
// Work around https://github.com/tailscale/tailscale/issues/869 for
|
|
|
|
// now. We don't strictly need the username. It's just a nice-to-have.
|
|
|
|
// So make up a *user.User if their machine is broken in this way.
|
|
|
|
return &user.User{
|
|
|
|
Uid: uid,
|
|
|
|
Username: "unknown-user-" + uid,
|
|
|
|
Name: "unknown user " + uid,
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
return u, err
|
|
|
|
}
|
|
|
|
|
2020-11-02 17:52:59 +00:00
|
|
|
// blockWhileInUse blocks while until either a Read from conn fails
|
|
|
|
// (i.e. it's closed) or until the server is able to accept ci as a
|
|
|
|
// user.
|
|
|
|
func (s *server) blockWhileInUse(conn io.Reader, ci connIdentity) {
|
|
|
|
s.logf("blocking client while server in use; connIdentity=%v", ci)
|
|
|
|
connDone := make(chan struct{})
|
|
|
|
go func() {
|
|
|
|
io.Copy(ioutil.Discard, conn)
|
|
|
|
close(connDone)
|
|
|
|
}()
|
|
|
|
ch := make(chan struct{}, 1)
|
|
|
|
s.registerDisconnectSub(ch, true)
|
|
|
|
defer s.registerDisconnectSub(ch, false)
|
|
|
|
for {
|
|
|
|
select {
|
|
|
|
case <-connDone:
|
|
|
|
s.logf("blocked client Read completed; connIdentity=%v", ci)
|
|
|
|
return
|
|
|
|
case <-ch:
|
|
|
|
s.mu.Lock()
|
|
|
|
err := s.checkConnIdentityLocked(ci)
|
|
|
|
s.mu.Unlock()
|
|
|
|
if err == nil {
|
|
|
|
s.logf("unblocking client, server is free; connIdentity=%v", ci)
|
|
|
|
// Server is now available again for a new user.
|
|
|
|
// TODO(bradfitz): keep this connection alive. But for
|
|
|
|
// now just return and have our caller close the connection
|
|
|
|
// (which unblocks the io.Copy goroutine we started above)
|
|
|
|
// and then the client (e.g. Windows) will reconnect and
|
|
|
|
// discover that it works.
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-02-15 18:41:52 +00:00
|
|
|
// bufferHasHTTPRequest reports whether br looks like it has an HTTP
|
|
|
|
// request in it, without reading any bytes from it.
|
|
|
|
func bufferHasHTTPRequest(br *bufio.Reader) bool {
|
|
|
|
peek, _ := br.Peek(br.Buffered())
|
|
|
|
return mem.HasPrefix(mem.B(peek), mem.S("GET ")) ||
|
|
|
|
mem.HasPrefix(mem.B(peek), mem.S("POST ")) ||
|
|
|
|
mem.Contains(mem.B(peek), mem.S(" HTTP/"))
|
|
|
|
}
|
|
|
|
|
2020-10-09 19:15:57 +00:00
|
|
|
func (s *server) serveConn(ctx context.Context, c net.Conn, logf logger.Logf) {
|
2020-09-11 22:11:28 +00:00
|
|
|
// First see if it's an HTTP request.
|
2020-10-09 19:15:57 +00:00
|
|
|
br := bufio.NewReader(c)
|
2020-09-11 22:11:28 +00:00
|
|
|
c.SetReadDeadline(time.Now().Add(time.Second))
|
2021-02-15 18:41:52 +00:00
|
|
|
br.Peek(4)
|
2020-09-11 22:11:28 +00:00
|
|
|
c.SetReadDeadline(time.Time{})
|
2021-02-15 18:41:52 +00:00
|
|
|
isHTTPReq := bufferHasHTTPRequest(br)
|
2020-10-09 19:15:57 +00:00
|
|
|
|
|
|
|
ci, err := s.addConn(c, isHTTPReq)
|
|
|
|
if err != nil {
|
|
|
|
if isHTTPReq {
|
|
|
|
fmt.Fprintf(c, "HTTP/1.0 500 Nope\r\nContent-Type: text/plain\r\nX-Content-Type-Options: nosniff\r\n\r\n%s\n", err.Error())
|
|
|
|
c.Close()
|
|
|
|
return
|
|
|
|
}
|
|
|
|
defer c.Close()
|
|
|
|
serverToClient := func(b []byte) { ipn.WriteMsg(c, b) }
|
|
|
|
bs := ipn.NewBackendServer(logf, nil, serverToClient)
|
2020-11-02 17:52:59 +00:00
|
|
|
_, occupied := err.(inUseOtherUserError)
|
|
|
|
if occupied {
|
|
|
|
bs.SendInUseOtherUserErrorMessage(err.Error())
|
|
|
|
s.blockWhileInUse(c, ci)
|
|
|
|
} else {
|
|
|
|
bs.SendErrorMessage(err.Error())
|
|
|
|
time.Sleep(time.Second)
|
|
|
|
}
|
2020-10-09 19:15:57 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
ipn, ipnserver, cmd/tailscale: add "server mode" support on Windows
This partially (but not yet fully) migrates Windows to tailscaled's
StateStore storage system.
This adds a new bool Pref, ForceDaemon, defined as:
// ForceDaemon specifies whether a platform that normally
// operates in "client mode" (that is, requires an active user
// logged in with the GUI app running) should keep running after the
// GUI ends and/or the user logs out.
//
// The only current applicable platform is Windows. This
// forced Windows to go into "server mode" where Tailscale is
// running even with no users logged in. This might also be
// used for macOS in the future. This setting has no effect
// for Linux/etc, which always operate in daemon mode.
Then, when ForceDaemon becomes true, we now write use the StateStore
to track which user started it in server mode, and store their prefs
under that key.
The ipnserver validates the connections/identities and informs that
LocalBackend which userid is currently in charge.
The GUI can then enable/disable server mode at runtime, without using
the CLI.
But the "tailscale up" CLI was also fixed, so Windows users can use
authkeys or ACL tags, etc.
