From 6e6f27dd2160566e76c59506633b2de337e248e8 Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <bradfitz@tailscale.com>
Date: Wed, 23 Nov 2022 15:14:25 -0800
Subject: [PATCH] ipn/ipnlocal: lock down unsigned peers more

Apparently there's no tracking bug?

Updates tailscale/corp#7515 for ingress/funnel at least.

Change-Id: I03bc54fdc1f53f9832ab8b51475b2d676c38d897
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
---
 ipn/ipnlocal/peerapi.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ipn/ipnlocal/peerapi.go b/ipn/ipnlocal/peerapi.go
index aa4e4f32e..c81848100 100644
--- a/ipn/ipnlocal/peerapi.go
+++ b/ipn/ipnlocal/peerapi.go
@@ -818,6 +818,10 @@ func (f *incomingFile) PartialFile() ipn.PartialFile {
 
 // canPutFile reports whether h can put a file ("Taildrop") to this node.
 func (h *peerAPIHandler) canPutFile() bool {
+	if h.peerNode.UnsignedPeerAPIOnly {
+		// Unsigned peers can't send files.
+		return false
+	}
 	return h.isSelf || h.peerHasCap(tailcfg.CapabilityFileSharingSend)
 }
 
@@ -828,6 +832,10 @@ func (h *peerAPIHandler) canDebug() bool {
 		// This node does not expose debug info.
 		return false
 	}
+	if h.peerNode.UnsignedPeerAPIOnly {
+		// Unsigned peers can't debug.
+		return false
+	}
 	return h.isSelf || h.peerHasCap(tailcfg.CapabilityDebugPeer)
 }