TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-11-06 20:00:53 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,961 Commits 1,015 Branches 199 Tags
767e839db58693a4873a8232f26fd07b7ed9c066
Commit Graph

1048 Commits

Author SHA1 Message Date
Maisem Ali
a3cd171773 ipn/ipnserver: remove Server.serverModeUser 
We can just rely on LocalBackend.CurrentUser

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-11-25 18:43:16 +05:00
Maisem Ali
d321b0ea4f ipn/ipnlocal: add docs to LocalBackend.SetCurrentUserID 
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-11-25 18:43:16 +05:00
Brad Fitzpatrick
250edeb3da ipn/ipnserver: only permit the pre-HTTP LocalAPI protocol on Windows 
Updates #6417

Change-Id: I1c9dbee3f72969f703b3ff2dbbaa145a17db868b
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-24 14:56:04 -08:00
Brad Fitzpatrick
b68d008fee envknob: add CanTaildrop (TS_DISABLE_TAILDROP) to disable taildrop on device 
This matches CanSSHD (TS_DISABLE_SSH_SERVER) for administratively
disabling the code on a node, regardless of local or server configs.

This can be configured in /etc/default/tailscaled on Linux,
%ProgramData%\Tailscale\tailscaled-env.txt on Windows,
or /etc/tailscale/tailscaled-env.txt on Synology. (see getPlatformEnvFile)

Also delete some dead code and tidy up some docs.

Change-Id: I79a87c03e33209619466ea8aeb0f6651afcb8789
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-24 07:51:17 -08:00
Brad Fitzpatrick
20b27df4d0 tailcfg, ipn, controlclient: add MapResponse.ClientVersion, plumb to IPN bus 
Updates #6480

Change-Id: I6321071425cd091148d8140d1eb24dd536bb7984
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-23 20:24:12 -08:00
Brad Fitzpatrick
4d3713f631 envknob: add GOOS func 
Centralize the fake GOOS stuff, start to use it more. To be used more
in the future.

Change-Id: Iabacfbeaf5fca0b53bf4d5dbcdc0367f05a205f9
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-23 18:35:43 -08:00
Brad Fitzpatrick
6e6f27dd21 ipn/ipnlocal: lock down unsigned peers more 
Apparently there's no tracking bug?

Updates tailscale/corp#7515 for ingress/funnel at least.

Change-Id: I03bc54fdc1f53f9832ab8b51475b2d676c38d897
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-23 18:20:39 -08:00
Brad Fitzpatrick
7bff7345cc ipn/ipnauth: start splitting ipnserver into new ipnauth package 
We're trying to gut 90% of the ipnserver package. A lot will get
deleted, some will move to LocalBackend, and a lot is being moved into
this new ipn/ipnauth package which will be leaf-y and testable.

This is a baby step towards moving some stuff to ipnauth.

Update #6417
Updates tailscale/corp#8051

Change-Id: I28bc2126764f46597d92a2d72565009dc6927ee0
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-23 10:57:02 -08:00
Maisem Ali
3a5d02cb31 ipn/ipnlocal: update comment about using FallbackResolvers for exit nodes 
While reading the DNS code noticed that we were still using FallbackResolvers
in this code path but the comment was out of date.

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-11-23 16:52:22 +05:00
Brad Fitzpatrick
300aba61a6 ipn, cmd/tailscale/cli: add LocalAPI IPN bus watch, Start, convert CLI 
Updates #6417
Updates tailscale/corp#8051

Change-Id: I1ca360730c45ffaa0261d8422877304277fc5625
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-22 13:11:44 -08:00
Maisem Ali
d4f6efa1df ipn/ipnlocal: handle case when selected profile is deleted 
Profile keys are not deleted but are instead set to `nil` which results
in getting a nil error and we were not handling that correctly.

Updates #713

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-11-23 00:42:18 +05:00
Tom DNetto
b45b948776 ipn/ipnlocal: call initTKALocked on backend start 
Signed-off-by: Tom DNetto <tom@tailscale.com>
 2022-11-22 11:06:52 -08:00
Tom DNetto
aeb80bf8cb ipn/ipnlocal,tka: generate a nonce for each TKA 
Signed-off-by: Tom DNetto <tom@tailscale.com>
 2022-11-22 10:31:22 -08:00
Tom DNetto
6708f9a93f cmd/tailscale,ipn: implement lock log command 
This commit implements `tailscale lock log [--limit N]`, which displays an ordered list
of changes to network-lock state in a manner familiar to `git log`.

Signed-off-by: Tom DNetto <tom@tailscale.com>
 2022-11-22 10:30:59 -08:00
Tom DNetto
ed1fae6c73 ipn/ipnlocal: always tx TKA sync after enablement 
By always firing off a sync after enablement, the control plane should know the node's TKA head
at all times.

