ipnlocal

package
v0.0.0-...-ded95ce Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 14, 2022 License: BSD-3-Clause Imports: 94 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RegisterNewSSHServer 

func RegisterNewSSHServer(fn newSSHServerFunc)

RegisterNewSSHServer lets the conditionally linked ssh/tailssh package register itself.

Types

type LocalBackend 

type LocalBackend struct {
	// contains filtered or unexported fields
}

LocalBackend is the glue between the major pieces of the Tailscale network software: the cloud control plane (via controlclient), the network data plane (via wgengine), and the user-facing UIs and CLIs (collectively called "frontends", via LocalBackend's implementation of the Backend interface).

LocalBackend implements the overall state machine for the Tailscale application. Frontends, controlclient and wgengine can feed events into LocalBackend to advance the state machine, and advancing the state machine generates events back out to zero or more components.

func NewLocalBackend 

func NewLocalBackend(logf logger.Logf, logid string, store ipn.StateStore, dialer *tsdial.Dialer, e wgengine.Engine, loginFlags controlclient.LoginFlags) (*LocalBackend, error)

NewLocalBackend returns a new LocalBackend that is ready to run, but is not actually running.

If dialer is nil, a new one is made.

func (*LocalBackend) CanSupportNetworkLock 

func (b *LocalBackend) CanSupportNetworkLock() error

CanSupportNetworkLock returns nil if tailscaled is able to operate a local tailnet key authority (and hence enforce network lock).

func (*LocalBackend) CheckIPForwarding 

func (b *LocalBackend) CheckIPForwarding() error

func (*LocalBackend) CheckPrefs 

func (b *LocalBackend) CheckPrefs(p *ipn.Prefs) error

func (*LocalBackend) DERPMap 

func (b *LocalBackend) DERPMap() *tailcfg.DERPMap

DERPMap returns the current DERPMap in use, or nil if not connected.

func (*LocalBackend) DebugReSTUN 

func (b *LocalBackend) DebugReSTUN() error

func (*LocalBackend) DebugRebind 

func (b *LocalBackend) DebugRebind() error

func (*LocalBackend) DeleteFile 

func (b *LocalBackend) DeleteFile(name string) error

func (*LocalBackend) Dialer 

func (b *LocalBackend) Dialer() *tsdial.Dialer

Dialer returns the backend's dialer.

func (*LocalBackend) DoNoiseRequest 

func (b *LocalBackend) DoNoiseRequest(req *http.Request) (*http.Response, error)

DoNoiseRequest sends a request to URL over the control plane Noise connection.

func (*LocalBackend) Doctor 

func (b *LocalBackend) Doctor(ctx context.Context, logf logger.Logf)

func (*LocalBackend) EditPrefs 

func (b *LocalBackend) EditPrefs(mp *ipn.MaskedPrefs) (ipn.PrefsView, error)

func (*LocalBackend) FileTargets 

func (b *LocalBackend) FileTargets() ([]*apitype.FileTarget, error)

FileTargets lists nodes that the current node can send files to.

func (*LocalBackend) GetComponentDebugLogging 

func (b *LocalBackend) GetComponentDebugLogging(component string) time.Time

GetComponentDebugLogging gets the time that component's debug logging is enabled until, or the zero time if component's time is not currently enabled.

func (*LocalBackend) GetPeerAPIPort 

func (b *LocalBackend) GetPeerAPIPort(ip netip.Addr) (port uint16, ok bool)

GetPeerAPIPort returns the port number for the peerapi server running on the provided IP.

func (*LocalBackend) GetSSH_HostKeys 

func (b *LocalBackend) GetSSH_HostKeys() (keys []ssh.Signer, err error)

func (*LocalBackend) HandleQuad100Port80Conn 

func (b *LocalBackend) HandleQuad100Port80Conn(c net.Conn)

HandleQuad100Port80Conn serves http://100.100.100.100/ on port 80 (and the equivalent tsaddr.TailscaleServiceIPv6 address).

