2020-02-05 22:16:58 +00:00
|
|
|
// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
|
|
|
|
// Use of this source code is governed by a BSD-style
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
package ipn
|
|
|
|
|
|
|
|
import (
|
2021-04-30 04:18:50 +01:00
|
|
|
"fmt"
|
|
|
|
"strings"
|
2020-02-03 18:57:34 +00:00
|
|
|
"time"
|
|
|
|
|
2020-03-27 20:26:35 +00:00
|
|
|
"tailscale.com/ipn/ipnstate"
|
2020-02-05 22:16:58 +00:00
|
|
|
"tailscale.com/tailcfg"
|
2020-02-14 21:09:19 +00:00
|
|
|
"tailscale.com/types/empty"
|
2021-11-02 01:40:39 +00:00
|
|
|
"tailscale.com/types/key"
|
2021-02-05 23:44:46 +00:00
|
|
|
"tailscale.com/types/netmap"
|
2020-05-03 21:58:39 +01:00
|
|
|
"tailscale.com/types/structs"
|
2020-02-05 22:16:58 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
type State int
|
|
|
|
|
|
|
|
const (
|
|
|
|
NoState = State(iota)
|
2020-11-02 17:52:59 +00:00
|
|
|
InUseOtherUser
|
2020-02-05 22:16:58 +00:00
|
|
|
NeedsLogin
|
|
|
|
NeedsMachineAuth
|
|
|
|
Stopped
|
|
|
|
Starting
|
|
|
|
Running
|
|
|
|
)
|
|
|
|
|
2021-03-19 17:21:33 +00:00
|
|
|
// GoogleIDToken Type is the tailcfg.Oauth2Token.TokenType for the Google
|
2020-07-13 21:13:11 +01:00
|
|
|
// ID tokens used by the Android client.
|
|
|
|
const GoogleIDTokenType = "ts_android_google_login"
|
|
|
|
|
2020-02-05 22:16:58 +00:00
|
|
|
func (s State) String() string {
|
2020-11-02 17:52:59 +00:00
|
|
|
return [...]string{
|
|
|
|
"NoState",
|
|
|
|
"InUseOtherUser",
|
|
|
|
"NeedsLogin",
|
|
|
|
"NeedsMachineAuth",
|
|
|
|
"Stopped",
|
|
|
|
"Starting",
|
|
|
|
"Running"}[s]
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
|
|
|
|
2020-02-25 20:30:28 +00:00
|
|
|
// EngineStatus contains WireGuard engine stats.
|
2020-02-05 22:16:58 +00:00
|
|
|
type EngineStatus struct {
|
2021-02-04 21:12:42 +00:00
|
|
|
RBytes, WBytes int64
|
2020-02-05 22:16:58 +00:00
|
|
|
NumLive int
|
2020-03-19 06:55:14 +00:00
|
|
|
LiveDERPs int // number of active DERP connections
|
2021-11-02 01:40:39 +00:00
|
|
|
LivePeers map[key.NodePublic]ipnstate.PeerStatusLite
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
|
|
|
|
2020-02-25 18:04:20 +00:00
|
|
|
// Notify is a communication from a backend (e.g. tailscaled) to a frontend
|
|
|
|
// (cmd/tailscale, iOS, macOS, Win Tasktray).
|
2020-02-05 22:16:58 +00:00
|
|
|
// In any given notification, any or all of these may be nil, meaning
|
|
|
|
// that they have not changed.
|
2020-02-25 18:04:20 +00:00
|
|
|
// They are JSON-encoded on the wire, despite the lack of struct tags.
|
2020-02-05 22:16:58 +00:00
|
|
|
type Notify struct {
|
2021-04-23 18:26:25 +01:00
|
|
|
_ structs.Incomparable
|
|
|
|
Version string // version number of IPN backend
|
|
|
|
|
|
|
|
// ErrMessage, if non-nil, contains a critical error message.
|
|
|
|
// For State InUseOtherUser, ErrMessage is not critical and just contains the details.
|
|
|
|
ErrMessage *string
|
|
|
|
|
2022-05-03 22:16:34 +01:00
|
|
|
LoginFinished *empty.Message // non-nil when/if the login process succeeded
|
|
|
|
State *State // if non-nil, the new or current IPN state
|
|
|
|
Prefs *Prefs // if non-nil, the new or current preferences
|
|
|
|
NetMap *netmap.NetworkMap // if non-nil, the new or current netmap
|
2022-09-25 19:29:55 +01:00
|
|
|
Engine *EngineStatus // if non-nil, the new or current wireguard stats
|
2022-05-03 22:16:34 +01:00
|
|
|
BrowseToURL *string // if non-nil, UI should open a browser right now
|
|
|
|
BackendLogID *string // if non-nil, the public logtail ID used by backend
|
2020-02-25 18:04:20 +00:00
|
|
|
|
2021-04-09 15:57:32 +01:00
|
|
|
// FilesWaiting if non-nil means that files are buffered in
|
|
|
|
// the Tailscale daemon and ready for local transfer to the
|
|
|
|
// user's preferred storage location.
