2020-02-05 22:16:58 +00:00
|
|
|
// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
|
|
|
|
// Use of this source code is governed by a BSD-style
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
package controlclient
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"fmt"
|
2022-03-10 18:28:42 +00:00
|
|
|
"net/http"
|
2020-02-05 22:16:58 +00:00
|
|
|
"sync"
|
|
|
|
"time"
|
|
|
|
|
2021-02-18 16:58:13 +00:00
|
|
|
"tailscale.com/health"
|
2020-02-05 22:16:58 +00:00
|
|
|
"tailscale.com/logtail/backoff"
|
|
|
|
"tailscale.com/tailcfg"
|
2020-02-14 21:09:19 +00:00
|
|
|
"tailscale.com/types/empty"
|
2021-10-28 22:22:51 +01:00
|
|
|
"tailscale.com/types/key"
|
2020-02-15 03:23:16 +00:00
|
|
|
"tailscale.com/types/logger"
|
2021-02-05 23:44:46 +00:00
|
|
|
"tailscale.com/types/netmap"
|
2021-02-05 23:23:01 +00:00
|
|
|
"tailscale.com/types/persist"
|
2020-05-03 21:58:39 +01:00
|
|
|
"tailscale.com/types/structs"
|
2020-02-05 22:16:58 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
type LoginGoal struct {
|
2021-04-08 05:06:31 +01:00
|
|
|
_ structs.Incomparable
|
|
|
|
wantLoggedIn bool // true if we *want* to be logged in
|
|
|
|
token *tailcfg.Oauth2Token // oauth token to use when logging in
|
|
|
|
flags LoginFlags // flags to use when logging in
|
|
|
|
url string // auth url that needs to be visited
|
|
|
|
loggedOutResult chan<- error
|
|
|
|
}
|
|
|
|
|
|
|
|
func (g *LoginGoal) sendLogoutError(err error) {
|
|
|
|
if g.loggedOutResult == nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
select {
|
|
|
|
case g.loggedOutResult <- err:
|
|
|
|
default:
|
|
|
|
}
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
|
|
|
|
2021-04-30 04:27:00 +01:00
|
|
|
// Auto connects to a tailcontrol server for a node.
|
|
|
|
// It's a concrete implementation of the Client interface.
|
|
|
|
type Auto struct {
|
2020-02-05 22:16:58 +00:00
|
|
|
direct *Direct // our interface to the server APIs
|
|
|
|
timeNow func() time.Time
|
|
|
|
logf logger.Logf
|
|
|
|
expiry *time.Time
|
|
|
|
closed bool
|
|
|
|
newMapCh chan struct{} // readable when we must restart a map request
|
|
|
|
|
2021-02-18 16:58:13 +00:00
|
|
|
unregisterHealthWatch func()
|
|
|
|
|
2020-02-05 22:16:58 +00:00
|
|
|
mu sync.Mutex // mutex guards the following fields
|
|
|
|
statusFunc func(Status) // called to update Client status
|
|
|
|
|
2020-12-23 21:03:16 +00:00
|
|
|
paused bool // whether we should stop making HTTP requests
|
|
|
|
unpauseWaiters []chan struct{}
|
|
|
|
loggedIn bool // true if currently logged in
|
|
|
|
loginGoal *LoginGoal // non-nil if some login activity is desired
|
|
|
|
synced bool // true if our netmap is up-to-date
|
2022-05-03 23:07:30 +01:00
|
|
|
inPollNetMap bool // true if currently running a PollNetMap
|
|
|
|
inLiteMapUpdate bool // true if a lite (non-streaming) map request is outstanding
|
|
|
|
inSendStatus int // number of sendStatus calls currently in progress
|
2020-12-23 21:03:16 +00:00
|
|
|
state State
|
2020-02-05 22:16:58 +00:00
|
|
|
|
|
|
|
authCtx context.Context // context used for auth requests
|
|
|
|
mapCtx context.Context // context used for netmap requests
|
|
|
|
authCancel func() // cancel the auth context
|
|
|
|
mapCancel func() // cancel the netmap context
|
|
|
|
quit chan struct{} // when closed, goroutines should all exit
|
|
|
|
authDone chan struct{} // when closed, auth goroutine is done
|
|
|
|
mapDone chan struct{} // when closed, map goroutine is done
|
|
|
|
}
|
|
|
|
|
2021-04-30 04:27:00 +01:00
|
|
|
// New creates and starts a new Auto.
|
|
|
|
func New(opts Options) (*Auto, error) {
|
2020-02-05 22:16:58 +00:00
|
|
|
c, err := NewNoStart(opts)
|
|
|
|
if c != nil {
|
|
|
|
c.Start()
|
|
|
|
}
|
|
|
|
return c, err
|
|
|
|
}
|
|
|
|
|
2021-04-30 04:27:00 +01:00
|
|
|
// NewNoStart creates a new Auto, but without calling Start on it.
