mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-29 04:55:31 +00:00
da078b4c09
This PR ties together pseudoconsoles, user profiles, s4u logons, and process creation into what is (hopefully) a simple API for various Tailscale services to obtain Windows access tokens without requiring knowledge of any Windows passwords. It works both for domain-joined machines (Kerberos) and non-domain-joined machines. The former case is fairly straightforward as it is fully documented. OTOH, the latter case is not documented, though it is fully defined in the C headers in the Windows SDK. The documentation blanks were filled in by reading the source code of Microsoft's Win32 port of OpenSSH. We need to do a bit of acrobatics to make conpty work correctly while creating a child process with an s4u token; see the doc comments above startProcessInternal for details. Updates #12383 Signed-off-by: Aaron Klotz <aaron@tailscale.com> |
||
---|---|---|
.. | ||
authenticode | ||
conpty | ||
policy | ||
s4u | ||
testdata/testrestartableprocesses | ||
winenv | ||
mksyscall.go | ||
restartmgr_windows_test.go | ||
restartmgr_windows.go | ||
startupinfo_windows.go | ||
subprocess_windows_test.go | ||
svcdiag_windows.go | ||
userprofile_windows.go | ||
winutil_notwindows.go | ||
winutil_windows_test.go | ||
winutil_windows.go | ||
winutil.go | ||
zsyscall_windows.go |