Updates #275
2020-10-12 21:28:21 +00:00
|
|
|
// Tell the LocalBackend about the identity we're now running as.
|
|
|
|
s.b.SetCurrentUserID(ci.UserID)
|
|
|
|
|
2020-10-09 19:15:57 +00:00
|
|
|
if isHTTPReq {
|
2021-02-15 18:41:52 +00:00
|
|
|
httpServer := &http.Server{
|
2020-10-09 19:15:57 +00:00
|
|
|
// Localhost connections are cheap; so only do
|
|
|
|
// keep-alives for a short period of time, as these
|
|
|
|
// active connections lock the server into only serving
|
|
|
|
// that user. If the user has this page open, we don't
|
|
|
|
// want another switching user to be locked out for
|
|
|
|
// minutes. 5 seconds is enough to let browser hit
|
|
|
|
// favicon.ico and such.
|
|
|
|
IdleTimeout: 5 * time.Second,
|
|
|
|
ErrorLog: logger.StdLogger(logf),
|
|
|
|
Handler: s.localhostHandler(ci),
|
|
|
|
}
|
|
|
|
httpServer.Serve(&oneConnListener{&protoSwitchConn{s: s, br: br, Conn: c}})
|
2020-09-11 22:11:28 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-07-15 19:23:36 +00:00
|
|
|
defer s.removeAndCloseConn(c)
|
2020-12-21 18:58:06 +00:00
|
|
|
logf("[v1] incoming control connection")
|
2020-10-09 19:15:57 +00:00
|
|
|
|
2021-01-15 16:43:23 +00:00
|
|
|
if isReadonlyConn(c, logf) {
|
|
|
|
ctx = ipn.ReadonlyContextOf(ctx)
|
|
|
|
}
|
|
|
|
|
2020-07-15 19:23:36 +00:00
|
|
|
for ctx.Err() == nil {
|
2020-09-11 22:11:28 +00:00
|
|
|
msg, err := ipn.ReadMsg(br)
|
2020-02-05 22:16:58 +00:00
|
|
|
if err != nil {
|
2020-12-21 18:58:06 +00:00
|
|
|
if errors.Is(err, io.EOF) {
|
|
|
|
logf("[v1] ReadMsg: %v", err)
|
|
|
|
} else if ctx.Err() == nil {
|
2020-07-15 19:23:36 +00:00
|
|
|
logf("ReadMsg: %v", err)
|
|
|
|
}
|
|
|
|
return
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
2020-07-15 19:23:36 +00:00
|
|
|
s.bsMu.Lock()
|
2021-01-15 16:43:23 +00:00
|
|
|
if err := s.bs.GotCommandMsg(ctx, msg); err != nil {
|
2020-04-11 15:35:34 +00:00
|
|
|
logf("GotCommandMsg: %v", err)
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
2020-07-15 19:23:36 +00:00
|
|
|
gotQuit := s.bs.GotQuit
|
|
|
|
s.bsMu.Unlock()
|
|
|
|
if gotQuit {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-11-02 17:52:59 +00:00
|
|
|
// inUseOtherUserError is the error type for when the server is in use
|
|
|
|
// by a different local user.
|
|
|
|
type inUseOtherUserError struct{ error }
|
|
|
|
|
|
|
|
func (e inUseOtherUserError) Unwrap() error { return e.error }
|
|
|
|
|
|
|
|
// checkConnIdentityLocked checks whether the provided identity is
|
|
|
|
// allowed to connect to the server.
|
|
|
|
//
|
|
|
|
// The returned error, when non-nil, will be of type inUseOtherUserError.
|
|
|
|
//
|
|
|
|
// s.mu must be held.
|
|
|
|
func (s *server) checkConnIdentityLocked(ci connIdentity) error {
|
|
|
|
// If clients are already connected, verify they're the same user.
|
|
|
|
// This mostly matters on Windows at the moment.
|
|
|
|
if len(s.allClients) > 0 {
|
|
|
|
var active connIdentity
|
|
|
|
for _, active = range s.allClients {
|
|
|
|
break
|
|
|
|
}
|
|
|
|
if ci.UserID != active.UserID {
|
|
|
|
//lint:ignore ST1005 we want to capitalize Tailscale here
|
|
|
|
return inUseOtherUserError{fmt.Errorf("Tailscale already in use by %s, pid %d", active.User.Username, active.Pid)}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if su := s.serverModeUser; su != nil && ci.UserID != su.Uid {
|
|
|
|
//lint:ignore ST1005 we want to capitalize Tailscale here
|
2020-11-03 05:11:20 +00:00
|
|
|
return inUseOtherUserError{fmt.Errorf("Tailscale already in use by %s", su.Username)}
|
2020-11-02 17:52:59 +00:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// registerDisconnectSub adds ch as a subscribe to connection disconnect
|
|
|
|
// events. If add is false, the subscriber is removed.
|
|
|
|
func (s *server) registerDisconnectSub(ch chan<- struct{}, add bool) {
|
|
|
|
s.mu.Lock()
|
|
|
|
defer s.mu.Unlock()
|
|
|
|
if add {
|
|
|
|
if s.disconnectSub == nil {
|
|
|
|
s.disconnectSub = make(map[chan<- struct{}]struct{})
|
|
|
|
}
|
|
|
|
s.disconnectSub[ch] = struct{}{}
|
|
|
|
} else {
|
|
|
|
delete(s.disconnectSub, ch)
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
// addConn adds c to the server's list of clients.
|
|
|
|
//
|
|
|
|
// If the returned error is of type inUseOtherUserError then the
|
|
|
|
// returned connIdentity is also valid.
|
2020-10-09 19:15:57 +00:00
|
|
|
func (s *server) addConn(c net.Conn, isHTTP bool) (ci connIdentity, err error) {
|
2020-10-29 16:57:21 +00:00
|
|
|
ci, err = s.getConnIdentity(c)
|
2020-10-09 19:15:57 +00:00
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
ipn, ipnserver, cmd/tailscale: add "server mode" support on Windows
This partially (but not yet fully) migrates Windows to tailscaled's
StateStore storage system.
This adds a new bool Pref, ForceDaemon, defined as:
// ForceDaemon specifies whether a platform that normally
// operates in "client mode" (that is, requires an active user
// logged in with the GUI app running) should keep running after the
// GUI ends and/or the user logs out.
//
// The only current applicable platform is Windows. This
// forced Windows to go into "server mode" where Tailscale is
// running even with no users logged in. This might also be
// used for macOS in the future. This setting has no effect
// for Linux/etc, which always operate in daemon mode.
Then, when ForceDaemon becomes true, we now write use the StateStore
to track which user started it in server mode, and store their prefs
under that key.
The ipnserver validates the connections/identities and informs that
LocalBackend which userid is currently in charge.
The GUI can then enable/disable server mode at runtime, without using
the CLI.
But the "tailscale up" CLI was also fixed, so Windows users can use
authkeys or ACL tags, etc.
Updates #275
2020-10-12 21:28:21 +00:00
|
|
|
// If the connected user changes, reset the backend server state to make
|
|
|
|
// sure node keys don't leak between users.
|
|
|
|
var doReset bool
|
|
|
|
defer func() {
|
|
|
|
if doReset {
|
|
|
|
s.logf("identity changed; resetting server")
|
|
|
|
s.bsMu.Lock()
|
2021-01-15 16:43:23 +00:00
|
|
|
s.bs.Reset(context.TODO())
|
ipn, ipnserver, cmd/tailscale: add "server mode" support on Windows
This partially (but not yet fully) migrates Windows to tailscaled's
StateStore storage system.
This adds a new bool Pref, ForceDaemon, defined as:
// ForceDaemon specifies whether a platform that normally
// operates in "client mode" (that is, requires an active user
// logged in with the GUI app running) should keep running after the
// GUI ends and/or the user logs out.