|
|
|
|
FilesWaiting *empty.Message `json:",omitempty"`
|
|
|
|
|
|
|
|
// IncomingFiles, if non-nil, specifies which files are in the
|
|
|
|
// process of being received. A nil IncomingFiles means this
|
|
|
|
// Notify should not update the state of file transfers. A non-nil
|
|
|
|
// but empty IncomingFiles means that no files are in the middle
|
|
|
|
// of being transferred.
|
|
|
|
IncomingFiles []PartialFile `json:",omitempty"`
|
2021-03-30 19:19:42 +01:00
|
|
|
|
2020-07-09 17:08:54 +01:00
|
|
|
// LocalTCPPort, if non-nil, informs the UI frontend which
|
|
|
|
// (non-zero) localhost TCP port it's listening on.
|
|
|
|
// This is currently only used by Tailscale when run in the
|
|
|
|
// macOS Network Extension.
|
|
|
|
LocalTCPPort *uint16 `json:",omitempty"`
|
|
|
|
|
2020-02-25 18:04:20 +00:00
|
|
|
// type is mirrored in xcode/Shared/IPN.swift
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
|
|
|
|
2021-04-30 04:18:50 +01:00
|
|
|
func (n Notify) String() string {
|
|
|
|
var sb strings.Builder
|
|
|
|
sb.WriteString("Notify{")
|
|
|
|
if n.ErrMessage != nil {
|
|
|
|
fmt.Fprintf(&sb, "err=%q ", *n.ErrMessage)
|
|
|
|
}
|
|
|
|
if n.LoginFinished != nil {
|
|
|
|
sb.WriteString("LoginFinished ")
|
|
|
|
}
|
|
|
|
if n.State != nil {
|
|
|
|
fmt.Fprintf(&sb, "state=%v ", *n.State)
|
|
|
|
}
|
|
|
|
if n.Prefs != nil {
|
|
|
|
fmt.Fprintf(&sb, "%v ", n.Prefs.Pretty())
|
|
|
|
}
|
|
|
|
if n.NetMap != nil {
|
|
|
|
sb.WriteString("NetMap{...} ")
|
|
|
|
}
|
|
|
|
if n.Engine != nil {
|
|
|
|
fmt.Fprintf(&sb, "wg=%v ", *n.Engine)
|
|
|
|
}
|
|
|
|
if n.BrowseToURL != nil {
|
|
|
|
sb.WriteString("URL=<...> ")
|
|
|
|
}
|
|
|
|
if n.BackendLogID != nil {
|
|
|
|
sb.WriteString("BackendLogID ")
|
|
|
|
}
|
|
|
|
if n.FilesWaiting != nil {
|
|
|
|
sb.WriteString("FilesWaiting ")
|
|
|
|
}
|
|
|
|
if len(n.IncomingFiles) != 0 {
|
|
|
|
sb.WriteString("IncomingFiles ")
|
|
|
|
}
|
|
|
|
if n.LocalTCPPort != nil {
|
|
|
|
fmt.Fprintf(&sb, "tcpport=%v ", n.LocalTCPPort)
|
|
|
|
}
|
|
|
|
s := sb.String()
|
|
|
|
return s[0:len(s)-1] + "}"
|
|
|
|
}
|
|
|
|
|
2021-04-08 22:54:25 +01:00
|
|
|
// PartialFile represents an in-progress file transfer.
|
|
|
|
type PartialFile struct {
|
|
|
|
Name string // e.g. "foo.jpg"
|
|
|
|
Started time.Time // time transfer started
|
|
|
|
DeclaredSize int64 // or -1 if unknown
|
|
|
|
Received int64 // bytes copied thus far
|
2021-04-12 22:05:44 +01:00
|
|
|
|
2021-04-16 20:33:04 +01:00
|
|
|
// PartialPath is set non-empty in "direct" file mode to the
|
|
|
|
// in-progress '*.partial' file's path when the peerapi isn't
|
|
|
|
// being used; see LocalBackend.SetDirectFileRoot.
|
|
|
|
PartialPath string `json:",omitempty"`
|
|
|
|
|
|
|
|
// Done is set in "direct" mode when the partial file has been
|
|
|
|
// closed and is ready for the caller to rename away the
|
|
|
|
// ".partial" suffix.