Signed-off-by: Tom DNetto <tom@tailscale.com>
 2022-11-22 10:25:13 -08:00
Brad Fitzpatrick
0f7da5c7dc ipn{,/ipnlocal}, client/tailscale: move Taildrop recv notifications to LocalAPI HTTP method 
Updates #6417

Change-Id: Iec544c477a0e5e9f1c6bf23555afec06255e2e22
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-22 08:49:13 -08:00
Maisem Ali
8d84178884 ipn/ipnlocal: stop storing serverURL in LocalBackend 
It's only read in a couple of places and we can read from Prefs directly.

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-11-22 16:51:36 +05:00
Maisem Ali
aeac4bc8e2 ipn/ipnlocal: account for currentUserID when iterating over knownProfiles 
We were not checking the currentUserID in all code paths that looped over
knownProfiles. This only impacted multi-user Windows setups.

Updates #713

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-11-22 15:31:17 +05:00
Maisem Ali
18c7c3981a ipn/ipnlocal: call checkPrefs in Start too 
We were not calling checkPrefs on `opts.*Prefs` in (*LocalBackend).Start().

Updates #713

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-11-22 15:13:00 +05:00
Brad Fitzpatrick
0480a925c1 ipn/ipnlocal: send Content-Security-Policy, etc to peerapi browser requests 
Updates tailscale/corp#7948

Change-Id: Ie70e0d042478338a37b7789ac63225193e47a524
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-21 17:33:06 -08:00
Maisem Ali
b94b91c168 cmd/tailscale/cli: add ability to set short names for profiles 
This adds a `--nickname` flag to `tailscale login|set`.

Updates #713

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-11-22 04:03:24 +05:00
Maisem Ali
575fd5f22b ipn: add ability to name profiles 
Updates #713

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-11-22 04:03:24 +05:00
Mihai Parparita
33520920c3 all: use strs.CutPrefix and strs.CutSuffix more 
Updates places where we use HasPrefix + TrimPrefix to use the combined
function.

Updates #5309

Signed-off-by: Mihai Parparita <mihai@tailscale.com>
 2022-11-21 14:32:16 -08:00
Brad Fitzpatrick
039ea51ca6 ipn/ipnlocal: add health warning for unstable builds 
Like the macOS About dialog.

Change-Id: Ic27f091e66e29d5eebe4e195eda97ed331d748fd
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-19 14:22:39 -08:00
Brad Fitzpatrick
a26f23d949 ipn/ipnlocal: actually fill out PeerAPIURLs in PeerStatus 
The earlier 5f6d63936f was not complete.

Updates tailscale/corp#7515

Change-Id: I35efca51d1584c48ef6834a7d29cd42d7c943628
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-19 13:35:39 -08:00
shayne
f52a6d1b8c cmd/tailscale/cli, ipn: move serve CLI funcs on to ServeConfig (#6401) 
Signed-off-by: Shayne Sweeney <shayne@tailscale.com>
 2022-11-19 09:42:14 -05:00
Tom DNetto
2a991a3541 ipn/{localapi,ipnserver}: set a CSP for ServeHTMLStatus, refactor host check 
Signed-off-by: Tom DNetto <tom@tailscale.com>
 2022-11-18 16:13:09 -08:00
Maisem Ali
f1ad26f694 ipn/ipnlocal: strip NetworkLockKey from Prefs 
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-11-19 00:57:49 +05:00
Maisem Ali
dd50dcd067 ipn/ipnlocal: handle untagging nodes better 
We would end up with duplicate profiles for the node as the UserID
would have chnaged. In order to correctly deduplicate profiles, we
need to look at both the UserID and the NodeID. A single machine can
only ever have 1 profile per NodeID and 1 profile per UserID.

Note: UserID of a Node can change when the node is tagged/untagged,
and the NodeID of a device can change when the node is deleted so we
need to check for both.

Updates #713

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-11-18 14:00:19 +05:00
Brad Fitzpatrick
f18dde6ad1 ipn/ipnserver: validate Host header on debug ServeHTMLStatus status 
Updates tailscale/corp#7948

Change-Id: I3a8c64f353af1eeae620812b2700ce4af4fbbc88
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-17 23:02:40 -08:00
Brad Fitzpatrick
a13753ae1e ipn/localapi: require POST to add a bugreport marker 
The LocalClient.BugReport method already sends it via POST.

