archive
/
tailscale
mirror of https://github.com/tailscale/tailscale/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

types/persist: remove Persist.LegacyFrontendPrivateMachineKey

Browse Source 
It was a temporary migration over four years ago. It's no longer
relevant.

Updates #610

Change-Id: I1f00c9485fab13ede6f77603f7d4235222c2a481
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
pull/14804/head
Brad Fitzpatrick 10 months ago committed by Brad Fitzpatrick
parent 2691b9f6be
commit ba1f9a3918
7 changed files with 21 additions and 80 deletions
Show Stats Download Patch File Download Diff File

17
ipn/ipnlocal/local.go
Unescape Escape View File

@ -1082,7 +1082,6 @@ func stripKeysFromPrefs(p ipn.PrefsView) ipn.PrefsView {
} }
p2 := p.AsStruct() p2 := p.AsStruct()
p2.Persist.LegacyFrontendPrivateMachineKey = key.MachinePrivate{}
p2.Persist.PrivateNodeKey = key.NodePrivate{} p2.Persist.PrivateNodeKey = key.NodePrivate{}
p2.Persist.OldPrivateNodeKey = key.NodePrivate{} p2.Persist.OldPrivateNodeKey = key.NodePrivate{}
p2.Persist.NetworkLockKey = key.NLPrivate{} p2.Persist.NetworkLockKey = key.NLPrivate{}
@ -3343,11 +3342,6 @@ func (b *LocalBackend) initMachineKeyLocked() (err error) {
return nil return nil
} }
var legacyMachineKey key.MachinePrivate
if p := b.pm.CurrentPrefs().Persist(); p.Valid() {
legacyMachineKey = p.LegacyFrontendPrivateMachineKey()
}
keyText, err := b.store.ReadState(ipn.MachineKeyStateKey) keyText, err := b.store.ReadState(ipn.MachineKeyStateKey)
if err == nil { if err == nil {
if err := b.machinePrivKey.UnmarshalText(keyText); err != nil { if err := b.machinePrivKey.UnmarshalText(keyText); err != nil {
@ -3356,9 +3350,6 @@ func (b *LocalBackend) initMachineKeyLocked() (err error) {
if b.machinePrivKey.IsZero() { if b.machinePrivKey.IsZero() {
return fmt.Errorf("invalid zero key stored in %v key of %v", ipn.MachineKeyStateKey, b.store) return fmt.Errorf("invalid zero key stored in %v key of %v", ipn.MachineKeyStateKey, b.store)
} }
if !legacyMachineKey.IsZero() && !legacyMachineKey.Equal(b.machinePrivKey) {
b.logf("frontend-provided legacy machine key ignored; used value from server state")
}
return nil return nil
} }
if err != ipn.ErrStateNotExist { if err != ipn.ErrStateNotExist {
@ -3368,12 +3359,8 @@ func (b *LocalBackend) initMachineKeyLocked() (err error) {
// If we didn't find one already on disk and the prefs already // If we didn't find one already on disk and the prefs already
// have a legacy machine key, use that. Otherwise generate a // have a legacy machine key, use that. Otherwise generate a
// new one. // new one.
if !legacyMachineKey.IsZero() { b.logf("generating new machine key")
b.machinePrivKey = legacyMachineKey b.machinePrivKey = key.NewMachine()
} else {
b.logf("generating new machine key")
b.machinePrivKey = key.NewMachine()
}
keyText, _ = b.machinePrivKey.MarshalText() keyText, _ = b.machinePrivKey.MarshalText()
if err := ipn.WriteState(b.store, ipn.MachineKeyStateKey, keyText); err != nil { if err := ipn.WriteState(b.store, ipn.MachineKeyStateKey, keyText); err != nil {

6
ipn/ipnlocal/state_test.go
Unescape Escape View File

@ -949,8 +949,6 @@ func TestEditPrefsHasNoKeys(t *testing.T) {
Persist: &persist.Persist{ Persist: &persist.Persist{
PrivateNodeKey: key.NewNode(), PrivateNodeKey: key.NewNode(),
OldPrivateNodeKey: key.NewNode(), OldPrivateNodeKey: key.NewNode(),
LegacyFrontendPrivateMachineKey: key.NewMachine(),
}, },
}).View(), ipn.NetworkProfile{}) }).View(), ipn.NetworkProfile{})
if p := b.pm.CurrentPrefs().Persist(); !p.Valid() || p.PrivateNodeKey().IsZero() { if p := b.pm.CurrentPrefs().Persist(); !p.Valid() || p.PrivateNodeKey().IsZero() {
@ -977,10 +975,6 @@ func TestEditPrefsHasNoKeys(t *testing.T) {
t.Errorf("OldPrivateNodeKey = %v; want zero", p.Persist().OldPrivateNodeKey()) t.Errorf("OldPrivateNodeKey = %v; want zero", p.Persist().OldPrivateNodeKey())
} }
if !p.Persist().LegacyFrontendPrivateMachineKey().IsZero() {
t.Errorf("LegacyFrontendPrivateMachineKey = %v; want zero", p.Persist().LegacyFrontendPrivateMachineKey())
}
if !p.Persist().NetworkLockKey().IsZero() { if !p.Persist().NetworkLockKey().IsZero() {
t.Errorf("NetworkLockKey= %v; want zero", p.Persist().NetworkLockKey()) t.Errorf("NetworkLockKey= %v; want zero", p.Persist().NetworkLockKey())
} }