func (*LocalBackend) HandleSSHConn 

func (b *LocalBackend) HandleSSHConn(c net.Conn) (err error)

func (*LocalBackend) InServerMode 

func (b *LocalBackend) InServerMode() bool

func (*LocalBackend) KeyProvingNoiseRoundTripper 

func (b *LocalBackend) KeyProvingNoiseRoundTripper() http.RoundTripper

KeyProvingNoiseRoundTripper returns an http.RoundTripper that uses the LocalBackend's DoNoiseRequest method and mutates the request to add an authorization header to prove the client's nodekey.

func (*LocalBackend) Login 

func (b *LocalBackend) Login(token *tailcfg.Oauth2Token)

Login implements Backend. As of 2022-02-17, this is only exists for tests.

func (*LocalBackend) Logout 

func (b *LocalBackend) Logout()

Logout tells the controlclient that we want to log out, and transitions the local engine to the logged-out state without waiting for controlclient to be in that state.

func (*LocalBackend) LogoutSync 

func (b *LocalBackend) LogoutSync(ctx context.Context) error

func (*LocalBackend) NetMap 

func (b *LocalBackend) NetMap() *netmap.NetworkMap

NetMap returns the latest cached network map received from controlclient, or nil if no network map was received yet.

func (*LocalBackend) NetworkLockDisable 

func (b *LocalBackend) NetworkLockDisable(secret []byte) error

NetworkLockDisable disables network-lock using the provided disablement secret.

func (*LocalBackend) NetworkLockInit 

func (b *LocalBackend) NetworkLockInit(keys []tka.Key, disablementValues [][]byte) error

NetworkLockInit enables network-lock for the tailnet, with the tailnets' key authority initialized to trust the provided keys.

Initialization involves two RPCs with control, termed 'begin' and 'finish'. The Begin RPC transmits the genesis Authority Update Message, which encodes the initial state of the authority, and the list of all nodes needing signatures is returned as a response. The Finish RPC submits signatures for all these nodes, at which point Control has everything it needs to atomically enable network lock.

func (*LocalBackend) NetworkLockKeyTrustedForTest 

func (b *LocalBackend) NetworkLockKeyTrustedForTest(keyID tkatype.KeyID) bool

Only use is in tests.

func (*LocalBackend) NetworkLockModify 

func (b *LocalBackend) NetworkLockModify(addKeys, removeKeys []tka.Key) (err error)

NetworkLockModify adds and/or removes keys in the tailnet's key authority.

func (*LocalBackend) NetworkLockSign 

func (b *LocalBackend) NetworkLockSign(nodeKey key.NodePublic, rotationPublic []byte) error

NetworkLockSign signs the given node-key and submits it to the control plane. rotationPublic, if specified, must be an ed25519 public key.

func (*LocalBackend) NetworkLockStatus 

func (b *LocalBackend) NetworkLockStatus() *ipnstate.NetworkLockStatus

NetworkLockStatus returns a structure describing the state of the tailnet key authority, if any.

func (*LocalBackend) NetworkLockVerifySignatureForTest 

func (b *LocalBackend) NetworkLockVerifySignatureForTest(nks tkatype.MarshaledSignature, nodeKey key.NodePublic) error

Only use is in tests.

func (*LocalBackend) OfferingExitNode 

func (b *LocalBackend) OfferingExitNode() bool

OfferingExitNode reports whether b is currently offering exit node access.

func (*LocalBackend) OpenFile 

func (b *LocalBackend) OpenFile(name string) (rc io.ReadCloser, size int64, err error)

func (*LocalBackend) OperatorUserID 

func (b *LocalBackend) OperatorUserID() string

OperatorUserID returns the current pref's OperatorUser's ID (in os/user.User.Uid string form), or the empty string if none.

func (*LocalBackend) PeerCaps 

func (b *LocalBackend) PeerCaps(src netip.Addr) []string

PeerCaps returns the capabilities that remote src IP has to ths current node.

func (*LocalBackend) Ping 

func (b *LocalBackend) Ping(ctx context.Context, ip netip.Addr, pingType tailcfg.PingType) (*ipnstate.PingResult, error)

func (*LocalBackend) Prefs 

func (b *LocalBackend) Prefs() ipn.PrefsView

Prefs returns a copy of b's current prefs, with any private keys removed.