|
|
|
|
func NewNoStart(opts Options) (*Auto, error) {
|
2020-02-05 22:16:58 +00:00
|
|
|
direct, err := NewDirect(opts)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2020-02-11 20:08:07 +00:00
|
|
|
if opts.Logf == nil {
|
2022-03-16 23:27:57 +00:00
|
|
|
opts.Logf = func(fmt string, args ...any) {}
|
2020-02-11 20:08:07 +00:00
|
|
|
}
|
2020-03-08 12:40:56 +00:00
|
|
|
if opts.TimeNow == nil {
|
|
|
|
opts.TimeNow = time.Now
|
|
|
|
}
|
2021-04-30 04:27:00 +01:00
|
|
|
c := &Auto{
|
2020-02-05 22:16:58 +00:00
|
|
|
direct: direct,
|
|
|
|
timeNow: opts.TimeNow,
|
|
|
|
logf: opts.Logf,
|
|
|
|
newMapCh: make(chan struct{}, 1),
|
|
|
|
quit: make(chan struct{}),
|
|
|
|
authDone: make(chan struct{}),
|
|
|
|
mapDone: make(chan struct{}),
|
|
|
|
}
|
|
|
|
c.authCtx, c.authCancel = context.WithCancel(context.Background())
|
|
|
|
c.mapCtx, c.mapCancel = context.WithCancel(context.Background())
|
2021-02-18 16:58:13 +00:00
|
|
|
c.unregisterHealthWatch = health.RegisterWatcher(c.onHealthChange)
|
2020-02-05 22:16:58 +00:00
|
|
|
return c, nil
|
2021-02-18 16:58:13 +00:00
|
|
|
|
|
|
|
}
|
|
|
|
|
2021-04-30 04:27:00 +01:00
|
|
|
func (c *Auto) onHealthChange(sys health.Subsystem, err error) {
|
2021-03-16 05:20:48 +00:00
|
|
|
if sys == health.SysOverall {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
c.logf("controlclient: restarting map request for %q health change to new state: %v", sys, err)
|
2021-02-18 16:58:13 +00:00
|
|
|
c.cancelMapSafely()
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
|
|
|
|
2020-07-31 17:39:45 +01:00
|
|
|
// SetPaused controls whether HTTP activity should be paused.
|
|
|
|
//
|
|
|
|
// The client can be paused and unpaused repeatedly, unlike Start and Shutdown, which can only be used once.
|
2021-04-30 04:27:00 +01:00
|
|
|
func (c *Auto) SetPaused(paused bool) {
|
2020-07-31 17:39:45 +01:00
|
|
|
c.mu.Lock()
|
|
|
|
defer c.mu.Unlock()
|
|
|
|
if paused == c.paused {
|
|
|
|
return
|
|
|
|
}
|
2021-04-30 11:08:26 +01:00
|
|
|
c.logf("setPaused(%v)", paused)
|
2020-07-31 17:39:45 +01:00
|
|
|
c.paused = paused
|
|
|
|
if paused {
|
2020-12-21 16:33:05 +00:00
|
|
|
// Only cancel the map routine. (The auth routine isn't expensive
|
|
|
|
// so it's fine to keep it running.)
|
2020-07-31 17:39:45 +01:00
|
|
|
c.cancelMapLocked()
|
|
|
|
} else {
|
|
|
|
for _, ch := range c.unpauseWaiters {
|
|
|
|
close(ch)
|
|
|
|
}
|
|
|
|
c.unpauseWaiters = nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-02-05 22:16:58 +00:00
|
|
|
// Start starts the client's goroutines.
|
|
|
|
//
|
|
|
|
// It should only be called for clients created by NewNoStart.
|
2021-04-30 04:27:00 +01:00
|
|
|
func (c *Auto) Start() {
|
2020-02-05 22:16:58 +00:00
|
|
|
go c.authRoutine()
|
|
|
|
go c.mapRoutine()
|
|
|
|
}
|
|
|
|
|
2020-12-23 21:03:16 +00:00
|
|
|
// sendNewMapRequest either sends a new OmitPeers, non-streaming map request
|
|
|
|
// (to just send Hostinfo/Netinfo/Endpoints info, while keeping an existing
|
|
|
|
// streaming response open), or start a new streaming one if necessary.
|
|
|
|
//
|
|
|
|
// It should be called whenever there's something new to tell the server.
|
2021-04-30 04:27:00 +01:00
|
|
|
func (c *Auto) sendNewMapRequest() {
|
2020-12-23 21:03:16 +00:00
|
|
|
c.mu.Lock()
|
|
|
|
|
|
|
|
// If we're not already streaming a netmap, or if we're already stuck
|
|
|
|
// in a lite update, then tear down everything and start a new stream
|
|
|
|
// (which starts by sending a new map request)
|
2021-02-05 00:23:16 +00:00
|
|
|
if !c.inPollNetMap || c.inLiteMapUpdate || !c.loggedIn {
|
2020-12-23 21:03:16 +00:00
|
|
|
c.mu.Unlock()
|
|
|
|
c.cancelMapSafely()
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Otherwise, send a lite update that doesn't keep a
|
|
|
|
// long-running stream response.
|
|
|
|
defer c.mu.Unlock()
|
|
|
|
c.inLiteMapUpdate = true
|
|
|
|
ctx, cancel := context.WithTimeout(c.mapCtx, 10*time.Second)
|
|
|
|
go func() {
|
|
|
|
defer cancel()
|
|
|
|
t0 := time.Now()
|
|
|
|
err := c.direct.SendLiteMapUpdate(ctx)
|
|
|
|
d := time.Since(t0).Round(time.Millisecond)
|
|
|
|
c.mu.Lock()
|
|
|
|
c.inLiteMapUpdate = false
|
|
|
|
c.mu.Unlock()
|
|
|
|
if err == nil {
|
|
|
|
c.logf("[v1] successful lite map update in %v", d)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if ctx.Err() == nil {
|
|
|
|
c.logf("lite map update after %v: %v", d, err)
|
|
|
|
}
|
|
|
|
// Fall back to restarting the long-polling map
|
|
|
|
// request (the old heavy way) if the lite update
|
|
|
|
// failed for any reason.
