ipn/ipnlocal, etc: require file sharing capability to send/recv files

tailscale/corp#1582

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

ipn/ipnlocal/local.go

@@ -2215,12 +2215,36 @@ func (b *LocalBackend) OpenFile(name string) (rc io.ReadCloser, size int64, err
 	return apiSrv.OpenFile(name)
 }
 
+// hasCapFileSharing reports whether the current node has the file
+// sharing capability enabled.
+func (b *LocalBackend) hasCapFileSharing() bool {
+	b.mu.Lock()
+	defer b.mu.Unlock()
+	return b.hasCapFileSharingLocked()
+}
+
+func (b *LocalBackend) hasCapFileSharingLocked() bool {
+	nm := b.netMap
+	if nm == nil || nm.SelfNode == nil {
+		return false
+	}
+	for _, c := range nm.SelfNode.Capabilities {
+		if c == tailcfg.CapabilityFileSharing {
+			return true
+		}
+	}
+	return false
+}
+
 // FileTargets lists nodes that the current node can send files to.
 func (b *LocalBackend) FileTargets() ([]*apitype.FileTarget, error) {
 	var ret []*apitype.FileTarget
 
 	b.mu.Lock()
 	defer b.mu.Unlock()
+	if !b.hasCapFileSharingLocked() {
+		return nil, errors.New("file sharing not enabled by Tailscale admin")
+	}
 	nm := b.netMap
 	if b.state != ipn.Running || nm == nil {
 		return nil, errors.New("not connected")

ipn/ipnlocal/peerapi.go

@@ -410,6 +410,10 @@ func (h *peerAPIHandler) put(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, "not owner", http.StatusForbidden)
 		return
 	}
+	if !h.ps.b.hasCapFileSharing() {
+		http.Error(w, "file sharing not enabled by Tailscale admin", http.StatusForbidden)
+		return
+	}
 	if r.Method != "PUT" {
 		http.Error(w, "not method PUT", http.StatusMethodNotAllowed)
 		return