func (*LocalBackend) RequestEngineStatus 

func (b *LocalBackend) RequestEngineStatus()

RequestEngineStatus implements Backend.

func (*LocalBackend) ResetForClientDisconnect 

func (b *LocalBackend) ResetForClientDisconnect()

ResetForClientDisconnect resets the backend for GUI clients running in interactive (non-headless) mode. This is currently used only by Windows. This causes all state to be cleared, lest an unrelated user connect to tailscaled next. But it does not trigger a logout; we don't want to the user to have to reauthenticate in the future when they restart the GUI.

func (*LocalBackend) ServePeerAPIConnection 

func (b *LocalBackend) ServePeerAPIConnection(remote, local netip.AddrPort, c net.Conn)

ServePeerAPIConnection serves an already-accepted connection c.

The remote parameter is the remote address. The local parameter is the local address (either a Tailscale IPv4 or IPv6 IP and the peerapi port for that address).

The connection will be closed by ServePeerAPIConnection.

func (*LocalBackend) SetComponentDebugLogging 

func (b *LocalBackend) SetComponentDebugLogging(component string, until time.Time) error

SetComponentDebugLogging sets component's debug logging enabled until the until time. If until is in the past, the component's debug logging is disabled.

The following components are recognized:

  • magicsock

func (*LocalBackend) SetControlClientGetterForTesting 

func (b *LocalBackend) SetControlClientGetterForTesting(newControlClient func(controlclient.Options) (controlclient.Client, error))

SetControlClientGetterForTesting sets the func that creates a control plane client. It can be called at most once, before Start.

func (*LocalBackend) SetCurrentUserID 

func (b *LocalBackend) SetCurrentUserID(uid string)

func (*LocalBackend) SetDNS 

func (b *LocalBackend) SetDNS(ctx context.Context, name, value string) error

SetDNS adds a DNS record for the given domain name & TXT record value.

It's meant for use with dns-01 ACME (LetsEncrypt) challenges.

This is the low-level interface. Other layers will provide more friendly options to get HTTPS certs.

func (*LocalBackend) SetDecompressor 

func (b *LocalBackend) SetDecompressor(fn func() (controlclient.Decompressor, error))

SetDecompressor sets a decompression function, which must be a zstd reader.

This exists because the iOS/Mac NetworkExtension is very resource constrained, and the zstd package is too heavy to fit in the constrained RSS limit.

func (*LocalBackend) SetDirectFileDoFinalRename 

func (b *LocalBackend) SetDirectFileDoFinalRename(v bool)

SetDirectFileDoFinalRename sets whether the peerapi file server should rename a received "name.partial" file to "name" when the download is complete.

This only applies when SetDirectFileRoot is non-empty. The default is false.

func (*LocalBackend) SetDirectFileRoot 

func (b *LocalBackend) SetDirectFileRoot(dir string)

SetDirectFileRoot sets the directory to download files to directly, without buffering them through an intermediate daemon-owned tailcfg.UserID-specific directory.

This must be called before the LocalBackend starts being used.

func (*LocalBackend) SetExpirySooner 

func (b *LocalBackend) SetExpirySooner(ctx context.Context, expiry time.Time) error

SetExpiry updates the expiry of the current node key to t, as long as it's only sooner than the old expiry.

If t is in the past, the key is expired immediately. If t is after the current expiry, an error is returned.

func (*LocalBackend) SetHTTPTestClient 

func (b *LocalBackend) SetHTTPTestClient(c *http.Client)

SetHTTPTestClient sets an alternate HTTP client to use with connections to the coordination server. It exists for testing. Using nil means to use the default.

func (*LocalBackend) SetNotifyCallback 

func (b *LocalBackend) SetNotifyCallback(notify func(ipn.Notify))

func (*LocalBackend) SetPrefs 

func (b *LocalBackend) SetPrefs(newp *ipn.Prefs)

SetPrefs saves new user preferences and propagates them throughout the system. Implements Backend.

func (*LocalBackend) SetTailnetKeyAuthority 

func (b *LocalBackend) SetTailnetKeyAuthority(a *tka.Authority, storage *tka.FS)

SetTailnetKeyAuthority sets the key authority which should be used for locked tailnets.

