mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-26 03:25:35 +00:00
da078b4c09
This PR ties together pseudoconsoles, user profiles, s4u logons, and process creation into what is (hopefully) a simple API for various Tailscale services to obtain Windows access tokens without requiring knowledge of any Windows passwords. It works both for domain-joined machines (Kerberos) and non-domain-joined machines. The former case is fairly straightforward as it is fully documented. OTOH, the latter case is not documented, though it is fully defined in the C headers in the Windows SDK. The documentation blanks were filled in by reading the source code of Microsoft's Win32 port of OpenSSH. We need to do a bit of acrobatics to make conpty work correctly while creating a child process with an s4u token; see the doc comments above startProcessInternal for details. Updates #12383 Signed-off-by: Aaron Klotz <aaron@tailscale.com> |
||
|---|---|---|
| .. | ||
| authenticode | ||
| conpty | ||
| policy | ||
| s4u | ||
| testdata/testrestartableprocesses | ||
| winenv | ||
| mksyscall.go | ||
| restartmgr_windows_test.go | ||
| restartmgr_windows.go | ||
| startupinfo_windows.go | ||
| subprocess_windows_test.go | ||
| svcdiag_windows.go | ||
| userprofile_windows.go | ||
| winutil_notwindows.go | ||
| winutil_windows_test.go | ||
| winutil_windows.go | ||
| winutil.go | ||
| zsyscall_windows.go | ||