Commit Graph

214 Commits

Author SHA1 Message Date
Brad Fitzpatrick
c1795c6af9 tailcfg: define some Node.Capabilities about SSH, its config
Updates #3802

Change-Id: Icb4ccbc6bd1c6304013bfc553d04007844a5c0bf
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit 99ed54926b)
2022-06-17 19:43:34 -07:00
Brad Fitzpatrick
4e6a465d8c tailcfg: clarify some of the MapRequest variants
Change-Id: Ia09bd69856e372c3a6b64cda7ddb34029b32a11b
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit 4005134263)
2022-06-17 19:42:24 -07:00
Brad Fitzpatrick
4d85cf586b cmd/tailscale, ipn/ipnlocal: add "peerapi" ping type
For debugging when stuff like #4750 isn't working.

RELNOTE=tailscale ping -peerapi

Change-Id: I9c52c90fb046e3ab7d2b121387073319fbf27b99
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-05-28 13:47:12 -07:00
Maisem Ali
d04afc697c cmd/viewer,types/views: add support for views of maps
Updates #4635

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-05-09 19:49:31 -07:00
Maisem Ali
9f3ad40707 tailcfg: use cmd/viewer instead of cmd/cloner.
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-05-06 10:58:10 -07:00
Maisem Ali
fd99c54e10 tailcfg,all: change structs to []*dnstype.Resolver
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-05-06 10:58:10 -07:00
Maisem Ali
679415f3a8 tailcfg: move views into tailcfg_view.go
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-05-06 10:58:10 -07:00
Maisem Ali
e409e59a54 cmd/cloner,util/codegen: refactor cloner internals to allow reuse
Also run go generate again for Copyright updates.

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-05-06 10:58:10 -07:00
James Tucker
ae483d3446 wgengine, net/packet, cmd/tailscale: add ICMP echo
Updates tailscale/corp#754

Signed-off-by: James Tucker <james@tailscale.com>
2022-05-03 13:03:45 -07:00
Brad Fitzpatrick
512573598a tailcfg: remove some documented DebugFlags that no longer exist
Update tailscale/corp#5007

Change-Id: I3ce5b1c4cd367bae769a5f5a301925a2dac1b3a6
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-05-03 08:28:41 -07:00
Brad Fitzpatrick
c88506caa6 ipn/ipnlocal: add Wake-on-LAN function to peerapi
No CLI support yet. Just the curl'able version if you know the peerapi
port. (like via a TSMP ping)

Updates #306

Change-Id: I0662ba6530f7ab58d0ddb24e3664167fcd1c4bcf
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-04-26 15:20:59 -07:00
Brad Fitzpatrick
89832c1a95 tailcfg: fix typo in SessionDuration field name
Noted by @danderson.

Updates #3802

Change-Id: Ide15f3f28e30f6abb5c94d7dcd218bd9482752a0
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-04-21 14:19:58 -07:00
Brad Fitzpatrick
f7cb6630e7 tailcfg: document SSHPrincipal.PubKeys URL expansions
From f74ee80abe which lacked docs.

Updates #3802

Change-Id: Ia7df05a486ae383cc6d9aca9dfe487b04e243ad5
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-04-20 20:12:37 -07:00
Brad Fitzpatrick
c13be0c509 tailcfg: clarify how SSHPolicy.Rules are evaluated between auth phases
Updates #3802

Change-Id: I321183a8a2b065a40dca8dd95ca90cd822a17ff8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-04-18 22:03:52 -07:00
Tom DNetto
24cd26534f hostinfo, tailcfg: add desktop detection on Linux to hostinfo
From the machines tab its hard to differenciate desktop Linux installs from
server Linux installs. Transmitting this information should make this
determination a lot easier.

Due to the reality that tailscaled is likely a system process, the standard
checks based on XDG_SESSION_TYPE or DISPLAY environment variables are not
possible (those variables won't be set). Instead, we look for listening
unix sockets that are typical of desktop installs.

Signed-off-by: Tom DNetto <tom@tailscale.com>
2022-04-18 14:22:15 -07:00
Brad Fitzpatrick
9f1dd716e8 tailcfg, logtail: provide Debug bit to disable logtail
For people running self-hosted control planes who want a global
opt-out knob instead of running their own logcatcher.

