tailscale

TheArchive/tailscale

Fork 0

mirror of https://github.com/tailscale/tailscale.git synced 2024-11-26 11:35:35 +00:00

Commit Graph

Author	SHA1	Message	Date
Aaron Klotz	e181f12a7b	util/winutil/s4u: fix some doc comments in the s4u package This is #cleanup Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2024-07-05 13:19:47 -07:00
Aaron Klotz	b292f7f9ac	util/winutil/s4u: fix incorrect token type specified in s4u Login This was correct before, I think I just made a copy/paste error when updating that PR. Updates #12383 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2024-06-26 14:28:56 -06:00
Aaron Klotz	da078b4c09	util/winutil: add package for logging into Windows via Service-for-User (S4U) This PR ties together pseudoconsoles, user profiles, s4u logons, and process creation into what is (hopefully) a simple API for various Tailscale services to obtain Windows access tokens without requiring knowledge of any Windows passwords. It works both for domain-joined machines (Kerberos) and non-domain-joined machines. The former case is fairly straightforward as it is fully documented. OTOH, the latter case is not documented, though it is fully defined in the C headers in the Windows SDK. The documentation blanks were filled in by reading the source code of Microsoft's Win32 port of OpenSSH. We need to do a bit of acrobatics to make conpty work correctly while creating a child process with an s4u token; see the doc comments above startProcessInternal for details. Updates #12383 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2024-06-25 22:05:52 -06:00

Author

SHA1

Message

Date

Aaron Klotz

e181f12a7b

util/winutil/s4u: fix some doc comments in the s4u package

This is #cleanup

Signed-off-by: Aaron Klotz <aaron@tailscale.com>

2024-07-05 13:19:47 -07:00

Aaron Klotz

b292f7f9ac

util/winutil/s4u: fix incorrect token type specified in s4u Login

This was correct before, I think I just made a copy/paste error when
updating that PR.

Updates #12383

Signed-off-by: Aaron Klotz <aaron@tailscale.com>

2024-06-26 14:28:56 -06:00

Aaron Klotz

da078b4c09

util/winutil: add package for logging into Windows via Service-for-User (S4U)

This PR ties together pseudoconsoles, user profiles, s4u logons, and
process creation into what is (hopefully) a simple API for various
Tailscale services to obtain Windows access tokens without requiring
knowledge of any Windows passwords. It works both for domain-joined
machines (Kerberos) and non-domain-joined machines. The former case
is fairly straightforward as it is fully documented. OTOH, the latter
case is not documented, though it is fully defined in the C headers in
the Windows SDK. The documentation blanks were filled in by reading
the source code of Microsoft's Win32 port of OpenSSH.

We need to do a bit of acrobatics to make conpty work correctly while
creating a child process with an s4u token; see the doc comments above
startProcessInternal for details.

Updates #12383

Signed-off-by: Aaron Klotz <aaron@tailscale.com>

2024-06-25 22:05:52 -06:00

3 Commits