2020-02-03 18:35:52 +00:00
|
|
|
// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
|
|
|
|
// Use of this source code is governed by a BSD-style
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
package ipn
|
|
|
|
|
|
|
|
import (
|
|
|
|
"errors"
|
2022-10-04 03:39:45 +00:00
|
|
|
"fmt"
|
|
|
|
"strconv"
|
2020-02-03 18:35:52 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// ErrStateNotExist is returned by StateStore.ReadState when the
|
2020-02-11 05:46:45 +00:00
|
|
|
// requested state ID doesn't exist.
|
|
|
|
var ErrStateNotExist = errors.New("no state with given ID")
|
2020-02-03 18:35:52 +00:00
|
|
|
|
2020-09-30 03:51:25 +00:00
|
|
|
const (
|
2020-09-28 22:28:26 +00:00
|
|
|
// MachineKeyStateKey is the key under which we store the machine key,
|
2021-10-28 17:40:44 +00:00
|
|
|
// in its key.NodePrivate.MarshalText representation.
|
2020-09-28 22:28:26 +00:00
|
|
|
MachineKeyStateKey = StateKey("_machinekey")
|
|
|
|
|
2020-09-30 03:51:25 +00:00
|
|
|
// GlobalDaemonStateKey is the ipn.StateKey that tailscaled
|
|
|
|
// loads on startup.
|
|
|
|
//
|
|
|
|
// We have to support multiple state keys for other OSes (Windows in
|
|
|
|
// particular), but right now Unix daemons run with a single
|
|
|
|
// node-global state. To keep open the option of having per-user state
|
|
|
|
// later, the global state key doesn't look like a username.
|
|
|
|
GlobalDaemonStateKey = StateKey("_daemon")
|
ipn, ipnserver, cmd/tailscale: add "server mode" support on Windows
This partially (but not yet fully) migrates Windows to tailscaled's
StateStore storage system.
This adds a new bool Pref, ForceDaemon, defined as:
// ForceDaemon specifies whether a platform that normally
// operates in "client mode" (that is, requires an active user
// logged in with the GUI app running) should keep running after the
// GUI ends and/or the user logs out.
//
// The only current applicable platform is Windows. This
// forced Windows to go into "server mode" where Tailscale is
// running even with no users logged in. This might also be
// used for macOS in the future. This setting has no effect
// for Linux/etc, which always operate in daemon mode.
Then, when ForceDaemon becomes true, we now write use the StateStore
to track which user started it in server mode, and store their prefs
under that key.
The ipnserver validates the connections/identities and informs that
LocalBackend which userid is currently in charge.
The GUI can then enable/disable server mode at runtime, without using
the CLI.
But the "tailscale up" CLI was also fixed, so Windows users can use
authkeys or ACL tags, etc.
Updates #275
2020-10-12 21:28:21 +00:00
|
|
|
|
|
|
|
// ServerModeStartKey's value, if non-empty, is the value of a
|
|
|
|
// StateKey containing the prefs to start with which to start the
|
|
|
|
// server.
|
|
|
|
//
|
|
|
|
// For example, the value might be "user-1234", meaning the
|
|
|
|
// the server should start with the Prefs JSON loaded from
|
|
|
|
// StateKey "user-1234".
|
|
|
|
ServerModeStartKey = StateKey("server-mode-start-key")
|
2022-08-01 22:46:41 +00:00
|
|
|
|
2022-10-04 03:39:45 +00:00
|
|
|
// NLKeyStateKey is the key under which we store the node's
|
2022-08-01 22:46:41 +00:00
|
|
|
// network-lock node key, in its key.NLPrivate.MarshalText representation.
|
|
|
|
NLKeyStateKey = StateKey("_nl-node-key")
|
2020-09-30 03:51:25 +00:00
|
|
|
)
|
|
|
|
|
2020-02-03 18:35:52 +00:00
|
|
|
// StateStore persists state, and produces it back on request.
|
|
|
|
type StateStore interface {
|
2020-02-11 05:46:45 +00:00
|
|
|
// ReadState returns the bytes associated with ID. Returns (nil,
|
|
|
|
// ErrStateNotExist) if the ID doesn't have associated state.
|
2020-02-03 18:35:52 +00:00
|
|
|
ReadState(id StateKey) ([]byte, error)
|
2020-02-11 05:46:45 +00:00
|
|
|
// WriteState saves bs as the state associated with ID.
