Commit Graph

26 Commits

Author SHA1 Message Date
Eng Zer Jun
f0347e841f refactor: move from io/ioutil to io and os packages
The io/ioutil package has been deprecated as of Go 1.16 [1]. This commit
replaces the existing io/ioutil functions with their new definitions in
io and os packages.

Reference: https://golang.org/doc/go1.16#ioutil
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2022-09-15 21:45:53 -07:00
Brad Fitzpatrick
116f55ff66 all: gofmt for Go 1.19
Updates #5210

Change-Id: Ib02cd5e43d0a8db60c1f09755a8ac7b140b670be
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-08-02 10:08:05 -07:00
Maisem Ali
2b8b887d55 ssh/tailssh: send banner messages during auth, move more to conn
(VSCode Live Share between Brad & Maisem!)

Updates #3802

Change-Id: Id8edca4481b0811debfdf56d4ccb1a46f71dd6d3
Co-Authored-By: Brad Fitzpatrick <bradfitz@tailscale.com>
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-04-20 18:34:11 -07:00
Maisem Ali
14d077fc3a ssh/tailssh: terminate ssh auth early if no policy can match
Also bump github.com/tailscale/golang-x-crypto/ssh

Updates #3802

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-04-20 13:44:04 -07:00
Brad Fitzpatrick
3d180c0376 go.mod, ssh/tailssh, tempfork/gliderlabs: bump x/crypto/ssh fork for NoClientAuthCallback
Prep for evaluating SSHPolicy earlier to decide whether certs are
required, which requires knowing the target SSH user.

Updates #3802

Change-Id: I2753ec8069e7f19c9121300d0fb0813c1c627c36
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-03-29 18:17:34 -07:00
Brad Fitzpatrick
5a44f9f5b5 tempfork: temporarily fork gliderlabs/ssh and x/crypto/ssh
While we rearrange/upstream things.

gliderlabs/ssh is forked into tempfork from our prior fork
at be8b7add40

x/crypto/ssh OTOH is forked at
https://github.com/tailscale/golang-x-crypto because it was gnarlier
to vendor with various internal packages, etc.
Its git history shows where it starts (2c7772ba30643b7a2026cbea938420dce7c6384d).

Updates #3802

Change-Id: I546e5cdf831cfc030a6c42557c0ad2c58766c65f
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-03-26 21:07:01 -07:00
Maisem Ali
baf8854f9a tempfork/wireguard-windows: remove the old windows firewall code now that we are no
longer relying on it.

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2021-08-26 15:00:45 -07:00
Josh Bleecher Snyder
a5da4ed981 all: gofmt with Go 1.17
This adds "//go:build" lines and tidies up existing "// +build" lines.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-08-05 15:54:00 -07:00
Josh Bleecher Snyder
41d06bdf86 tempfork/wireguard-windows: remove unnecessary build tag
The _windows.go suffix suffices.
This allows go:generate to run without creating a diff.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-07-19 15:31:56 -07:00
David Anderson
ac3de93d5c tempfork/wireguard-windows/firewall: add.
This is a fork of wireguard-windows's firewall package, with
the firewall rules adjusted to better line up with tailscale's
needs.

The package was taken from commit 3cc76ed5f222ec82748ef3bd8c41d4b059e28cdb
in our fork of wireguard-go.

Signed-off-by: David Anderson <danderson@tailscale.com>
2021-03-01 19:37:22 -08:00
Josh Bleecher Snyder
a6cad71fb2 go.mod: upgrade staticcheck to 0.1.0
Also run go.mod and fix some staticcheck warnings.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2020-12-14 14:01:29 -08:00
Brad Fitzpatrick
8f76548fd9 tempfork/osexec: remove old fork of os/exec
This package was a temporary fork of os/exec to fix an EINTR loop
bug that was fixed upstream for Go 1.15 in
8c1db77a92
(https://go-review.googlesource.com/c/go/+/232862), in
src/os/exec_unix.go:

