TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-04-19 13:11:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

ipn/ipnlocal: fix checks for node-key presence in TKA logic

Browse Source 
Found by tests in another repo. TKA code wasn't always checking enough to be sure a node-key was set for the current state.

Signed-off-by: Tom DNetto <tom@tailscale.com>
This commit is contained in:
Tom DNetto 2022-11-14 12:09:12 -08:00 committed by Tom
parent 0cc65b4bbe
commit 42855d219b
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
ipn/ipnlocal/network-lock.go
View File

@ -330,7 +330,7 @@ func (b *LocalBackend) NetworkLockStatus() *ipnstate.NetworkLockStatus {
defer b.mu.Unlock() defer b.mu.Unlock()
var nodeKey *key.NodePublic var nodeKey *key.NodePublic
if p := b.pm.CurrentPrefs(); p.Valid() { if p := b.pm.CurrentPrefs(); p.Valid() && p.Persist() != nil && !p.Persist().PrivateNodeKey.IsZero() {
nkp := p.Persist().PublicNodeKey() nkp := p.Persist().PublicNodeKey()
nodeKey = &nkp nodeKey = &nkp
} }
@ -388,7 +388,7 @@ func (b *LocalBackend) NetworkLockInit(keys []tka.Key, disablementValues [][]byt
var ourNodeKey key.NodePublic var ourNodeKey key.NodePublic
b.mu.Lock() b.mu.Lock()
if p := b.pm.CurrentPrefs(); p.Valid() { if p := b.pm.CurrentPrefs(); p.Valid() && p.Persist() != nil && !p.Persist().PrivateNodeKey.IsZero() {
ourNodeKey = p.Persist().PublicNodeKey() ourNodeKey = p.Persist().PublicNodeKey()
} }
b.mu.Unlock() b.mu.Unlock()
@ -516,6 +516,14 @@ func (b *LocalBackend) NetworkLockModify(addKeys, removeKeys []tka.Key) (err err
b.mu.Lock() b.mu.Lock()
defer b.mu.Unlock() defer b.mu.Unlock()
var ourNodeKey key.NodePublic
if p := b.pm.CurrentPrefs(); p.Valid() && p.Persist() != nil && !p.Persist().PrivateNodeKey.IsZero() {
ourNodeKey = p.Persist().PublicNodeKey()
}
if ourNodeKey.IsZero() {
return errors.New("no node-key: is tailscale logged in?")
}
if err := b.CanSupportNetworkLock(); err != nil { if err := b.CanSupportNetworkLock(); err != nil {
return err return err
} }
@ -545,7 +553,6 @@ func (b *LocalBackend) NetworkLockModify(addKeys, removeKeys []tka.Key) (err err
return nil return nil
} }
ourNodeKey := b.pm.CurrentPrefs().Persist().PublicNodeKey()
head := b.tka.authority.Head() head := b.tka.authority.Head()
b.mu.Unlock() b.mu.Unlock()
resp, err := b.tkaDoSyncSend(ourNodeKey, head, aums, true) resp, err := b.tkaDoSyncSend(ourNodeKey, head, aums, true)
@ -580,7 +587,7 @@ func (b *LocalBackend) NetworkLockDisable(secret []byte) error {
) )
b.mu.Lock() b.mu.Lock()
if p := b.pm.CurrentPrefs(); p.Valid() { if p := b.pm.CurrentPrefs(); p.Valid() && p.Persist() != nil && !p.Persist().PrivateNodeKey.IsZero() {
ourNodeKey = p.Persist().PublicNodeKey() ourNodeKey = p.Persist().PublicNodeKey()
} }
if b.tka == nil { if b.tka == nil {