tailscale/tailfs/remote.go

// Copyright (c) Tailscale Inc & AUTHORS
// SPDX-License-Identifier: BSD-3-Clause

package tailfs

import (
	"net/http"
)

var (
	// DisallowShareAs forcibly disables sharing as a specific user, only used
	// for testing.
	DisallowShareAs = false
)

// AllowShareAs reports whether sharing files as a specific user is allowed.
func AllowShareAs() bool {
	return !DisallowShareAs && doAllowShareAs()
}

// Share configures a folder to be shared through TailFS.
type Share struct {
	// Name is how this share appears on remote nodes.
	Name string `json:"name"`

	// Path is the path to the directory on this machine that's being shared.
	Path string `json:"path"`

	// As is the UNIX or Windows username of the local account used for this
	// share. File read/write permissions are enforced based on this username.
	// Can be left blank to use the default value of "whoever is running the
	// Tailscale GUI".
	As string `json:"who"`

	// BookmarkData contains security-scoped bookmark data for the Sandboxed
	// Mac application. The Sandboxed Mac application gains permission to
	// access the Share's folder as a result of a user selecting it in a file
	// picker. In order to retain access to it across restarts, it needs to
	// hold on to a security-scoped bookmark. That bookmark is stored here. See
	// https://developer.apple.com/documentation/security/app_sandbox/accessing_files_from_the_macos_app_sandbox#4144043
	BookmarkData []byte `json:"bookmarkData"`
}

// FileSystemForRemote is the TailFS filesystem exposed to remote nodes. It
// provides a unified WebDAV interface to local directories that have been
// shared.
type FileSystemForRemote interface {
	// SetFileServerAddr sets the address of the file server to which we
	// should proxy. This is used on platforms like Windows and MacOS
	// sandboxed where we can't spawn user-specific sub-processes and instead
	// rely on the UI application that's already running as an unprivileged
	// user to access the filesystem for us.
	SetFileServerAddr(addr string)

	// SetShares sets the complete set of shares exposed by this node. If
	// AllowShareAs() reports true, we will use one subprocess per user to
	// access the filesystem (see userServer). Otherwise, we will use the file
	// server configured via SetFileServerAddr.
	SetShares(shares map[string]*Share)

	// ServeHTTPWithPerms behaves like the similar method from http.Handler but
	// also accepts a Permissions map that captures the permissions of the
	// connecting node.
	ServeHTTPWithPerms(permissions Permissions, w http.ResponseWriter, r *http.Request)

	// Close() stops serving the WebDAV content
	Close() error
}
tailfs: initial implementation Add a WebDAV-based folder sharing mechanism that is exposed to local clients at 100.100.100.100:8080 and to remote peers via a new peerapi endpoint at /v0/tailfs. Add the ability to manage folder sharing via the new 'share' CLI sub-command. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com> 2024-02-02 18:45:32 +00:00			`// Copyright (c) Tailscale Inc & AUTHORS`
			`// SPDX-License-Identifier: BSD-3-Clause`

			`package tailfs`

			`import (`
			`"net/http"`
			`)`

			`var (`
tailfs: clean up naming and package structure - Restyles tailfs -> tailFS - Defines interfaces for main TailFS types - Moves implemenatation of TailFS into tailfsimpl package Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com> 2024-02-09 17:26:43 +00:00			`// DisallowShareAs forcibly disables sharing as a specific user, only used`
			`// for testing.`
			`DisallowShareAs = false`
tailfs: initial implementation Add a WebDAV-based folder sharing mechanism that is exposed to local clients at 100.100.100.100:8080 and to remote peers via a new peerapi endpoint at /v0/tailfs. Add the ability to manage folder sharing via the new 'share' CLI sub-command. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com> 2024-02-02 18:45:32 +00:00			`)`

			`// AllowShareAs reports whether sharing files as a specific user is allowed.`
			`func AllowShareAs() bool {`
tailfs: clean up naming and package structure - Restyles tailfs -> tailFS - Defines interfaces for main TailFS types - Moves implemenatation of TailFS into tailfsimpl package Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com> 2024-02-09 17:26:43 +00:00			`return !DisallowShareAs && doAllowShareAs()`
tailfs: initial implementation Add a WebDAV-based folder sharing mechanism that is exposed to local clients at 100.100.100.100:8080 and to remote peers via a new peerapi endpoint at /v0/tailfs. Add the ability to manage folder sharing via the new 'share' CLI sub-command. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com> 2024-02-02 18:45:32 +00:00			`}`