|
|
|
|
c.cancelMapSafely()
|
|
|
|
}()
|
|
|
|
}
|
|
|
|
|
2021-04-30 04:27:00 +01:00
|
|
|
func (c *Auto) cancelAuth() {
|
2020-02-05 22:16:58 +00:00
|
|
|
c.mu.Lock()
|
|
|
|
if c.authCancel != nil {
|
|
|
|
c.authCancel()
|
|
|
|
}
|
|
|
|
if !c.closed {
|
|
|
|
c.authCtx, c.authCancel = context.WithCancel(context.Background())
|
|
|
|
}
|
|
|
|
c.mu.Unlock()
|
|
|
|
}
|
|
|
|
|
2021-04-30 04:27:00 +01:00
|
|
|
func (c *Auto) cancelMapLocked() {
|
2020-02-05 22:16:58 +00:00
|
|
|
if c.mapCancel != nil {
|
|
|
|
c.mapCancel()
|
|
|
|
}
|
|
|
|
if !c.closed {
|
|
|
|
c.mapCtx, c.mapCancel = context.WithCancel(context.Background())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-04-30 04:27:00 +01:00
|
|
|
func (c *Auto) cancelMapUnsafely() {
|
2020-02-05 22:16:58 +00:00
|
|
|
c.mu.Lock()
|
|
|
|
c.cancelMapLocked()
|
|
|
|
c.mu.Unlock()
|
|
|
|
}
|
|
|
|
|
2021-04-30 04:27:00 +01:00
|
|
|
func (c *Auto) cancelMapSafely() {
|
2020-02-05 22:16:58 +00:00
|
|
|
c.mu.Lock()
|
|
|
|
defer c.mu.Unlock()
|
|
|
|
|
2020-12-21 18:58:06 +00:00
|
|
|
c.logf("[v1] cancelMapSafely: synced=%v", c.synced)
|
2020-02-05 22:16:58 +00:00
|
|
|
|
2020-02-11 07:14:38 +00:00
|
|
|
if c.inPollNetMap {
|
2020-02-05 22:16:58 +00:00
|
|
|
// received at least one netmap since the last
|
|
|
|
// interruption. That means the server has already
|
|
|
|
// fully processed our last request, which might
|
|
|
|
// include UpdateEndpoints(). Interrupt it and try
|
|
|
|
// again.
|
|
|
|
c.cancelMapLocked()
|
|
|
|
} else {
|
|
|
|
// !synced means we either haven't done a netmap
|
|
|
|
// request yet, or it hasn't answered yet. So the
|
|
|
|
// server is in an undefined state. If we send
|
|
|
|
// another netmap request too soon, it might race
|
|
|
|
// with the last one, and if we're very unlucky,
|
|
|
|
// the new request will be applied before the old one,
|
|
|
|
// and the wrong endpoints will get registered. We
|
|
|
|
// have to tell the client to abort politely, only
|
|
|
|
// after it receives a response to its existing netmap
|
|
|
|
// request.
|
|
|
|
select {
|
|
|
|
case c.newMapCh <- struct{}{}:
|
2020-12-21 18:58:06 +00:00
|
|
|
c.logf("[v1] cancelMapSafely: wrote to channel")
|
2020-02-05 22:16:58 +00:00
|
|
|
default:
|
|
|
|
// if channel write failed, then there was already
|
|
|
|
// an outstanding newMapCh request. One is enough,
|
|
|
|
// since it'll always use the latest endpoints.
|
2020-12-21 18:58:06 +00:00
|
|
|
c.logf("[v1] cancelMapSafely: channel was full")
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-04-30 04:27:00 +01:00
|
|
|
func (c *Auto) authRoutine() {
|
2020-02-05 22:16:58 +00:00
|
|
|
defer close(c.authDone)
|
2020-08-09 05:03:20 +01:00
|
|
|
bo := backoff.NewBackoff("authRoutine", c.logf, 30*time.Second)
|
2020-02-05 22:16:58 +00:00
|
|
|
|
|
|
|
for {
|
|
|
|
c.mu.Lock()
|
|
|
|
goal := c.loginGoal
|
|
|
|
ctx := c.authCtx
|
2020-12-14 18:10:01 +00:00
|
|
|
if goal != nil {
|
2022-02-12 16:05:24 +00:00
|
|
|
c.logf("[v1] authRoutine: %s; wantLoggedIn=%v", c.state, goal.wantLoggedIn)
|
2020-12-14 18:10:01 +00:00
|
|
|
} else {
|
2022-02-12 16:05:24 +00:00
|
|
|
c.logf("[v1] authRoutine: %s; goal=nil paused=%v", c.state, c.paused)
|
2020-12-14 18:10:01 +00:00
|
|
|
}
|
2020-02-05 22:16:58 +00:00
|
|
|
c.mu.Unlock()
|
|
|
|
|
|
|
|
select {
|
|
|
|
case <-c.quit:
|
2020-12-21 18:58:06 +00:00
|
|
|
c.logf("[v1] authRoutine: quit")
|
2020-02-05 22:16:58 +00:00
|
|
|
return
|
|
|
|
default:
|
|
|
|
}
|
|
|
|
|
|
|
|
report := func(err error, msg string) {
|
2020-12-21 18:58:06 +00:00
|
|
|
c.logf("[v1] %s: %v", msg, err)
|
2020-02-05 22:16:58 +00:00
|
|
|
// don't send status updates for context errors,
|
|
|
|
// since context cancelation is always on purpose.
