Commit Graph

4875 Commits

Author SHA1 Message Date
shayne
d1e1c025b0
tailcfg: add TailscaleFunnelEnabled to HostInfo (#6414)
Adding this convenience for tailscale/corp#8015 and to avoid leaking
WireIngress.

Signed-off-by: Shayne Sweeney <shayne@tailscale.com>
2022-11-20 13:22:54 -05:00
Charlotte Brandhorst-Satzkorn
538f431d5d
words: no explanation necessary (#6413)
Scales do not exist without a banana.

Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>
2022-11-20 00:01:01 -05:00
Charlotte Brandhorst-Satzkorn
aac3d5bdd1
words: good vibes only (#6412)
After consultation with Tom, it has been agreed that a vibe, or vibes,
can be felt in different quantifiable measures. That makes a vibe, or
vibes, a scale thus it must be immortalized.

Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>
2022-11-19 23:28:30 -05:00
Brad Fitzpatrick
039ea51ca6 ipn/ipnlocal: add health warning for unstable builds
Like the macOS About dialog.

Change-Id: Ic27f091e66e29d5eebe4e195eda97ed331d748fd
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-19 14:22:39 -08:00
Brad Fitzpatrick
a26f23d949 ipn/ipnlocal: actually fill out PeerAPIURLs in PeerStatus
The earlier 5f6d63936f was not complete.

Updates tailscale/corp#7515

Change-Id: I35efca51d1584c48ef6834a7d29cd42d7c943628
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-19 13:35:39 -08:00
Charlotte Brandhorst-Satzkorn
063eeefdca
words: where do penguins go when they lose their tail? (#6403)
To the retail store.

Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>
2022-11-19 12:37:48 -05:00
Charlotte Brandhorst-Satzkorn
92fa0313d0
words: this list is really sheeping up to be something (#6399)
Ewe wouldn't have thought it was started as a joke.


Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>
2022-11-19 07:17:00 -08:00
shayne
f52a6d1b8c
cmd/tailscale/cli, ipn: move serve CLI funcs on to ServeConfig (#6401)
Signed-off-by: Shayne Sweeney <shayne@tailscale.com>
2022-11-19 09:42:14 -05:00
Charlotte Brandhorst-Satzkorn
2847dd2aef
words: you goatta be kid'in me (#6397)
My puns are so baaaaaaad

Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>
2022-11-19 00:45:45 -05:00
mel
e2f8b84170
words: add "coyote" to the wordlist for tailnet names (#6396)
Signed-off-by: yotes <yotes@fastmail.com>
2022-11-19 00:22:46 -05:00
License Updater
2eb0687969 licenses: update win/apple licenses
Signed-off-by: License Updater <noreply@tailscale.com>
2022-11-18 19:10:05 -08:00
Brad Fitzpatrick
3a168cc1ff wgengine/magicsock: ignore pre-disco (pre-0.100) peers
There aren't any in the wild, other than one we ran on purpose to keep
us honest, but we can bump that one forward to 0.100.

Change-Id: I129e70724b2d3f8edf3b496dc01eba3ac5a2a907
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-18 17:52:08 -08:00
Tom DNetto
2a991a3541 ipn/{localapi,ipnserver}: set a CSP for ServeHTMLStatus, refactor host check
Signed-off-by: Tom DNetto <tom@tailscale.com>
2022-11-18 16:13:09 -08:00
phirework
a011320370
magicsock: cleanup canp2p (#6391)
This renames canP2P in magicsock to canP2PLocked to reflect
expectation of mutex lock, fixes a race we discovered in the meantime,
and updates the current stats.

Co-authored-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Signed-off-by: Jenny Zhang <jz@tailscale.com>
2022-11-18 12:23:22 -08:00
Maisem Ali
f1ad26f694 ipn/ipnlocal: strip NetworkLockKey from Prefs
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-11-19 00:57:49 +05:00
Anton Tolchanov
f40bb199f5 tsweb: cache prometheus metric names & types
Signed-off-by: Anton Tolchanov <anton@tailscale.com>
2022-11-18 19:52:37 +00:00
Anton Tolchanov
3c27632ffe tsweb: avoid dashes in Prometheus metric names
Ideally we should strip other invalid characters too, but that would
call for a regexp replacement which increases the number of allocations
and makes `TestVarzHandlerSorting` fail.