|
|
|
|
Done bool `json:",omitempty"`
|
2021-04-08 22:54:25 +01:00
|
|
|
}
|
|
|
|
|
2020-02-03 18:35:52 +00:00
|
|
|
// StateKey is an opaque identifier for a set of LocalBackend state
|
|
|
|
// (preferences, private keys, etc.).
|
|
|
|
//
|
|
|
|
// The reason we need this is that the Tailscale agent may be running
|
|
|
|
// on a multi-user machine, in a context where a single daemon is
|
|
|
|
// shared by several consecutive users. Ideally we would just use the
|
|
|
|
// username of the connected frontend as the StateKey.
|
|
|
|
//
|
2020-09-30 04:51:25 +01:00
|
|
|
// Various platforms currently set StateKey in different ways:
|
|
|
|
//
|
2022-08-02 17:33:46 +01:00
|
|
|
// - the macOS/iOS GUI apps set it to "ipn-go-bridge"
|
|
|
|
// - the Android app sets it to "ipn-android"
|
|
|
|
// - on Windows, it's the empty string (in client mode) or, via
|
|
|
|
// LocalBackend.userID, a string like "user-$USER_ID" (used in
|
|
|
|
// server mode).
|
|
|
|
// - on Linux/etc, it's always "_daemon" (ipn.GlobalDaemonStateKey)
|
2022-10-04 04:39:45 +01:00
|
|
|
//
|
|
|
|
// Additionally, the StateKey can be debug setting name:
|
|
|
|
//
|
|
|
|
// - "_debug_magicsock_until" with value being a unix timestamp stringified
|
|
|
|
// - "_debug_<component>_until" with value being a unix timestamp stringified
|
2020-02-03 18:35:52 +00:00
|
|
|
type StateKey string
|
|
|
|
|
2020-02-05 22:16:58 +00:00
|
|
|
type Options struct {
|
2020-02-14 00:07:50 +00:00
|
|
|
// FrontendLogID is the public logtail id used by the frontend.
|
2020-02-03 18:35:52 +00:00
|
|
|
FrontendLogID string
|
|
|
|
// StateKey and Prefs together define the state the backend should
|
|
|
|
// use:
|
|
|
|
// - StateKey=="" && Prefs!=nil: use Prefs for internal state,
|
2020-09-28 23:28:26 +01:00
|
|
|
// don't persist changes in the backend, except for the machine key
|
|
|
|
// for migration purposes.
|
2020-02-03 18:35:52 +00:00
|
|
|
// - StateKey!="" && Prefs==nil: load the given backend-side
|
|
|
|
// state and use/update that.
|
|
|
|
// - StateKey!="" && Prefs!=nil: like the previous case, but do
|
|
|
|
// an initial overwrite of backend state with Prefs.
|
ipnlocal: accept a new opts.UpdatePrefs field.
This is needed because the original opts.Prefs field was at some point
subverted for use in frontend->backend state migration for backward
compatibility on some platforms. We still need that feature, but we
also need the feature of providing the full set of prefs from
`tailscale up`, *not* including overwriting the prefs.Persist keys, so
we can't use the original field from `tailscale up`.
`tailscale up` had attempted to compensate for that by doing SetPrefs()
before Start(), but that violates the ipn.Backend contract, which says
you should call Start() before anything else (that's why it's called
Start()). As a result, doing SetPrefs({ControlURL=...,
WantRunning=true}) would cause a connection to the *previous* control
server (because WantRunning=true), and then connect to the *new*
control server only after running Start().
This problem may have been avoided before, but only by pure luck.
It turned out to be relatively harmless since the connection to the old
control server was immediately closed and replaced anyway, but it
created a race condition that could have caused spurious notifications
or rejected keys if the server responded quickly.
As already covered by existing TODOs, a better fix would be to have
Start() get out of the business of state migration altogether. But
we're approaching a release so I want to make the minimum possible fix.
Fixes #1840.
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2021-05-04 09:26:07 +01:00
|
|
|
//
|
|
|
|
// NOTE(apenwarr): The above means that this Prefs field does not do
|
|
|
|
// what you probably think it does. It will overwrite your encryption
|
|
|
|
// keys. Do not use unless you know what you're doing.
|
2020-02-03 18:35:52 +00:00
|
|
|
StateKey StateKey
|
2020-05-19 03:32:20 +01:00
|
|
|
Prefs *Prefs
|
ipnlocal: accept a new opts.UpdatePrefs field.
This is needed because the original opts.Prefs field was at some point
subverted for use in frontend->backend state migration for backward
compatibility on some platforms. We still need that feature, but we
also need the feature of providing the full set of prefs from
`tailscale up`, *not* including overwriting the prefs.Persist keys, so
we can't use the original field from `tailscale up`.