|
|
|
|
if ctx.Err() == nil {
|
2020-10-13 23:03:56 +01:00
|
|
|
c.sendStatus("authRoutine-report", err, "", nil)
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if goal == nil {
|
2020-12-14 18:10:01 +00:00
|
|
|
// Wait for user to Login or Logout.
|
|
|
|
<-ctx.Done()
|
2020-12-21 18:58:06 +00:00
|
|
|
c.logf("[v1] authRoutine: context done.")
|
2020-12-14 18:10:01 +00:00
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
if !goal.wantLoggedIn {
|
2020-07-31 17:39:45 +01:00
|
|
|
err := c.direct.TryLogout(ctx)
|
2021-04-08 05:06:31 +01:00
|
|
|
goal.sendLogoutError(err)
|
2020-02-05 22:16:58 +00:00
|
|
|
if err != nil {
|
|
|
|
report(err, "TryLogout")
|
|
|
|
bo.BackOff(ctx, err)
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
// success
|
|
|
|
c.mu.Lock()
|
|
|
|
c.loggedIn = false
|
|
|
|
c.loginGoal = nil
|
2020-05-27 19:46:09 +01:00
|
|
|
c.state = StateNotAuthenticated
|
2020-02-05 22:16:58 +00:00
|
|
|
c.synced = false
|
|
|
|
c.mu.Unlock()
|
|
|
|
|
2020-10-13 23:03:56 +01:00
|
|
|
c.sendStatus("authRoutine-wantout", nil, "", nil)
|
2020-02-05 22:16:58 +00:00
|
|
|
bo.BackOff(ctx, nil)
|
|
|
|
} else { // ie. goal.wantLoggedIn
|
|
|
|
c.mu.Lock()
|
|
|
|
if goal.url != "" {
|
2020-05-27 19:46:09 +01:00
|
|
|
c.state = StateURLVisitRequired
|
2020-02-05 22:16:58 +00:00
|
|
|
} else {
|
2020-05-27 19:46:09 +01:00
|
|
|
c.state = StateAuthenticating
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
|
|
|
c.mu.Unlock()
|
|
|
|
|
|
|
|
var url string
|
|
|
|
var err error
|
|
|
|
var f string
|
|
|
|
if goal.url != "" {
|
|
|
|
url, err = c.direct.WaitLoginURL(ctx, goal.url)
|
|
|
|
f = "WaitLoginURL"
|
|
|
|
} else {
|
|
|
|
url, err = c.direct.TryLogin(ctx, goal.token, goal.flags)
|
|
|
|
f = "TryLogin"
|
|
|
|
}
|
|
|
|
if err != nil {
|
|
|
|
report(err, f)
|
|
|
|
bo.BackOff(ctx, err)
|
|
|
|
continue
|
2021-04-08 05:06:31 +01:00
|
|
|
}
|
|
|
|
if url != "" {
|
2021-11-23 22:18:03 +00:00
|
|
|
// goal.url ought to be empty here.
|
|
|
|
// However, not all control servers get this right,
|
|
|
|
// and logging about it here just generates noise.
|
2020-02-05 22:16:58 +00:00
|
|
|
c.mu.Lock()
|
2020-07-15 18:00:20 +01:00
|
|
|
c.loginGoal = &LoginGoal{
|
|
|
|
wantLoggedIn: true,
|
|
|
|
flags: LoginDefault,
|
|
|
|
url: url,
|
|
|
|
}
|
2020-05-27 19:46:09 +01:00
|
|
|
c.state = StateURLVisitRequired
|
2020-02-05 22:16:58 +00:00
|
|
|
c.synced = false
|
|
|
|
c.mu.Unlock()
|
|
|
|
|
2020-10-13 23:03:56 +01:00
|
|
|
c.sendStatus("authRoutine-url", err, url, nil)
|
2020-02-05 22:16:58 +00:00
|
|
|
bo.BackOff(ctx, err)
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
// success
|
|
|
|
c.mu.Lock()
|
|
|
|
c.loggedIn = true
|
|
|
|
c.loginGoal = nil
|
2020-05-27 19:46:09 +01:00
|
|
|
c.state = StateAuthenticated
|
2020-02-05 22:16:58 +00:00
|
|
|
c.mu.Unlock()
|
|
|
|
|
2020-10-13 23:03:56 +01:00
|
|
|
c.sendStatus("authRoutine-success", nil, "", nil)
|
2020-02-05 22:16:58 +00:00
|
|
|
c.cancelMapSafely()
|
|
|
|
bo.BackOff(ctx, nil)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-05-27 19:46:09 +01:00
|
|
|
// Expiry returns the credential expiration time, or the zero time if
|
|
|
|
// the expiration time isn't known. Used in tests only.
|
2021-04-30 04:27:00 +01:00
|
|
|
func (c *Auto) Expiry() *time.Time {
|
2020-05-27 19:46:09 +01:00
|
|
|
c.mu.Lock()
|
|
|
|
defer c.mu.Unlock()
|
|
|
|
return c.expiry
|
|
|
|
}
|
|
|
|
|
|
|
|
// Direct returns the underlying direct client object. Used in tests
|
|
|
|
// only.
