2023-01-30 17:13:45 +00:00
|
|
|
// Copyright (c) Tailscale Inc & AUTHORS
|
|
|
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
|
|
|
|
|
|
package localapi
|
|
|
|
|
|
|
|
|
|
import (
|
2023-01-29 22:04:40 +00:00
|
|
|
"bytes"
|
2023-11-02 16:48:10 +00:00
|
|
|
"context"
|
2023-01-29 22:04:40 +00:00
|
|
|
"encoding/json"
|
2023-11-02 16:48:10 +00:00
|
|
|
"errors"
|
|
|
|
|
"fmt"
|
2024-04-06 03:09:55 +00:00
|
|
|
"go/ast"
|
|
|
|
|
"go/parser"
|
|
|
|
|
"go/token"
|
2023-01-29 22:04:40 +00:00
|
|
|
"io"
|
2024-04-06 03:09:55 +00:00
|
|
|
"log"
|
2023-01-29 22:04:40 +00:00
|
|
|
"net/http"
|
|
|
|
|
"net/http/httptest"
|
2023-10-10 17:39:08 +00:00
|
|
|
"net/netip"
|
|
|
|
|
"net/url"
|
2024-04-06 03:09:55 +00:00
|
|
|
"os"
|
|
|
|
|
"slices"
|
|
|
|
|
"strconv"
|
2023-10-10 17:39:08 +00:00
|
|
|
"strings"
|
2023-01-30 17:13:45 +00:00
|
|
|
"testing"
|
|
|
|
|
|
|
|
|
|
"tailscale.com/client/tailscale/apitype"
|
2023-10-26 21:40:44 +00:00
|
|
|
"tailscale.com/ipn"
|
ipn/{ipnauth,ipnlocal,ipnserver,localapi}: start baby step toward moving access checks from the localapi.Handler to the LocalBackend
Currently, we use PermitRead/PermitWrite/PermitCert permission flags to determine which operations are allowed for a LocalAPI client.
These checks are performed when localapi.Handler handles a request. Additionally, certain operations (e.g., changing the serve config)
requires the connected user to be a local admin. This approach is inherently racey and is subject to TOCTOU issues.
We consider it to be more critical on Windows environments, which are inherently multi-user, and therefore we prevent more than one
OS user from connecting and utilizing the LocalBackend at the same time. However, the same type of issues is also applicable to other
platforms when switching between profiles that have different OperatorUser values in ipn.Prefs.
We'd like to allow more than one Windows user to connect, but limit what they can see and do based on their access rights on the device
(e.g., an local admin or not) and to the currently active LoginProfile (e.g., owner/operator or not), while preventing TOCTOU issues on Windows
and other platforms. Therefore, we'd like to pass an actor from the LocalAPI to the LocalBackend to represent the user performing the operation.
The LocalBackend, or the profileManager down the line, will then check the actor's access rights to perform a given operation on the device
and against the current (and/or the target) profile.
This PR does not change the current permission model in any way, but it introduces the concept of an actor and includes some preparatory
work to pass it around. Temporarily, the ipnauth.Actor interface has methods like IsLocalSystem and IsLocalAdmin, which are only relevant
to the current permission model. It also lacks methods that will actually be used in the new model. We'll be adding these gradually in the next
PRs and removing the deprecated methods and the Permit* flags at the end of the transition.
