tailscale

Commit Graph

Author	SHA1	Message	Date
Aaron Klotz	e016eaf410	cmd/tailscaled: conditionally flush Windows DNS cache on SessionChange For the service, all we need to do is handle the `svc.SessionChange` command. Upon receipt of a `windows.WTS_SESSION_UNLOCK` event, we fire off a goroutine to flush the DNS cache. (Windows expects responses to service requests to be quick, so we don't want to do that synchronously.) This is gated on an integral registry value named `FlushDNSOnSessionUnlock`, whose value we obtain during service initialization. (See [this link](https://docs.microsoft.com/en-us/windows/win32/api/winsvc/nc-winsvc-lphandler_function_ex) for information re: handling `SERVICE_CONTROL_SESSIONCHANGE`.) Fixes #2956 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	3 years ago
Aaron Klotz	3386a86fe5	util/winutil: add GetRegInteger This helper allows us to retrieve `DWORD` and `QWORD` values from the Tailscale key in the Windows registry. Signed-off-by: Aaron Klotz <aaron@tailscale.com>	3 years ago
dependabot[bot]	5809386525	go.mod: bump golang.zx2c4.com/wireguard/windows from 0.4.9 to 0.4.10 Bumps golang.zx2c4.com/wireguard/windows from 0.4.9 to 0.4.10. --- updated-dependencies: - dependency-name: golang.zx2c4.com/wireguard/windows dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	3 years ago
dependabot[bot]	0fa1da2d1b	go.mod: bump golang.org/x/tools from 0.1.6 to 0.1.7 Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.1.6 to 0.1.7. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.1.6...v0.1.7) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	3 years ago
Brad Fitzpatrick	173bbaa1a1	all: disable TCP keep-alives on iOS/Android Updates #2442 Updates tailscale/corp#2750 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	a7cb241db1	cmd/tailscaled: add support for running an HTTP proxy This adds support for tailscaled to be an HTTP proxy server. It shares the same backend dialing code as the SOCK5 server, but the client protocol is HTTP (including CONNECT), rather than SOCKS. Fixes #2289 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	29a8fb45d3	wgengine/netstack: include DNS.ExtraRecords in DNSMap So SOCKS5 dialer can dial HTTPS cert names, for instance. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	56d8c2da34	cmd/tailscaled: set StateDirectoryMode=0700 in tailscaled.service Updates #2934 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
dependabot[bot]	8949305820	go.mod: bump github.com/creack/pty from 1.1.15 to 1.1.16 Bumps [github.com/creack/pty](https://github.com/creack/pty) from 1.1.15 to 1.1.16. - [Release notes](https://github.com/creack/pty/releases) - [Commits](https://github.com/creack/pty/compare/v1.1.15...v1.1.16) --- updated-dependencies: - dependency-name: github.com/creack/pty dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	3 years ago
Brad Fitzpatrick	52737c14ac	wgengine/monitor: ignore ipsec link monitor events on iOS/macOS Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	5263c8d0b5	paths: skip unix chmod if state directory is already 0700 Updates #2934 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	3b3994f0db	ipn{,/localapi,ipnlocal}: infer cert dir from state file location This fixes "tailscale cert" on Synology where the var directory is typically like /volume2/@appdata/Tailscale, or any other tailscaled user who specifies a non-standard state file location. This is a interim fix on the way to #2932. Fixes #2927 Updates #2932 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Crawshaw	29fa8c17d2	.github: revert dependabot change for vm builder In `a56520c3c7` dependabot attempted to bump the setup-go action version. It appears to work for most builders, but not the self-hosted VM builder. Revert for now. Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	3 years ago
dependabot[bot]	7f0fcf8571	go.mod: bump github.com/pkg/sftp from 1.13.3 to 1.13.4 Bumps [github.com/pkg/sftp](https://github.com/pkg/sftp) from 1.13.3 to 1.13.4. - [Release notes](https://github.com/pkg/sftp/releases) - [Commits](https://github.com/pkg/sftp/compare/v1.13.3...v1.13.4) --- updated-dependencies: - dependency-name: github.com/pkg/sftp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	3 years ago
Brad Fitzpatrick	3a72ebb109	ipn: test TestFileStore in a fresh subdirectory Fixes #2923 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Aaron Klotz	21e9f98fc1	ipn, paths: unconditionally attempt to set state dir perms, but only if the state dir is ours We unconditionally set appropriate perms on the statefile dir. We look at the basename of the statefile dir, and if it is "tailscale", then we set perms as appropriate. Fixes #2925 Updates #2856 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	3 years ago
