mirrors
/
tailscale
mirror of https://github.com/tailscale/tailscale.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,444 Commits 752 Branches 165 Tags 354 MiB
Commit Graph

112 Commits

Author SHA1 Message Date
Brad Fitzpatrick 950fc28887 ipn, paths, cmd/tailscaled: remove LegacyConfigPath, relaynode migration 
It is time.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-04-07 10:15:45 -07:00
Maisem Ali db13b2d0c8 cmd/tailscale, ipn/localapi: add "tailscale bugreport" subcommand 
Adding a subcommand which prints and logs a log marker. This should help
diagnose any issues that users face.

Fixes #1466

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2021-03-31 15:19:51 -07:00
Brad Fitzpatrick 27c4dd9a97 Revert "cmd/tailscaled, ipn/{ipnlocal,ipnserver}: let netstack get access to LocalBackend" 
This reverts commit 2bc518dcb2.

@namansood didn't end up needing it in his 770aa71ffb.
 2021-03-16 12:33:13 -07:00
Brad Fitzpatrick 2bc518dcb2 cmd/tailscaled, ipn/{ipnlocal,ipnserver}: let netstack get access to LocalBackend 
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-03-15 09:31:25 -07:00
Brad Fitzpatrick 43b30e463c ipn/ipnserver: refactor permissions checks a bit, document more, fix Windows 
Windows was only running the localapi on the debug port which was a
stopgap at the time while doing peercreds work. Removed that, and
wired it up correctly, with some more docs.

More clean-up to do after 1.6, moving the localhost TCP auth code into
the peercreds package. But that's too much for now, so the docs will
have to suffice, even if it's at a bit of an awkward stage with the
newly-renamed "NotWindows" field, which still isn't named well, but
it's better than its old name of "Unknown" which hasn't been accurate
since unix sock peercreds work anyway.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-03-05 21:46:32 -08:00
Brad Fitzpatrick 1ca3e739f7 ipn/ipnserver: set PermitWrite on localapi handler 
The TODO was easy now with peerCreds and the isReadonlyConn func.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-03-05 12:14:24 -08:00
Brad Fitzpatrick 15b6969a95 ipn/ipnserver: grant client r/w access if peer uid matches tailscaled 
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-03-02 12:34:11 -08:00
Brad Fitzpatrick be779b3587 safesocket, ipn/ipnserver: unify peercred info, fix bug on FreeBSD etc 
FreeBSD wasn't able to run "tailscale up" since the recent peercred
refactoring.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-03-02 11:23:26 -08:00
Brad Fitzpatrick 38dc6fe758 cmd/tailscaled, wgengine: remove --fake, replace with netstack 
And add a --socks5-server flag.

And fix a race in SOCKS5 replies where the response header was written
concurrently with the copy from the backend.

Co-authored with Naman Sood.

Updates #707
Updates #504

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-03-01 11:09:19 -08:00
Brad Fitzpatrick f11952ad7f ipn/ipnserver: fix Windows connection auth regression 
Regression from code movement in d3efe8caf6

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-02-23 13:27:04 -08:00
Brad Fitzpatrick 7038c09bc9 ipn/ipnserver: on darwin, let users who are admins use CLI without sudo 
Tangentially related to #987, #177, #594, #925, #505

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-02-16 21:09:27 -08:00
Brad Fitzpatrick d3efe8caf6 safesocket, ipn/ipnserver: look up peer creds on Darwin 
And open up socket permissions like Linux, now that we know who
connections are from.

This uses the new inet.af/peercred that supports Linux and Darwin at
the moment.

Fixes #1347
Fixes #1348

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-02-16 20:38:44 -08:00
Brad Fitzpatrick fdac0387a7 ipn/ipnserver, ipn/ipnlocal: move whois handler to new localapi package 2021-02-15 10:46:22 -08:00
Brad Fitzpatrick d76334d2f0 ipn: split LocalBackend off into new ipn/ipnlocal package 
And move a couple other types down into leafier packages.

Now cmd/tailscale doesn't bring in netlink, magicsock, wgengine, etc.

Fixes #1181

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-02-04 14:04:23 -08:00
Brad Fitzpatrick 006a224f50 ipn/ipnserver, cmd/hello: do whois over unix socket, not debug http 
Start of a local HTTP API. Not a stable interface yet.
 2021-01-29 13:23:13 -08:00
Brad Fitzpatrick c611d8480b cmd/tailscaled: add whois/identd-ish debug handler 2021-01-28 15:31:52 -08:00
Brad Fitzpatrick 4d3c09ced4 ipn/ipnserver: on Windows in unattended mode, wait for Engine forever 
Updates #1187
 2021-01-25 15:32:13 -08:00
Brad Fitzpatrick 5611f290eb ipn, ipnserver: only require sudo on Linux for mutable CLI actions 
This partially reverts d6e9fb1df0, which modified the permissions
on the tailscaled Unix socket and thus required "sudo tailscale" even
for "tailscale status".

Instead, open the permissions back up (on Linux only) but have the
server look at the peer creds and only permit read-only actions unless
you're root.

In the future we'll also have a group that can do mutable actions.

On OpenBSD and FreeBSD, the permissions on the socket remain locked
down to 0600 from d6e9fb1df0.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-01-15 10:13:00 -08:00
Brad Fitzpatrick 5aa5db89d6 cmd/tailscaled, wgengine/netstack: add start of gvisor userspace netstack work 
Not usefully functional yet (mostly a proof of concept), but getting
it submitted for some work @namansood is going to do atop this.

Updates #707
Updates #634
Updates #48
Updates #835
 2021-01-11 09:31:14 -08:00
Brad Fitzpatrick 053a1d1340 all: annotate log verbosity levels on most egregiously spammy log prints 
Fixes #924
Fixes #282

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2020-12-21 12:59:33 -08:00
Christine Dodrill