Updates tailscale/corp#18342
Signed-off-by: Nick Khyl <nickk@tailscale.com>
2024-08-27 20:22:56 +00:00
|
|
|
"tailscale.com/ipn/ipnauth"
|
2023-01-29 22:04:40 +00:00
|
|
|
"tailscale.com/ipn/ipnlocal"
|
2023-11-02 16:48:10 +00:00
|
|
|
"tailscale.com/ipn/store/mem"
|
2023-10-10 17:39:08 +00:00
|
|
|
"tailscale.com/tailcfg"
|
2023-11-02 16:48:10 +00:00
|
|
|
"tailscale.com/tsd"
|
2023-03-04 20:04:55 +00:00
|
|
|
"tailscale.com/tstest"
|
2024-06-14 15:05:47 +00:00
|
|
|
"tailscale.com/types/key"
|
2023-11-02 16:48:10 +00:00
|
|
|
"tailscale.com/types/logger"
|
|
|
|
|
"tailscale.com/types/logid"
|
2024-04-06 03:09:55 +00:00
|
|
|
"tailscale.com/util/slicesx"
|
2023-11-02 16:48:10 +00:00
|
|
|
"tailscale.com/wgengine"
|
2023-01-30 17:13:45 +00:00
|
|
|
)
|
|
|
|
|
|
ipn/{ipnauth,ipnlocal,ipnserver,localapi}: start baby step toward moving access checks from the localapi.Handler to the LocalBackend
Currently, we use PermitRead/PermitWrite/PermitCert permission flags to determine which operations are allowed for a LocalAPI client.
These checks are performed when localapi.Handler handles a request. Additionally, certain operations (e.g., changing the serve config)
requires the connected user to be a local admin. This approach is inherently racey and is subject to TOCTOU issues.
We consider it to be more critical on Windows environments, which are inherently multi-user, and therefore we prevent more than one
OS user from connecting and utilizing the LocalBackend at the same time. However, the same type of issues is also applicable to other
platforms when switching between profiles that have different OperatorUser values in ipn.Prefs.
We'd like to allow more than one Windows user to connect, but limit what they can see and do based on their access rights on the device
(e.g., an local admin or not) and to the currently active LoginProfile (e.g., owner/operator or not), while preventing TOCTOU issues on Windows
and other platforms. Therefore, we'd like to pass an actor from the LocalAPI to the LocalBackend to represent the user performing the operation.
The LocalBackend, or the profileManager down the line, will then check the actor's access rights to perform a given operation on the device
and against the current (and/or the target) profile.
This PR does not change the current permission model in any way, but it introduces the concept of an actor and includes some preparatory
work to pass it around. Temporarily, the ipnauth.Actor interface has methods like IsLocalSystem and IsLocalAdmin, which are only relevant
to the current permission model. It also lacks methods that will actually be used in the new model. We'll be adding these gradually in the next
PRs and removing the deprecated methods and the Permit* flags at the end of the transition.
Updates tailscale/corp#18342
Signed-off-by: Nick Khyl <nickk@tailscale.com>
2024-08-27 20:22:56 +00:00
|
|
|
var _ ipnauth.Actor = (*testActor)(nil)
|
|
|
|
|
|
|
|
|
|
type testActor struct {
|
|
|
|
|
uid ipn.WindowsUserID
|
|
|
|
|
name string
|
|
|
|
|
isLocalSystem bool
|
|
|
|
|
isLocalAdmin bool
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (u *testActor) UserID() ipn.WindowsUserID { return u.uid }
|
|
|
|
|
|
|
|
|
|
func (u *testActor) Username() (string, error) { return u.name, nil }
|
|
|
|
|
|
|
|
|
|
func (u *testActor) IsLocalSystem() bool { return u.isLocalSystem }
|
|
|
|
|
|
|
|
|
|