Signed-off-by: Anton Tolchanov <anton@tailscale.com>
2022-11-18 19:52:37 +00:00
Maisem Ali
dd50dcd067 ipn/ipnlocal: handle untagging nodes better
We would end up with duplicate profiles for the node as the UserID
would have chnaged. In order to correctly deduplicate profiles, we
need to look at both the UserID and the NodeID. A single machine can
only ever have 1 profile per NodeID and 1 profile per UserID.

Note: UserID of a Node can change when the node is tagged/untagged,
and the NodeID of a device can change when the node is deleted so we
need to check for both.

Updates #713

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-11-18 14:00:19 +05:00
Brad Fitzpatrick
f18dde6ad1 ipn/ipnserver: validate Host header on debug ServeHTMLStatus status
Updates tailscale/corp#7948

Change-Id: I3a8c64f353af1eeae620812b2700ce4af4fbbc88
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-17 23:02:40 -08:00
Brad Fitzpatrick
a13753ae1e ipn/localapi: require POST to add a bugreport marker
The LocalClient.BugReport method already sends it via POST.

Updates tailscale/corp#7948

Change-Id: I98dbd558c99d4296d934baa5ebc97052c7413073
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-17 21:54:06 -08:00
Maisem Ali
b5299d7d0e portlist: wait for lsof cmd to exit
We were leaking processes otherwise.

Co-authored-by: Mihai Parparita <mihai@tailscale.com>
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-11-18 03:42:35 +05:00
shayne
a97369f097
cmd/tailscale/cli: flesh out serve CLI and tests (#6304)
Signed-off-by: Shayne Sweeney <shayne@tailscale.com>
2022-11-17 16:09:43 -05:00
Maisem Ali
5f6d63936f ipn/ipnlocal: fill out PeerAPIURLs in PeerStatus
Updates tailscale/corp#7515

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-11-18 01:49:32 +05:00
Andrew Dunham
0af61f7c40 cmd/tailscale, util/quarantine: set quarantine flags on files from Taildrop
This sets the "com.apple.quarantine" flag on macOS, and the
"Zone.Identifier" alternate data stream on Windows.

Change-Id: If14f805467b0e2963067937d7f34e08ba1d1fa85
Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
2022-11-17 15:06:02 -05:00
Andrew Dunham
cec48743fb ipn/localapi: set security headers
Change-Id: I028b6ab91229e2f824e5a69856ca9e1844f7486e
Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
2022-11-17 10:59:13 -05:00
Will Norris
1b8c13e18a words: help mercat get her sparkle back
Signed-off-by: Will Norris <will@tailscale.com>
2022-11-16 23:27:13 -08:00
Maisem Ali
f3519f7b29 cmd/tailscale/cli: add login and switch subcommands
Updates #713

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-11-17 10:27:56 +05:00
Joe Tsai
ec1e67b1ab
tstime: fix ParseDuration for '6' digit (#6363)
The cutset provided to strings.TrimRight was missing the digit '6',
making it such that we couldn't parse something like "365d".

Signed-off-by: Joe Tsai <joetsai@digital-static.net>
2022-11-16 21:01:09 -08:00
Joe Tsai
eff62b7b1b
logtail: remove MustParsePublicID (#6335)
This function is no longer necessary as you can trivially rewrite:

	logtail.MustParsePublicID(...)

with:

	must.Get(logtail.ParsePublicID(...))

Signed-off-by: Joe Tsai <joetsai@digital-static.net>
2022-11-16 15:38:27 -08:00
Maisem Ali
1de64e89cd ipn/ipnlocal: set Hostinfo.WireIngress when ingress enabled
Optimization for control.

Updates tailscale/corp#7515

Change-Id: Ie93b232ab3e543d53062b462bdc13e279176f7a9
Co-authored-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-11-17 02:39:25 +05:00
Mihai Parparita
b3da5de10f ipn/localapi: also allow localhost as the LocalAPI host
The Mac and iOS LocalAPI clients make requests to it.

Signed-off-by: Mihai Parparita <mihai@tailscale.com>
2022-11-16 12:11:45 -08:00
Maisem Ali
b0736fe6f7 ipn/ipnlocal: move selfNode from peerAPIServer to peerAPIHandler
The peerAPIHandler is instantiated per PeerAPI call so it is
guaranteed to have the latest selfNode.

