mirror of
				https://github.com/tailscale/tailscale.git
				synced 2025-10-26 02:29:28 +00:00 
			
		
		
		
	ipnlocal: don't assume NeedsLogin immediately after StartLogout().
Previously, there was no server round trip required to log out, so when you asked ipnlocal to Logout(), it could clear the netmap immediately and switch to NeedsLogin state. In v1.8, we added a true Logout operation. ipn.Logout() would trigger an async cc.StartLogout() and *also* immediately switch to NeedsLogin. Unfortunately, some frontends would see NeedsLogin and immediately trigger a new StartInteractiveLogin() operation, before the controlclient auth state machine actually acted on the Logout command, thus accidentally invalidating the entire logout operation, retaining the netmap, and violating the user's expectations. Instead, add a new LogoutFinished signal from controlclient (paralleling LoginFinished) and, upon starting a logout, don't update the ipn state machine until it's received. Updates: #1918 (BUG-2) Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
This commit is contained in:
		| @@ -453,6 +453,13 @@ func (b *LocalBackend) setClientStatus(st controlclient.Status) { | ||||
| 	// Lock b once and do only the things that require locking. | ||||
| 	b.mu.Lock() | ||||
|  | ||||
| 	if st.LogoutFinished != nil { | ||||
| 		// Since we're logged out now, our netmap cache is invalid. | ||||
| 		// Since st.NetMap==nil means "netmap is unchanged", there is | ||||
| 		// no other way to represent this change. | ||||
| 		b.setNetMapLocked(nil) | ||||
| 	} | ||||
|  | ||||
| 	prefs := b.prefs | ||||
| 	stateKey := b.stateKey | ||||
| 	netMap := b.netMap | ||||
| @@ -650,6 +657,12 @@ func (b *LocalBackend) getNewControlClientFunc() clientGen { | ||||
| // startIsNoopLocked reports whether a Start call on this LocalBackend | ||||
| // with the provided Start Options would be a useless no-op. | ||||
| // | ||||
| // TODO(apenwarr): we shouldn't need this. | ||||
| //  The state machine is now nearly clean enough where it can accept a new | ||||
| //  connection while in any state, not just Running, and on any platform. | ||||
| //  We'd want to add a few more tests to state_test.go to ensure this continues | ||||
| //  to work as expected. | ||||
| // | ||||
| // b.mu must be held. | ||||
| func (b *LocalBackend) startIsNoopLocked(opts ipn.Options) bool { | ||||
| 	// Options has 5 fields; check all of them: | ||||
| @@ -2326,7 +2339,6 @@ func (b *LocalBackend) LogoutSync(ctx context.Context) error { | ||||
| func (b *LocalBackend) logout(ctx context.Context, sync bool) error { | ||||
| 	b.mu.Lock() | ||||
| 	cc := b.cc | ||||
| 	b.setNetMapLocked(nil) | ||||
| 	b.mu.Unlock() | ||||
|  | ||||
| 	b.EditPrefs(&ipn.MaskedPrefs{ | ||||
| @@ -2353,10 +2365,6 @@ func (b *LocalBackend) logout(ctx context.Context, sync bool) error { | ||||
| 		cc.StartLogout() | ||||
| 	} | ||||
|  | ||||
| 	b.mu.Lock() | ||||
| 	b.setNetMapLocked(nil) | ||||
| 	b.mu.Unlock() | ||||
|  | ||||
| 	b.stateMachine() | ||||
| 	return err | ||||
| } | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Avery Pennarun
					Avery Pennarun