TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-08-11 13:18:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

ipn/ipnlocal: refresh node key without blocking if cap enabled (#10529)

Browse Source 
Updates tailscale/corp#16016

Signed-off-by: James Sanderson <jsanderson@tailscale.com>
Co-authored-by: Maisem Ali <maisem@tailscale.com>
This commit is contained in:
James 'zofrex' Sanderson
2024-01-04 18:29:04 +01:00
committed by GitHub
parent 3a9450bc06
commit 10c595d962
3 changed files with 35 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
ipn/ipnlocal/local.go
View File

@@ -1074,9 +1074,11 @@ func (b *LocalBackend) SetControlClientStatus(c controlclient.Client, st control
b.blockEngineUpdates(false)
}
if st.LoginFinished() && wasBlocked {
// Auth completed, unblock the engine
b.blockEngineUpdates(false)
if st.LoginFinished() && (wasBlocked || b.seamlessRenewalEnabled()) {
if wasBlocked {
// Auth completed, unblock the engine
b.blockEngineUpdates(false)
}
b.authReconfig()
b.send(ipn.Notify{LoginFinished: &empty.Message{}})
}
@@ -1108,7 +1110,7 @@ func (b *LocalBackend) SetControlClientStatus(c controlclient.Client, st control
b.authURL = st.URL
b.authURLSticky = st.URL
}
if wasBlocked && st.LoginFinished() {
if (wasBlocked || b.seamlessRenewalEnabled()) && st.LoginFinished() {
// Interactive login finished successfully (URL visited).
// After an interactive login, the user always wants
// WantRunning.
@@ -2456,8 +2458,10 @@ func (b *LocalBackend) popBrowserAuthNow() {
b.logf("popBrowserAuthNow: url=%v", url != "")
b.blockEngineUpdates(true)
b.stopEngineAndWait()
if !b.seamlessRenewalEnabled() {
b.blockEngineUpdates(true)
b.stopEngineAndWait()
}
b.tellClientToBrowseToURL(url)
if b.State() == ipn.Running {
b.enterState(ipn.Starting)
@@ -4176,6 +4180,9 @@ func (b *LocalBackend) enterStateLockedOnEntry(newState ipn.State) {
switch newState {
case ipn.NeedsLogin:
systemd.Status("Needs login: %s", authURL)
if b.seamlessRenewalEnabled() {
break
}
b.blockEngineUpdates(true)
fallthrough
case ipn.Stopped:
@@ -5801,6 +5808,14 @@ func (b *LocalBackend) AdvertiseRoute(ipp netip.Prefix) error {
return err
}
// seamlessRenewalEnabled reports whether seamless key renewals are enabled
// (i.e. we saw our self node with the SeamlessKeyRenewal attr in a netmap).
// This enables beta functionality of renewing node keys without breaking
// connections.
func (b *LocalBackend) seamlessRenewalEnabled() bool {
return b.ControlKnobs().SeamlessKeyRenewal.Load()
}
var (
disallowedAddrs = []netip.Addr{
netip.MustParseAddr("::1"),