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-11-17 01:02:03 +05:00
Maisem Ali
2f4fca65a1 ipn/ipnlocal: prevent duplicate profiles of the same user
Updates #713

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-11-17 00:59:55 +05:00
Brad Fitzpatrick
e9c851b04b ipn/ipnlocal: also accept service IP IPv6 literal in brackets for quad100
The fix in 4fc8538e2 was sufficient for IPv6. Browsers (can?) send the
IPv6 literal, even without a port number, in brackets.

Updates tailscale/corp#7948

Change-Id: I0e429d3de4df8429152c12f251ab140b0c8f6b77
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-16 11:47:42 -08:00
Maisem Ali
296e712591 tailcfg: add CapabilityDebug
Updates tailscale/corp#7948

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-11-17 00:21:10 +05:00
Maisem Ali
1e78fc462c ipn/ipnlocal: add some validation to PeerAPI
Updates tailscale/corp#7948

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-11-16 23:33:53 +05:00
Maisem Ali
1f4669a380 all: standardize on LocalAPI
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-11-16 23:15:24 +05:00
Maisem Ali
22238d897b all: standardize on PeerAPI
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-11-16 22:49:13 +05:00
Brad Fitzpatrick
1b56acf513 ipn/ipnlocal: move LocalBackend.validPopBrowserURL empty check from caller
I was too late with review feedback to 513780f4f8.

Updates tailscale/corp#7948

Change-Id: I8fa3b4eba4efaff591a2d0bfe6ab4795638b7c3a
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-16 09:43:43 -08:00
Maisem Ali
513780f4f8 ipn/ipnlocal: move URL validation to LocalBackend
Updates tailscale/corp#7948

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-11-16 21:54:58 +05:00
Andrew Dunham
4caca8619e ipn/localapi: serve files with application/octet-stream Content-Type
Updates tailscale/corp#7948

Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Change-Id: I5f570c04974598c7abae4017e4a7a0f63492c87c
2022-11-16 11:36:15 -05:00
Brad Fitzpatrick
4fc8538e2f ipn/ipnlocal: check quad100 Host header in info page
Updates tailscale/corp#7948

Change-Id: I0ab61c764bff9ba8afaf9070db73e971eb018477
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-16 08:18:12 -08:00
Maisem Ali
49b0ce8180 ipn/ipnlocal: update profile on server sent profile changes
We were not updating the LoginProfile.UserProfile when a netmap
updated the UserProfile (e.g. when a node was tagged via the admin panel).

Updates #713

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-11-16 21:08:53 +05:00
Brad Fitzpatrick
976e88d430 client/tailscale/apitype: add LocalAPIHost const, use it
Removes duplication.

Updates tailcale/corp#7948

Change-Id: I564c912ecfde31ba2293124bb1316e433c2a10f1
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-16 08:07:51 -08:00
Brad Fitzpatrick
97319a1970 control/controlclient: filter PopBrowserURL values to https schemes
No need for http://, etc. In case a control server sends a bogus value
and GUIs don't also validate.

Updates tailscale/corp#7948

Change-Id: I0b7dd86aa396bdabd88f0c4fe51831fb2ec4175a
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-16 07:54:52 -08:00
Maisem Ali
2d653230ef ssh/tailssh: only call CloseWrite when both stdout and stderr are done
Updates #5209

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-11-16 16:22:47 +05:00
Brad Fitzpatrick
6ea2d01626 ipn/ipnlocal: be more assertive about rules for applyPrefsToHostinfo (now Locked)
The old docs were too cagey.

Change-Id: I92c4fdc4165e7ca35c4537aebe51eb3604b56f6d
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-15 21:32:01 -08:00
Mihai Parparita
d3878ecd62 ipn/ipnlocal: add client metrics for profile switching
Updates #713

Signed-off-by: Mihai Parparita <mihai@tailscale.com>
2022-11-15 21:30:39 -08:00
Brad Fitzpatrick
b08f37d069 tailcfg: add Hostinfo.WireIngress bool
Yet unused. Future optimization for control.

Updates tailscale/corp#7515

Change-Id: Icd755aa8b1d6ca61d16dfc124c28c9c56ebdfee5
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-15 21:06:18 -08:00
Mihai Parparita
6d48a54b3d version: make IsSandboxedMacOS handle the IPNExtension binary too
It was previously only invoked from the CLI, which only runs from the
main .app. However, starting with #6022 we also invoke it from the
network extension.

Signed-off-by: Mihai Parparita <mihai@tailscale.com>
2022-11-15 17:54:10 -08:00