Change-Id: I7f996c09f45850ff77b58bfd5a535e197971725a
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-04-18 13:53:13 -07:00
Brad Fitzpatrick
e96dd00652 ipn/ipnlocal: add capability for debugging peers over peerapi
The default is still users can debug their own nodes. But like
cd916b728b did, this adds support for admins to grant additional
capabilities with the new tailcfg.CapabilityDebugPeer cap.

Updates #4217

Change-Id: Ifce3d9a1f8e8845797970a4f97b393194663d35f
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-04-18 10:21:42 -07:00
Brad Fitzpatrick
cd916b728b ipn/ipnlocal: add start of inter-user Taildrop
Controlled by server-sent capability policy.

To be initially used for SSH servers to record sessions to other
nodes. Not yet productized into something user-accessible. (Notably,
the list of Taildrop targets from the sender side isn't augmented
yet.) This purely permits expanding the set of expands a node will
accept a drop from.

Updates #3802
Updates #4217

Change-Id: Id7a5bccd686490f8ef2cdc7dae7c07c440dc0085
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-04-17 10:07:07 -07:00
Brad Fitzpatrick
16f3520089 all: add arbitrary capability support
Updates #4217

RELNOTE=start of WhoIsResponse capability support

Change-Id: I6522998a911fe49e2f003077dad6164c017eed9b
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-04-17 09:01:53 -07:00
James Tucker
c591c91653 tailcfg, control/controlclient: TSMP & disco pings
tailcfg.PingResponse formalizes the TSMP & disco response message, and
controlclient is wired to send POST responses containing
tailcfg.PingResponse for TSMP and disco PingRequests.

Updates tailscale/corp#754

Signed-off-by: James Tucker <james@tailscale.com>
2022-04-15 22:36:51 -07:00
Brad Fitzpatrick
da14e024a8 tailcfg, ssh/tailssh: optionally support SSH public keys in wire policy
And clean up logging.

Updates #3802

Change-Id: I756dc2d579a16757537142283d791f1d0319f4f0
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-04-15 13:36:57 -07:00
Brad Fitzpatrick
df9ce972c7 tailcfg, ipn/ipnlocal: add debug flag to enable one-big-CGNAT/10 route
To experiment with avoiding Chrome ERR_NETWORK_CHANGED errors on route
changes.

Updates #3102

Change-Id: I339da14c684fdac45ac261566aa21bf2198672ff
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-04-14 14:47:42 -07:00
Maisem Ali
3603a18710 ipn/localapi: add endpoint to request id token
Updates tailscale/corp#4347

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-04-05 14:48:45 -07:00
Maisem Ali
035e8ab00e tailcfg: add Token{Request,Response} types
Updates tailscale/corp#4347

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-04-05 14:48:45 -07:00
Joe Tsai
01adcfa688
tailcfg: add omitempty to all fields of Hostinfo (#4360)
This reduces the noise when marshaling only a subset of this type.

Signed-off-by: Joe Tsai <joetsai@digital-static.net>
2022-04-05 13:25:14 -07:00
Brad Fitzpatrick
0861923c21 ssh/tailssh, tailcfg: add more HoldAndDelegate expansions, document
Updates #3802

Change-Id: I447f06b49e2a917bffe36881d0634c9195085512
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-03-22 17:56:45 -07:00
Brad Fitzpatrick
f3b13604b3 control/controlclient, ipn/ipnlocal, tailcfg: add MapResponse.PopBrowserURL
Updates #3802

Change-Id: I89481fc5782a0cc8084354706f8f28d94f197325
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-03-22 09:37:00 -07:00
Brad Fitzpatrick
f7e976db55 tailcfg, ssh/tailssh: make SSHUser value '=' map ssh-user to same local-user
Updates #3802

Change-Id: Icde60d4150ca15c25d615a4effb3d3c236f020a8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-03-21 10:49:37 -07:00
Maisem Ali
6b9d938c1a types/views: add generic Slice[T] and remove StringSlice
Also make IPPrefixSliceOf use Slice[netaddr.IPPrefix] as it also
provides additional functions besides the standard ones provided by
Slice[T].

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-16 22:13:16 -07:00
Maisem Ali
45a7f6689c tailcfg: add field to allow LocalPortForwarding in SSHAction
Updates #3802, #4129

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-14 13:39:42 -07:00
Maisem Ali
98b45ef12c ssh/tailssh: add support for agent forwarding.
Updates #3802

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-14 13:38:53 -07:00
Brad Fitzpatrick
efc48b0578 ssh/tailssh, ipnlocal, controlclient: fetch next SSHAction from network
Updates #3802

Change-Id: I08e98805ab86d6bbabb6c365ed4526f54742fd8e
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-03-10 13:41:08 -08:00
Maisem Ali
2bcc047d4f tailcfg: bump capVer for Noise
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-09 14:41:24 -08:00
Maisem Ali
da1821197a tailcfg: add SetDNSResponse
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-03-07 16:27:13 -08:00
Brad Fitzpatrick
d5f8f38ac6 tailcfg: rename map request version to "capability version"
And add a CapabilityVersion type, primarily for documentation.