|
2021-04-30 04:27:00 +01:00
|
|
|
func (c *Auto) Direct() *Direct {
|
2020-05-27 19:46:09 +01:00
|
|
|
return c.direct
|
|
|
|
}
|
|
|
|
|
2020-07-31 17:39:45 +01:00
|
|
|
// unpausedChanLocked returns a new channel that is closed when the
|
2021-04-30 04:27:00 +01:00
|
|
|
// current Auto pause is unpaused.
|
2020-07-31 17:39:45 +01:00
|
|
|
//
|
|
|
|
// c.mu must be held
|
2021-04-30 04:27:00 +01:00
|
|
|
func (c *Auto) unpausedChanLocked() <-chan struct{} {
|
2020-07-31 17:39:45 +01:00
|
|
|
unpaused := make(chan struct{})
|
|
|
|
c.unpauseWaiters = append(c.unpauseWaiters, unpaused)
|
|
|
|
return unpaused
|
|
|
|
}
|
|
|
|
|
2021-04-30 04:27:00 +01:00
|
|
|
func (c *Auto) mapRoutine() {
|
2020-02-05 22:16:58 +00:00
|
|
|
defer close(c.mapDone)
|
2020-08-09 05:03:20 +01:00
|
|
|
bo := backoff.NewBackoff("mapRoutine", c.logf, 30*time.Second)
|
2020-02-05 22:16:58 +00:00
|
|
|
|
|
|
|
for {
|
|
|
|
c.mu.Lock()
|
2020-07-31 17:39:45 +01:00
|
|
|
if c.paused {
|
|
|
|
unpaused := c.unpausedChanLocked()
|
|
|
|
c.mu.Unlock()
|
|
|
|
c.logf("mapRoutine: awaiting unpause")
|
|
|
|
select {
|
|
|
|
case <-unpaused:
|
|
|
|
c.logf("mapRoutine: unpaused")
|
|
|
|
case <-c.quit:
|
|
|
|
c.logf("mapRoutine: quit")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
continue
|
|
|
|
}
|
2022-02-12 16:05:24 +00:00
|
|
|
c.logf("[v1] mapRoutine: %s", c.state)
|
2020-02-05 22:16:58 +00:00
|
|
|
loggedIn := c.loggedIn
|
|
|
|
ctx := c.mapCtx
|
|
|
|
c.mu.Unlock()
|
|
|
|
|
|
|
|
select {
|
|
|
|
case <-c.quit:
|
2020-04-11 16:35:34 +01:00
|
|
|
c.logf("mapRoutine: quit")
|
2020-02-05 22:16:58 +00:00
|
|
|
return
|
|
|
|
default:
|
|
|
|
}
|
|
|
|
|
|
|
|
report := func(err error, msg string) {
|
2020-12-21 18:58:06 +00:00
|
|
|
c.logf("[v1] %s: %v", msg, err)
|
2021-10-26 18:19:35 +01:00
|
|
|
err = fmt.Errorf("%s: %w", msg, err)
|
2020-02-05 22:16:58 +00:00
|
|
|
// don't send status updates for context errors,
|
|
|
|
// since context cancelation is always on purpose.
|
|
|
|
if ctx.Err() == nil {
|
|
|
|
c.sendStatus("mapRoutine1", err, "", nil)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if !loggedIn {
|
|
|
|
// Wait for something interesting to happen
|
|
|
|
c.mu.Lock()
|
|
|
|
c.synced = false
|
|
|
|
// c.state is set by authRoutine()
|
|
|
|
c.mu.Unlock()
|
|
|
|
|
|
|
|
select {
|
|
|
|
case <-ctx.Done():
|
2022-02-12 16:05:24 +00:00
|
|
|
c.logf("[v1] mapRoutine: context done.")
|
2020-02-05 22:16:58 +00:00
|
|
|
case <-c.newMapCh:
|
2022-02-12 16:05:24 +00:00
|
|
|
c.logf("[v1] mapRoutine: new map needed while idle.")
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
// Be sure this is false when we're not inside
|
|
|
|
// PollNetMap, so that cancelMapSafely() can notify
|
|
|
|
// us correctly.
|
|
|
|
c.mu.Lock()
|
|
|
|
c.inPollNetMap = false
|
|
|
|
c.mu.Unlock()
|
2021-02-25 05:29:51 +00:00
|
|
|
health.SetInPollNetMap(false)
|
2020-02-05 22:16:58 +00:00
|
|
|
|
2021-02-05 23:44:46 +00:00
|
|
|
err := c.direct.PollNetMap(ctx, -1, func(nm *netmap.NetworkMap) {
|
2021-02-25 05:29:51 +00:00
|
|
|
health.SetInPollNetMap(true)
|
2020-02-05 22:16:58 +00:00
|
|
|
c.mu.Lock()
|
|
|
|
|
|
|
|
select {
|
|
|
|
case <-c.newMapCh:
|
2020-12-21 18:58:06 +00:00
|
|
|
c.logf("[v1] mapRoutine: new map request during PollNetMap. canceling.")
|
2020-02-05 22:16:58 +00:00
|
|
|
c.cancelMapLocked()
|
|
|
|
|
|
|
|
// Don't emit this netmap; we're
|
|
|
|
// about to request a fresh one.
