tailscale

Commit Graph

Author	SHA1	Message	Date
Anton Tolchanov	781f79408d	ipn/ipnlocal: allow multiple signature chains from the same SigCredential Detection of duplicate Network Lock signature chains added in `01847e0123` failed to account for chains originating with a SigCredential signature, which is used for wrapped auth keys. This results in erroneous removal of signatures that originate from the same re-usable auth key. This change ensures that multiple nodes created by the same re-usable auth key are not getting filtered out by the network lock. Updates tailscale/corp#19764 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	3 months ago
Anton Tolchanov	4651827f20	tka: test SigCredential signatures and netmap filtering This change moves handling of wrapped auth keys to the `tka` package and adds a test covering auth key originating signatures (SigCredential) in netmap. Updates tailscale/corp#19764 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	3 months ago
Anton Tolchanov	01847e0123	ipn/ipnlocal: discard node keys that have been rotated out A non-signing node can be allowed to re-sign its new node keys following key renewal/rotation (e.g. via `tailscale up --force-reauth`). To be able to do this, node's TLK is written into WrappingPubkey field of the initial SigDirect signature, signed by a signing node. The intended use of this field implies that, for each WrappingPubkey, we typically expect to have at most one active node with a signature tracing back to that key. Multiple valid signatures referring to the same WrappingPubkey can occur if a client's state has been cloned, but it's something we explicitly discourage and don't support: https://tailscale.com/s/clone This change propagates rotation details (wrapping public key, a list of previous node keys that have been rotated out) to netmap processing, and adds tracking of obsolete node keys that, when found, will get filtered out. Updates tailscale/corp#19764 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	4 months ago
Andrew Dunham	e9505e5432	ipn/ipnlocal: plumb health.Tracker into profileManager constructor Setting the field after-the-fact wasn't working because we could migrate prefs on creation, which would set health status for auto updates. Updates #11986 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I41d79ebd61d64829a3a9e70586ce56f62d24ccfd	5 months ago
Brad Fitzpatrick	3672f29a4e	net/netns, net/dns/resolver, etc: make netmon required in most places The goal is to move more network state accessors to netmon.Monitor where they can be cheaper/cached. But first (this change and others) we need to make sure the one netmon.Monitor is plumbed everywhere. Some notable bits: * tsdial.NewDialer is added, taking a now-required netmon * because a tsdial.Dialer always has a netmon, anything taking both a Dialer and a NetMon is now redundant; take only the Dialer and get the NetMon from that if/when needed. * netmon.NewStatic is added, primarily for tests Updates tailscale/corp#10910 Updates tailscale/corp#18960 Updates #7967 Updates #3299 Change-Id: I877f9cb87618c4eb037cee098241d18da9c01691 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	5 months ago
Marwan Sulaiman	2dc0645368	ipn/ipnlocal,cmd/tailscale: persist tailnet name in user profile This PR starts to persist the NetMap tailnet name in SetPrefs so that tailscaled clients can use this value to disambiguate fast user switching from one tailnet to another that are under the same exact login. We will also try to backfill this information during backend starts and profile switches so that users don't have to re-authenticate their profile. The first client to use this new information is the CLI in 'tailscale switch -list' which now uses text/tabwriter to display the ID, Tailnet, and Account. Since account names are ambiguous, we allow the user to pass 'tailscale switch ID' to specify the exact tailnet they want to switch to. Updates #9286 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	10 months ago
Sonia Appasamy	258f16f84b	ipn/ipnlocal: add tailnet MagicDNS name to ipn.LoginProfile Start backfilling MagicDNS suffixes on LoginProfiles. Updates #9286 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	1 year ago
Maisem Ali	d06a75dcd0	ipn/ipnlocal: fix deadlock in resetControlClientLocked resetControlClientLocked is called while b.mu was held and would call cc.Shutdown which would wait for the observer queue to drain. However, there may be active callbacks from cc already waiting for b.mu resulting in a deadlock. This makes it so that resetControlClientLocked does not call Shutdown, and instead just returns the value. It also makes it so that any status received from previous cc are ignored. Updates tailscale/corp#12827 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Brad Fitzpatrick	55bb7314f2	control/controlclient: replace a status func with Observer interface For now the method has only one interface (the same as the func it's replacing) but it will grow, eventually with the goal to remove the controlclient.Status type for most purposes. Updates #1909 Change-Id: I715c8bf95e3f5943055a94e76af98d988558a2f2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	58a4fd43d8	types/netmap, all: use read-only tailcfg.NodeView in NetworkMap Updates #8948 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Tom DNetto	767e839db5	all: implement lock revoke-keys command The revoke-keys command allows nodes with tailnet lock keys to collaborate to erase the use of a compromised key, and remove trust in it. Signed-off-by: Tom DNetto <tom@tailscale.com> Updates ENG-1848	1 year ago
Tom DNetto	2bbedd2001	ipn: rename CapTailnetLockAlpha -> CapTailnetLock Updates tailscale/corp#8568 Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
