|
|
|
@ -17,6 +17,7 @@ import (
|
|
|
|
|
"sync"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"github.com/tailscale/wireguard-go/wgcfg"
|
|
|
|
|
"golang.org/x/oauth2"
|
|
|
|
|
"tailscale.com/logtail/backoff"
|
|
|
|
|
"tailscale.com/tailcfg"
|
|
|
|
@ -25,36 +26,37 @@ import (
|
|
|
|
|
"tailscale.com/types/structs"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// TODO(apenwarr): eliminate the 'state' variable, as it's now obsolete.
|
|
|
|
|
// It's used only by the unit tests.
|
|
|
|
|
type state int
|
|
|
|
|
// State is the high-level state of the client. It is used only in
|
|
|
|
|
// unit tests for proper sequencing, don't depend on it anywhere else.
|
|
|
|
|
// TODO(apenwarr): eliminate 'state', as it's now obsolete.
|
|
|
|
|
type State int
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
stateNew = state(iota)
|
|
|
|
|
stateNotAuthenticated
|
|
|
|
|
stateAuthenticating
|
|
|
|
|
stateURLVisitRequired
|
|
|
|
|
stateAuthenticated
|
|
|
|
|
stateSynchronized // connected and received map update
|
|
|
|
|
StateNew = State(iota)
|
|
|
|
|
StateNotAuthenticated
|
|
|
|
|
StateAuthenticating
|
|
|
|
|
StateURLVisitRequired
|
|
|
|
|
StateAuthenticated
|
|
|
|
|
StateSynchronized // connected and received map update
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func (s state) MarshalText() ([]byte, error) {
|
|
|
|
|
func (s State) MarshalText() ([]byte, error) {
|
|
|
|
|
return []byte(s.String()), nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s state) String() string {
|
|
|
|
|
func (s State) String() string {
|
|
|
|
|
switch s {
|
|
|
|
|
case stateNew:
|
|
|
|
|
case StateNew:
|
|
|
|
|
return "state:new"
|
|
|
|
|
case stateNotAuthenticated:
|
|
|
|
|
case StateNotAuthenticated:
|
|
|
|
|
return "state:not-authenticated"
|
|
|
|
|
case stateAuthenticating:
|
|
|
|
|
case StateAuthenticating:
|
|
|
|
|
return "state:authenticating"
|
|
|
|
|
case stateURLVisitRequired:
|
|
|
|
|
case StateURLVisitRequired:
|
|
|
|
|
return "state:url-visit-required"
|
|
|
|
|
case stateAuthenticated:
|
|
|
|
|
case StateAuthenticated:
|
|
|
|
|
return "state:authenticated"
|
|
|
|
|
case stateSynchronized:
|
|
|
|
|
case StateSynchronized:
|
|
|
|
|
return "state:synchronized"
|
|
|
|
|
default:
|
|
|
|
|
return fmt.Sprintf("state:unknown:%d", int(s))
|
|
|
|
@ -69,7 +71,7 @@ type Status struct {
|
|
|
|
|
Persist *Persist // locally persisted configuration
|
|
|
|
|
NetMap *NetworkMap // server-pushed configuration
|
|
|
|
|
Hostinfo *tailcfg.Hostinfo // current Hostinfo data
|
|
|
|
|
state state
|
|
|
|
|
State State
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Equal reports whether s and s2 are equal.
|
|
|
|
@ -84,7 +86,7 @@ func (s *Status) Equal(s2 *Status) bool {
|
|
|
|
|
reflect.DeepEqual(s.Persist, s2.Persist) &&
|
|
|
|
|
reflect.DeepEqual(s.NetMap, s2.NetMap) &&
|
|
|
|
|
reflect.DeepEqual(s.Hostinfo, s2.Hostinfo) &&
|
|
|
|
|
s.state == s2.state
|
|
|
|
|
s.State == s2.State
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s Status) String() string {
|
|
|
|
@ -92,7 +94,7 @@ func (s Status) String() string {
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
return s.state.String() + " " + string(b)
|
|
|
|
|
return s.State.String() + " " + string(b)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type LoginGoal struct {
|
|
|
|
@ -121,7 +123,7 @@ type Client struct {
|
|
|
|
|
hostinfo *tailcfg.Hostinfo
|
|
|
|
|
inPollNetMap bool // true if currently running a PollNetMap
|
|
|
|
|
inSendStatus int // number of sendStatus calls currently in progress
|
|
|
|
|
state state
|
|
|
|
|
state State
|
|
|
|
|
|
|
|
|
|
authCtx context.Context // context used for auth requests
|
|
|
|
|
mapCtx context.Context // context used for netmap requests
|
|
|
|
@ -319,7 +321,7 @@ func (c *Client) authRoutine() {
|
|
|
|
|
c.mu.Lock()
|
|
|
|
|
c.loggedIn = false
|
|
|
|
|