|
|
|
|
c.mu.Unlock()
|
|
|
|
return
|
|
|
|
default:
|
|
|
|
}
|
|
|
|
|
|
|
|
c.synced = true
|
|
|
|
c.inPollNetMap = true
|
|
|
|
if c.loggedIn {
|
2020-05-27 19:46:09 +01:00
|
|
|
c.state = StateSynchronized
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
|
|
|
exp := nm.Expiry
|
|
|
|
c.expiry = &exp
|
|
|
|
stillAuthed := c.loggedIn
|
|
|
|
state := c.state
|
|
|
|
|
|
|
|
c.mu.Unlock()
|
|
|
|
|
2020-12-21 18:58:06 +00:00
|
|
|
c.logf("[v1] mapRoutine: netmap received: %s", state)
|
2020-02-05 22:16:58 +00:00
|
|
|
if stillAuthed {
|
2020-10-13 23:03:56 +01:00
|
|
|
c.sendStatus("mapRoutine-got-netmap", nil, "", nm)
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
|
|
|
})
|
|
|
|
|
2021-02-25 05:29:51 +00:00
|
|
|
health.SetInPollNetMap(false)
|
2020-02-05 22:16:58 +00:00
|
|
|
c.mu.Lock()
|
|
|
|
c.synced = false
|
|
|
|
c.inPollNetMap = false
|
2020-05-27 19:46:09 +01:00
|
|
|
if c.state == StateSynchronized {
|
|
|
|
c.state = StateAuthenticated
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
2020-07-31 17:39:45 +01:00
|
|
|
paused := c.paused
|
2020-02-05 22:16:58 +00:00
|
|
|
c.mu.Unlock()
|
|
|
|
|
2020-07-31 17:39:45 +01:00
|
|
|
if paused {
|
|
|
|
c.logf("mapRoutine: paused")
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
2020-02-05 22:16:58 +00:00
|
|
|
if err != nil {
|
|
|
|
report(err, "PollNetMap")
|
|
|
|
bo.BackOff(ctx, err)
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
bo.BackOff(ctx, nil)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-04-30 04:27:00 +01:00
|
|
|
func (c *Auto) AuthCantContinue() bool {
|
2021-04-21 20:57:48 +01:00
|
|
|
if c == nil {
|
|
|
|
return true
|
|
|
|
}
|
2020-02-05 22:16:58 +00:00
|
|
|
c.mu.Lock()
|
|
|
|
defer c.mu.Unlock()
|
|
|
|
|
|
|
|
return !c.loggedIn && (c.loginGoal == nil || c.loginGoal.url != "")
|
|
|
|
}
|
|
|
|
|
2021-03-31 16:25:39 +01:00
|
|
|
// SetStatusFunc sets fn as the callback to run on any status change.
|
2021-04-30 04:27:00 +01:00
|
|
|
func (c *Auto) SetStatusFunc(fn func(Status)) {
|
2020-02-05 22:16:58 +00:00
|
|
|
c.mu.Lock()
|
|
|
|
c.statusFunc = fn
|
|
|
|
c.mu.Unlock()
|
|
|
|
}
|
|
|
|
|
2021-04-30 04:27:00 +01:00
|
|
|
func (c *Auto) SetHostinfo(hi *tailcfg.Hostinfo) {
|
2020-02-25 18:04:20 +00:00
|
|
|
if hi == nil {
|
|
|
|
panic("nil Hostinfo")
|
|
|
|
}
|
2020-04-02 01:18:39 +01:00
|
|
|
if !c.direct.SetHostinfo(hi) {
|
2020-07-28 23:13:34 +01:00
|
|
|
// No changes. Don't log.
|
2020-04-02 01:18:39 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-02-05 22:16:58 +00:00
|
|
|
// Send new Hostinfo to server
|
2020-12-23 21:03:16 +00:00
|
|
|
c.sendNewMapRequest()
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
|
|
|
|
2021-04-30 04:27:00 +01:00
|
|
|
func (c *Auto) SetNetInfo(ni *tailcfg.NetInfo) {
|
2020-03-04 06:21:56 +00:00
|
|
|
if ni == nil {
|
|
|
|
panic("nil NetInfo")
|
|
|
|
}
|
2020-04-02 01:18:39 +01:00
|
|
|
if !c.direct.SetNetInfo(ni) {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-05-03 23:07:30 +01:00
|
|
|
// Send new NetInfo to server
|
2020-12-23 21:03:16 +00:00
|
|
|
c.sendNewMapRequest()
|
2020-03-04 06:21:56 +00:00
|
|
|
}
|
|
|
|
|
2021-04-30 04:27:00 +01:00
|
|
|
func (c *Auto) sendStatus(who string, err error, url string, nm *netmap.NetworkMap) {
|
2020-02-05 22:16:58 +00:00
|
|
|
c.mu.Lock()
|
|
|
|
state := c.state
|
|
|
|
loggedIn := c.loggedIn
|
|
|
|
synced := c.synced
|
|
|
|
statusFunc := c.statusFunc
|
|
|
|
c.inSendStatus++
|
|
|
|
c.mu.Unlock()
|
|
|
|
|
2020-12-21 18:58:06 +00:00
|
|
|
c.logf("[v1] sendStatus: %s: %v", who, state)
|
2020-02-05 22:16:58 +00:00
|
|
|
|
2021-02-05 23:23:01 +00:00
|
|
|
var p *persist.Persist
|
ipnlocal: don't assume NeedsLogin immediately after StartLogout().
Previously, there was no server round trip required to log out, so when
you asked ipnlocal to Logout(), it could clear the netmap immediately
and switch to NeedsLogin state.
In v1.8, we added a true Logout operation. ipn.Logout() would trigger
an async cc.StartLogout() and *also* immediately switch to NeedsLogin.