Updates tailscale/corp#7948

Change-Id: I98dbd558c99d4296d934baa5ebc97052c7413073
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-17 21:54:06 -08:00
shayne
a97369f097 cmd/tailscale/cli: flesh out serve CLI and tests (#6304) 
Signed-off-by: Shayne Sweeney <shayne@tailscale.com>
 2022-11-17 16:09:43 -05:00
Maisem Ali
5f6d63936f ipn/ipnlocal: fill out PeerAPIURLs in PeerStatus 
Updates tailscale/corp#7515

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-11-18 01:49:32 +05:00
Andrew Dunham
cec48743fb ipn/localapi: set security headers 
Change-Id: I028b6ab91229e2f824e5a69856ca9e1844f7486e
Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
 2022-11-17 10:59:13 -05:00
Maisem Ali
1de64e89cd ipn/ipnlocal: set Hostinfo.WireIngress when ingress enabled 
Optimization for control.

Updates tailscale/corp#7515

Change-Id: Ie93b232ab3e543d53062b462bdc13e279176f7a9
Co-authored-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-11-17 02:39:25 +05:00
Mihai Parparita
b3da5de10f ipn/localapi: also allow localhost as the LocalAPI host 
The Mac and iOS LocalAPI clients make requests to it.

Signed-off-by: Mihai Parparita <mihai@tailscale.com>
 2022-11-16 12:11:45 -08:00
Maisem Ali
b0736fe6f7 ipn/ipnlocal: move selfNode from peerAPIServer to peerAPIHandler 
The peerAPIHandler is instantiated per PeerAPI call so it is
guaranteed to have the latest selfNode.

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-11-17 01:02:03 +05:00
Maisem Ali
2f4fca65a1 ipn/ipnlocal: prevent duplicate profiles of the same user 
Updates #713

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-11-17 00:59:55 +05:00
Brad Fitzpatrick
e9c851b04b ipn/ipnlocal: also accept service IP IPv6 literal in brackets for quad100 
The fix in 4fc8538e2 was sufficient for IPv6. Browsers (can?) send the
IPv6 literal, even without a port number, in brackets.

Updates tailscale/corp#7948

Change-Id: I0e429d3de4df8429152c12f251ab140b0c8f6b77
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-16 11:47:42 -08:00
Maisem Ali
296e712591 tailcfg: add CapabilityDebug 
Updates tailscale/corp#7948

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-11-17 00:21:10 +05:00
Maisem Ali
1e78fc462c ipn/ipnlocal: add some validation to PeerAPI 
Updates tailscale/corp#7948

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-11-16 23:33:53 +05:00
Maisem Ali
22238d897b all: standardize on PeerAPI 
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-11-16 22:49:13 +05:00
Brad Fitzpatrick
1b56acf513 ipn/ipnlocal: move LocalBackend.validPopBrowserURL empty check from caller 
I was too late with review feedback to 513780f4f8.

Updates tailscale/corp#7948

Change-Id: I8fa3b4eba4efaff591a2d0bfe6ab4795638b7c3a
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-16 09:43:43 -08:00
Maisem Ali
513780f4f8 ipn/ipnlocal: move URL validation to LocalBackend 
Updates tailscale/corp#7948

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-11-16 21:54:58 +05:00
Andrew Dunham
4caca8619e ipn/localapi: serve files with application/octet-stream Content-Type 
Updates tailscale/corp#7948

Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Change-Id: I5f570c04974598c7abae4017e4a7a0f63492c87c
 2022-11-16 11:36:15 -05:00
Brad Fitzpatrick
4fc8538e2f ipn/ipnlocal: check quad100 Host header in info page 
Updates tailscale/corp#7948

Change-Id: I0ab61c764bff9ba8afaf9070db73e971eb018477
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-16 08:18:12 -08:00
Maisem Ali
49b0ce8180 ipn/ipnlocal: update profile on server sent profile changes 
We were not updating the LoginProfile.UserProfile when a netmap
updated the UserProfile (e.g. when a node was tagged via the admin panel).

Updates #713

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-11-16 21:08:53 +05:00
Brad Fitzpatrick
976e88d430 client/tailscale/apitype: add LocalAPIHost const, use it 
Removes duplication.

Updates tailcale/corp#7948

Change-Id: I564c912ecfde31ba2293124bb1316e433c2a10f1
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-16 08:07:51 -08:00
Brad Fitzpatrick
6ea2d01626 ipn/ipnlocal: be more assertive about rules for applyPrefsToHostinfo (now Locked) 
The old docs were too cagey.

Change-Id: I92c4fdc4165e7ca35c4537aebe51eb3604b56f6d
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-15 21:32:01 -08:00
Mihai Parparita
d3878ecd62 ipn/ipnlocal: add client metrics for profile switching 
Updates #713

Signed-off-by: Mihai Parparita <mihai@tailscale.com>
 2022-11-15 21:30:39 -08:00