ipn/ipnlocal: disallow unsigned peers from WoL

Unsigned peers should not be allowed to generate Wake-on-Lan packets,
only access Funnel.

Updates #6934
Updates #7515
Updates #6475

Signed-off-by: James Tucker <james@tailscale.com>
This commit is contained in:
James Tucker 2023-01-10 15:40:07 -08:00 committed by James Tucker
parent 237b1108b3
commit 2afa1672ac

View File

@ -903,6 +903,9 @@ func (h *peerAPIHandler) canDebug() bool {
// canWakeOnLAN reports whether h can send a Wake-on-LAN packet from this node.
func (h *peerAPIHandler) canWakeOnLAN() bool {
if h.peerNode.UnsignedPeerAPIOnly {
return false
}
return h.isSelf || h.peerHasCap(tailcfg.CapabilityWakeOnLAN)
}