//
// The only current applicable platform is Windows. This
// forced Windows to go into "server mode" where Tailscale is
// running even with no users logged in. This might also be
// used for macOS in the future. This setting has no effect
// for Linux/etc, which always operate in daemon mode.
Then, when ForceDaemon becomes true, we now write use the StateStore
to track which user started it in server mode, and store their prefs
under that key.
The ipnserver validates the connections/identities and informs that
LocalBackend which userid is currently in charge.
The GUI can then enable/disable server mode at runtime, without using
the CLI.
But the "tailscale up" CLI was also fixed, so Windows users can use
authkeys or ACL tags, etc.
Updates #275
2020-10-12 21:28:21 +00:00
|
|
|
s.bsMu.Unlock()
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
2020-07-15 19:23:36 +00:00
|
|
|
s.mu.Lock()
|
|
|
|
defer s.mu.Unlock()
|
2020-10-09 19:15:57 +00:00
|
|
|
|
2020-07-15 19:23:36 +00:00
|
|
|
if s.clients == nil {
|
|
|
|
s.clients = map[net.Conn]bool{}
|
|
|
|
}
|
2020-10-09 19:15:57 +00:00
|
|
|
if s.allClients == nil {
|
|
|
|
s.allClients = map[net.Conn]connIdentity{}
|
|
|
|
}
|
|
|
|
|
2020-11-02 17:52:59 +00:00
|
|
|
if err := s.checkConnIdentityLocked(ci); err != nil {
|
|
|
|
return ci, err
|
ipn, ipnserver, cmd/tailscale: add "server mode" support on Windows
This partially (but not yet fully) migrates Windows to tailscaled's
StateStore storage system.
This adds a new bool Pref, ForceDaemon, defined as:
// ForceDaemon specifies whether a platform that normally
// operates in "client mode" (that is, requires an active user
// logged in with the GUI app running) should keep running after the
// GUI ends and/or the user logs out.
//
// The only current applicable platform is Windows. This
// forced Windows to go into "server mode" where Tailscale is
// running even with no users logged in. This might also be
// used for macOS in the future. This setting has no effect
// for Linux/etc, which always operate in daemon mode.
Then, when ForceDaemon becomes true, we now write use the StateStore
to track which user started it in server mode, and store their prefs
under that key.
The ipnserver validates the connections/identities and informs that
LocalBackend which userid is currently in charge.
The GUI can then enable/disable server mode at runtime, without using
the CLI.
But the "tailscale up" CLI was also fixed, so Windows users can use
authkeys or ACL tags, etc.
Updates #275
2020-10-12 21:28:21 +00:00
|
|
|
}
|
2020-10-09 19:15:57 +00:00
|
|
|
|
|
|
|
if !isHTTP {
|
|
|
|
s.clients[c] = true
|
|
|
|
}
|
|
|
|
s.allClients[c] = ci
|
|
|
|
|
ipn, ipnserver, cmd/tailscale: add "server mode" support on Windows
This partially (but not yet fully) migrates Windows to tailscaled's
StateStore storage system.
This adds a new bool Pref, ForceDaemon, defined as:
// ForceDaemon specifies whether a platform that normally
// operates in "client mode" (that is, requires an active user
// logged in with the GUI app running) should keep running after the
// GUI ends and/or the user logs out.
//
// The only current applicable platform is Windows. This
// forced Windows to go into "server mode" where Tailscale is
// running even with no users logged in. This might also be
// used for macOS in the future. This setting has no effect
// for Linux/etc, which always operate in daemon mode.
Then, when ForceDaemon becomes true, we now write use the StateStore
to track which user started it in server mode, and store their prefs
under that key.
The ipnserver validates the connections/identities and informs that
LocalBackend which userid is currently in charge.
The GUI can then enable/disable server mode at runtime, without using
the CLI.
But the "tailscale up" CLI was also fixed, so Windows users can use
authkeys or ACL tags, etc.
Updates #275
2020-10-12 21:28:21 +00:00
|
|
|
if s.lastUserID != ci.UserID {
|
|
|
|
if s.lastUserID != "" {
|
|
|
|
doReset = true
|
|
|
|
}
|
|
|
|
s.lastUserID = ci.UserID
|
|
|
|
}
|
2020-10-09 19:15:57 +00:00
|
|
|
return ci, nil
|
2020-07-15 19:23:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *server) removeAndCloseConn(c net.Conn) {
|
|
|
|
s.mu.Lock()
|
|
|
|
delete(s.clients, c)
|
2020-10-09 19:15:57 +00:00
|
|
|
delete(s.allClients, c)
|
|
|
|
remain := len(s.allClients)
|
2020-11-02 17:52:59 +00:00
|
|
|
for sub := range s.disconnectSub {
|
|
|
|
select {
|
|
|
|
case sub <- struct{}{}:
|
|
|
|
default:
|
|
|
|
}
|
|
|
|
}
|
2020-07-15 19:23:36 +00:00
|
|
|
s.mu.Unlock()
|
|
|
|
|
|
|
|
if remain == 0 && s.resetOnZero {
|
2020-11-02 17:52:59 +00:00
|
|
|
if s.b.InServerMode() {
|
ipn, ipnserver, cmd/tailscale: add "server mode" support on Windows
This partially (but not yet fully) migrates Windows to tailscaled's
StateStore storage system.
This adds a new bool Pref, ForceDaemon, defined as:
// ForceDaemon specifies whether a platform that normally
// operates in "client mode" (that is, requires an active user
// logged in with the GUI app running) should keep running after the
// GUI ends and/or the user logs out.
//
// The only current applicable platform is Windows. This
// forced Windows to go into "server mode" where Tailscale is
// running even with no users logged in. This might also be
// used for macOS in the future. This setting has no effect
// for Linux/etc, which always operate in daemon mode.
Then, when ForceDaemon becomes true, we now write use the StateStore
to track which user started it in server mode, and store their prefs
under that key.
The ipnserver validates the connections/identities and informs that
LocalBackend which userid is currently in charge.
The GUI can then enable/disable server mode at runtime, without using
the CLI.
But the "tailscale up" CLI was also fixed, so Windows users can use
authkeys or ACL tags, etc.
Updates #275
2020-10-12 21:28:21 +00:00
|
|
|
s.logf("client disconnected; staying alive in server mode")
|
|
|
|
} else {
|
|
|
|
s.logf("client disconnected; stopping server")
|
|
|
|
s.bsMu.Lock()
|
2021-01-15 16:43:23 +00:00
|
|
|
s.bs.Reset(context.TODO())
|
ipn, ipnserver, cmd/tailscale: add "server mode" support on Windows
This partially (but not yet fully) migrates Windows to tailscaled's
StateStore storage system.
This adds a new bool Pref, ForceDaemon, defined as:
// ForceDaemon specifies whether a platform that normally
// operates in "client mode" (that is, requires an active user
// logged in with the GUI app running) should keep running after the
// GUI ends and/or the user logs out.