This makes MapRequest.Version, RegisterRequest.Version, and
SetDNSRequest.Version all use the same version, which will avoid
confusing in the future if Register or SetDNS ever changed their
semantics on Version change. (Currently they're both always 1)

This will requre a control server change to allow a
SetDNSRequest.Version value other than 1 to be deployed first.

Change-Id: I073042a216e0d745f52ee2dbc45cf336b9f84b7c
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-03-06 14:29:08 -08:00
Brad Fitzpatrick
105dfa1efa tailcfg: add OverTLSPublicKeyResponse for the new response from /key
Updates #3488

Change-Id: I8729cb3fb7f6dda1a874f8ae2d9570311ed158db
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-03-06 13:51:32 -08:00
Brad Fitzpatrick
e1e20f6d39 ssh/tailssh: evaluate tailcfg.SSHPolicy on incoming connections
Updates #3802
Fixes #3960

Change-Id: Ieda2007d462ddce6c217b958167417ae9755774e
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-02-18 18:07:39 -08:00
Josh Bleecher Snyder
8c3c5e80b7 tailcfg: make MapResponse.ControlTime a pointer
Otherwise omitempty doesn't work.

This is wire-compatible with a non-pointer type, so switching
is safe, now and in the future.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2022-02-18 10:37:27 -08:00
Brad Fitzpatrick
bb93e29d5c tailcfg, ipn/ipnlocal: add Hostinfo.SSH_HostKeys, send when SSH enabled
(The name SSH_HostKeys is bad but SSHHostKeys is worse.)

Updates #3802

Change-Id: I2a889019c9e8b065b668dd58140db4fcab868a91
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-02-17 15:46:57 -08:00
Josh Bleecher Snyder
4609096271 tailcfg: fix stale docs for MapResponse.KeepAlive
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2022-02-17 15:15:43 -08:00
Josh Bleecher Snyder
8cf6d0a17b tailcfg: add MapResponse.ControlTime field
And log it when provided in map responses.

The test uses the date on which I joined Tailscale. :)

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2022-02-16 20:18:03 -08:00
Maisem Ali
72d8672ef7 tailcfg: make Node.Hostinfo a HostinfoView
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-02-16 12:55:57 -08:00
Maisem Ali
53998e26a6 tailcfg: introduce HostinfoView
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-02-16 12:55:57 -08:00
Brad Fitzpatrick
57115e923e tailcfg: add start of SSH policy to be sent from control plane to nodes
Updates #3802

Change-Id: Iec58f35d445aaa267d0f7e7e2f30c049c1df4c0e
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-02-15 16:05:42 -08:00
Brad Fitzpatrick
a7da236d3d tailcfg: no-op bump of MapRequest.Version
So 1.18 and 1.20 don't have the same.

Change-Id: Ib2cac7c11eb37d9a0c2fcb66630f1cae619a97f4
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-01-12 15:20:52 -08:00
Brad Fitzpatrick
bc537adb1a tailcfg: add Hostinfo.HowUnequal method
Change-Id: I80ee49c2ab581feccc4aa6ab47bc3c8392d9989d
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-12-23 09:04:53 -08:00
Brad Fitzpatrick
b811a316bc tailcfg, ipn/ipnlocal: advertise a Service when exit node DNS proxy available
Updates #1713

Change-Id: I20c8e2ad1062d82ef17363414e372133f4c7181e
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-29 21:57:06 -08:00
Brad Fitzpatrick
135580a5a8 tailcfg, ipn/ipnlocal, net/dns: forward exit node DNS on Unix to system DNS
Updates #1713

Change-Id: I4c073fec0992d9e01a9a4ce97087d5af0efdc68d
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-29 15:25:41 -08:00
David Anderson
0532eb30db all: replace tailcfg.DiscoKey with key.DiscoPublic.
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-03 14:00:16 -07:00
David Anderson
17b5782b3a types/key: delete legacy NodeKey type.
Fixes #3206

Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-02 14:14:32 -07:00