func (u *testActor) IsLocalAdmin(operatorUID string) bool { return u.isLocalAdmin }
|
|
|
|
|
|
2023-01-30 17:13:45 +00:00
|
|
|
func TestValidHost(t *testing.T) {
|
|
|
|
|
tests := []struct {
|
|
|
|
|
host string
|
|
|
|
|
valid bool
|
|
|
|
|
}{
|
|
|
|
|
{"", true},
|
|
|
|
|
{apitype.LocalAPIHost, true},
|
2023-02-27 16:16:11 +00:00
|
|
|
{"localhost:9109", false},
|
|
|
|
|
{"127.0.0.1:9110", false},
|
|
|
|
|
{"[::1]:9111", false},
|
2023-01-30 17:13:45 +00:00
|
|
|
{"100.100.100.100:41112", false},
|
|
|
|
|
{"10.0.0.1:41112", false},
|
|
|
|
|
{"37.16.9.210:41112", false},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, test := range tests {
|
|
|
|
|
t.Run(test.host, func(t *testing.T) {
|
2023-02-27 16:16:11 +00:00
|
|
|
h := &Handler{}
|
|
|
|
|
if got := h.validHost(test.host); got != test.valid {
|
2023-01-30 17:13:45 +00:00
|
|
|
t.Errorf("validHost(%q)=%v, want %v", test.host, got, test.valid)
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-01-29 22:04:40 +00:00
|
|
|
|
|
|
|
|
func TestSetPushDeviceToken(t *testing.T) {
|
2023-03-04 20:04:55 +00:00
|
|
|
tstest.Replace(t, &validLocalHostForTesting, true)
|
2023-01-29 22:04:40 +00:00
|
|
|
|
|
|
|
|
h := &Handler{
|
|
|
|
|
PermitWrite: true,
|
|
|
|
|
b: &ipnlocal.LocalBackend{},
|
|
|
|
|
}
|
|
|
|
|
s := httptest.NewServer(h)
|
|
|
|
|
defer s.Close()
|
|
|
|
|
c := s.Client()
|
|
|
|
|
|
|
|
|
|
want := "my-test-device-token"
|
|
|
|
|
body, err := json.Marshal(apitype.SetPushDeviceTokenRequest{PushDeviceToken: want})
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
req, err := http.NewRequest("POST", s.URL+"/localapi/v0/set-push-device-token", bytes.NewReader(body))
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
res, err := c.Do(req)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
body, err = io.ReadAll(res.Body)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
if res.StatusCode != 200 {
|
|
|
|
|
t.Errorf("res.StatusCode=%d, want 200. body: %s", res.StatusCode, body)
|
|
|
|
|
}
|
2023-10-23 17:22:34 +00:00
|
|
|
if got := h.b.GetPushDeviceToken(); got != want {
|
2023-01-29 22:04:40 +00:00
|
|
|
t.Errorf("hostinfo.PushDeviceToken=%q, want %q", got, want)
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-10-10 17:39:08 +00:00
|
|
|
|
|
|
|
|
type whoIsBackend struct {
|
2024-06-06 18:48:40 +00:00
|
|
|
whoIs func(proto string, ipp netip.AddrPort) (n tailcfg.NodeView, u tailcfg.UserProfile, ok bool)
|
2024-06-14 15:05:47 +00:00
|
|
|
whoIsNodeKey func(key.NodePublic) (n tailcfg.NodeView, u tailcfg.UserProfile, ok bool)
|
|
|
|
|
peerCaps map[netip.Addr]tailcfg.PeerCapMap
|
2023-10-10 17:39:08 +00:00
|
|
|
}
|
|
|
|
|
|
2024-06-06 18:48:40 +00:00
|
|
|
func (b whoIsBackend) WhoIs(proto string, ipp netip.AddrPort) (n tailcfg.NodeView, u tailcfg.UserProfile, ok bool) {
|
|
|
|
|
return b.whoIs(proto, ipp)
|
2023-10-10 17:39:08 +00:00
|
|
|
}
|
|
|
|
|
|
2024-06-14 15:05:47 +00:00
|
|
|
func (b whoIsBackend) WhoIsNodeKey(k key.NodePublic) (n tailcfg.NodeView, u tailcfg.UserProfile, ok bool) {
|
|
|
|
|
return b.whoIsNodeKey(k)
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-10 17:39:08 +00:00
|
|
|
func (b whoIsBackend) PeerCaps(ip netip.Addr) tailcfg.PeerCapMap {
|
|
|
|
|
return b.peerCaps[ip]
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-14 15:05:47 +00:00
|
|
|
// Tests that the WhoIs handler accepts IPs, IP:ports, or nodekeys.