9
ipn/prefs_test.go
Unescape Escape View File

@ -467,13 +467,6 @@ func TestPrefsPretty(t *testing.T) {
"darwin", "darwin",
`Prefs{ra=false dns=false want=true tags=tag:foo,tag:bar url="http://localhost:1234" update=off Persist=nil}`, `Prefs{ra=false dns=false want=true tags=tag:foo,tag:bar url="http://localhost:1234" update=off Persist=nil}`,
}, },
{
Prefs{
Persist: &persist.Persist{},
},
"linux",
`Prefs{ra=false dns=false want=false routes=[] nf=off update=off Persist{lm=, o=, n= u=""}}`,
},
{ {
Prefs{ Prefs{
Persist: &persist.Persist{ Persist: &persist.Persist{
@ -481,7 +474,7 @@ func TestPrefsPretty(t *testing.T) {
}, },
}, },
"linux", "linux",
`Prefs{ra=false dns=false want=false routes=[] nf=off update=off Persist{lm=, o=, n=[B1VKl] u=""}}`, `Prefs{ra=false dns=false want=false routes=[] nf=off update=off Persist{o=, n=[B1VKl] u=""}}`,
}, },
{ {
Prefs{ Prefs{

22
types/persist/persist.go
Unescape Escape View File

@ -21,17 +21,6 @@ import (
type Persist struct { type Persist struct {
_ structs.Incomparable _ structs.Incomparable
// LegacyFrontendPrivateMachineKey is here temporarily
// (starting 2020-09-28) during migration of Windows users'
// machine keys from frontend storage to the backend. On the
// first LocalBackend.Start call, the backend will initialize
// the real (backend-owned) machine key from the frontend's
// provided value (if non-zero), picking a new random one if
// needed. This field should be considered read-only from GUI
// frontends. The real value should not be written back in
// this field, lest the frontend persist it to disk.
LegacyFrontendPrivateMachineKey key.MachinePrivate `json:"PrivateMachineKey"`
PrivateNodeKey key.NodePrivate PrivateNodeKey key.NodePrivate
OldPrivateNodeKey key.NodePrivate // needed to request key rotation OldPrivateNodeKey key.NodePrivate // needed to request key rotation
UserProfile tailcfg.UserProfile UserProfile tailcfg.UserProfile
@ -95,8 +84,7 @@ func (p *Persist) Equals(p2 *Persist) bool {
return false return false
} }
return p.LegacyFrontendPrivateMachineKey.Equal(p2.LegacyFrontendPrivateMachineKey) && return p.PrivateNodeKey.Equal(p2.PrivateNodeKey) &&
p.PrivateNodeKey.Equal(p2.PrivateNodeKey) &&
p.OldPrivateNodeKey.Equal(p2.OldPrivateNodeKey) && p.OldPrivateNodeKey.Equal(p2.OldPrivateNodeKey) &&
p.UserProfile.Equal(&p2.UserProfile) && p.UserProfile.Equal(&p2.UserProfile) &&
p.NetworkLockKey.Equal(p2.NetworkLockKey) && p.NetworkLockKey.Equal(p2.NetworkLockKey) &&
@ -106,18 +94,14 @@ func (p *Persist) Equals(p2 *Persist) bool {
func (p *Persist) Pretty() string { func (p *Persist) Pretty() string {
var ( var (
mk key.MachinePublic
ok, nk key.NodePublic ok, nk key.NodePublic
) )
if !p.LegacyFrontendPrivateMachineKey.IsZero() {
mk = p.LegacyFrontendPrivateMachineKey.Public()
}
if !p.OldPrivateNodeKey.IsZero() { if !p.OldPrivateNodeKey.IsZero() {
ok = p.OldPrivateNodeKey.Public() ok = p.OldPrivateNodeKey.Public()
} }
if !p.PrivateNodeKey.IsZero() { if !p.PrivateNodeKey.IsZero() {
nk = p.PublicNodeKey() nk = p.PublicNodeKey()
} }
return fmt.Sprintf("Persist{lm=%v, o=%v, n=%v u=%#v}", return fmt.Sprintf("Persist{o=%v, n=%v u=%#v}",
mk.ShortString(), ok.ShortString(), nk.ShortString(), p.UserProfile.LoginName) ok.ShortString(), nk.ShortString(), p.UserProfile.LoginName)
} }