//
// The only current applicable platform is Windows. This
// forced Windows to go into "server mode" where Tailscale is
// running even with no users logged in. This might also be
// used for macOS in the future. This setting has no effect
// for Linux/etc, which always operate in daemon mode.
Then, when ForceDaemon becomes true, we now write use the StateStore
to track which user started it in server mode, and store their prefs
under that key.
The ipnserver validates the connections/identities and informs that
LocalBackend which userid is currently in charge.
The GUI can then enable/disable server mode at runtime, without using
the CLI.
But the "tailscale up" CLI was also fixed, so Windows users can use
authkeys or ACL tags, etc.
Updates #275
2020-10-12 21:28:21 +00:00
|
|
|
s.bsMu.Unlock()
|
|
|
|
}
|
2020-07-15 19:23:36 +00:00
|
|
|
}
|
|
|
|
c.Close()
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *server) stopAll() {
|
|
|
|
s.mu.Lock()
|
|
|
|
defer s.mu.Unlock()
|
|
|
|
for c := range s.clients {
|
|
|
|
safesocket.ConnCloseRead(c)
|
|
|
|
safesocket.ConnCloseWrite(c)
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
2020-07-15 19:23:36 +00:00
|
|
|
s.clients = nil
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
|
|
|
|
ipn, ipnserver, cmd/tailscale: add "server mode" support on Windows
This partially (but not yet fully) migrates Windows to tailscaled's
StateStore storage system.
This adds a new bool Pref, ForceDaemon, defined as:
// ForceDaemon specifies whether a platform that normally
// operates in "client mode" (that is, requires an active user
// logged in with the GUI app running) should keep running after the
// GUI ends and/or the user logs out.
//
// The only current applicable platform is Windows. This
// forced Windows to go into "server mode" where Tailscale is
// running even with no users logged in. This might also be
// used for macOS in the future. This setting has no effect
// for Linux/etc, which always operate in daemon mode.
Then, when ForceDaemon becomes true, we now write use the StateStore
to track which user started it in server mode, and store their prefs
under that key.
The ipnserver validates the connections/identities and informs that
LocalBackend which userid is currently in charge.
The GUI can then enable/disable server mode at runtime, without using
the CLI.
But the "tailscale up" CLI was also fixed, so Windows users can use
authkeys or ACL tags, etc.
Updates #275
2020-10-12 21:28:21 +00:00
|
|
|
// setServerModeUserLocked is called when we're in server mode but our s.serverModeUser is nil.
|
|
|
|
//
|
|
|
|
// s.mu must be held
|
|
|
|
func (s *server) setServerModeUserLocked() {
|
|
|
|
var ci connIdentity
|
|
|
|
var ok bool
|
|
|
|
for _, ci = range s.allClients {
|
|
|
|
ok = true
|
|
|
|
break
|
|
|
|
}
|
|
|
|
if !ok {
|
|
|
|
s.logf("ipnserver: [unexpected] now in server mode, but no connected client")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if ci.Unknown {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if ci.User != nil {
|
|
|
|
s.logf("ipnserver: now in server mode; user=%v", ci.User.Username)
|
|
|
|
s.serverModeUser = ci.User
|
|
|
|
} else {
|
|
|
|
s.logf("ipnserver: [unexpected] now in server mode, but nil User")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-07-15 19:23:36 +00:00
|
|
|
func (s *server) writeToClients(b []byte) {
|
2020-11-02 17:52:59 +00:00
|
|
|
inServerMode := s.b.InServerMode()
|
ipn, ipnserver, cmd/tailscale: add "server mode" support on Windows
This partially (but not yet fully) migrates Windows to tailscaled's
StateStore storage system.
This adds a new bool Pref, ForceDaemon, defined as:
// ForceDaemon specifies whether a platform that normally
// operates in "client mode" (that is, requires an active user
// logged in with the GUI app running) should keep running after the
// GUI ends and/or the user logs out.
//
// The only current applicable platform is Windows. This
// forced Windows to go into "server mode" where Tailscale is
// running even with no users logged in. This might also be
// used for macOS in the future. This setting has no effect
// for Linux/etc, which always operate in daemon mode.
Then, when ForceDaemon becomes true, we now write use the StateStore
to track which user started it in server mode, and store their prefs
under that key.
The ipnserver validates the connections/identities and informs that
LocalBackend which userid is currently in charge.
The GUI can then enable/disable server mode at runtime, without using
the CLI.
But the "tailscale up" CLI was also fixed, so Windows users can use
authkeys or ACL tags, etc.
Updates #275
2020-10-12 21:28:21 +00:00
|
|
|
|
2020-07-15 19:23:36 +00:00
|
|
|
s.mu.Lock()
|
|
|
|
defer s.mu.Unlock()
|
ipn, ipnserver, cmd/tailscale: add "server mode" support on Windows
This partially (but not yet fully) migrates Windows to tailscaled's
StateStore storage system.
This adds a new bool Pref, ForceDaemon, defined as:
// ForceDaemon specifies whether a platform that normally
// operates in "client mode" (that is, requires an active user
// logged in with the GUI app running) should keep running after the
// GUI ends and/or the user logs out.
//
// The only current applicable platform is Windows. This
// forced Windows to go into "server mode" where Tailscale is
// running even with no users logged in. This might also be
// used for macOS in the future. This setting has no effect
// for Linux/etc, which always operate in daemon mode.
Then, when ForceDaemon becomes true, we now write use the StateStore
to track which user started it in server mode, and store their prefs
under that key.
The ipnserver validates the connections/identities and informs that
LocalBackend which userid is currently in charge.
The GUI can then enable/disable server mode at runtime, without using
the CLI.
But the "tailscale up" CLI was also fixed, so Windows users can use
authkeys or ACL tags, etc.
Updates #275
2020-10-12 21:28:21 +00:00
|
|
|
|
|
|
|
if inServerMode {
|
|
|
|
if s.serverModeUser == nil {
|
|
|
|
s.setServerModeUserLocked()
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if s.serverModeUser != nil {
|
|
|
|
s.logf("ipnserver: no longer in server mode")
|
|
|
|
s.serverModeUser = nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-07-15 19:23:36 +00:00
|
|
|
for c := range s.clients {
|
|
|
|
ipn.WriteMsg(c, b)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-07-29 20:38:09 +00:00
|
|
|
// Run runs a Tailscale backend service.
|
|
|
|
// The getEngine func is called repeatedly, once per connection, until it returns an engine successfully.
|
|
|
|
func Run(ctx context.Context, logf logger.Logf, logid string, getEngine func() (wgengine.Engine, error), opts Options) error {
|
2020-07-08 21:15:33 +00:00
|
|
|
runDone := make(chan struct{})
|
|
|
|
defer close(runDone)
|
2020-02-05 22:16:58 +00:00
|
|
|
|
2020-02-18 20:33:28 +00:00
|
|
|
listen, _, err := safesocket.Listen(opts.SocketPath, uint16(opts.Port))
|
2020-02-05 22:16:58 +00:00
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("safesocket.Listen: %v", err)
|
|
|
|
}
|
2020-02-25 15:36:32 +00:00
|
|
|
|
2020-07-15 19:23:36 +00:00
|
|
|
server := &server{
|
ipn, ipnserver, cmd/tailscale: add "server mode" support on Windows
This partially (but not yet fully) migrates Windows to tailscaled's
StateStore storage system.