tailfs: clean up naming and package structure - Restyles tailfs -> tailFS - Defines interfaces for main TailFS types - Moves implemenatation of TailFS into tailfsimpl package Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com> 2024-02-09 17:26:43 +00:00			`// Share configures a folder to be shared through TailFS.`
tailfs: initial implementation Add a WebDAV-based folder sharing mechanism that is exposed to local clients at 100.100.100.100:8080 and to remote peers via a new peerapi endpoint at /v0/tailfs. Add the ability to manage folder sharing via the new 'share' CLI sub-command. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com> 2024-02-02 18:45:32 +00:00			`type Share struct {`
			`// Name is how this share appears on remote nodes.`
			Name string `json:"name"`
tailfs: clean up naming and package structure - Restyles tailfs -> tailFS - Defines interfaces for main TailFS types - Moves implemenatation of TailFS into tailfsimpl package Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com> 2024-02-09 17:26:43 +00:00
tailfs: initial implementation Add a WebDAV-based folder sharing mechanism that is exposed to local clients at 100.100.100.100:8080 and to remote peers via a new peerapi endpoint at /v0/tailfs. Add the ability to manage folder sharing via the new 'share' CLI sub-command. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com> 2024-02-02 18:45:32 +00:00			`// Path is the path to the directory on this machine that's being shared.`
			Path string `json:"path"`
tailfs: clean up naming and package structure - Restyles tailfs -> tailFS - Defines interfaces for main TailFS types - Moves implemenatation of TailFS into tailfsimpl package Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com> 2024-02-09 17:26:43 +00:00
tailfs: initial implementation Add a WebDAV-based folder sharing mechanism that is exposed to local clients at 100.100.100.100:8080 and to remote peers via a new peerapi endpoint at /v0/tailfs. Add the ability to manage folder sharing via the new 'share' CLI sub-command. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com> 2024-02-02 18:45:32 +00:00			`// As is the UNIX or Windows username of the local account used for this`
			`// share. File read/write permissions are enforced based on this username.`
tailfs: clean up naming and package structure - Restyles tailfs -> tailFS - Defines interfaces for main TailFS types - Moves implemenatation of TailFS into tailfsimpl package Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com> 2024-02-09 17:26:43 +00:00			`// Can be left blank to use the default value of "whoever is running the`
			`// Tailscale GUI".`
tailfs: initial implementation Add a WebDAV-based folder sharing mechanism that is exposed to local clients at 100.100.100.100:8080 and to remote peers via a new peerapi endpoint at /v0/tailfs. Add the ability to manage folder sharing via the new 'share' CLI sub-command. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com> 2024-02-02 18:45:32 +00:00			As string `json:"who"`
tailfs: support storing bookmark data on shares This allows the sandboxed Mac application to store security- scoped URL bookmarks in order to maintain access to restricted folders across restarts. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com> 2024-02-28 03:21:16 +00:00
			`// BookmarkData contains security-scoped bookmark data for the Sandboxed`
			`// Mac application. The Sandboxed Mac application gains permission to`
			`// access the Share's folder as a result of a user selecting it in a file`
			`// picker. In order to retain access to it across restarts, it needs to`
			`// hold on to a security-scoped bookmark. That bookmark is stored here. See`
			`// https://developer.apple.com/documentation/security/app_sandbox/accessing_files_from_the_macos_app_sandbox#4144043`
			BookmarkData []byte `json:"bookmarkData"`
tailfs: initial implementation Add a WebDAV-based folder sharing mechanism that is exposed to local clients at 100.100.100.100:8080 and to remote peers via a new peerapi endpoint at /v0/tailfs. Add the ability to manage folder sharing via the new 'share' CLI sub-command. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com> 2024-02-02 18:45:32 +00:00			`}`

tailfs: clean up naming and package structure - Restyles tailfs -> tailFS - Defines interfaces for main TailFS types - Moves implemenatation of TailFS into tailfsimpl package Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com> 2024-02-09 17:26:43 +00:00			`// FileSystemForRemote is the TailFS filesystem exposed to remote nodes. It`
tailfs: initial implementation Add a WebDAV-based folder sharing mechanism that is exposed to local clients at 100.100.100.100:8080 and to remote peers via a new peerapi endpoint at /v0/tailfs. Add the ability to manage folder sharing via the new 'share' CLI sub-command. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com> 2024-02-02 18:45:32 +00:00			`// provides a unified WebDAV interface to local directories that have been`
			`// shared.`
tailfs: clean up naming and package structure - Restyles tailfs -> tailFS - Defines interfaces for main TailFS types - Moves implemenatation of TailFS into tailfsimpl package Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com> 2024-02-09 17:26:43 +00:00			`type FileSystemForRemote interface {`
			`// SetFileServerAddr sets the address of the file server to which we`
			`// should proxy. This is used on platforms like Windows and MacOS`
			`// sandboxed where we can't spawn user-specific sub-processes and instead`
			`// rely on the UI application that's already running as an unprivileged`
			`// user to access the filesystem for us.`
			`SetFileServerAddr(addr string)`

			`// SetShares sets the complete set of shares exposed by this node. If`
			`// AllowShareAs() reports true, we will use one subprocess per user to`
			`// access the filesystem (see userServer). Otherwise, we will use the file`
			`// server configured via SetFileServerAddr.`
			`SetShares(shares map[string]*Share)`

			`// ServeHTTPWithPerms behaves like the similar method from http.Handler but`
			`// also accepts a Permissions map that captures the permissions of the`
			`// connecting node.`
			`ServeHTTPWithPerms(permissions Permissions, w http.ResponseWriter, r *http.Request)`

			`// Close() stops serving the WebDAV content`
			`Close() error`
tailfs: initial implementation Add a WebDAV-based folder sharing mechanism that is exposed to local clients at 100.100.100.100:8080 and to remote peers via a new peerapi endpoint at /v0/tailfs. Add the ability to manage folder sharing via the new 'share' CLI sub-command. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com> 2024-02-02 18:45:32 +00:00			`}`