tailscale/ipn/backend.go

// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package ipn

import (
	"time"

	"tailscale.com/control/controlclient"
	"tailscale.com/tailcfg"
	"tailscale.com/wgengine"
)

type State int

const (
	NoState = State(iota)
	NeedsLogin
	NeedsMachineAuth
	Stopped
	Starting
	Running
)

func (s State) String() string {
	return [...]string{"NoState", "NeedsLogin", "NeedsMachineAuth",
		"Stopped", "Starting", "Running"}[s]
}

type EngineStatus struct {
	RBytes, WBytes wgengine.ByteCount
	NumLive        int
	LivePeers      map[tailcfg.NodeKey]wgengine.PeerStatus
}

type NetworkMap = controlclient.NetworkMap

// In any given notification, any or all of these may be nil, meaning
// that they have not changed.
type Notify struct {
	Version       string        // version number of IPN backend
	ErrMessage    *string       // critical error message, if any
	LoginFinished *struct{}     // event: login process succeeded
	State         *State        // current IPN state has changed
	Prefs         *Prefs        // preferences were changed
	NetMap        *NetworkMap   // new netmap received
	Engine        *EngineStatus // wireguard engine stats
	BrowseToURL   *string       // UI should open a browser right now
	BackendLogID  *string       // public logtail id used by backend
}

// StateKey is an opaque identifier for a set of LocalBackend state
// (preferences, private keys, etc.).
//
// The reason we need this is that the Tailscale agent may be running
// on a multi-user machine, in a context where a single daemon is
// shared by several consecutive users. Ideally we would just use the
// username of the connected frontend as the StateKey.
//
// However, on Windows, there seems to be no safe way to figure out
// the owning user of a process connected over IPC mechanisms
// (sockets, named pipes). So instead, on Windows, we use a
// capability-oriented system where the frontend generates a random
// identifier for itself, and uses that as the StateKey when talking
// to the backend. That way, while we can't identify an OS user by
// name, we can tell two different users apart, because they'll have
// different opaque state keys (and no access to each others's keys).
//
// It would be much nicer if we could just figure out the OS user that
// owns the connected frontend, but here we are.
type StateKey string

type Options struct {
	// Public logtail id used by frontend.
	FrontendLogID string
	// Base URL for the tailcontrol server to talk to.
	ServerURL string
	// StateKey and Prefs together define the state the backend should
	// use:
	//  - StateKey=="" && Prefs!=nil: use Prefs for internal state,
	//    don't persist changes in the backend.
	//  - StateKey!="" && Prefs==nil: load the given backend-side
	//    state and use/update that.
	//  - StateKey!="" && Prefs!=nil: like the previous case, but do
	//    an initial overwrite of backend state with Prefs.
	StateKey StateKey
	Prefs    *Prefs
	// Callback for backend events.
	Notify func(Notify) `json:"-"`
}

type Backend interface {
	// Start or restart the backend, because a new Handle has connected.
	Start(opts Options) error
	// Start a new interactive login. This should trigger a new
	// BrowseToURL notification eventually.
	StartLoginInteractive()
	// Terminate the current login session and stop the wireguard engine.
	Logout()
	// Install a new set of user preferences, including WantRunning.
	// This may cause the wireguard engine to reconfigure or stop.
	SetPrefs(new Prefs)
	// Poll for an update from the wireguard engine. Only needed if
	// you want to display byte counts. Connection events are emitted
	// automatically without polling.
	RequestEngineStatus()
	// Pretend the current key is going to expire after duration x.
	// This is useful for testing GUIs to make sure they react properly
	// with keys that are going to expire.
	FakeExpireAfter(x time.Duration)
}