You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
tailscale/ipn
Nick Khyl 874db2173b ipn/{ipnauth,ipnlocal,ipnserver}: send the auth URL to the user who started interactive login
We add the ClientID() method to the ipnauth.Actor interface and updated ipnserver.actor to implement it.
This method returns a unique ID of the connected client if the actor represents one. It helps link a series
of interactions initiated by the client, such as when a notification needs to be sent back to a specific session,
rather than all active sessions, in response to a certain request.

We also add LocalBackend.WatchNotificationsAs and LocalBackend.StartLoginInteractiveAs methods,
which are like WatchNotifications and StartLoginInteractive but accept an additional parameter
specifying an ipnauth.Actor who initiates the operation. We store these actor identities in
watchSession.owner and LocalBackend.authActor, respectively,and implement LocalBackend.sendTo
and related helper methods to enable sending notifications to watchSessions associated with actors
(or, more broadly, identifiable recipients).

We then use the above to change who receives the BrowseToURL notifications:
 - For user-initiated, interactive logins, the notification is delivered only to the user who initiated the
   process. If the initiating actor represents a specific connected client, the URL notification is sent back
   to the same LocalAPI client that called StartLoginInteractive. Otherwise, the notification is sent to all
   clients connected as that user.
   Currently, we only differentiate between users on Windows, as it is inherently a multi-user OS.
 - In all other cases (e.g., node key expiration), we send the notification to all connected users.

Updates tailscale/corp#18342

Signed-off-by: Nick Khyl <nickk@tailscale.com>
1 month ago
..
conffile ipn/conffile: don't depend on hujson on iOS/Android 1 month ago
ipnauth ipn/{ipnauth,ipnlocal,ipnserver}: send the auth URL to the user who started interactive login 1 month ago
ipnlocal ipn/{ipnauth,ipnlocal,ipnserver}: send the auth URL to the user who started interactive login 1 month ago
ipnserver ipn/{ipnauth,ipnlocal,ipnserver}: send the auth URL to the user who started interactive login 1 month ago
ipnstate cmd/tl-longchain: tool to re-sign nodes with long rotation signatures 3 months ago
localapi ipn/{ipnauth,ipnlocal,ipnserver}: send the auth URL to the user who started interactive login 1 month ago
policy ipn,tailconfig: clean up unreleased and removed app connector service 1 year ago
store kube,cmd/{k8s-operator,containerboot},envknob,ipn/store/kubestore,*/depaware.txt: rename packages (#13418) 3 months ago
backend.go util/syspolicy, ipn: add "tailscale debug component-logs" support 2 months ago
conf.go ipn,wgengine/magicsock: allow setting static node endpoints via tailscaled configfile (#12882) 4 months ago
doc.go all: update copyright and license headers 2 years ago
ipn_clone.go cmd/tailscale,ipn,tailcfg: add `tailscale advertise` subcommand behind envknob (#13734) 1 month ago
ipn_test.go all: do not depend on the testing package 6 months ago
ipn_view.go cmd/tailscale,ipn,tailcfg: add `tailscale advertise` subcommand behind envknob (#13734) 1 month ago
prefs.go cmd/tailscale,ipn,tailcfg: add `tailscale advertise` subcommand behind envknob (#13734) 1 month ago
prefs_test.go cmd/tailscale,ipn,tailcfg: add `tailscale advertise` subcommand behind envknob (#13734) 1 month ago
serve.go cmd/serve: don't convert localhost to 127.0.0.1 5 months ago
serve_test.go cmd/serve: don't convert localhost to 127.0.0.1 5 months ago
store.go ipn: add comment about thread-safety to StateStore 9 months ago
store_test.go ipn: avoid useless no-op WriteState calls 1 year ago