tailscale

Commit Graph

Author	SHA1	Message	Date
Will Norris	3ec5be3f51	all: remove AUTHORS file and references to it This file was never truly necessary and has never actually been used in the history of Tailscale's open source releases. A Brief History of AUTHORS files --- The AUTHORS file was a pattern developed at Google, originally for Chromium, then adopted by Go and a bunch of other projects. The problem was that Chromium originally had a copyright line only recognizing Google as the copyright holder. Because Google (and most open source projects) do not require copyright assignemnt for contributions, each contributor maintains their copyright. Some large corporate contributors then tried to add their own name to the copyright line in the LICENSE file or in file headers. This quickly becomes unwieldy, and puts a tremendous burden on anyone building on top of Chromium, since the license requires that they keep all copyright lines intact. The compromise was to create an AUTHORS file that would list all of the copyright holders. The LICENSE file and source file headers would then include that list by reference, listing the copyright holder as "The Chromium Authors". This also become cumbersome to simply keep the file up to date with a high rate of new contributors. Plus it's not always obvious who the copyright holder is. Sometimes it is the individual making the contribution, but many times it may be their employer. There is no way for the proejct maintainer to know. Eventually, Google changed their policy to no longer recommend trying to keep the AUTHORS file up to date proactively, and instead to only add to it when requested: https://opensource.google/docs/releasing/authors. They are also clear that: > Adding contributors to the AUTHORS file is entirely within the > project's discretion and has no implications for copyright ownership. It was primarily added to appease a small number of large contributors that insisted that they be recognized as copyright holders (which was entirely their right to do). But it's not truly necessary, and not even the most accurate way of identifying contributors and/or copyright holders. In practice, we've never added anyone to our AUTHORS file. It only lists Tailscale, so it's not really serving any purpose. It also causes confusion because Tailscalars put the "Tailscale Inc & AUTHORS" header in other open source repos which don't actually have an AUTHORS file, so it's ambiguous what that means. Instead, we just acknowledge that the contributors to Tailscale (whoever they are) are copyright holders for their individual contributions. We also have the benefit of using the DCO (developercertificate.org) which provides some additional certification of their right to make the contribution. The source file changes were purely mechanical with: git ls-files \| xargs sed -i -e 's/\(Tailscale Inc &\) AUTHORS/\1 contributors/g' Updates #cleanup Change-Id: Ia101a4a3005adb9118051b3416f5a64a4a45987d Signed-off-by: Will Norris <will@tailscale.com>	4 days ago
Andrew Lytvynov	c679aaba32	cmd/tailscaled,ipn: show a health warning when state store fails to open (#17883 ) With the introduction of node sealing, store.New fails in some cases due to the TPM device being reset or unavailable. Currently it results in tailscaled crashing at startup, which is not obvious to the user until they check the logs. Instead of crashing tailscaled at startup, start with an in-memory store with a health warning about state initialization and a link to (future) docs on what to do. When this health message is set, also block any login attempts to avoid masking the problem with an ephemeral node registration. Updates #15830 Updates #17654 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 months ago
James 'zofrex' Sanderson	9048ea25db	ipn/localapi: log calls to localapi (#17880 ) Updates tailscale/corp#34238 Signed-off-by: James Sanderson <jsanderson@tailscale.com>	2 months ago
Brad Fitzpatrick	653d0738f9	types/netmap: remove PrivateKey from NetworkMap It's an unnecessary nuisance having it. We go out of our way to redact it in so many places when we don't even need it there anyway. Updates #12639 Change-Id: I5fc72e19e9cf36caeb42cf80ba430873f67167c3 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 months ago