8c1db77a92 (diff-72072cbd53a7240debad8aa506ff7ec795f9cfac7322e779f9bac29a4d0d0bd4)
2020-11-18 08:42:43 -08:00
Brad Fitzpatrick
5b338bf011 tempfork/registry: delete
It's unused.
2020-11-18 08:29:38 -08:00
Josh Bleecher Snyder
585a0d8997 all: use testing.T.TempDir
Bit of Friday cleanup.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2020-10-02 20:31:31 -07:00
Brad Fitzpatrick
f26b409bd5 tempfork: add lite fork of net/http/pprof w/o html/template or reflect 2020-07-21 16:17:03 -07:00
Brad Fitzpatrick
39f2fe29f7 tempfork/registry: work around issue with Tailscale's redo build system
Updates tailscale/corp#293
2020-06-05 10:46:15 -07:00
Brad Fitzpatrick
e441d3218e tempfork/registry: add golang.org/x/sys/windows/registry + CL 236681
Temporary fork of golang.org/x/sys/windows/registry with:

   windows/registry: add Key.WaitChange wrapper around RegNotifyChangeKeyValue
   https://go-review.googlesource.com/c/sys/+/236681
2020-06-05 09:45:16 -07:00
Brad Fitzpatrick
9bbcdba2b3 tempfork/internal/testenv: remove
It was for our x509 fork and no longer needed. (x509 changes
went into our Go fork instead)
2020-05-28 09:34:22 -07:00
Brad Fitzpatrick
58e83d8f66 tempfork/x509: moved to tailscale/go's crypto/x509 instead 2020-04-27 08:14:54 -07:00
Brad Fitzpatrick
d427fc023e tempfork/x509: remove the bundle tag in our fork
We want to be able to omit from only one (not both)
2020-04-25 10:00:10 -07:00
Brad Fitzpatrick
28c632c97b tempfork/x509: store certs for iOS compressed in binary, parse lazily 2020-04-25 08:54:01 -07:00
Brad Fitzpatrick
8fd8fc9c7d tempfork/x509: fix build on darwin and windows
These fixes were originally in the updates to CL 229917 after
Trybots failed there.
See https://go-review.googlesource.com/c/go/+/229917/1..3
2020-04-25 08:03:10 -07:00
Brad Fitzpatrick
bfc1261ab6 crypto/x509: keep smaller root cert representation in memory until needed
(from patchset 1, c12c890c64dd6372b3893af1e6f5ab11802c9e81, of
https://go-review.googlesource.com/c/go/+/230025/1, with merges fixes
due to parent commit's differents from its ps1..ps3)

Instead of parsing the PEM files and then storing the *Certificate
values forever, still parse them to see if they're valid and pick out
some fields, but then only store the decoded pem.Block.Bytes until
that cert is first needed.

Saves about 500K of memory on my (Debian stable) machine after doing a
tls.Dial or calling x509.SystemCertPool.

A more aggressive version of this is still possible: we can not keep
the pem.Block.Bytes in memory either, and re-read them from disk when
necessary. But dealing with files disappearing and even large
multi-cert PEM files changing (with offsets sliding around) made this
conservative version attractive. It doesn't change the
slurp-roots-on-startup semantics. It just does so with less memory
retained.

Change-Id: I3aea333f4749ae3b0026042ec3ff7ac015c72204
2020-04-24 21:27:48 -07:00
Brad Fitzpatrick
f5993f2440 crypto/x509: add support for CertPool to load certs lazily
(from patchset 1, 7cdc3c3e7427c9ef69e19224d6036c09c5ea1723, of
https://go-review.googlesource.com/c/go/+/229917/1)

This will allow building CertPools that consume less memory. (Most
certs are never accessed. Different users/programs access different
ones, but not many.)

This CL only adds the new internal mechanism (and uses it for the
old AddCert) but does not modify any existing root pool behavior.
(That is, the default Unix roots are still all slurped into memory as
of this CL)

Change-Id: Ib3a42e4050627b5e34413c595d8ced839c7bfa14
2020-04-24 21:27:48 -07:00
Numerous Gophers
3bab226299 Add fork of Go 1.15-dev's crypto/x509
Snapshotted from Go commit 619c7a48a38b28b521591b490fd14ccb7ea5e821
(https://go-review.googlesource.com/c/go/+/229762,
"crypto/x509: add x509omitbundledroots build tag to not embed roots")

With 975c01342a25899962969833d8b2873dc8856a4f
(https://go-review.googlesource.com/c/go/+/220721) removed, because it
depends on other stuff in Go std that doesn't yet exist in a Go
release.

Also, add a subset fork of Go's internal/testenv, for use by x509's tests.
2020-04-24 20:19:41 -07:00
Earl Lee
a8d8b8719a Move Linux client & common packages into a public repo. 2020-02-09 09:32:57 -08:00