tailscale/util
Aaron Klotz fbc18410ad ipn/ipnauth: improve the Windows token administrator check
(*Token).IsAdministrator is supposed to return true even when the user is
running with a UAC limited token. The idea is that, for the purposes of
this check, we don't care whether the user is *currently* running with
full Admin rights, we just want to know whether the user can
*potentially* do so.

We accomplish this by querying for the token's "linked token," which
should be the fully-elevated variant, and checking its group memberships.

We also switch ipn/ipnserver/(*Server).connIsLocalAdmin to use the elevation
check to preserve those semantics for tailscale serve; I want the
IsAdministrator check to be used for less sensitive things like toggling
auto-update on and off.

Fixes #10036

Signed-off-by: Aaron Klotz <aaron@tailscale.com>
2023-11-03 14:37:04 -06:00
..
cibuild all: update copyright and license headers 2023-01-27 15:36:29 -08:00
clientmetric util/clientmetric: allow client metric values to be provided by a function 2023-04-05 17:21:16 -07:00
cloudenv all: update copyright and license headers 2023-01-27 15:36:29 -08:00
cmpver util/cmpver: only consider ascii numerals (#9741) 2023-10-11 13:42:32 +01:00
cmpx all: update exp/slices and fix call sites 2023-07-28 13:11:53 -07:00
codegen util/codegen: support embedded fields 2023-05-09 15:40:17 -07:00
cstruct all: update copyright and license headers 2023-01-27 15:36:29 -08:00
deephash util/deephash: add IncludeFields, ExcludeFields HasherForType Options 2023-08-27 21:01:12 -07:00
dirwalk all: use tstest.Replace more 2023-03-04 12:24:55 -08:00
dnsname cmd/tailscale: extend hostname validation (#7678) 2023-03-27 18:21:58 +01:00
goroutines util/goroutines: let ScrubbedGoroutineDump get only current stack 2023-06-23 12:50:45 -07:00
groupmember util/groupmember: fail earlier if group doesn't exist, use slices.Contains 2023-11-01 19:23:16 -07:00
hashx all: update copyright and license headers 2023-01-27 15:36:29 -08:00
httphdr util/httphdr: add new package for parsing HTTP headers (#9797) 2023-10-13 15:38:22 -07:00
httpm util/httpm, all: add a test to make sure httpm is used consistently 2023-10-03 09:26:13 -07:00
jsonutil all: update copyright and license headers 2023-01-27 15:36:29 -08:00
limiter util/lru, util/limiter: add debug helper to dump state as HTML 2023-09-08 14:47:03 -07:00
lineread all: update copyright and license headers 2023-01-27 15:36:29 -08:00
linuxfw util/linuxfw: add missing error checks in tests 2023-10-28 09:44:53 -07:00
lru util/lru: update c.head when deleting the most recently used entry 2023-09-19 12:17:50 -07:00
mak various: add golangci-lint, fix issues (#7905) 2023-04-17 18:38:24 -04:00
multierr all: use Go 1.21 slices, maps instead of x/exp/{slices,maps} 2023-08-17 08:42:35 -07:00
must all: update copyright and license headers 2023-01-27 15:36:29 -08:00
nocasemaps util/nocasemaps: import nocasemaps from corp 2023-10-11 13:55:00 -07:00
osdiag util/osdiag: add query for Windows page file configuration and status 2023-08-25 10:31:36 -06:00
osshare all: update copyright and license headers 2023-01-27 15:36:29 -08:00
pidowner all: update copyright and license headers 2023-01-27 15:36:29 -08:00
precompress all: update copyright and license headers 2023-01-27 15:36:29 -08:00
quarantine all: update copyright and license headers 2023-01-27 15:36:29 -08:00
race util/race: add test to confirm we don't leak goroutines 2023-10-03 18:44:22 -04:00
racebuild all: update copyright and license headers 2023-01-27 15:36:29 -08:00
rands util/rands: add package with HexString func 2023-09-05 09:17:21 -07:00
ringbuffer util/ringbuffer: move generic ringbuffer from corp repo 2023-02-21 19:11:08 +00:00
set util/set: make Clone a method (#10044) 2023-11-01 10:20:38 -07:00
singleflight all: update copyright and license headers 2023-01-27 15:36:29 -08:00
slicesx util/slicesx: add EqualSameNil, like slices.Equal but same nilness 2023-09-30 18:56:15 -07:00
syspolicy Revert "ipn/ipnlocal: add new DNS and subnet router policies" (#9962) 2023-10-24 17:07:25 -07:00
sysresources util/sysresources, magicsock: scale DERP buffer based on system memory 2023-04-03 17:14:14 -04:00
systemd all: update copyright and license headers 2023-01-27 15:36:29 -08:00
testenv util/testenv: add new package to hold InTest 2023-08-08 19:51:44 -06:00
truncate util: add truncate package (#7490) 2023-03-07 11:51:36 -08:00
uniq all: update copyright and license headers 2023-01-27 15:36:29 -08:00
vizerror util/vizerror: add As function to get wrapped Error 2023-02-01 14:39:13 -08:00
winutil ipn/ipnauth: improve the Windows token administrator check 2023-11-03 14:37:04 -06:00