Andrew Dunham	280255acae	various: add golangci-lint, fix issues (#7905 ) This adds an initial and intentionally minimal configuration for golang-ci, fixes the issues reported, and adds a GitHub Action to check new pull requests against this linter configuration. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I8f38fbc315836a19a094d0d3e986758b9313f163	1 year ago
Tom DNetto	e2d652ec4d	ipn,cmd/tailscale: implement resigning nodes on tka key removal Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Maisem Ali	04b57a371e	ipn/ipnlocal: drop not required StateKey parameter This is #cleanup now that #7121 is merged. Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Will Norris	71029cea2d	all: update copyright and license headers This updates all source files to use a new standard header for copyright and license declaration. Notably, copyright no longer includes a date, and we now use the standard SPDX-License-Identifier header. This commit was done almost entirely mechanically with perl, and then some minimal manual fixes. Updates #6865 Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
Tom DNetto	907f85cd67	cmd/tailscale,tka: make KeyID return an error instead of panicking Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Tom DNetto	45042a76cd	cmd/tailscale,ipn: store disallowed TKA's in prefs, lock local-disable Take 2 of https://github.com/tailscale/tailscale/pull/6546 Builds on https://github.com/tailscale/tailscale/pull/6560 Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Brad Fitzpatrick	390d1bb871	Revert "ipn,types/persist: store disallowed TKA's in prefs, lock local-disable" This reverts commit `f1130421f0`. It was submitted with failing tests (go generate checks) Requires a lot of API changes to fix so rolling back instead of forward. Change-Id: I024e8885c0ed44675d3028a662f386dda811f2ad Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Tom DNetto	f1130421f0	ipn,types/persist: store disallowed TKA's in prefs, lock local-disable Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Tom DNetto	ed1fae6c73	ipn/ipnlocal: always tx TKA sync after enablement By always firing off a sync after enablement, the control plane should know the node's TKA head at all times. Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Maisem Ali	235309adc4	all: store NL keys per profile This moves the NetworkLock key from a dedicated StateKey to be part of the persist.Persist struct. This struct is stored as part for ipn.Prefs and is also the place where we store the NodeKey. It also moves the ChonkDir from "/tka" to "/tka-profile/<profile-id>". The rename was intentional to be able to delete the "/tka" dir if it exists. This means that we will have a unique key per profile, and a unique directory per profile. Note: `tailscale logout` will delete the entire profile, including any keys. It currently does not delete the ChonkDir. Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	9e70daad6f	ipn/ipnlocal: make TKA tests not have side effects It left the envknob turned on which meant that running all the tests in the package had different behavior than running just any one test. Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	6cc0036b40	ipn/ipnlocal: use updated prefs in tkaSyncIfNeeded Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	4d330bac14	ipn/ipnlocal: add support for multiple user profiles Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Tom DNetto	0af57fce4c	cmd/tailscale,ipn: implement lock sign command Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Tom DNetto	d98305c537	cmd,ipn/ipnlocal,tailcfg: implement TKA disablement * Plumb disablement values through some of the internals of TKA enablement. * Transmit the node's TKA hash at the end of sync so the control plane understands each node's head. * Implement /machine/tka/disable RPC to actuate disablement on the control plane. There is a partner PR for the control server I'll send shortly. Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Maisem Ali	0957bc5af2	ipn/ipnlocal: use ipn.PrefsView Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Tom DNetto	a515fc517b	ipn/ipnlocal: make tkaSyncIfNeeded exclusive with a mutex Running corp/ipn#TestNetworkLockE2E has a 1/300 chance of failing, and deskchecking suggests thats whats happening are two netmaps are racing each other to be processed through tkaSyncIfNeededLocked. This happens in the first place because we release b.mu during network RPCs. To fix this, we make the tka sync logic an exclusive section, so two netmaps will need to wait for tka sync to complete serially (which is what we would want anyway, as the second run through probably wont need to sync). Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Tom DNetto	8602061f32	ipn/ipnlocal,tka: Fix bugs found by integration testing * tka.State.staticValidateCheckpoint could call methods on a contained key prior to calling StaticValidate on that key * Remove broken backoff / RPC retry logic from tka methods in ipn/ipnlocal, to be fixed at a later time * Fix NetworkLockModify() which would attempt to take b.mu twice and deadlock, remove now-unused dependence on netmap * Add methods on ipnlocal.LocalBackend to be used in integration tests * Use TAILSCALE_USE_WIP_CODE as the feature flag so it can be manipulated in tests Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Tom DNetto	73db56af52	ipn/ipnlocal: filter peers with bad signatures when tka is enabled Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Tom DNetto	58ffe928af	ipn/ipnlocal, tka: Implement TKA synchronization with the control plane Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Tom DNetto	ebd1637e50	ipn/ipnlocal,tailcfg: Identify client using NodeKey in tka RPCs Updates https://github.com/tailscale/corp/pull/7024 Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Tom DNetto	e9b98dd2e1	control/controlclient,ipn/ipnlocal: wire tka enable/disable Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago

34 Commits (1dd9c44d51535f4234163f0c7576a844fd296ead)