c.loginGoal = nil
|
|
|
|
|
c.state = stateNotAuthenticated
|
|
|
|
|
c.state = StateNotAuthenticated
|
|
|
|
|
c.synced = false
|
|
|
|
|
c.mu.Unlock()
|
|
|
|
|
|
|
|
|
@ -328,9 +330,9 @@ func (c *Client) authRoutine() {
|
|
|
|
|
} else { // ie. goal.wantLoggedIn
|
|
|
|
|
c.mu.Lock()
|
|
|
|
|
if goal.url != "" {
|
|
|
|
|
c.state = stateURLVisitRequired
|
|
|
|
|
c.state = StateURLVisitRequired
|
|
|
|
|
} else {
|
|
|
|
|
c.state = stateAuthenticating
|
|
|
|
|
c.state = StateAuthenticating
|
|
|
|
|
}
|
|
|
|
|
c.mu.Unlock()
|
|
|
|
|
|
|
|
|
@ -359,7 +361,7 @@ func (c *Client) authRoutine() {
|
|
|
|
|
|
|
|
|
|
c.mu.Lock()
|
|
|
|
|
c.loginGoal = goal
|
|
|
|
|
c.state = stateURLVisitRequired
|
|
|
|
|
c.state = StateURLVisitRequired
|
|
|
|
|
c.synced = false
|
|
|
|
|
c.mu.Unlock()
|
|
|
|
|
|
|
|
|
@ -372,7 +374,7 @@ func (c *Client) authRoutine() {
|
|
|
|
|
c.mu.Lock()
|
|
|
|
|
c.loggedIn = true
|
|
|
|
|
c.loginGoal = nil
|
|
|
|
|
c.state = stateAuthenticated
|
|
|
|
|
c.state = StateAuthenticated
|
|
|
|
|
c.mu.Unlock()
|
|
|
|
|
|
|
|
|
|
c.sendStatus("authRoutine4", nil, "", nil)
|
|
|
|
@ -382,6 +384,20 @@ func (c *Client) authRoutine() {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Expiry returns the credential expiration time, or the zero time if
|
|
|
|
|
// the expiration time isn't known. Used in tests only.
|
|
|
|
|
func (c *Client) Expiry() *time.Time {
|
|
|
|
|
c.mu.Lock()
|
|
|
|
|
defer c.mu.Unlock()
|
|
|
|
|
return c.expiry
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Direct returns the underlying direct client object. Used in tests
|
|
|
|
|
// only.
|
|
|
|
|
func (c *Client) Direct() *Direct {
|
|
|
|
|
return c.direct
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Client) mapRoutine() {
|
|
|
|
|
defer close(c.mapDone)
|
|
|
|
|
bo := backoff.NewBackoff("mapRoutine", c.logf)
|
|
|
|
@ -449,7 +465,7 @@ func (c *Client) mapRoutine() {
|
|
|
|
|
c.synced = true
|
|
|
|
|
c.inPollNetMap = true
|
|
|
|
|
if c.loggedIn {
|
|
|
|
|
c.state = stateSynchronized
|
|
|
|
|
c.state = StateSynchronized
|
|
|
|
|
}
|
|
|
|
|
exp := nm.Expiry
|
|
|
|
|
c.expiry = &exp
|
|
|
|
@ -467,8 +483,8 @@ func (c *Client) mapRoutine() {
|
|
|
|
|
c.mu.Lock()
|
|
|
|
|
c.synced = false
|
|
|
|
|
c.inPollNetMap = false
|
|
|
|
|
if c.state == stateSynchronized {
|
|
|
|
|
c.state = stateAuthenticated
|
|
|
|
|
if c.state == StateSynchronized {
|
|
|
|
|
c.state = StateAuthenticated
|
|
|
|
|
}
|
|
|
|
|
c.mu.Unlock()
|
|
|
|
|
|
|
|
|
@ -537,7 +553,7 @@ func (c *Client) sendStatus(who string, err error, url string, nm *NetworkMap) {
|
|
|
|
|
|
|
|
|
|
var p *Persist
|
|
|
|
|
var fin *empty.Message
|
|
|
|
|
if state == stateAuthenticated {
|
|
|
|
|
if state == StateAuthenticated {
|
|
|
|
|
fin = new(empty.Message)
|
|
|
|
|
}
|
|
|
|
|
if nm != nil && loggedIn && synced {
|
|
|
|
@ -554,7 +570,7 @@ func (c *Client) sendStatus(who string, err error, url string, nm *NetworkMap) {
|
|
|
|
|
Persist: p,
|
|
|
|
|
NetMap: nm,
|
|
|
|
|
Hostinfo: hi,
|
|
|
|
|
state: state,
|
|
|
|
|
State: state,
|
|
|
|
|
}
|
|
|
|
|
if err != nil {
|
|
|
|
|
new.Err = err.Error()
|
|
|
|
@ -623,3 +639,20 @@ func (c *Client) Shutdown() {
|
|
|
|
|
c.logf("Client.Shutdown done.")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// NodePublicKey returns the node public key currently in use. This is
|
|
|
|
|
// used exclusively in tests.
|
|
|
|
|
func (c *Client) TestOnlyNodePublicKey() wgcfg.Key {
|
|
|
|
|
priv := c.direct.GetPersist()
|
|
|
|
|
return priv.PrivateNodeKey.Public()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Client) TestOnlySetAuthKey(authkey string) {
|
|
|
|
|
c.direct.mu.Lock()
|
|
|
|
|
defer c.direct.mu.Unlock()
|
|
|
|
|
c.direct.authKey = authkey
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Client) TestOnlyTimeNow() time.Time {
|
|
|
|
|
return c.timeNow()
|
|
|
|
|
}
|
|
|
|
|