`tailscale up` had attempted to compensate for that by doing SetPrefs()
before Start(), but that violates the ipn.Backend contract, which says
you should call Start() before anything else (that's why it's called
Start()). As a result, doing SetPrefs({ControlURL=...,
WantRunning=true}) would cause a connection to the *previous* control
server (because WantRunning=true), and then connect to the *new*
control server only after running Start().
This problem may have been avoided before, but only by pure luck.
It turned out to be relatively harmless since the connection to the old
control server was immediately closed and replaced anyway, but it
created a race condition that could have caused spurious notifications
or rejected keys if the server responded quickly.
As already covered by existing TODOs, a better fix would be to have
Start() get out of the business of state migration altogether. But
we're approaching a release so I want to make the minimum possible fix.
Fixes #1840.
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2021-05-04 09:26:07 +01:00
|
|
|
// UpdatePrefs, if provided, overrides Options.Prefs *and* the Prefs
|
|
|
|
// already stored in the backend state, *except* for the Persist
|
|
|
|
// Persist member. If you just want to provide prefs, this is
|
|
|
|
// probably what you want.
|
|
|
|
//
|
|
|
|
// UpdatePrefs.Persist is always ignored. Prefs.Persist will still
|
|
|
|
// be used even if UpdatePrefs is provided. Other than Persist,
|
|
|
|
// UpdatePrefs takes precedence over Prefs.
|
|
|
|
//
|
|
|
|
// This is intended as a purely temporary workaround for the
|
|
|
|
// currently unexpected behaviour of Options.Prefs.
|
|
|
|
//
|
|
|
|
// TODO(apenwarr): Remove this, or rename Prefs to something else
|
|
|
|
// and rename this to Prefs. Or, move Prefs.Persist elsewhere
|
|
|
|
// entirely (as it always should have been), and then we wouldn't
|
|
|
|
// need two separate fields at all. Or, move the fancy state
|
|
|
|
// migration stuff out of Start().
|
|
|
|
UpdatePrefs *Prefs
|
2020-04-09 08:16:43 +01:00
|
|
|
// AuthKey is an optional node auth key used to authorize a
|
|
|
|
// new node key without user interaction.
|
|
|
|
AuthKey string
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
|
|
|
|
2020-02-25 20:30:28 +00:00
|
|
|
// Backend is the interface between Tailscale frontends
|
|
|
|
// (e.g. cmd/tailscale, iOS/MacOS/Windows GUIs) and the tailscale
|
|
|
|
// backend (e.g. cmd/tailscaled) running on the same machine.
|
|
|
|
// (It has nothing to do with the interface between the backends
|
|
|
|
// and the cloud control plane.)
|
2020-02-05 22:16:58 +00:00
|
|
|
type Backend interface {
|
2021-04-07 06:11:50 +01:00
|
|
|
// SetNotifyCallback sets the callback to be called on updates
|
|
|
|
// from the backend to the client.
|
|
|
|
SetNotifyCallback(func(Notify))
|
2020-02-25 20:30:28 +00:00
|
|
|
// Start starts or restarts the backend, typically when a
|
|
|
|
// frontend client connects.
|
|
|
|
Start(Options) error
|
2020-02-14 00:07:50 +00:00
|
|
|
// StartLoginInteractive requests to start a new interactive login
|
|
|
|
// flow. This should trigger a new BrowseToURL notification
|
|
|
|
// eventually.
|
2020-02-05 22:16:58 +00:00
|
|
|
StartLoginInteractive()
|
2020-07-13 21:13:11 +01:00
|
|
|
// Login logs in with an OAuth2 token.
|
2021-03-19 17:21:33 +00:00
|
|
|
Login(token *tailcfg.Oauth2Token)
|
2020-02-25 20:30:28 +00:00
|
|
|
// Logout terminates the current login session and stops the
|
2020-02-14 00:07:50 +00:00
|
|
|
// wireguard engine.
|
2020-02-05 22:16:58 +00:00
|
|
|
Logout()
|
2020-02-25 20:30:28 +00:00
|
|
|
// SetPrefs installs a new set of user preferences, including
|
|
|
|
// WantRunning. This may cause the wireguard engine to
|
2020-02-14 00:07:50 +00:00
|
|
|
// reconfigure or stop.
|
2020-03-03 16:05:11 +00:00
|
|
|
SetPrefs(*Prefs)
|
2020-02-14 00:07:50 +00:00
|
|
|
// RequestEngineStatus polls for an update from the wireguard
|
|
|
|
// engine. Only needed if you want to display byte
|
|
|
|
// counts. Connection events are emitted automatically without
|
|
|
|
// polling.
|
2020-02-05 22:16:58 +00:00
|
|
|
RequestEngineStatus()
|
|
|
|
}
|