This adds a new bool Pref, ForceDaemon, defined as:
// ForceDaemon specifies whether a platform that normally
// operates in "client mode" (that is, requires an active user
// logged in with the GUI app running) should keep running after the
// GUI ends and/or the user logs out.
//
// The only current applicable platform is Windows. This
// forced Windows to go into "server mode" where Tailscale is
// running even with no users logged in. This might also be
// used for macOS in the future. This setting has no effect
// for Linux/etc, which always operate in daemon mode.
Then, when ForceDaemon becomes true, we now write use the StateStore
to track which user started it in server mode, and store their prefs
under that key.
The ipnserver validates the connections/identities and informs that
LocalBackend which userid is currently in charge.
The GUI can then enable/disable server mode at runtime, without using
the CLI.
But the "tailscale up" CLI was also fixed, so Windows users can use
authkeys or ACL tags, etc.
Updates #275
2020-10-12 21:28:21 +00:00
|
|
|
logf: logf,
|
2020-07-15 19:23:36 +00:00
|
|
|
resetOnZero: !opts.SurviveDisconnects,
|
|
|
|
}
|
|
|
|
|
|
|
|
// When the context is closed or when we return, whichever is first, close our listner
|
|
|
|
// and all open connections.
|
2020-02-16 02:14:50 +00:00
|
|
|
go func() {
|
2020-02-25 15:36:32 +00:00
|
|
|
select {
|
2020-07-15 19:23:36 +00:00
|
|
|
case <-ctx.Done():
|
2020-02-25 15:36:32 +00:00
|
|
|
case <-runDone:
|
|
|
|
}
|
2020-07-15 19:23:36 +00:00
|
|
|
server.stopAll()
|
2020-02-16 02:14:50 +00:00
|
|
|
listen.Close()
|
|
|
|
}()
|
2020-04-11 15:35:34 +00:00
|
|
|
logf("Listening on %v", listen.Addr())
|
2020-02-05 22:16:58 +00:00
|
|
|
|
2021-01-25 22:53:31 +00:00
|
|
|
var store ipn.StateStore
|
|
|
|
if opts.StatePath != "" {
|
|
|
|
store, err = ipn.NewFileStore(opts.StatePath)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("ipn.NewFileStore(%q): %v", opts.StatePath, err)
|
|
|
|
}
|
|
|
|
if opts.AutostartStateKey == "" {
|
|
|
|
autoStartKey, err := store.ReadState(ipn.ServerModeStartKey)
|
|
|
|
if err != nil && err != ipn.ErrStateNotExist {
|
|
|
|
return fmt.Errorf("calling ReadState on %s: %w", opts.StatePath, err)
|
|
|
|
}
|
|
|
|
key := string(autoStartKey)
|
|
|
|
if strings.HasPrefix(key, "user-") {
|
|
|
|
uid := strings.TrimPrefix(key, "user-")
|
|
|
|
u, err := server.lookupUserFromID(uid)
|
|
|
|
if err != nil {
|
|
|
|
logf("ipnserver: found server mode auto-start key %q; failed to load user: %v", key, err)
|
|
|
|
} else {
|
|
|
|
logf("ipnserver: found server mode auto-start key %q (user %s)", key, u.Username)
|
|
|
|
server.serverModeUser = u
|
|
|
|
}
|
|
|
|
opts.AutostartStateKey = ipn.StateKey(key)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
store = &ipn.MemoryStore{}
|
|
|
|
}
|
|
|
|
|
2020-08-09 04:03:20 +00:00
|
|
|
bo := backoff.NewBackoff("ipnserver", logf, 30*time.Second)
|
2020-07-30 00:46:06 +00:00
|
|
|
var unservedConn net.Conn // if non-nil, accepted, but hasn't served yet
|
|
|
|
|
2020-07-29 20:38:09 +00:00
|
|
|
eng, err := getEngine()
|
|
|
|
if err != nil {
|
ipn, ipnserver, cmd/tailscale: add "server mode" support on Windows
This partially (but not yet fully) migrates Windows to tailscaled's
StateStore storage system.
This adds a new bool Pref, ForceDaemon, defined as:
// ForceDaemon specifies whether a platform that normally
// operates in "client mode" (that is, requires an active user
// logged in with the GUI app running) should keep running after the
// GUI ends and/or the user logs out.
//
// The only current applicable platform is Windows. This
// forced Windows to go into "server mode" where Tailscale is
// running even with no users logged in. This might also be
// used for macOS in the future. This setting has no effect
// for Linux/etc, which always operate in daemon mode.
Then, when ForceDaemon becomes true, we now write use the StateStore
to track which user started it in server mode, and store their prefs
under that key.
The ipnserver validates the connections/identities and informs that
LocalBackend which userid is currently in charge.
The GUI can then enable/disable server mode at runtime, without using
the CLI.
But the "tailscale up" CLI was also fixed, so Windows users can use
authkeys or ACL tags, etc.
Updates #275
2020-10-12 21:28:21 +00:00
|
|
|
logf("ipnserver: initial getEngine call: %v", err)
|
2021-01-25 22:53:31 +00:00
|
|
|
|
|
|
|
// Issue 1187: on Windows, in unattended mode,
|
|
|
|
// sometimes we try 5 times and fail to create the
|
|
|
|
// engine before the system's ready. Hack until the
|
|
|
|
// bug if fixed properly: if we're running in
|
|
|
|
// unattended mode on Windows, keep trying forever,
|
|
|
|
// waiting for the machine to be ready (networking to
|
|
|
|
// come up?) and then dial our own safesocket TCP
|
|
|
|
// listener to wake up the usual mechanism that lets
|
|
|
|
// us surface getEngine errors to UI clients. (We
|
|
|
|
// don't want to just call getEngine in a loop without
|
|
|
|
// the listener.Accept, as we do want to handle client
|
|
|
|
// connections so we can tell them about errors)
|
|
|
|
|
|
|
|
bootRaceWaitForEngine, bootRaceWaitForEngineCancel := context.WithTimeout(context.Background(), time.Minute)
|
|
|
|
if runtime.GOOS == "windows" && opts.AutostartStateKey != "" {
|
|
|
|
logf("ipnserver: in unattended mode, waiting for engine availability")
|
|
|
|
getEngine = getEngineUntilItWorksWrapper(getEngine)
|
|
|
|
// Wait for it to be ready.
