tailscale/ipn
Aaron Klotz 95671b71a6 ipn, safesocket: use Windows token in LocalAPI
On Windows, the idiomatic way to check access on a named pipe is for
the server to impersonate the client on its current OS thread, perform
access checks using the client's access token, and then revert the OS
thread's access token back to its true self.

The access token is a better representation of the client's rights than just
a username/userid check, as it represents the client's effective rights
at connection time, which might differ from their normal rights.

This patch updates safesocket to do the aforementioned impersonation,
extract the token handle, and then revert the impersonation. We retain
the token handle for the remaining duration of the connection (the token
continues to be valid even after we have reverted back to self).

Since the token is a property of the connection, I changed ipnauth to wrap
the concrete net.Conn to include the token. I then plumbed that change
through ipnlocal, ipnserver, and localapi as necessary.

I also added a PermitLocalAdmin flag to the localapi Handler which I intend
to use for controlling access to a few new localapi endpoints intended
for configuring auto-update.

Updates https://github.com/tailscale/tailscale/issues/755

Signed-off-by: Aaron Klotz <aaron@tailscale.com>
2023-10-26 09:43:19 -06:00
..
conffile ipn/{conffile,ipnlocal}: start booting tailscaled from a config file w/ auth key 2023-10-17 07:12:49 -07:00
ipnauth ipn, safesocket: use Windows token in LocalAPI 2023-10-26 09:43:19 -06:00
ipnlocal ipn, safesocket: use Windows token in LocalAPI 2023-10-26 09:43:19 -06:00
ipnserver ipn, safesocket: use Windows token in LocalAPI 2023-10-26 09:43:19 -06:00
ipnstate client/web: restrict full management client behind browser sessions 2023-10-05 17:21:39 -04:00
localapi ipn, safesocket: use Windows token in LocalAPI 2023-10-26 09:43:19 -06:00
policy ipn: prefer allow/denylist terminology 2023-04-04 08:02:50 -07:00
store cmd/k8s-operator,ipn/store/kubestore: patch secrets instead of updating 2023-08-29 13:24:05 -07:00
backend.go cmd/tailscale,ipn/ipnlocal: print debug component names 2023-10-03 06:07:34 -07:00
conf.go ipn/{conffile,ipnlocal}: start booting tailscaled from a config file w/ auth key 2023-10-17 07:12:49 -07:00
doc.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
fake_test.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
ipn_clone.go ipn: add PostureChecks to Prefs 2023-10-09 08:15:38 +02:00
ipn_test.go net/packet: split off checksum munging into different pkg 2023-10-11 14:25:58 -07:00
ipn_view.go ipn: add PostureChecks to Prefs 2023-10-09 08:15:38 +02:00
prefs_test.go ipn: add PostureChecks to Prefs 2023-10-09 08:15:38 +02:00
prefs.go ipn: add PostureChecks to Prefs 2023-10-09 08:15:38 +02:00
serve_test.go ipn: use NodeCapMap in CheckFunnel 2023-09-28 09:16:25 -07:00
serve.go ipn: use NodeCapMap in CheckFunnel 2023-09-28 09:16:25 -07:00
store_test.go ipn: avoid useless no-op WriteState calls 2023-08-07 08:44:24 -07:00
store.go ipn: avoid useless no-op WriteState calls 2023-08-07 08:44:24 -07:00