It should only be called before the LocalBackend is used.

func (*LocalBackend) SetVarRoot 

func (b *LocalBackend) SetVarRoot(dir string)

SetVarRoot sets the root directory of Tailscale's writable storage area . (e.g. "/var/lib/tailscale")

It should only be called before the LocalBackend is used.

func (*LocalBackend) ShouldHandleViaIP 

func (b *LocalBackend) ShouldHandleViaIP(ip netip.Addr) bool

ShouldHandleViaIP reports whether ip is an IPv6 address in the Tailscale ULA's v6 "via" range embedding an IPv4 address to be forwarded to by Tailscale.

func (*LocalBackend) ShouldRunSSH 

func (b *LocalBackend) ShouldRunSSH() bool

func (*LocalBackend) Shutdown 

func (b *LocalBackend) Shutdown()

Shutdown halts the backend and all its sub-components. The backend can no longer be used after Shutdown returns.

func (*LocalBackend) Start 

func (b *LocalBackend) Start(opts ipn.Options) error

Start applies the configuration specified in opts, and starts the state machine.

TODO(danderson): this function is trying to do too many things at once: it loads state, or imports it, or updates prefs sometimes, contains some settings that are one-shot things done by `tailscale up` because we had nowhere else to put them, and there's no clear guarantee that switching from one user's state to another is actually a supported operation (it should be, but it's very unclear from the following whether or not that is a safe transition).

func (*LocalBackend) StartLoginInteractive 

func (b *LocalBackend) StartLoginInteractive()

StartLoginInteractive implements Backend. It requests a new interactive login from controlclient, unless such a flow is already in progress, in which case StartLoginInteractive attempts to pick up the in-progress flow where it left off.

func (*LocalBackend) State 

func (b *LocalBackend) State() ipn.State

State returns the backend state machine's current state.

func (*LocalBackend) Status 

func (b *LocalBackend) Status() *ipnstate.Status

Status returns the latest status of the backend and its sub-components.

func (*LocalBackend) StatusWithoutPeers 

func (b *LocalBackend) StatusWithoutPeers() *ipnstate.Status

StatusWithoutPeers is like Status but omits any details of peers.

func (*LocalBackend) TailscaleVarRoot 

func (b *LocalBackend) TailscaleVarRoot() string

TailscaleVarRoot returns the root directory of Tailscale's writable storage area. (e.g. "/var/lib/tailscale")

It returns an empty string if there's no configured or discovered location.

func (*LocalBackend) TestOnlyPublicKeys 

func (b *LocalBackend) TestOnlyPublicKeys() (machineKey key.MachinePublic, nodeKey key.NodePublic)

TestOnlyPublicKeys returns the current machine and node public keys. Used in tests only to facilitate automated node authorization in the test harness.

func (*LocalBackend) UpdateStatus 

func (b *LocalBackend) UpdateStatus(sb *ipnstate.StatusBuilder)

UpdateStatus implements ipnstate.StatusUpdater.

func (*LocalBackend) WaitingFiles 

func (b *LocalBackend) WaitingFiles() ([]apitype.WaitingFile, error)

func (*LocalBackend) WhoIs 

func (b *LocalBackend) WhoIs(ipp netip.AddrPort) (n *tailcfg.Node, u tailcfg.UserProfile, ok bool)

WhoIs reports the node and user who owns the node with the given IP:port. If the IP address is a Tailscale IP, the provided port may be 0. If ok == true, n and u are valid.

type SSHServer 

type SSHServer interface {
	HandleSSHConn(net.Conn) error

	// OnPolicyChange is called when the SSH access policy changes,
	// so that existing sessions can be re-evaluated for validity
	// and closed if they'd no longer be accepted.
	OnPolicyChange()

	// Shutdown is called when tailscaled is shutting down.
	Shutdown()
}

SSHServer is the interface of the conditionally linked ssh/tailssh.server.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.