|
2023-10-10 17:39:08 +00:00
|
|
|
//
|
|
|
|
|
// From https://github.com/tailscale/tailscale/pull/9714 (a PR that is effectively a bug report)
|
2024-06-14 15:05:47 +00:00
|
|
|
//
|
|
|
|
|
// And https://github.com/tailscale/tailscale/issues/12465
|
|
|
|
|
func TestWhoIsArgTypes(t *testing.T) {
|
2023-10-10 17:39:08 +00:00
|
|
|
h := &Handler{
|
|
|
|
|
PermitRead: true,
|
|
|
|
|
}
|
2024-06-14 15:05:47 +00:00
|
|
|
|
|
|
|
|
match := func() (n tailcfg.NodeView, u tailcfg.UserProfile, ok bool) {
|
|
|
|
|
return (&tailcfg.Node{
|
|
|
|
|
ID: 123,
|
|
|
|
|
Addresses: []netip.Prefix{
|
|
|
|
|
netip.MustParsePrefix("100.101.102.103/32"),
|
|
|
|
|
},
|
|
|
|
|
}).View(),
|
|
|
|
|
tailcfg.UserProfile{ID: 456, DisplayName: "foo"},
|
|
|
|
|
true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const keyStr = "nodekey:5c8f86d5fc70d924e55f02446165a5dae8f822994ad26bcf4b08fd841f9bf261"
|
|
|
|
|
for _, input := range []string{"100.101.102.103", "127.0.0.1:123", keyStr} {
|
2023-10-10 17:39:08 +00:00
|
|
|
rec := httptest.NewRecorder()
|
|
|
|
|
t.Run(input, func(t *testing.T) {
|
|
|
|
|
b := whoIsBackend{
|
2024-06-06 18:48:40 +00:00
|
|
|
whoIs: func(proto string, ipp netip.AddrPort) (n tailcfg.NodeView, u tailcfg.UserProfile, ok bool) {
|
2023-10-10 17:39:08 +00:00
|
|
|
if !strings.Contains(input, ":") {
|
|
|
|
|
want := netip.MustParseAddrPort("100.101.102.103:0")
|
|
|
|
|
if ipp != want {
|
|
|
|
|
t.Fatalf("backend called with %v; want %v", ipp, want)
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-06-14 15:05:47 +00:00
|
|
|
return match()
|
|
|
|
|
},
|
|
|
|
|
whoIsNodeKey: func(k key.NodePublic) (n tailcfg.NodeView, u tailcfg.UserProfile, ok bool) {
|
|
|
|
|
if k.String() != keyStr {
|
|
|
|
|
t.Fatalf("backend called with %v; want %v", k, keyStr)
|
|
|
|
|
}
|
|
|
|
|
return match()
|
|
|
|
|
|
2023-10-10 17:39:08 +00:00
|
|
|
},
|
|
|
|
|
peerCaps: map[netip.Addr]tailcfg.PeerCapMap{
|
|
|
|
|
netip.MustParseAddr("100.101.102.103"): map[tailcfg.PeerCapability][]tailcfg.RawMessage{
|
|
|
|
|
"foo": {`"bar"`},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
h.serveWhoIsWithBackend(rec, httptest.NewRequest("GET", "/v0/whois?addr="+url.QueryEscape(input), nil), b)
|
|
|
|
|
|
2024-06-14 15:05:47 +00:00
|
|
|
if rec.Code != 200 {
|
|
|
|
|
t.Fatalf("response code %d", rec.Code)
|
|
|
|
|
}
|
2023-10-10 17:39:08 +00:00
|
|
|
var res apitype.WhoIsResponse
|
|
|
|
|
if err := json.Unmarshal(rec.Body.Bytes(), &res); err != nil {
|
2024-06-14 15:05:47 +00:00
|
|
|
t.Fatalf("parsing response %#q: %v", rec.Body.Bytes(), err)
|
2023-10-10 17:39:08 +00:00
|
|
|
}
|
|
|
|
|
if got, want := res.Node.ID, tailcfg.NodeID(123); got != want {
|
|
|
|
|
t.Errorf("res.Node.ID=%v, want %v", got, want)
|
|
|
|
|
}
|
|
|
|
|
if got, want := res.UserProfile.DisplayName, "foo"; got != want {
|
|
|
|
|
t.Errorf("res.UserProfile.DisplayName=%q, want %q", got, want)
|
|
|
|
|
}
|
|
|
|
|
if got, want := len(res.CapMap), 1; got != want {
|
|
|
|
|
t.Errorf("capmap size=%v, want %v", got, want)
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-10-26 21:40:44 +00:00
|
|
|
|
|
|
|
|
func TestShouldDenyServeConfigForGOOSAndUserContext(t *testing.T) {
|
2023-11-09 20:55:46 +00:00
|
|
|
newHandler := func(connIsLocalAdmin bool) *Handler {
|
ipn/{ipnauth,ipnlocal,ipnserver,localapi}: start baby step toward moving access checks from the localapi.Handler to the LocalBackend
Currently, we use PermitRead/PermitWrite/PermitCert permission flags to determine which operations are allowed for a LocalAPI client.
