|
|
|
|
@ -58,13 +58,13 @@ type Server struct { |
|
|
|
|
cond *sync.Cond // lazily initialized by condLocked
|
|
|
|
|
pubKey key.MachinePublic |
|
|
|
|
privKey key.ControlPrivate // not strictly needed vs. MachinePrivate, but handy to test type interactions.
|
|
|
|
|
nodes map[tailcfg.NodeKey]*tailcfg.Node |
|
|
|
|
users map[tailcfg.NodeKey]*tailcfg.User |
|
|
|
|
logins map[tailcfg.NodeKey]*tailcfg.Login |
|
|
|
|
nodes map[key.NodePublic]*tailcfg.Node |
|
|
|
|
users map[key.NodePublic]*tailcfg.User |
|
|
|
|
logins map[key.NodePublic]*tailcfg.Login |
|
|
|
|
updates map[tailcfg.NodeID]chan updateType |
|
|
|
|
authPath map[string]*AuthPath |
|
|
|
|
nodeKeyAuthed map[tailcfg.NodeKey]bool // key => true once authenticated
|
|
|
|
|
pingReqsToAdd map[tailcfg.NodeKey]*tailcfg.PingRequest |
|
|
|
|
nodeKeyAuthed map[key.NodePublic]bool // key => true once authenticated
|
|
|
|
|
pingReqsToAdd map[key.NodePublic]*tailcfg.PingRequest |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// BaseURL returns the server's base URL, without trailing slash.
|
|
|
|
|
@ -103,7 +103,7 @@ func (s *Server) condLocked() *sync.Cond { |
|
|
|
|
|
|
|
|
|
// AwaitNodeInMapRequest waits for node k to be stuck in a map poll.
|
|
|
|
|
// It returns an error if and only if the context is done first.
|
|
|
|
|
func (s *Server) AwaitNodeInMapRequest(ctx context.Context, k tailcfg.NodeKey) error { |
|
|
|
|
func (s *Server) AwaitNodeInMapRequest(ctx context.Context, k key.NodePublic) error { |
|
|
|
|
s.mu.Lock() |
|
|
|
|
defer s.mu.Unlock() |
|
|
|
|
cond := s.condLocked() |
|
|
|
|
@ -135,11 +135,11 @@ func (s *Server) AwaitNodeInMapRequest(ctx context.Context, k tailcfg.NodeKey) e |
|
|
|
|
|
|
|
|
|
// AddPingRequest sends the ping pr to nodeKeyDst. It reports whether it did so. That is,
|
|
|
|
|
// it reports whether nodeKeyDst was connected.
|
|
|
|
|
func (s *Server) AddPingRequest(nodeKeyDst tailcfg.NodeKey, pr *tailcfg.PingRequest) bool { |
|
|
|
|
func (s *Server) AddPingRequest(nodeKeyDst key.NodePublic, pr *tailcfg.PingRequest) bool { |
|
|
|
|
s.mu.Lock() |
|
|
|
|
defer s.mu.Unlock() |
|
|
|
|
if s.pingReqsToAdd == nil { |
|
|
|
|
s.pingReqsToAdd = map[tailcfg.NodeKey]*tailcfg.PingRequest{} |
|
|
|
|
s.pingReqsToAdd = map[key.NodePublic]*tailcfg.PingRequest{} |
|
|
|
|
} |
|
|
|
|
// Now send the update to the channel
|
|
|
|
|
node := s.nodeLocked(nodeKeyDst) |
|
|
|
|
@ -154,7 +154,7 @@ func (s *Server) AddPingRequest(nodeKeyDst tailcfg.NodeKey, pr *tailcfg.PingRequ |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
type AuthPath struct { |
|
|
|
|
nodeKey tailcfg.NodeKey |
|
|
|
|
nodeKey key.NodePublic |
|
|
|
|
|
|
|
|
|
closeOnce sync.Once |
|
|
|
|
ch chan struct{} |
|
|
|
|
@ -254,7 +254,7 @@ func (s *Server) serveMachine(w http.ResponseWriter, r *http.Request) { |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// Node returns the node for nodeKey. It's always nil or cloned memory.