Unfortunately, some frontends would see NeedsLogin and immediately
trigger a new StartInteractiveLogin() operation, before the
controlclient auth state machine actually acted on the Logout command,
thus accidentally invalidating the entire logout operation, retaining
the netmap, and violating the user's expectations.
Instead, add a new LogoutFinished signal from controlclient
(paralleling LoginFinished) and, upon starting a logout, don't update
the ipn state machine until it's received.
Updates: #1918 (BUG-2)
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2021-05-20 07:46:57 +01:00
|
|
|
var loginFin, logoutFin *empty.Message
|
2020-05-27 19:46:09 +01:00
|
|
|
if state == StateAuthenticated {
|
ipnlocal: don't assume NeedsLogin immediately after StartLogout().
Previously, there was no server round trip required to log out, so when
you asked ipnlocal to Logout(), it could clear the netmap immediately
and switch to NeedsLogin state.
In v1.8, we added a true Logout operation. ipn.Logout() would trigger
an async cc.StartLogout() and *also* immediately switch to NeedsLogin.
Unfortunately, some frontends would see NeedsLogin and immediately
trigger a new StartInteractiveLogin() operation, before the
controlclient auth state machine actually acted on the Logout command,
thus accidentally invalidating the entire logout operation, retaining
the netmap, and violating the user's expectations.
Instead, add a new LogoutFinished signal from controlclient
(paralleling LoginFinished) and, upon starting a logout, don't update
the ipn state machine until it's received.
Updates: #1918 (BUG-2)
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2021-05-20 07:46:57 +01:00
|
|
|
loginFin = new(empty.Message)
|
|
|
|
}
|
|
|
|
if state == StateNotAuthenticated {
|
|
|
|
logoutFin = new(empty.Message)
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
|
|
|
if nm != nil && loggedIn && synced {
|
|
|
|
pp := c.direct.GetPersist()
|
|
|
|
p = &pp
|
|
|
|
} else {
|
|
|
|
// don't send netmap status, as it's misleading when we're
|
|
|
|
// not logged in.
|
|
|
|
nm = nil
|
|
|
|
}
|
|
|
|
new := Status{
|
ipnlocal: don't assume NeedsLogin immediately after StartLogout().
Previously, there was no server round trip required to log out, so when
you asked ipnlocal to Logout(), it could clear the netmap immediately
and switch to NeedsLogin state.
In v1.8, we added a true Logout operation. ipn.Logout() would trigger
an async cc.StartLogout() and *also* immediately switch to NeedsLogin.
Unfortunately, some frontends would see NeedsLogin and immediately
trigger a new StartInteractiveLogin() operation, before the
controlclient auth state machine actually acted on the Logout command,
thus accidentally invalidating the entire logout operation, retaining
the netmap, and violating the user's expectations.
Instead, add a new LogoutFinished signal from controlclient
(paralleling LoginFinished) and, upon starting a logout, don't update
the ipn state machine until it's received.
Updates: #1918 (BUG-2)
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2021-05-20 07:46:57 +01:00
|
|
|
LoginFinished: loginFin,
|
|
|
|
LogoutFinished: logoutFin,
|
|
|
|
URL: url,
|
|
|
|
Persist: p,
|
|
|
|
NetMap: nm,
|
|
|
|
State: state,
|
2021-10-26 18:19:35 +01:00
|
|
|
Err: err,
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
|
|
|
if statusFunc != nil {
|
|
|
|
statusFunc(new)
|
|
|
|
}
|
|
|
|
|
|
|
|
c.mu.Lock()
|
|
|
|
c.inSendStatus--
|
|
|
|
c.mu.Unlock()
|
|
|
|
}
|
|
|
|
|
2021-04-30 04:27:00 +01:00
|
|
|
func (c *Auto) Login(t *tailcfg.Oauth2Token, flags LoginFlags) {
|
2020-04-11 16:35:34 +01:00
|
|
|
c.logf("client.Login(%v, %v)", t != nil, flags)
|
2020-02-05 22:16:58 +00:00
|
|
|
|
|
|
|
c.mu.Lock()
|
|
|
|
c.loginGoal = &LoginGoal{
|
|
|
|
wantLoggedIn: true,
|
|
|
|
token: t,
|
|
|
|
flags: flags,
|
|
|
|
}
|
|
|
|
c.mu.Unlock()
|
|
|
|
|
|
|
|
c.cancelAuth()
|
|
|
|
}
|
|
|
|
|
2021-04-30 04:27:00 +01:00
|
|
|
func (c *Auto) StartLogout() {
|
2021-04-08 05:06:31 +01:00
|
|
|
c.logf("client.StartLogout()")
|
2020-02-05 22:16:58 +00:00
|
|
|
|
|
|
|
c.mu.Lock()
|
|
|
|
c.loginGoal = &LoginGoal{
|
|
|
|
wantLoggedIn: false,
|
|
|
|
}
|
|
|
|
c.mu.Unlock()
|
2021-04-08 05:06:31 +01:00
|
|
|
c.cancelAuth()
|
|
|
|
}
|
2020-02-05 22:16:58 +00:00
|
|
|
|
2021-04-30 04:27:00 +01:00
|
|
|
func (c *Auto) Logout(ctx context.Context) error {
|
2021-04-08 05:06:31 +01:00
|
|
|
c.logf("client.Logout()")
|
|
|
|
|
|
|
|
errc := make(chan error, 1)
|
|
|
|
|
|
|
|
c.mu.Lock()
|
|
|
|
c.loginGoal = &LoginGoal{
|
|
|
|
wantLoggedIn: false,
|
|
|
|
loggedOutResult: errc,
|
|
|
|
}
|
|
|
|
c.mu.Unlock()
|
2020-02-05 22:16:58 +00:00
|
|
|
c.cancelAuth()
|
2021-04-08 05:06:31 +01:00
|
|
|
|
|
|
|
timer := time.NewTimer(10 * time.Second)
|
|
|
|
defer timer.Stop()
|
|
|
|
select {
|
|
|
|
case err := <-errc:
|
|
|
|
return err
|
|
|
|
case <-ctx.Done():
|
|
|
|
return ctx.Err()
|
|
|
|
case <-timer.C:
|
|
|
|
return context.DeadlineExceeded
|
|
|
|
}
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
|
|
|
|
2022-03-09 22:42:42 +00:00
|
|
|
func (c *Auto) SetExpirySooner(ctx context.Context, expiry time.Time) error {
|
|
|
|
return c.direct.SetExpirySooner(ctx, expiry)
|
|
|
|
}
|
|
|
|
|
2021-03-31 16:25:39 +01:00
|
|
|
// UpdateEndpoints sets the client's discovered endpoints and sends
|
|
|
|
// them to the control server if they've changed.
