TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-08-11 21:27:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

envknob: add CanTaildrop (TS_DISABLE_TAILDROP) to disable taildrop on device

Browse Source 
This matches CanSSHD (TS_DISABLE_SSH_SERVER) for administratively
disabling the code on a node, regardless of local or server configs.

This can be configured in /etc/default/tailscaled on Linux,
%ProgramData%\Tailscale\tailscaled-env.txt on Windows,
or /etc/tailscale/tailscaled-env.txt on Synology. (see getPlatformEnvFile)

Also delete some dead code and tidy up some docs.

Change-Id: I79a87c03e33209619466ea8aeb0f6651afcb8789
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick
2022-11-23 20:16:31 -08:00
committed by Brad Fitzpatrick
parent 20b27df4d0
commit b68d008fee
2 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ipn/ipnlocal/peerapi.go
View File

@@ -94,10 +94,6 @@ const (
deletedSuffix = ".deleted"
)
func (s *peerAPIServer) canReceiveFiles() bool {
return s != nil && s.rootDir != ""
}
func validFilenameRune(r rune) bool {
switch r {
case '/':
@@ -861,6 +857,10 @@ func (h *peerAPIHandler) peerHasCap(wantCap string) bool {
}
func (h *peerAPIHandler) handlePeerPut(w http.ResponseWriter, r *http.Request) {
if !envknob.CanTaildrop() {
http.Error(w, "Taildrop disabled on device", http.StatusForbidden)
return
}
if !h.canPutFile() {
http.Error(w, "Taildrop access denied", http.StatusForbidden)
return