Claus Lensbøl	2015ce4081	health,ipn/ipnlocal: introduce eventbus in heath.Tracker (#17085 ) The Tracker was using direct callbacks to ipnlocal. This PR moves those to be triggered via the eventbus. Additionally, the eventbus is now closed on exit from tailscaled explicitly, and health is now a SubSystem in tsd. Updates #15160 Signed-off-by: Claus Lensbøl <claus@tailscale.com>	4 months ago
Claus Lensbøl	b816fd7117	control/controlclient: introduce eventbus messages instead of callbacks (#16956 ) This is a small introduction of the eventbus into controlclient that communicates with mainly ipnlocal. While ipnlocal is a complicated part of the codebase, the subscribers here are from the perspective of ipnlocal already called async. Updates #15160 Signed-off-by: Claus Lensbøl <claus@tailscale.com>	4 months ago
David Anderson	5399fa159a	net/netmon: publish events to event bus Updates #15160 Signed-off-by: David Anderson <dave@tailscale.com>	10 months ago
M. J. Fromberger	deb0b255ff	all: update the tsd.System constructor name (#15372 ) Replace NewSystemWithEventBus with plain NewSystem, and update all usage. See https://github.com/tailscale/tailscale/pull/15355#discussion_r2003910766 Updates #15160 Change-Id: I64d337f09576b41d9ad78eba301a74b9a9d6ebf4 Signed-off-by: M. J. Fromberger <fromberger@tailscale.com>	10 months ago
M. J. Fromberger	ffb22ee353	all: construct new System values with an event bus pre-populated Although, at the moment, we do not yet require an event bus to be present, as we start to add more pieces we will want to ensure it is always available. Add a new constructor and replace existing uses of new(tsd.System) throughout. Update generated files for import changes. Updates #15160 Change-Id: Ie5460985571ade87b8eac8b416948c7f49f0f64b Signed-off-by: M. J. Fromberger <fromberger@tailscale.com>	10 months ago
Nahum Shalman	9373a1b902	all: illumos/solaris userspace only support Updates #14565 Change-Id: I743148144938794db0a224873ce76c10dbe6fa5f Signed-off-by: Nahum Shalman <nahamu@gmail.com>	1 year ago
Nick Khyl	462e1fc503	ipn/{ipnlocal,localapi}, wgengine/netstack: call (*LocalBackend).Shutdown when tests that create them complete We have several places where LocalBackend instances are created for testing, but they are rarely shut down when the tests that created them exit. In this PR, we update newTestLocalBackend and similar functions to use testing.TB.Cleanup(lb.Shutdown) to ensure LocalBackend instances are properly shut down during test cleanup. Updates #12687 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Nick Khyl	874db2173b	ipn/{ipnauth,ipnlocal,ipnserver}: send the auth URL to the user who started interactive login We add the ClientID() method to the ipnauth.Actor interface and updated ipnserver.actor to implement it. This method returns a unique ID of the connected client if the actor represents one. It helps link a series of interactions initiated by the client, such as when a notification needs to be sent back to a specific session, rather than all active sessions, in response to a certain request. We also add LocalBackend.WatchNotificationsAs and LocalBackend.StartLoginInteractiveAs methods, which are like WatchNotifications and StartLoginInteractive but accept an additional parameter specifying an ipnauth.Actor who initiates the operation. We store these actor identities in watchSession.owner and LocalBackend.authActor, respectively,and implement LocalBackend.sendTo and related helper methods to enable sending notifications to watchSessions associated with actors (or, more broadly, identifiable recipients). We then use the above to change who receives the BrowseToURL notifications: - For user-initiated, interactive logins, the notification is delivered only to the user who initiated the process. If the initiating actor represents a specific connected client, the URL notification is sent back to the same LocalAPI client that called StartLoginInteractive. Otherwise, the notification is sent to all clients connected as that user. Currently, we only differentiate between users on Windows, as it is inherently a multi-user OS. - In all other cases (e.g., node key expiration), we send the notification to all connected users. Updates tailscale/corp#18342 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Kristoffer Dalby	0e0e53d3b3	util/usermetrics: make usermetrics non-global this commit changes usermetrics to be non-global, this is a building block for correct metrics if a go process runs multiple tsnets or in tests. Updates #13420 Updates tailscale/corp#22075 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	1 year ago