|
|
|
|
|
func (s *Server) Node(nodeKey tailcfg.NodeKey) *tailcfg.Node { |
|
|
|
|
func (s *Server) Node(nodeKey key.NodePublic) *tailcfg.Node { |
|
|
|
|
s.mu.Lock() |
|
|
|
|
defer s.mu.Unlock() |
|
|
|
|
return s.nodeLocked(nodeKey) |
|
|
|
|
@ -263,7 +263,7 @@ func (s *Server) Node(nodeKey tailcfg.NodeKey) *tailcfg.Node { |
|
|
|
|
// nodeLocked returns the node for nodeKey. It's always nil or cloned memory.
|
|
|
|
|
//
|
|
|
|
|
// s.mu must be held.
|
|
|
|
|
func (s *Server) nodeLocked(nodeKey tailcfg.NodeKey) *tailcfg.Node { |
|
|
|
|
func (s *Server) nodeLocked(nodeKey key.NodePublic) *tailcfg.Node { |
|
|
|
|
return s.nodes[nodeKey].Clone() |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@ -272,20 +272,21 @@ func (s *Server) AddFakeNode() { |
|
|
|
|
s.mu.Lock() |
|
|
|
|
defer s.mu.Unlock() |
|
|
|
|
if s.nodes == nil { |
|
|
|
|
s.nodes = make(map[tailcfg.NodeKey]*tailcfg.Node) |
|
|
|
|
s.nodes = make(map[key.NodePublic]*tailcfg.Node) |
|
|
|
|
} |
|
|
|
|
nk := key.NewNode().Public().AsNodeKey() |
|
|
|
|
nk := key.NewNode().Public() |
|
|
|
|
mk := key.NewMachine().Public() |
|
|
|
|
dk := tailcfg.DiscoKeyFromDiscoPublic(key.NewDisco().Public()) |
|
|
|
|
id := int64(binary.LittleEndian.Uint64(nk[:])) |
|
|
|
|
ip := netaddr.IPv4(nk[0], nk[1], nk[2], nk[3]) |
|
|
|
|
r := nk.Raw32() |
|
|
|
|
id := int64(binary.LittleEndian.Uint64(r[:])) |
|
|
|
|
ip := netaddr.IPv4(r[0], r[1], r[2], r[3]) |
|
|
|
|
addr := netaddr.IPPrefixFrom(ip, 32) |
|
|
|
|
s.nodes[nk] = &tailcfg.Node{ |
|
|
|
|
ID: tailcfg.NodeID(id), |
|
|
|
|
StableID: tailcfg.StableNodeID(fmt.Sprintf("TESTCTRL%08x", id)), |
|
|
|
|
User: tailcfg.UserID(id), |
|
|
|
|
Machine: mk, |
|
|
|
|
Key: nk, |
|
|
|
|
Key: nk.AsNodeKey(), |
|
|
|
|
MachineAuthorized: true, |
|
|
|
|
DiscoKey: dk, |
|
|
|
|
Addresses: []netaddr.IPPrefix{addr}, |
|
|
|
|
@ -306,14 +307,14 @@ func (s *Server) AllNodes() (nodes []*tailcfg.Node) { |
|
|
|
|
return nodes |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
func (s *Server) getUser(nodeKey tailcfg.NodeKey) (*tailcfg.User, *tailcfg.Login) { |
|
|
|
|
func (s *Server) getUser(nodeKey key.NodePublic) (*tailcfg.User, *tailcfg.Login) { |
|
|
|
|
s.mu.Lock() |
|
|
|
|
defer s.mu.Unlock() |
|
|
|
|
if s.users == nil { |
|
|
|
|
s.users = map[tailcfg.NodeKey]*tailcfg.User{} |
|
|
|
|
s.users = map[key.NodePublic]*tailcfg.User{} |
|
|
|
|
} |
|
|
|
|
if s.logins == nil { |
|
|
|
|
s.logins = map[tailcfg.NodeKey]*tailcfg.Login{} |
|
|
|
|
s.logins = map[key.NodePublic]*tailcfg.Login{} |
|
|
|
|
} |
|
|
|
|
if u, ok := s.users[nodeKey]; ok { |
|
|
|
|
return u, s.logins[nodeKey] |
|
|
|
|