These checks are performed when localapi.Handler handles a request. Additionally, certain operations (e.g., changing the serve config)
requires the connected user to be a local admin. This approach is inherently racey and is subject to TOCTOU issues.
We consider it to be more critical on Windows environments, which are inherently multi-user, and therefore we prevent more than one
OS user from connecting and utilizing the LocalBackend at the same time. However, the same type of issues is also applicable to other
platforms when switching between profiles that have different OperatorUser values in ipn.Prefs.
We'd like to allow more than one Windows user to connect, but limit what they can see and do based on their access rights on the device
(e.g., an local admin or not) and to the currently active LoginProfile (e.g., owner/operator or not), while preventing TOCTOU issues on Windows
and other platforms. Therefore, we'd like to pass an actor from the LocalAPI to the LocalBackend to represent the user performing the operation.
The LocalBackend, or the profileManager down the line, will then check the actor's access rights to perform a given operation on the device
and against the current (and/or the target) profile.
This PR does not change the current permission model in any way, but it introduces the concept of an actor and includes some preparatory
work to pass it around. Temporarily, the ipnauth.Actor interface has methods like IsLocalSystem and IsLocalAdmin, which are only relevant
to the current permission model. It also lacks methods that will actually be used in the new model. We'll be adding these gradually in the next
PRs and removing the deprecated methods and the Permit* flags at the end of the transition.
Updates tailscale/corp#18342
Signed-off-by: Nick Khyl <nickk@tailscale.com>
2024-08-27 20:22:56 +00:00
|
|
|
return &Handler{Actor: &testActor{isLocalAdmin: connIsLocalAdmin}, b: newTestLocalBackend(t)}
|
2023-11-09 20:55:46 +00:00
|
|
|
}
|
2023-10-26 21:40:44 +00:00
|
|
|
tests := []struct {
|
|
|
|
|
name string
|
|
|
|
|
configIn *ipn.ServeConfig
|
|
|
|
|
h *Handler
|
2023-11-07 20:31:33 +00:00
|
|
|
wantErr bool
|
2023-10-26 21:40:44 +00:00
|
|
|
}{
|
|
|
|
|
{
|
2023-11-09 20:55:46 +00:00
|
|
|
name: "not-path-handler",
|
2023-10-26 21:40:44 +00:00
|
|
|
configIn: &ipn.ServeConfig{
|
|
|
|
|
Web: map[ipn.HostPort]*ipn.WebServerConfig{
|
|
|
|
|
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
|
|
|
|
|
"/": {Proxy: "http://127.0.0.1:3000"},
|
|
|
|
|
}},
|
|
|
|
|
},
|
|
|
|
|
},
|
2023-11-09 20:55:46 +00:00
|
|
|
h: newHandler(false),
|
2023-11-07 20:31:33 +00:00
|
|
|
wantErr: false,
|
2023-10-26 21:40:44 +00:00
|
|
|
},
|
|
|
|
|
{
|
2023-11-09 20:55:46 +00:00
|
|
|
name: "path-handler-admin",
|
2023-10-26 21:40:44 +00:00
|
|
|
configIn: &ipn.ServeConfig{
|
|
|
|
|
Web: map[ipn.HostPort]*ipn.WebServerConfig{
|
|
|
|
|
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
|
|
|
|
|
"/": {Path: "/tmp"},
|
|
|
|
|
}},
|
|
|
|
|
},
|
|
|
|
|
},
|
2023-11-09 20:55:46 +00:00
|
|
|
h: newHandler(true),
|
2023-11-07 20:31:33 +00:00
|
|
|
wantErr: false,
|
2023-10-26 21:40:44 +00:00
|
|
|
},
|
|
|
|
|
{
|
2023-11-09 20:55:46 +00:00
|
|
|
name: "path-handler-not-admin",
|
2023-10-26 21:40:44 +00:00
|
|
|
configIn: &ipn.ServeConfig{
|
|
|
|
|
Web: map[ipn.HostPort]*ipn.WebServerConfig{
|
|
|
|
|