Nick Khyl	961ee321e8	ipn/{ipnauth,ipnlocal,ipnserver,localapi}: start baby step toward moving access checks from the localapi.Handler to the LocalBackend Currently, we use PermitRead/PermitWrite/PermitCert permission flags to determine which operations are allowed for a LocalAPI client. These checks are performed when localapi.Handler handles a request. Additionally, certain operations (e.g., changing the serve config) requires the connected user to be a local admin. This approach is inherently racey and is subject to TOCTOU issues. We consider it to be more critical on Windows environments, which are inherently multi-user, and therefore we prevent more than one OS user from connecting and utilizing the LocalBackend at the same time. However, the same type of issues is also applicable to other platforms when switching between profiles that have different OperatorUser values in ipn.Prefs. We'd like to allow more than one Windows user to connect, but limit what they can see and do based on their access rights on the device (e.g., an local admin or not) and to the currently active LoginProfile (e.g., owner/operator or not), while preventing TOCTOU issues on Windows and other platforms. Therefore, we'd like to pass an actor from the LocalAPI to the LocalBackend to represent the user performing the operation. The LocalBackend, or the profileManager down the line, will then check the actor's access rights to perform a given operation on the device and against the current (and/or the target) profile. This PR does not change the current permission model in any way, but it introduces the concept of an actor and includes some preparatory work to pass it around. Temporarily, the ipnauth.Actor interface has methods like IsLocalSystem and IsLocalAdmin, which are only relevant to the current permission model. It also lacks methods that will actually be used in the new model. We'll be adding these gradually in the next PRs and removing the deprecated methods and the Permit* flags at the end of the transition. Updates tailscale/corp#18342 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Andrew Dunham	45d2f4301f	proxymap, various: distinguish between different protocols Previously, we were registering TCP and UDP connections in the same map, which could result in erroneously removing a mapping if one of the two connections completes while the other one is still active. Add a "proto string" argument to these functions to avoid this. Additionally, take the "proto" argument in LocalAPI, and plumb that through from the CLI and add a new LocalClient method. Updates tailscale/corp#20600 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I35d5efaefdfbf4721e315b8ca123f0c8af9125fb	2 years ago
Brad Fitzpatrick	6908fb0de3	ipn/localapi,client/tailscale,cmd/derper: add WhoIs lookup by nodekey, use in derper Fixes #12465 Change-Id: I9b7c87315a3d2b2ecae2b8db9e94b4f5a1eef74a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	21509db121	ipn/ipnlocal, all: plumb health trackers in tests I saw some panics in CI, like: 2024-05-08T04:30:25.9553518Z ## WARNING: (non-fatal) nil health.Tracker (being strict in CI): 2024-05-08T04:30:25.9554043Z goroutine 801 [running]: 2024-05-08T04:30:25.9554489Z tailscale.com/health.(Tracker).nil(0x0) 2024-05-08T04:30:25.9555086Z tailscale.com/health/health.go:185 +0x70 2024-05-08T04:30:25.9555688Z tailscale.com/health.(Tracker).SetUDP4Unbound(0x0, 0x0) 2024-05-08T04:30:25.9556373Z tailscale.com/health/health.go:532 +0x2f 2024-05-08T04:30:25.9557296Z tailscale.com/wgengine/magicsock.(Conn).bindSocket(0xc0003b4808, 0xc0003b4878, {0x1fbca53, 0x4}, 0x0) 2024-05-08T04:30:25.9558301Z tailscale.com/wgengine/magicsock/magicsock.go:2481 +0x12c5 2024-05-08T04:30:25.9559026Z tailscale.com/wgengine/magicsock.