cmd/tailscale,ipn: minor fixes to tailscale lock commands

* Fix broken add/remove key commands * Make lock status display whether the node is signed Signed-off-by: Tom DNetto <tom@tailscale.com>
2025-08-12 05:37:32 +00:00 · 2022-11-03 10:25:20 -07:00
parent c60e444696
commit 4c31183781
6 changed files with 116 additions and 7 deletions
--- a/ipn/ipnlocal/network-lock.go
+++ b/ipn/ipnlocal/network-lock.go
@@ -329,10 +329,17 @@ func (b *LocalBackend) NetworkLockStatus() *ipnstate.NetworkLockStatus {
 	b.mu.Lock()
 	defer b.mu.Unlock()

+	var nodeKey *key.NodePublic
+	if p := b.pm.CurrentPrefs(); p.Valid() {
+		nkp := p.Persist().PublicNodeKey()
+		nodeKey = &nkp
+	}
+
 	if b.tka == nil {
 		return &ipnstate.NetworkLockStatus{
 			Enabled:   false,
 			PublicKey: b.nlPrivKey.Public(),
+			NodeKey:   nodeKey,
 		}
 	}

@@ -340,10 +347,28 @@ func (b *LocalBackend) NetworkLockStatus() *ipnstate.NetworkLockStatus {
 	h := b.tka.authority.Head()
 	copy(head[:], h[:])

+	var selfAuthorized bool
+	if b.netMap != nil {
+		selfAuthorized = b.tka.authority.NodeKeyAuthorized(b.netMap.SelfNode.Key, b.netMap.SelfNode.KeySignature) == nil
+	}
+
+	keys := b.tka.authority.Keys()
+	outKeys := make([]ipnstate.TKAKey, len(keys))
+	for i, k := range keys {
+		outKeys[i] = ipnstate.TKAKey{
+			Key:      key.NLPublicFromEd25519Unsafe(k.Public),
+			Metadata: k.Meta,
+			Votes:    k.Votes,
+		}
+	}
+
 	return &ipnstate.NetworkLockStatus{
-		Enabled:   true,
-		Head:      &head,
-		PublicKey: b.nlPrivKey.Public(),
+		Enabled:       true,
+		Head:          &head,
+		PublicKey:     b.nlPrivKey.Public(),
+		NodeKey:       nodeKey,
+		NodeKeySigned: selfAuthorized,
+		TrustedKeys:   outKeys,
 	}
 }