|
|
|
|
//
|
|
|
|
// It does not retain the provided slice.
|
|
|
|
//
|
|
|
|
// The localPort field is unused except for integration tests in
|
|
|
|
// another repo.
|
2021-04-30 04:27:00 +01:00
|
|
|
func (c *Auto) UpdateEndpoints(localPort uint16, endpoints []tailcfg.Endpoint) {
|
2020-02-14 17:28:29 +00:00
|
|
|
changed := c.direct.SetEndpoints(localPort, endpoints)
|
|
|
|
if changed {
|
2020-12-23 21:03:16 +00:00
|
|
|
c.sendNewMapRequest()
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-04-30 04:27:00 +01:00
|
|
|
func (c *Auto) Shutdown() {
|
2020-04-11 16:35:34 +01:00
|
|
|
c.logf("client.Shutdown()")
|
2020-02-05 22:16:58 +00:00
|
|
|
|
|
|
|
c.mu.Lock()
|
|
|
|
inSendStatus := c.inSendStatus
|
|
|
|
closed := c.closed
|
2022-03-08 19:45:48 +00:00
|
|
|
direct := c.direct
|
2020-02-05 22:16:58 +00:00
|
|
|
if !closed {
|
|
|
|
c.closed = true
|
|
|
|
c.statusFunc = nil
|
|
|
|
}
|
|
|
|
c.mu.Unlock()
|
|
|
|
|
2020-04-11 16:35:34 +01:00
|
|
|
c.logf("client.Shutdown: inSendStatus=%v", inSendStatus)
|
2020-02-05 22:16:58 +00:00
|
|
|
if !closed {
|
2021-02-18 16:58:13 +00:00
|
|
|
c.unregisterHealthWatch()
|
2020-02-05 22:16:58 +00:00
|
|
|
close(c.quit)
|
|
|
|
c.cancelAuth()
|
|
|
|
<-c.authDone
|
|
|
|
c.cancelMapUnsafely()
|
|
|
|
<-c.mapDone
|
2022-03-09 05:04:42 +00:00
|
|
|
if direct != nil {
|
|
|
|
direct.Close()
|
|
|
|
}
|
2020-04-11 16:35:34 +01:00
|
|
|
c.logf("Client.Shutdown done.")
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
|
|
|
}
|
2020-05-27 19:46:09 +01:00
|
|
|
|
|
|
|
// NodePublicKey returns the node public key currently in use. This is
|
|
|
|
// used exclusively in tests.
|
2021-10-28 22:22:51 +01:00
|
|
|
func (c *Auto) TestOnlyNodePublicKey() key.NodePublic {
|
2020-05-27 19:46:09 +01:00
|
|
|
priv := c.direct.GetPersist()
|
2021-10-28 22:22:51 +01:00
|
|
|
return priv.PrivateNodeKey.Public()
|
2020-05-27 19:46:09 +01:00
|
|
|
}
|
|
|
|
|
2021-04-30 04:27:00 +01:00
|
|
|
func (c *Auto) TestOnlySetAuthKey(authkey string) {
|
2020-05-27 19:46:09 +01:00
|
|
|
c.direct.mu.Lock()
|
|
|
|
defer c.direct.mu.Unlock()
|
|
|
|
c.direct.authKey = authkey
|
|
|
|
}
|
|
|
|
|
2021-04-30 04:27:00 +01:00
|
|
|
func (c *Auto) TestOnlyTimeNow() time.Time {
|
2020-05-27 19:46:09 +01:00
|
|
|
return c.timeNow()
|
|
|
|
}
|
2021-06-08 00:03:16 +01:00
|
|
|
|
|
|
|
// SetDNS sends the SetDNSRequest request to the control plane server,
|
|
|
|
// requesting a DNS record be created or updated.
|
|
|
|
func (c *Auto) SetDNS(ctx context.Context, req *tailcfg.SetDNSRequest) error {
|
|
|
|
return c.direct.SetDNS(ctx, req)
|
|
|
|
}
|
2022-03-10 18:28:42 +00:00
|
|
|
|
|
|
|
func (c *Auto) DoNoiseRequest(req *http.Request) (*http.Response, error) {
|
|
|
|
return c.direct.DoNoiseRequest(req)
|
|
|
|
}
|