|
|
|
|
go func() {
|
|
|
|
defer bootRaceWaitForEngineCancel()
|
|
|
|
t0 := time.Now()
|
|
|
|
for {
|
|
|
|
time.Sleep(10 * time.Second)
|
|
|
|
if _, err := getEngine(); err != nil {
|
|
|
|
logf("ipnserver: unattended mode engine load: %v", err)
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
c, err := net.Dial("tcp", listen.Addr().String())
|
|
|
|
logf("ipnserver: engine created after %v; waking up Accept: Dial error: %v", time.Since(t0).Round(time.Second), err)
|
|
|
|
if err == nil {
|
|
|
|
c.Close()
|
|
|
|
}
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
} else {
|
|
|
|
bootRaceWaitForEngineCancel()
|
|
|
|
}
|
|
|
|
|
2020-07-15 19:23:36 +00:00
|
|
|
for i := 1; ctx.Err() == nil; i++ {
|
2020-07-30 00:46:06 +00:00
|
|
|
c, err := listen.Accept()
|
2020-07-08 21:15:33 +00:00
|
|
|
if err != nil {
|
|
|
|
logf("%d: Accept: %v", i, err)
|
2020-07-15 19:23:36 +00:00
|
|
|
bo.BackOff(ctx, err)
|
2020-07-08 21:15:33 +00:00
|
|
|
continue
|
|
|
|
}
|
2021-01-25 22:53:31 +00:00
|
|
|
<-bootRaceWaitForEngine.Done()
|
ipn, ipnserver, cmd/tailscale: add "server mode" support on Windows
This partially (but not yet fully) migrates Windows to tailscaled's
StateStore storage system.
This adds a new bool Pref, ForceDaemon, defined as:
// ForceDaemon specifies whether a platform that normally
// operates in "client mode" (that is, requires an active user
// logged in with the GUI app running) should keep running after the
// GUI ends and/or the user logs out.
//
// The only current applicable platform is Windows. This
// forced Windows to go into "server mode" where Tailscale is
// running even with no users logged in. This might also be
// used for macOS in the future. This setting has no effect
// for Linux/etc, which always operate in daemon mode.
Then, when ForceDaemon becomes true, we now write use the StateStore
to track which user started it in server mode, and store their prefs
under that key.
The ipnserver validates the connections/identities and informs that
LocalBackend which userid is currently in charge.
The GUI can then enable/disable server mode at runtime, without using
the CLI.
But the "tailscale up" CLI was also fixed, so Windows users can use
authkeys or ACL tags, etc.
Updates #275
2020-10-12 21:28:21 +00:00
|
|
|
logf("ipnserver: try%d: trying getEngine again...", i)
|
2020-07-29 20:38:09 +00:00
|
|
|
eng, err = getEngine()
|
|
|
|
if err == nil {
|
|
|
|
logf("%d: GetEngine worked; exiting failure loop", i)
|
2020-07-30 00:46:06 +00:00
|
|
|
unservedConn = c
|
2020-07-29 20:38:09 +00:00
|
|
|
break
|
2020-07-08 21:15:33 +00:00
|
|
|
}
|
ipn, ipnserver, cmd/tailscale: add "server mode" support on Windows
This partially (but not yet fully) migrates Windows to tailscaled's
StateStore storage system.
This adds a new bool Pref, ForceDaemon, defined as:
// ForceDaemon specifies whether a platform that normally
// operates in "client mode" (that is, requires an active user
// logged in with the GUI app running) should keep running after the
// GUI ends and/or the user logs out.
//
// The only current applicable platform is Windows. This
// forced Windows to go into "server mode" where Tailscale is
// running even with no users logged in. This might also be
// used for macOS in the future. This setting has no effect
// for Linux/etc, which always operate in daemon mode.
Then, when ForceDaemon becomes true, we now write use the StateStore
to track which user started it in server mode, and store their prefs
under that key.
The ipnserver validates the connections/identities and informs that
LocalBackend which userid is currently in charge.
The GUI can then enable/disable server mode at runtime, without using
the CLI.
But the "tailscale up" CLI was also fixed, so Windows users can use
authkeys or ACL tags, etc.
Updates #275
2020-10-12 21:28:21 +00:00
|
|
|
logf("ipnserver%d: getEngine failed again: %v", i, err)
|
2020-07-29 20:38:09 +00:00
|
|
|
errMsg := err.Error()
|
2020-07-08 21:15:33 +00:00
|
|
|
go func() {
|
2020-07-30 00:46:06 +00:00
|
|
|
defer c.Close()
|
|
|
|
serverToClient := func(b []byte) { ipn.WriteMsg(c, b) }
|
2020-07-08 21:15:33 +00:00
|
|
|
bs := ipn.NewBackendServer(logf, nil, serverToClient)
|
2020-07-29 20:38:09 +00:00
|
|
|
bs.SendErrorMessage(errMsg)
|
2020-07-30 00:46:06 +00:00
|
|
|
time.Sleep(time.Second)
|
2020-07-08 21:15:33 +00:00
|
|
|
}()
|
|
|
|
}
|
2020-07-29 22:15:05 +00:00
|
|
|
if err := ctx.Err(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2020-07-08 21:15:33 +00:00
|
|
|
}
|
|
|
|
|
2021-02-04 21:12:42 +00:00
|
|
|
b, err := ipnlocal.NewLocalBackend(logf, logid, store, eng)
|
2020-02-05 22:16:58 +00:00
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("NewLocalBackend: %v", err)
|
|
|
|
}
|
2020-07-15 19:23:36 +00:00
|
|
|
defer b.Shutdown()
|
2020-02-05 22:16:58 +00:00
|
|
|
b.SetDecompressor(func() (controlclient.Decompressor, error) {
|
2020-07-02 18:26:33 +00:00
|
|
|
return smallzstd.NewDecoder(nil)
|
2020-02-05 22:16:58 +00:00
|
|
|
})
|
|
|
|
|
2020-03-26 05:57:46 +00:00
|
|
|
if opts.DebugMux != nil {
|
|
|
|
opts.DebugMux.HandleFunc("/debug/ipn", func(w http.ResponseWriter, r *http.Request) {
|
2020-10-09 19:15:57 +00:00
|
|
|
serveHTMLStatus(w, b)
|
2020-03-26 05:57:46 +00:00
|
|
|
})
|
2021-02-15 18:41:52 +00:00
|
|
|
h := localapi.NewHandler(b)
|
|
|
|
h.PermitRead = true
|
|
|
|
opts.DebugMux.Handle("/localapi/", h)
