TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2024-11-29 04:55:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

ipn/ipnlocal: return usernames when Tailscale SSH is enabled

Browse Source 
It was checking if the sshServer was initialized as a proxy, but that
could either not have been initialized yet or Tailscale SSH could have
been disabled after intialized.

Also bump tailcfg.CurrentCapabilityVersion

Signed-off-by: Maisem Ali <maisem@tailscale.com>
This commit is contained in:
Maisem Ali 2022-09-21 13:35:22 -07:00 committed by Maisem Ali
parent a7a0baf6b9
commit d5781f61a9
3 changed files with 32 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
ipn/ipnlocal/local.go
View File

@ -3228,6 +3228,17 @@ func (b *LocalBackend) setNetMapLocked(nm *netmap.NetworkMap) {
} }
} }
// operatorUserName returns the current pref's OperatorUser's name, or the
// empty string if none.
func (b *LocalBackend) operatorUserName() string {
b.mu.Lock()
defer b.mu.Unlock()
if b.prefs == nil {
return ""
}
return b.prefs.OperatorUser
}
// OperatorUserID returns the current pref's OperatorUser's ID (in // OperatorUserID returns the current pref's OperatorUser's ID (in
// os/user.User.Uid string form), or the empty string if none. // os/user.User.Uid string form), or the empty string if none.
func (b *LocalBackend) OperatorUserID() string { func (b *LocalBackend) OperatorUserID() string {
@ -3596,6 +3607,17 @@ func (b *LocalBackend) DoNoiseRequest(req *http.Request) (*http.Response, error)
return cc.DoNoiseRequest(req) return cc.DoNoiseRequest(req)
} }
// tailscaleSSHEnabled reports whether Tailscale SSH is currently enabled based
// on prefs. It returns false if there are no prefs set.
func (b *LocalBackend) tailscaleSSHEnabled() bool {
b.mu.Lock()
defer b.mu.Unlock()
if b.prefs == nil {
return false
}
return b.prefs.RunSSH
}
func (b *LocalBackend) sshServerOrInit() (_ SSHServer, err error) { func (b *LocalBackend) sshServerOrInit() (_ SSHServer, err error) {
b.mu.Lock() b.mu.Lock()
defer b.mu.Unlock() defer b.mu.Unlock()

15
ipn/ipnlocal/ssh.go
View File

@ -38,15 +38,16 @@
// running as root. // running as root.
var keyTypes = []string{"rsa", "ecdsa", "ed25519"} var keyTypes = []string{"rsa", "ecdsa", "ed25519"}
// getSSHUsernames discovers and returns the list of usernames that are
// potential Tailscale SSH user targets.
//
// Invariant: must not be called with b.mu held.
func (b *LocalBackend) getSSHUsernames(req *tailcfg.C2NSSHUsernamesRequest) (*tailcfg.C2NSSHUsernamesResponse, error) { func (b *LocalBackend) getSSHUsernames(req *tailcfg.C2NSSHUsernamesRequest) (*tailcfg.C2NSSHUsernamesResponse, error) {
res := new(tailcfg.C2NSSHUsernamesResponse) res := new(tailcfg.C2NSSHUsernamesResponse)
if !b.tailscaleSSHEnabled() {
b.mu.Lock()
defer b.mu.Unlock()
if b.sshServer == nil {
return res, nil return res, nil
} }
max := 10 max := 10
if req != nil && req.Max != 0 { if req != nil && req.Max != 0 {
max = req.Max max = req.Max
@ -70,8 +71,8 @@ func (b *LocalBackend) getSSHUsernames(req *tailcfg.C2NSSHUsernamesRequest) (*ta
res.Usernames = append(res.Usernames, u) res.Usernames = append(res.Usernames, u)
} }
if b.prefs != nil && b.prefs.OperatorUser != "" { if opUser := b.operatorUserName(); opUser != "" {
add(b.prefs.OperatorUser) add(opUser)
} }
// Check popular usernames and see if they exist with a real shell. // Check popular usernames and see if they exist with a real shell.

3
tailcfg/tailcfg.go
View File

@ -79,7 +79,8 @@
// - 40: 2022-08-22: added Node.KeySignature, PeersChangedPatch.KeySignature // - 40: 2022-08-22: added Node.KeySignature, PeersChangedPatch.KeySignature
// - 41: 2022-08-30: uses 100.100.100.100 for route-less ExtraRecords if global nameservers is set // - 41: 2022-08-30: uses 100.100.100.100 for route-less ExtraRecords if global nameservers is set
// - 42: 2022-09-06: NextDNS DoH support; see https://github.com/tailscale/tailscale/pull/5556 // - 42: 2022-09-06: NextDNS DoH support; see https://github.com/tailscale/tailscale/pull/5556
const CurrentCapabilityVersion CapabilityVersion = 42 // - 43: 2022-09-21: clients can return usernames for SSH
const CurrentCapabilityVersion CapabilityVersion = 43
type StableID string type StableID string