15
types/persist/persist_clone.go
Unescape Escape View File

@ -25,12 +25,11 @@ func (src *Persist) Clone() *Persist {
// A compilation failure here means this code must be regenerated, with the command at the top of this file. // A compilation failure here means this code must be regenerated, with the command at the top of this file.
var _PersistCloneNeedsRegeneration = Persist(struct { var _PersistCloneNeedsRegeneration = Persist(struct {
_ structs.Incomparable _ structs.Incomparable
LegacyFrontendPrivateMachineKey key.MachinePrivate PrivateNodeKey key.NodePrivate
PrivateNodeKey key.NodePrivate OldPrivateNodeKey key.NodePrivate
OldPrivateNodeKey key.NodePrivate UserProfile tailcfg.UserProfile
UserProfile tailcfg.UserProfile NetworkLockKey key.NLPrivate
NetworkLockKey key.NLPrivate NodeID tailcfg.StableNodeID
NodeID tailcfg.StableNodeID DisallowedTKAStateIDs []string
DisallowedTKAStateIDs []string
}{}) }{})

14
types/persist/persist_test.go
Unescape Escape View File

@ -21,13 +21,12 @@ func fieldsOf(t reflect.Type) (fields []string) {
} }
func TestPersistEqual(t *testing.T) { func TestPersistEqual(t *testing.T) {
persistHandles := []string{"LegacyFrontendPrivateMachineKey", "PrivateNodeKey", "OldPrivateNodeKey", "UserProfile", "NetworkLockKey", "NodeID", "DisallowedTKAStateIDs"} persistHandles := []string{"PrivateNodeKey", "OldPrivateNodeKey", "UserProfile", "NetworkLockKey", "NodeID", "DisallowedTKAStateIDs"}
if have := fieldsOf(reflect.TypeFor[Persist]()); !reflect.DeepEqual(have, persistHandles) { if have := fieldsOf(reflect.TypeFor[Persist]()); !reflect.DeepEqual(have, persistHandles) {
t.Errorf("Persist.Equal check might be out of sync\nfields: %q\nhandled: %q\n", t.Errorf("Persist.Equal check might be out of sync\nfields: %q\nhandled: %q\n",
have, persistHandles) have, persistHandles)
} }
m1 := key.NewMachine()
k1 := key.NewNode() k1 := key.NewNode()
nl1 := key.NewNLPrivate() nl1 := key.NewNLPrivate()
tests := []struct { tests := []struct {
@ -39,17 +38,6 @@ func TestPersistEqual(t *testing.T) {
{&Persist{}, nil, false}, {&Persist{}, nil, false},
{&Persist{}, &Persist{}, true}, {&Persist{}, &Persist{}, true},
{
&Persist{LegacyFrontendPrivateMachineKey: m1},
&Persist{LegacyFrontendPrivateMachineKey: key.NewMachine()},
false,
},
{
&Persist{LegacyFrontendPrivateMachineKey: m1},
&Persist{LegacyFrontendPrivateMachineKey: m1},
true,
},
{ {
&Persist{PrivateNodeKey: k1}, &Persist{PrivateNodeKey: k1},
&Persist{PrivateNodeKey: key.NewNode()}, &Persist{PrivateNodeKey: key.NewNode()},

18
types/persist/persist_view.go
Unescape Escape View File

@ -62,9 +62,6 @@ func (v *PersistView) UnmarshalJSON(b []byte) error {
return nil return nil
} }
func (v PersistView) LegacyFrontendPrivateMachineKey() key.MachinePrivate {
return v.ж.LegacyFrontendPrivateMachineKey
}
func (v PersistView) PrivateNodeKey() key.NodePrivate { return v.ж.PrivateNodeKey } func (v PersistView) PrivateNodeKey() key.NodePrivate { return v.ж.PrivateNodeKey }
func (v PersistView) OldPrivateNodeKey() key.NodePrivate { return v.ж.OldPrivateNodeKey } func (v PersistView) OldPrivateNodeKey() key.NodePrivate { return v.ж.OldPrivateNodeKey }
func (v PersistView) UserProfile() tailcfg.UserProfile { return v.ж.UserProfile } func (v PersistView) UserProfile() tailcfg.UserProfile { return v.ж.UserProfile }
@ -76,12 +73,11 @@ func (v PersistView) DisallowedTKAStateIDs() views.Slice[string] {
// A compilation failure here means this code must be regenerated, with the command at the top of this file. // A compilation failure here means this code must be regenerated, with the command at the top of this file.
var _PersistViewNeedsRegeneration = Persist(struct { var _PersistViewNeedsRegeneration = Persist(struct {
_ structs.Incomparable _ structs.Incomparable
LegacyFrontendPrivateMachineKey key.MachinePrivate PrivateNodeKey key.NodePrivate
PrivateNodeKey key.NodePrivate OldPrivateNodeKey key.NodePrivate
OldPrivateNodeKey key.NodePrivate UserProfile tailcfg.UserProfile
UserProfile tailcfg.UserProfile NetworkLockKey key.NLPrivate
NetworkLockKey key.NLPrivate NodeID tailcfg.StableNodeID
NodeID tailcfg.StableNodeID DisallowedTKAStateIDs []string
DisallowedTKAStateIDs []string
}{}) }{})

Write Preview
Loading…
Cancel
Save