TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-04-21 22:21:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

cmd/nginx-auth: allow use of shared nodes

Browse Source 
When sharing nodes, the name of the sharee node is not exposed (instead
it is hardcoded to "device-of-shared-to-user"), which means that we
can't determine the tailnet of that node.  Don't immediately fail when
that happens, since it only matters if "Expected-Tailnet" is used.

Signed-off-by: Will Norris <will@tailscale.com>
This commit is contained in:
Will Norris 2022-08-11 11:45:00 -07:00 committed by Will Norris
parent 3fc8683585
commit b3cc719add
1 changed files with 18 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
cmd/nginx-auth/nginx-auth.go
View File

@ -63,7 +63,13 @@ func main() {
return return
} }
_, tailnet, ok := strings.Cut(info.Node.Name, info.Node.ComputedName+".") // tailnet of connected node. When accessing shared nodes, this
// will be empty because the tailnet of the sharee is not exposed.
var tailnet string
if !info.Node.Hostinfo.ShareeNode() {
var ok bool
_, tailnet, ok = strings.Cut(info.Node.Name, info.Node.ComputedName+".")
if !ok { if !ok {
w.WriteHeader(http.StatusUnauthorized) w.WriteHeader(http.StatusUnauthorized)
log.Printf("can't extract tailnet name from hostname %q", info.Node.Name) log.Printf("can't extract tailnet name from hostname %q", info.Node.Name)
@ -75,6 +81,7 @@ func main() {
log.Printf("can't extract tailnet name from hostname %q", info.Node.Name) log.Printf("can't extract tailnet name from hostname %q", info.Node.Name)
return return
} }
}
if expectedTailnet := r.Header.Get("Expected-Tailnet"); expectedTailnet != "" && expectedTailnet != tailnet { if expectedTailnet := r.Header.Get("Expected-Tailnet"); expectedTailnet != "" && expectedTailnet != tailnet {
w.WriteHeader(http.StatusForbidden) w.WriteHeader(http.StatusForbidden)