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
|
|
|
|
|
"/": {Path: "/tmp"},
|
|
|
|
|
}},
|
|
|
|
|
},
|
|
|
|
|
},
|
2023-11-09 20:55:46 +00:00
|
|
|
h: newHandler(false),
|
2023-11-07 20:31:33 +00:00
|
|
|
wantErr: true,
|
2023-10-26 21:40:44 +00:00
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, tt := range tests {
|
2023-11-09 20:55:46 +00:00
|
|
|
for _, goos := range []string{"linux", "windows", "darwin"} {
|
|
|
|
|
t.Run(goos+"-"+tt.name, func(t *testing.T) {
|
|
|
|
|
err := authorizeServeConfigForGOOSAndUserContext(goos, tt.configIn, tt.h)
|
|
|
|
|
gotErr := err != nil
|
|
|
|
|
if gotErr != tt.wantErr {
|
|
|
|
|
t.Errorf("authorizeServeConfigForGOOSAndUserContext() got error = %v, want error %v", err, tt.wantErr)
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
2023-10-26 21:40:44 +00:00
|
|
|
}
|
2023-11-09 20:55:46 +00:00
|
|
|
t.Run("other-goos", func(t *testing.T) {
|
|
|
|
|
configIn := &ipn.ServeConfig{
|
|
|
|
|
Web: map[ipn.HostPort]*ipn.WebServerConfig{
|
|
|
|
|
"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
|
|
|
|
|
"/": {Path: "/tmp"},
|
|
|
|
|
}},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
h := newHandler(false)
|
|
|
|
|
err := authorizeServeConfigForGOOSAndUserContext("dos", configIn, h)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Errorf("authorizeServeConfigForGOOSAndUserContext() got error = %v, want nil", err)
|
|
|
|
|
}
|
|
|
|
|
})
|
2023-10-26 21:40:44 +00:00
|
|
|
}
|
2023-11-02 16:48:10 +00:00
|
|
|
|
|
|
|
|
func TestServeWatchIPNBus(t *testing.T) {
|
|
|
|
|
tstest.Replace(t, &validLocalHostForTesting, true)
|
|
|
|
|
|
|
|
|
|
tests := []struct {
|
|
|
|
|
desc string
|
|
|
|
|
permitRead, permitWrite bool
|
|
|
|
|
mask ipn.NotifyWatchOpt // extra bits in addition to ipn.NotifyInitialState
|
|
|
|
|
wantStatus int
|
|
|
|
|
}{
|
|
|
|
|
{
|
|
|
|
|
desc: "no-permission",
|
|
|
|
|
permitRead: false,
|
|
|
|
|
permitWrite: false,
|
|
|
|
|
wantStatus: http.StatusForbidden,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "read-initial-state",
|
|
|
|
|
permitRead: true,
|
|
|
|
|
permitWrite: false,
|
|
|
|
|
wantStatus: http.StatusForbidden,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "read-initial-state-no-private-keys",
|
|
|
|
|
permitRead: true,
|
|
|
|
|
permitWrite: false,
|
|
|
|
|
mask: ipn.NotifyNoPrivateKeys,
|
|
|
|
|
wantStatus: http.StatusOK,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
desc: "read-initial-state-with-private-keys",
|
|
|
|
|
permitRead: true,
|
|
|
|
|
permitWrite: true,
|
|
|
|
|
wantStatus: http.StatusOK,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, tt := range tests {
|
|
|
|
|
t.Run(tt.desc, func(t *testing.T) {
|
|
|
|
|
h := &Handler{
|
|
|
|
|
PermitRead: tt.permitRead,
|
|
|
|
|
PermitWrite: tt.permitWrite,
|
|
|
|
|
b: newTestLocalBackend(t),
|
|
|
|
|
}
|
|
|
|
|
s := httptest.NewServer(h)
|
|
|
|
|
defer s.Close()
|
|
|
|
|
c := s.Client()
|
|
|
|
|
|
|
|
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
|
|
|
req, err := http.NewRequestWithContext(ctx, "GET", fmt.Sprintf("%s/localapi/v0/watch-ipn-bus?mask=%d", s.URL, ipn.NotifyInitialState|tt.mask), nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
res, err := c.Do(req)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
defer res.Body.Close()
|
|
|
|
|
// Cancel the context so that localapi stops streaming IPN bus
|
|
|
|
|
// updates.