|
2020-03-26 05:57:46 +00:00
|
|
|
}
|
|
|
|
|
2020-10-09 19:15:57 +00:00
|
|
|
server.b = b
|
2020-07-15 19:23:36 +00:00
|
|
|
server.bs = ipn.NewBackendServer(logf, b, server.writeToClients)
|
2020-02-05 22:16:58 +00:00
|
|
|
|
2020-02-16 02:14:50 +00:00
|
|
|
if opts.AutostartStateKey != "" {
|
2021-01-15 16:43:23 +00:00
|
|
|
server.bs.GotCommand(context.TODO(), &ipn.Command{
|
2020-10-27 04:23:58 +00:00
|
|
|
Version: version.Long,
|
2020-02-16 02:14:50 +00:00
|
|
|
Start: &ipn.StartArgs{
|
|
|
|
Opts: ipn.Options{
|
2020-02-20 07:23:34 +00:00
|
|
|
StateKey: opts.AutostartStateKey,
|
|
|
|
LegacyConfigPath: opts.LegacyConfigPath,
|
2020-02-16 02:14:50 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
})
|
|
|
|
}
|
2020-02-05 22:16:58 +00:00
|
|
|
|
2020-11-24 23:35:04 +00:00
|
|
|
systemd.Ready()
|
2020-07-15 19:23:36 +00:00
|
|
|
for i := 1; ctx.Err() == nil; i++ {
|
2020-07-30 00:46:06 +00:00
|
|
|
var c net.Conn
|
|
|
|
var err error
|
|
|
|
if unservedConn != nil {
|
|
|
|
c = unservedConn
|
|
|
|
unservedConn = nil
|
|
|
|
} else {
|
|
|
|
c, err = listen.Accept()
|
|
|
|
}
|
2020-02-05 22:16:58 +00:00
|
|
|
if err != nil {
|
2020-07-15 19:23:36 +00:00
|
|
|
if ctx.Err() == nil {
|
|
|
|
logf("ipnserver: Accept: %v", err)
|
|
|
|
bo.BackOff(ctx, err)
|
|
|
|
}
|
2020-02-05 22:16:58 +00:00
|
|
|
continue
|
|
|
|
}
|
2020-07-15 19:23:36 +00:00
|
|
|
go server.serveConn(ctx, c, logger.WithPrefix(logf, fmt.Sprintf("ipnserver: conn%d: ", i)))
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
2020-07-15 19:23:36 +00:00
|
|
|
return ctx.Err()
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
|
|
|
|
2020-10-29 22:02:04 +00:00
|
|
|
// BabysitProc runs the current executable as a child process with the
|
|
|
|
// provided args, capturing its output, writing it to files, and
|
|
|
|
// restarting the process on any crashes.
|
|
|
|
//
|
|
|
|
// It's only currently (2020-10-29) used on Windows.
|
2020-02-05 22:16:58 +00:00
|
|
|
func BabysitProc(ctx context.Context, args []string, logf logger.Logf) {
|
|
|
|
|
|
|
|
executable, err := os.Executable()
|
|
|
|
if err != nil {
|
|
|
|
panic("cannot determine executable: " + err.Error())
|
|
|
|
}
|
|
|
|
|
2020-10-29 22:02:04 +00:00
|
|
|
if runtime.GOOS == "windows" {
|
|
|
|
if len(args) != 2 && args[0] != "/subproc" {
|
|
|
|
panic(fmt.Sprintf("unexpected arguments %q", args))
|
|
|
|
}
|
|
|
|
logID := args[1]
|
|
|
|
logf = filelogger.New("tailscale-service", logID, logf)
|
|
|
|
}
|
|
|
|
|
2020-02-05 22:16:58 +00:00
|
|
|
var proc struct {
|
|
|
|
mu sync.Mutex
|
|
|
|
p *os.Process
|
|
|
|
}
|
|
|
|
|
|
|
|
done := make(chan struct{})
|
|
|
|
go func() {
|
|
|
|
interrupt := make(chan os.Signal, 1)
|
|
|
|
signal.Notify(interrupt, syscall.SIGINT, syscall.SIGTERM)
|
|
|
|
var sig os.Signal
|
|
|
|
select {
|
|
|
|
case sig = <-interrupt:
|
2020-04-11 15:35:34 +00:00
|
|
|
logf("BabysitProc: got signal: %v", sig)
|
2020-02-05 22:16:58 +00:00
|
|
|
close(done)
|
|
|
|
case <-ctx.Done():
|
2020-04-11 15:35:34 +00:00
|
|
|
logf("BabysitProc: context done")
|
2020-02-05 22:16:58 +00:00
|
|
|
sig = os.Kill
|
|
|
|
close(done)
|
|
|
|
}
|
|
|
|
|
|
|
|
proc.mu.Lock()
|
|
|
|
proc.p.Signal(sig)
|
|
|
|
proc.mu.Unlock()
|
|
|
|
}()
|
|
|
|
|
2020-08-09 04:03:20 +00:00
|
|
|
bo := backoff.NewBackoff("BabysitProc", logf, 30*time.Second)
|
2020-02-05 22:16:58 +00:00
|
|
|
|
|
|
|
for {
|
|
|
|
startTime := time.Now()
|
2020-04-11 15:35:34 +00:00
|
|
|
log.Printf("exec: %#v %v", executable, args)
|
2020-02-05 22:16:58 +00:00
|
|
|
cmd := exec.Command(executable, args...)
|
|
|
|
|
|
|
|
// Create a pipe object to use as the subproc's stdin.
|
|
|
|
// When the writer goes away, the reader gets EOF.
|
|
|
|
// A subproc can watch its stdin and exit when it gets EOF;
|
|
|
|
// this is a very reliable way to have a subproc die when
|
|
|
|
// its parent (us) disappears.
|
|
|
|
// We never need to actually write to wStdin.
|
|
|
|
rStdin, wStdin, err := os.Pipe()
|
|
|
|
if err != nil {
|
2020-04-11 15:35:34 +00:00
|
|
|
log.Printf("os.Pipe 1: %v", err)
|
2020-02-05 22:16:58 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Create a pipe object to use as the subproc's stdout/stderr.
|
|
|
|
// We'll read from this pipe and send it to logf, line by line.
|
|
|
|
// We can't use os.exec's io.Writer for this because it
|
|
|
|
// doesn't care about lines, and thus ends up merging multiple
|
|
|
|
// log lines into one or splitting one line into multiple
|
|
|
|
// logf() calls. bufio is more appropriate.
|
|
|
|
rStdout, wStdout, err := os.Pipe()
|
|
|
|
if err != nil {
|
2020-04-11 15:35:34 +00:00
|
|
|
log.Printf("os.Pipe 2: %v", err)
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
|
|
|
go func(r *os.File) {
|
|
|
|
defer r.Close()
|
|
|
|
rb := bufio.NewReader(r)
|
|
|
|
for {
|
|
|
|
s, err := rb.ReadString('\n')
|
|
|
|
if s != "" {
|
2020-04-11 15:35:34 +00:00
|
|
|
logf("%s", s)
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
|
|
|
if err != nil {
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}(rStdout)
|
|
|
|
|
|
|
|
cmd.Stdin = rStdin
|
|
|
|
cmd.Stdout = wStdout
|
|
|
|
cmd.Stderr = wStdout
|
|
|
|
err = cmd.Start()
|
|
|
|
|
|
|
|
// Now that the subproc is started, get rid of our copy of the
|
|
|
|
// pipe reader. Bad things happen on Windows if more than one
|
|
|
|
// process owns the read side of a pipe.