Brad Fitzpatrick	82117f7a63	safesocket: actually fix CLI on macsys build Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	ec2249b6f2	cmd/tailscale: add debug -env Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	5bc6d17f87	safesocket: fix CLI for macsys GUI variant Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	ace2faf7ec	cmd/tailscale: make debug profiling output - mean stdout Because the macOS CLI runs in the sandbox, including the filesystem, so users would be confused that -cpu-profile=prof.cpu succeeds but doesn't write to their current directory, but rather in some random Library/Containers directory somewhere on the machine (which varies depending on the Mac build type: App Store vs System Extension) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	efb84ca60d	ipn/localapi, cmd/tailscale: add CPU & memory profile support, debug command This was already possible on Linux if you ran tailscaled with --debug (which runs net/http/pprof), but it requires the user have the Go toolchain around. Also, it wasn't possible on macOS, as there's no way to run the IPNExtension with a debug server (it doesn't run tailscaled). And on Windows it's super tedious: beyond what users want to do or what we want to explain. Instead, put it in "tailscale debug" so it works and works the same on all platforms. Then we can ask users to run it when we're debugging something and they can email us the output files. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Denton Gentry	27bc4e744c	cmd/tailscale/web: support TLS from env vars. pfSense stores its SSL certificate and key in the PHP config. We wrote PHP code to pull the two out of the PHP config and into environment variables before running "tailscale web". The pfSense web UI is served over https, we need "tailscale web" to also support https in order to put it in an <iframe>. Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
dependabot[bot]	b7b7d21514	go.mod: bump github.com/frankban/quicktest from 1.13.0 to 1.13.1 Bumps [github.com/frankban/quicktest](https://github.com/frankban/quicktest) from 1.13.0 to 1.13.1. - [Release notes](https://github.com/frankban/quicktest/releases) - [Commits](https://github.com/frankban/quicktest/compare/v1.13.0...v1.13.1) --- updated-dependencies: - dependency-name: github.com/frankban/quicktest dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	3 years ago
dependabot[bot]	46b59e8c48	go.mod: bump github.com/google/uuid from 1.1.2 to 1.3.0 Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.1.2 to 1.3.0. - [Release notes](https://github.com/google/uuid/releases) - [Commits](https://github.com/google/uuid/compare/v1.1.2...v1.3.0) --- updated-dependencies: - dependency-name: github.com/google/uuid dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	3 years ago
Brad Fitzpatrick	b0481ba37a	go.mod: bump x/tools Fixes #2912 (which had rebase issues) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
dependabot[bot]	9219ca49f5	go.mod: bump golang.zx2c4.com/wireguard/windows from 0.3.16 to 0.4.9 Bumps golang.zx2c4.com/wireguard/windows from 0.3.16 to 0.4.9. --- updated-dependencies: - dependency-name: golang.zx2c4.com/wireguard/windows dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	3 years ago
Brad Fitzpatrick	9ca334a560	cmd/tailscaled: appease a security scanner There are two reasons this can't ever go to actual logs, but rewrite it to make it happy. Fixes tailscale/corp#2695 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	1eabb5b2d9	ipn: don't log IPN messages that may contain an authkey. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
dependabot[bot]	c350321eec	go.mod: bump github.com/gliderlabs/ssh from 0.3.2 to 0.3.3 Bumps [github.com/gliderlabs/ssh](https://github.com/gliderlabs/ssh) from 0.3.2 to 0.3.3. - [Release notes](https://github.com/gliderlabs/ssh/releases) - [Commits](https://github.com/gliderlabs/ssh/compare/v0.3.2...v0.3.3) --- updated-dependencies: - dependency-name: github.com/gliderlabs/ssh dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	3 years ago
dependabot[bot]	2bb915dd0a	go.mod: bump github.com/creack/pty from 1.1.9 to 1.1.15 Bumps [github.com/creack/pty](https://github.com/creack/pty) from 1.1.9 to 1.1.15. - [Release notes](https://github.com/creack/pty/releases) - [Commits](https://github.com/creack/pty/compare/v1.1.9...v1.1.15) --- updated-dependencies: - dependency-name: github.com/creack/pty dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	3 years ago
dependabot[bot]	aaea175dd0	go.mod: bump github.com/godbus/dbus/v5 from 5.0.4 to 5.0.5 Bumps [github.com/godbus/dbus/v5](https://github.com/godbus/dbus) from 5.0.4 to 5.0.5. - [Release notes](https://github.com/godbus/dbus/releases) - [Commits](https://github.com/godbus/dbus/compare/v5.0.4...v5.0.5) --- updated-dependencies: - dependency-name: github.com/godbus/dbus/v5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	3 years ago
dependabot[bot]	eeee713c69	go.mod: bump github.com/miekg/dns from 1.1.42 to 1.1.43 Bumps [github.com/miekg/dns](https://github.com/miekg/dns) from 1.1.42 to 1.1.43. - [Release notes](https://github.com/miekg/dns/releases) - [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release) - [Commits](https://github.com/miekg/dns/compare/v1.1.42...v1.1.43) --- updated-dependencies: - dependency-name: github.com/miekg/dns dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	3 years ago
dependabot[bot]	dbce536316	go.mod: bump github.com/pkg/sftp from 1.13.0 to 1.13.3 Bumps [github.com/pkg/sftp](https://github.com/pkg/sftp) from 1.13.0 to 1.13.3. - [Release notes](https://github.com/pkg/sftp/releases) - [Commits](https://github.com/pkg/sftp/compare/v1.13.0...v1.13.3) --- updated-dependencies: - dependency-name: github.com/pkg/sftp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	3 years ago
dependabot[bot]	a56520c3c7	.github: Bump actions/setup-go from 1 to 2.1.4 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 1 to 2.1.4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v1...v2.1.4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	3 years ago