|
2020-02-03 18:35:52 +00:00
|
|
|
WriteState(id StateKey, bs []byte) error
|
|
|
|
}
|
2022-10-04 03:39:45 +00:00
|
|
|
|
|
|
|
// ReadStoreInt reads an integer from a StateStore.
|
|
|
|
func ReadStoreInt(store StateStore, id StateKey) (int64, error) {
|
|
|
|
v, err := store.ReadState(id)
|
|
|
|
if err != nil {
|
|
|
|
return 0, err
|
|
|
|
}
|
|
|
|
return strconv.ParseInt(string(v), 10, 64)
|
|
|
|
}
|
|
|
|
|
|
|
|
// PutStoreInt puts an integer into a StateStore.
|
|
|
|
func PutStoreInt(store StateStore, id StateKey, val int64) error {
|
|
|
|
return store.WriteState(id, fmt.Appendf(nil, "%d", val))
|
|
|
|
}
|
2022-11-07 23:32:53 +00:00
|
|
|
|
|
|
|
// ServeConfigKey returns a StateKey that stores the
|
|
|
|
// JSON-encoded ServeConfig for a config profile.
|
|
|
|
func ServeConfigKey(profileID string) StateKey {
|
|
|
|
return StateKey("_serve/" + profileID)
|
|
|
|
}
|
|
|
|
|
|
|
|
// ServeConfig is the JSON type stored in the StateStore for
|
|
|
|
// StateKey "_serve/$PROFILE_ID" as returned by ServeConfigKey.
|
|
|
|
type ServeConfig struct {
|
|
|
|
// TCP are the list of TCP port numbers that tailscaled should handle for
|
|
|
|
// the Tailscale IP addresses. (not subnet routers, etc)
|
|
|
|
TCP map[int]*TCPPortHandler `json:",omitempty"`
|
|
|
|
|
|
|
|
// Web maps from "$SNI_NAME:$PORT" to a set of HTTP handlers
|
|
|
|
// keyed by mount point ("/", "/foo", etc)
|
2022-11-09 14:10:06 +00:00
|
|
|
Web map[HostPort]*WebServerConfig `json:",omitempty"`
|
|
|
|
}
|
|
|
|
|
|
|
|
// HostPort is an SNI name and port number, joined by a colon.
|
|
|
|
// There is no implicit port 443. It must contain a colon.
|
|
|
|
type HostPort string
|
|
|
|
|
|
|
|
// WebServerConfig describes a web server's configuration.
|
|
|
|
type WebServerConfig struct {
|
|
|
|
Handlers map[string]*HTTPHandler
|
2022-11-07 23:32:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// TCPPortHandler describes what to do when handling a TCP
|
|
|
|
// connection.
|
|
|
|
type TCPPortHandler struct {
|
|
|
|
// HTTPS, if true, means that tailscaled should handle this connection as an
|
|
|
|
// HTTPS request as configured by ServeConfig.Web.
|
|
|
|
//
|
|
|
|
// It is mutually exclusive with TCPForward.
|
|
|
|
HTTPS bool `json:",omitempty"`
|
|
|
|
|
|
|
|
// TCPForward is the IP:port to forward TCP connections to.
|
|
|
|
// Whether or not TLS is terminated by tailscaled depends on
|
|
|
|
// TerminateTLS.
|
|
|
|
//
|
|
|
|
// It is mutually exclusive with HTTPS.
|
|
|
|
TCPForward string `json:",omitempty"`
|
|
|
|
|
|
|
|
// TerminateTLS is whether tailscaled should terminate TLS
|
|
|
|
// connections before forwarding them to TCPForward. It is only
|
|
|
|
// used if TCPForward is non-empty. (the HTTPS mode )
|
|
|
|
TerminateTLS bool `json:",omitempty"`
|
|
|
|
}
|
|
|
|
|
|
|
|
// HTTPHandler is either a path or a proxy to serve.
|
|
|
|
type HTTPHandler struct {
|
|
|
|
// Exactly one of the following may be set.
|
|
|
|
|
|
|
|
Path string `json:",omitempty"` // absolute path to directory or file to serve
|
|
|
|
Proxy string `json:",omitempty"` // http://localhost:3000/, localhost:3030, 3030
|
|
|
|
|
|
|
|
// TODO(bradfitz): bool to not enumerate directories? TTL on mapping for
|
|
|
|
// temporary ones? Error codes? Redirects?
|
|
|
|
}
|