|
|
|
|
rStdin.Close()
|
|
|
|
wStdout.Close()
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
log.Printf("starting subprocess failed: %v", err)
|
|
|
|
} else {
|
|
|
|
proc.mu.Lock()
|
|
|
|
proc.p = cmd.Process
|
|
|
|
proc.mu.Unlock()
|
|
|
|
|
|
|
|
err = cmd.Wait()
|
|
|
|
log.Printf("subprocess exited: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// If the process finishes, clean up the write side of the
|
|
|
|
// pipe. We'll make a new one when we restart the subproc.
|
|
|
|
wStdin.Close()
|
|
|
|
|
2020-11-17 23:26:39 +00:00
|
|
|
if os.Getenv("TS_DEBUG_RESTART_CRASHED") == "0" {
|
|
|
|
log.Fatalf("Process ended.")
|
|
|
|
}
|
|
|
|
|
2020-02-05 22:16:58 +00:00
|
|
|
if time.Since(startTime) < 60*time.Second {
|
|
|
|
bo.BackOff(ctx, fmt.Errorf("subproc early exit: %v", err))
|
|
|
|
} else {
|
|
|
|
// Reset the timeout, since the process ran for a while.
|
|
|
|
bo.BackOff(ctx, nil)
|
|
|
|
}
|
|
|
|
|
|
|
|
select {
|
|
|
|
case <-done:
|
|
|
|
return
|
|
|
|
default:
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2020-07-29 20:38:09 +00:00
|
|
|
|
|
|
|
// FixedEngine returns a func that returns eng and a nil error.
|
|
|
|
func FixedEngine(eng wgengine.Engine) func() (wgengine.Engine, error) {
|
|
|
|
return func() (wgengine.Engine, error) { return eng, nil }
|
|
|
|
}
|
2020-09-11 22:11:28 +00:00
|
|
|
|
2021-01-25 22:53:31 +00:00
|
|
|
// getEngineUntilItWorksWrapper returns a getEngine wrapper that does
|
|
|
|
// not call getEngine concurrently and stops calling getEngine once
|
|
|
|
// it's returned a working engine.
|
|
|
|
func getEngineUntilItWorksWrapper(getEngine func() (wgengine.Engine, error)) func() (wgengine.Engine, error) {
|
|
|
|
var mu sync.Mutex
|
|
|
|
var engGood wgengine.Engine
|
|
|
|
return func() (wgengine.Engine, error) {
|
|
|
|
mu.Lock()
|
|
|
|
defer mu.Unlock()
|
|
|
|
if engGood != nil {
|
|
|
|
return engGood, nil
|
|
|
|
}
|
|
|
|
e, err := getEngine()
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
engGood = e
|
|
|
|
return e, nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-09-11 22:11:28 +00:00
|
|
|
type dummyAddr string
|
|
|
|
type oneConnListener struct {
|
|
|
|
conn net.Conn
|
|
|
|
}
|
|
|
|
|
|
|
|
func (l *oneConnListener) Accept() (c net.Conn, err error) {
|
|
|
|
c = l.conn
|
|
|
|
if c == nil {
|
|
|
|
err = io.EOF
|
|
|
|
return
|
|
|
|
}
|
|
|
|
err = nil
|
|
|
|
l.conn = nil
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
func (l *oneConnListener) Close() error { return nil }
|
|
|
|
|
|
|
|
func (l *oneConnListener) Addr() net.Addr { return dummyAddr("unused-address") }
|
|
|
|
|
|
|
|
func (a dummyAddr) Network() string { return string(a) }
|
|
|
|
func (a dummyAddr) String() string { return string(a) }
|
|
|
|
|
2020-10-09 19:15:57 +00:00
|
|
|
// protoSwitchConn is a net.Conn that's we want to speak HTTP to but
|
|
|
|
// it's already had a few bytes read from it to determine that it's
|
|
|
|
// HTTP. So we Read from its bufio.Reader. On Close, we we tell the
|
|
|
|
// server it's closed, so the server can account the who's connected.
|
|
|
|
type protoSwitchConn struct {
|
|
|
|
s *server
|
2020-09-11 22:11:28 +00:00
|
|
|
net.Conn
|
2020-10-09 19:15:57 +00:00
|
|
|
br *bufio.Reader
|
|
|
|
closeOnce sync.Once
|
2020-09-11 22:11:28 +00:00
|
|
|
}
|
|
|
|
|
2020-10-09 19:15:57 +00:00
|
|
|
func (psc *protoSwitchConn) Read(p []byte) (int, error) { return psc.br.Read(p) }
|
|
|
|
func (psc *protoSwitchConn) Close() error {
|
|
|
|
psc.closeOnce.Do(func() { psc.s.removeAndCloseConn(psc.Conn) })
|
|
|
|
return nil
|
|
|
|
}
|
2020-09-11 22:11:28 +00:00
|
|
|
|
2020-10-09 19:15:57 +00:00
|
|
|
func (s *server) localhostHandler(ci connIdentity) http.Handler {
|
2020-09-11 22:11:28 +00:00
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
2021-02-15 18:41:52 +00:00
|
|
|
if ci.IsUnixSock && strings.HasPrefix(r.URL.Path, "/localapi/") {
|
|
|
|
h := localapi.NewHandler(s.b)
|
|
|
|
h.PermitRead = true
|
|
|
|
h.PermitWrite = false // TODO: flesh out connIdentity on more platforms then set this
|
|
|
|
h.ServeHTTP(w, r)
|
2021-01-29 21:18:23 +00:00
|
|
|
return
|
|
|
|
}
|
2020-10-09 19:15:57 +00:00
|
|
|
if ci.Unknown {
|
|
|
|
io.WriteString(w, "<html><title>Tailscale</title><body><h1>Tailscale</h1>This is the local Tailscale daemon.")
|
2020-09-11 22:11:28 +00:00
|
|
|
return
|
|
|
|
}
|
2020-10-09 19:15:57 +00:00
|
|
|
serveHTMLStatus(w, s.b)
|
2020-09-11 22:11:28 +00:00
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2021-02-04 21:12:42 +00:00
|
|
|
func serveHTMLStatus(w http.ResponseWriter, b *ipnlocal.LocalBackend) {
|
2020-10-09 19:15:57 +00:00
|
|
|
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
|
|
st := b.Status()
|
|
|
|
// TODO(bradfitz): add LogID and opts to st?
|
|
|
|
st.WriteHTML(w)
|
|
|
|
}
|
|
|
|
|
2020-09-11 22:11:28 +00:00
|
|
|
func peerPid(entries []netstat.Entry, la, ra netaddr.IPPort) int {
|
|
|
|
for _, e := range entries {
|
|
|
|
if e.Local == ra && e.Remote == la {
|
|
|
|
return e.Pid
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return 0
|
|
|
|
}
|