David Anderson	562622a32c	.github: add dependabot config to update go.mod and github actions. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	4cf63b8df0	net/dnsfallback: update static map for new derp11. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	18086c4cb7	go.mod: bump github.com/klauspost/compress to 1.13.6 Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Aaron Klotz	f0aa7f70a4	Merge pull request #2893 from tailscale/aaron/programdata-perms-2 ipn, paths: ensure that the state directory for Windows has the corre…	3 years ago
Aaron Klotz	9ebb5d4205	ipn, paths: ensure that the state directory for Windows has the correct perms ProgramData has a permissive ACL. For us to safely store machine-wide state information, we must set a more restrictive ACL on our state directory. We set the ACL so that only talescaled's user (ie, LocalSystem) and the Administrators group may access our directory. We must include Administrators to ensure that logs continue to be easily accessible; omitting that group would force users to use special tools to log in interactively as LocalSystem, which is not ideal. (Note that the ACL we apply matches the ACL that was used for LocalSystem's AppData\Local). There are two cases where we need to reset perms: One is during migration from the old location to the new. The second case is for clean installations where we are creating the file store for the first time. Updates #2856 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	3 years ago
Brad Fitzpatrick	b1a2abf41b	client/tailscale/example/servetls: add demo program for docs Updates #1235 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Dave Anderson	478775de6a	github: add code security scanning	3 years ago
Brad Fitzpatrick	7d8227e7a6	logpolicy: don't use C:\ProgramData use for tailscale-ipn GUI's log dir tailscale-ipn.exe (the GUI) shouldn't use C:\ProgramData. Also, migrate the earlier misnamed wg32/wg64 conf files if they're present. (That was stopped in `2db877caa3`, but the files exist from fresh 1.14 installs) Updates #2856 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	2db877caa3	version: fix CmdName on the tailscale-ipn.exe binary Don't return "wg64", "wg32", etc. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Denton Gentry	93c2882a2f	wgengine: flush DNS cache after major link change. Windows has a public dns.Flush used in router_windows.go. However that won't work for platforms like Linux, where we need a different flush mechanism for resolved versus other implementations. We're instead adding a FlushCaches method to the dns Manager, which can be made to work on all platforms as needed. Fixes https://github.com/tailscale/tailscale/issues/2132 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
Denton Gentry	280c84e46a	ipn/ipnserver, paths, logpolicy: move Window config files out of %LocalAppData% C:\WINDOWS\system32\config\systemprofile\AppData\Local\ is frequently cleared for almost any reason: Windows updates, System Restore, even various System Cleaner utilities. The server-state.conf file in AppData\Local could be deleted at any time, which would break login until the node is removed from the Admin Panel allowing it to create a new key. Carefully copy any AppData state to ProgramData at startup. If copying the state fails, continue to use AppData so at least there will be connectivity. If there is no state, use ProgramData. We also migrate the log.conf file. Very old versions of Tailscale named the EXE tailscale-ipn, so the log conf was tailscale-ipn.log.conf and more recent versions preserved this filename and cmdName in logs. In this migration we always update the filename to c:\ProgramData\Tailscale\tailscaled.log.conf Updates https://github.com/tailscale/tailscale/issues/2856 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
Brad Fitzpatrick	aae622314e	tailcfg, health: add way for control plane to add problems to health check So if the control plane knows that something's broken about the node, it can include problem(s) in MapResponse and "tailscale status" will show it. (and GUIs in the future, as it's in ipnstate.Status/JSON) This also bumps the MapRequest.Version, though it's not strictly required. Doesn't hurt. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Josh Bleecher Snyder	b14db5d943	util/codegen: reorder AssertStructUnchanged args The fully qualified name of the type is thisPkg.tname, so write the args like that too. Suggested-by: Joe Tsai <joetsai@digital-static.net> Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	3cd85c0ca6	util/codegen: add ContainsPointers And use it in cmd/cloner. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	d5a0a4297e	cmd/cloner: unify switch cases And in the process, fix a bug: The fmt formatting was being applied by writef, not fmt.Sprintf, thus emitting a MISSING string. And there's no guarantee that fmt will be imported in the generated code. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	d8a8f70000	util/codegen: add NamedTypes And use it in cmd/cloner. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago

... 3 4 5 6 7 ...

3289 Commits (6422789ea0059b9f589e2bcc41aa7fdd4f90e27e) All Branches Search

3289 Commits (6422789ea0059b9f589e2bcc41aa7fdd4f90e27e)

All Branches