|
|
|
|
|
cancel()
|
|
|
|
|
body, err := io.ReadAll(res.Body)
|
|
|
|
|
if err != nil && !errors.Is(err, context.Canceled) {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
if res.StatusCode != tt.wantStatus {
|
|
|
|
|
t.Errorf("res.StatusCode=%d, want %d. body: %s", res.StatusCode, tt.wantStatus, body)
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func newTestLocalBackend(t testing.TB) *ipnlocal.LocalBackend {
|
|
|
|
|
var logf logger.Logf = logger.Discard
|
|
|
|
|
sys := new(tsd.System)
|
|
|
|
|
store := new(mem.Store)
|
|
|
|
|
sys.Set(store)
|
ipn/ipnlocal, all: plumb health trackers in tests
I saw some panics in CI, like:
2024-05-08T04:30:25.9553518Z ## WARNING: (non-fatal) nil health.Tracker (being strict in CI):
2024-05-08T04:30:25.9554043Z goroutine 801 [running]:
2024-05-08T04:30:25.9554489Z tailscale.com/health.(*Tracker).nil(0x0)
2024-05-08T04:30:25.9555086Z tailscale.com/health/health.go:185 +0x70
2024-05-08T04:30:25.9555688Z tailscale.com/health.(*Tracker).SetUDP4Unbound(0x0, 0x0)
2024-05-08T04:30:25.9556373Z tailscale.com/health/health.go:532 +0x2f
2024-05-08T04:30:25.9557296Z tailscale.com/wgengine/magicsock.(*Conn).bindSocket(0xc0003b4808, 0xc0003b4878, {0x1fbca53, 0x4}, 0x0)
2024-05-08T04:30:25.9558301Z tailscale.com/wgengine/magicsock/magicsock.go:2481 +0x12c5
2024-05-08T04:30:25.9559026Z tailscale.com/wgengine/magicsock.(*Conn).rebind(0xc0003b4808, 0x0)
2024-05-08T04:30:25.9559874Z tailscale.com/wgengine/magicsock/magicsock.go:2510 +0x16f
2024-05-08T04:30:25.9561038Z tailscale.com/wgengine/magicsock.NewConn({0xc000063c80, 0x0, 0xc000197930, 0xc000197950, 0xc000197960, {0x0, 0x0}, 0xc000197970, 0xc000198ee0, 0x0, ...})
2024-05-08T04:30:25.9562402Z tailscale.com/wgengine/magicsock/magicsock.go:476 +0xd5f
2024-05-08T04:30:25.9563779Z tailscale.com/wgengine.NewUserspaceEngine(0xc000063c80, {{0x22c8750, 0xc0001976b0}, 0x0, {0x22c3210, 0xc000063c80}, {0x22c31d8, 0x2d3c900}, 0x0, 0x0, ...})
2024-05-08T04:30:25.9564982Z tailscale.com/wgengine/userspace.go:389 +0x159d
2024-05-08T04:30:25.9565529Z tailscale.com/ipn/ipnlocal.newTestBackend(0xc000358b60)
2024-05-08T04:30:25.9566086Z tailscale.com/ipn/ipnlocal/serve_test.go:675 +0x2a5
2024-05-08T04:30:25.9566612Z ta
Updates #11874
Change-Id: I3432ed52d670743e532be4642f38dbd6e3763b1b
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-05-08 04:37:33 +00:00
|
|
|
eng, err := wgengine.NewFakeUserspaceEngine(logf, sys.Set, sys.HealthTracker())
|
