mirror of
				https://github.com/tailscale/tailscale.git
				synced 2025-10-24 17:48:57 +00:00 
			
		
		
		
	
		
			
	
	
		
			48 lines
		
	
	
		
			1.9 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
		
		
			
		
	
	
			48 lines
		
	
	
		
			1.9 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
|   | // Copyright (c) Tailscale Inc & AUTHORS | ||
|  | // SPDX-License-Identifier: BSD-3-Clause | ||
|  | 
 | ||
|  | package ipnauth | ||
|  | 
 | ||
|  | import ( | ||
|  | 	"tailscale.com/ipn" | ||
|  | ) | ||
|  | 
 | ||
|  | // Actor is any actor using the [ipnlocal.LocalBackend]. | ||
|  | // | ||
|  | // It typically represents a specific OS user, indicating that an operation | ||
|  | // is performed on behalf of this user, should be evaluated against their | ||
|  | // access rights, and performed in their security context when applicable. | ||
|  | type Actor interface { | ||
|  | 	// UserID returns an OS-specific UID of the user represented by the receiver, | ||
|  | 	// or "" if the actor does not represent a specific user on a multi-user system. | ||
|  | 	// As of 2024-08-27, it is only used on Windows. | ||
|  | 	UserID() ipn.WindowsUserID | ||
|  | 	// Username returns the user name associated with the receiver, | ||
|  | 	// or "" if the actor does not represent a specific user. | ||
|  | 	Username() (string, error) | ||
|  | 
 | ||
|  | 	// IsLocalSystem reports whether the actor is the Windows' Local System account. | ||
|  | 	// | ||
|  | 	// Deprecated: this method exists for compatibility with the current (as of 2024-08-27) | ||
|  | 	// permission model and will be removed as we progress on tailscale/corp#18342. | ||
|  | 	IsLocalSystem() bool | ||
|  | 
 | ||
|  | 	// IsLocalAdmin reports whether the actor has administrative access to the | ||
|  | 	// local machine, for whatever that means with respect to the current OS. | ||
|  | 	// | ||
|  | 	// The operatorUID is only used on Unix-like platforms and specifies the ID | ||
|  | 	// of a local user (in the os/user.User.Uid string form) who is allowed to | ||
|  | 	// operate tailscaled without being root or using sudo. | ||
|  | 	// | ||
|  | 	// Deprecated: this method exists for compatibility with the current (as of 2024-08-27) | ||
|  | 	// permission model and will be removed as we progress on tailscale/corp#18342. | ||
|  | 	IsLocalAdmin(operatorUID string) bool | ||
|  | } | ||
|  | 
 | ||
|  | // ActorCloser is an optional interface that might be implemented by an [Actor] | ||
|  | // that must be closed when done to release the resources. | ||
|  | type ActorCloser interface { | ||
|  | 	// Close releases resources associated with the receiver. | ||
|  | 	Close() error | ||
|  | } |