(Conn).rebind(0xc0003b4808, 0x0) 2024-05-08T04:30:25.9559874Z tailscale.com/wgengine/magicsock/magicsock.go:2510 +0x16f 2024-05-08T04:30:25.9561038Z tailscale.com/wgengine/magicsock.NewConn({0xc000063c80, 0x0, 0xc000197930, 0xc000197950, 0xc000197960, {0x0, 0x0}, 0xc000197970, 0xc000198ee0, 0x0, ...}) 2024-05-08T04:30:25.9562402Z tailscale.com/wgengine/magicsock/magicsock.go:476 +0xd5f 2024-05-08T04:30:25.9563779Z tailscale.com/wgengine.NewUserspaceEngine(0xc000063c80, {{0x22c8750, 0xc0001976b0}, 0x0, {0x22c3210, 0xc000063c80}, {0x22c31d8, 0x2d3c900}, 0x0, 0x0, ...}) 2024-05-08T04:30:25.9564982Z tailscale.com/wgengine/userspace.go:389 +0x159d 2024-05-08T04:30:25.9565529Z tailscale.com/ipn/ipnlocal.newTestBackend(0xc000358b60) 2024-05-08T04:30:25.9566086Z tailscale.com/ipn/ipnlocal/serve_test.go:675 +0x2a5 2024-05-08T04:30:25.9566612Z ta Updates #11874 Change-Id: I3432ed52d670743e532be4642f38dbd6e3763b1b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	38377c37b5	ipn/localapi: sort localapi handler map keys Updates #cleanup Change-Id: I750ed8d033954f1f8786fb35dd16895bb1c5af8e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Andrew Lytvynov	55cd5c575b	ipn/localapi: only perform local-admin check in serveServeConfig (#10163 ) On unix systems, the check involves executing sudo, which is slow. Instead of doing it for every incoming request, move the logic into localapi serveServeConfig handler and do it as needed. Updates tailscale/corp#15405 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Andrew Lytvynov	9b158db2c6	ipn/localapi: require root or sudo+operator access for SetServeConfig (#10142 ) For an operator user, require them to be able to `sudo tailscale` to use `tailscale serve`. This is similar to the Windows elevated token check. Updates tailscale/corp#15405 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Andrew Lytvynov	c6a4612915	ipn/localapi: require Write access on /watch-ipn-bus with private keys (#10059 ) Clients optionally request private key filtering. If they don't, we should require Write access for the user. Updates https://github.com/tailscale/corp/issues/15506 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Tyler Smalley	baa1fd976e	ipn/localapi: require local Windows admin to set serve path (#9969 ) For a serve config with a path handler, ensure the caller is a local administrator on Windows. updates #8489 Signed-off-by: Tyler Smalley <tyler@tailscale.com>	2 years ago
Maisem Ali	17b2072b72	ipn/ipnlocal: set the push device token correctly It would end up resetting whatever hostinfo we had constructed and leave the backend statemachine in a broken state. This fixes that by storing the PushDeviceToken on the LocalBackend and populating it on Hostinfo before passing it to controlclient. Updates tailscale/corp#8940 Updates tailscale/corp#15367 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	70de16bda7	ipn/localapi: make whois take IP or IP:port as documented, fix capmap netstack lookup The whois handler was documented as taking IP (e.g. 100.101.102.103) or IP:port (e.g. usermode 127.0.0.1:1234) but that got broken at some point and we started requiring a port always. Fix that. Also, found in the process of adding tests: fix the CapMap lookup in userspace mode (it was always returning the caps of 127.0.0.1 in userspace mode). Fix and test that too. Updates #9714 Change-Id: Ie9a59744286522fa91c4b70ebe89a1e94dbded26 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	1a30b2d73f	all: use tstest.Replace more Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
David Crawshaw	768df4ff7a	tsnet: add a LocalAPI listener on loopback, with basic auth This is for use by LocalAPI clients written in other languages that don't appear to be able to talk HTTP over a socket (e.g. java.net.http.HttpClient). Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	3 years ago
David Crawshaw	8cf2805cca	tailcfg, localapi: plumb device token to server Updates tailscale/corp#8940 Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	3 years ago
David Crawshaw	4136f27f35	ipn/localapi: fix validHost parsing logic Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	3 years ago

28 Commits (2a69f48541e0ed7fdf81fc88b079474331eeee76)