2023-11-02 16:48:10 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("NewFakeUserspaceEngine: %v", err)
|
|
|
|
|
}
|
|
|
|
|
t.Cleanup(eng.Close)
|
|
|
|
|
sys.Set(eng)
|
|
|
|
|
lb, err := ipnlocal.NewLocalBackend(logf, logid.PublicID{}, sys, 0)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("NewLocalBackend: %v", err)
|
|
|
|
|
}
|
|
|
|
|
return lb
|
|
|
|
|
}
|
2024-04-06 03:09:55 +00:00
|
|
|
|
|
|
|
|
func TestKeepItSorted(t *testing.T) {
|
|
|
|
|
// Parse the localapi.go file into an AST.
|
|
|
|
|
fset := token.NewFileSet() // positions are relative to fset
|
|
|
|
|
src, err := os.ReadFile("localapi.go")
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
f, err := parser.ParseFile(fset, "localapi.go", src, 0)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
getHandler := func() *ast.ValueSpec {
|
|
|
|
|
for _, d := range f.Decls {
|
|
|
|
|
if g, ok := d.(*ast.GenDecl); ok && g.Tok == token.VAR {
|
|
|
|
|
for _, s := range g.Specs {
|
|
|
|
|
if vs, ok := s.(*ast.ValueSpec); ok {
|
|
|
|
|
if len(vs.Names) == 1 && vs.Names[0].Name == "handler" {
|
|
|
|
|
return vs
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
keys := func() (ret []string) {
|
|
|
|
|
h := getHandler()
|
|
|
|
|
if h == nil {
|
|
|
|
|
t.Fatal("no handler var found")
|
|
|
|
|
}
|
|
|
|
|
cl, ok := h.Values[0].(*ast.CompositeLit)
|
|
|
|
|
if !ok {
|
|
|
|
|
t.Fatalf("handler[0] is %T, want *ast.CompositeLit", h.Values[0])
|
|
|
|
|
}
|
|
|
|
|
for _, e := range cl.Elts {
|
|
|
|
|
kv := e.(*ast.KeyValueExpr)
|
|
|
|
|
strLt := kv.Key.(*ast.BasicLit)
|
|
|
|
|
if strLt.Kind != token.STRING {
|
|
|
|
|
t.Fatalf("got: %T, %q", kv.Key, kv.Key)
|
|
|
|
|
}
|
|
|
|
|
k, err := strconv.Unquote(strLt.Value)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("unquote: %v", err)
|
|
|
|
|
}
|
|
|
|
|
ret = append(ret, k)
|
|
|
|
|
}
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
gotKeys := keys()
|
|
|
|
|
endSlash, noSlash := slicesx.Partition(keys(), func(s string) bool { return strings.HasSuffix(s, "/") })
|
|
|
|
|
if !slices.IsSorted(endSlash) {
|
|
|
|
|
t.Errorf("the items ending in a slash aren't sorted")
|
|
|
|
|
}
|
|
|
|
|
if !slices.IsSorted(noSlash) {
|
|
|
|
|
t.Errorf("the items ending in a slash aren't sorted")
|
|
|
|
|
}
|
|
|
|
|
if !t.Failed() {
|
|
|
|
|
want := append(endSlash, noSlash...)
|
|
|
|
|
if !slices.Equal(gotKeys, want) {
|
|
|
|
|
t.Errorf("items with trailing slashes should precede those without")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|