@ -353,7 +354,7 @@ func (s *Server) authPathDone(authPath string) <-chan struct{} { |
|
|
|
|
return nil |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
func (s *Server) addAuthPath(authPath string, nodeKey tailcfg.NodeKey) { |
|
|
|
|
func (s *Server) addAuthPath(authPath string, nodeKey key.NodePublic) { |
|
|
|
|
s.mu.Lock() |
|
|
|
|
defer s.mu.Unlock() |
|
|
|
|
if s.authPath == nil { |
|
|
|
|
@ -385,7 +386,7 @@ func (s *Server) CompleteAuth(authPathOrURL string) bool { |
|
|
|
|
panic("zero AuthPath.NodeKey") |
|
|
|
|
} |
|
|
|
|
if s.nodeKeyAuthed == nil { |
|
|
|
|
s.nodeKeyAuthed = map[tailcfg.NodeKey]bool{} |
|
|
|
|
s.nodeKeyAuthed = map[key.NodePublic]bool{} |
|
|
|
|
} |
|
|
|
|
s.nodeKeyAuthed[ap.nodeKey] = true |
|
|
|
|
ap.CompleteSuccessfully() |
|
|
|
|
@ -433,10 +434,12 @@ func (s *Server) serveRegister(w http.ResponseWriter, r *http.Request, mkey key. |
|
|
|
|
// some follow-ups? For now all are successes.
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
user, login := s.getUser(req.NodeKey) |
|
|
|
|
nk := req.NodeKey.AsNodePublic() |
|
|
|
|
|
|
|
|
|
user, login := s.getUser(nk) |
|
|
|
|
s.mu.Lock() |
|
|
|
|
if s.nodes == nil { |
|
|
|
|
s.nodes = map[tailcfg.NodeKey]*tailcfg.Node{} |
|
|
|
|
s.nodes = map[key.NodePublic]*tailcfg.Node{} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
machineAuthorized := true // TODO: add Server.RequireMachineAuth
|
|
|
|
|
@ -449,7 +452,7 @@ func (s *Server) serveRegister(w http.ResponseWriter, r *http.Request, mkey key. |
|
|
|
|
v6Prefix, |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
s.nodes[req.NodeKey] = &tailcfg.Node{ |
|
|
|
|
s.nodes[nk] = &tailcfg.Node{ |
|
|
|
|
ID: tailcfg.NodeID(user.ID), |
|
|
|
|
StableID: tailcfg.StableNodeID(fmt.Sprintf("TESTCTRL%08x", int(user.ID))), |
|
|
|
|
User: user.ID, |
|
|
|
|
@ -461,7 +464,7 @@ func (s *Server) serveRegister(w http.ResponseWriter, r *http.Request, mkey key. |
|
|
|
|
Hostinfo: *req.Hostinfo, |
|
|
|
|
} |
|
|
|
|
requireAuth := s.RequireAuth |
|
|
|
|
if requireAuth && s.nodeKeyAuthed[req.NodeKey] { |
|
|
|
|
if requireAuth && s.nodeKeyAuthed[nk] { |
|
|
|
|
requireAuth = false |
|
|
|
|
} |
|
|
|
|
s.mu.Unlock() |
|
|
|
|
@ -471,7 +474,7 @@ func (s *Server) serveRegister(w http.ResponseWriter, r *http.Request, mkey key. |
|
|
|
|
randHex := make([]byte, 10) |
|
|
|
|
crand.Read(randHex) |
|
|
|
|
authPath := fmt.Sprintf("/auth/%x", randHex) |
|
|
|
|
s.addAuthPath(authPath, req.NodeKey) |
|
|
|
|
s.addAuthPath(authPath, nk) |
|
|
|
|
authURL = s.BaseURL() + authPath |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@ -535,7 +538,7 @@ func (s *Server) UpdateNode(n *tailcfg.Node) (peersToUpdate []tailcfg.NodeID) { |
|
|
|
|
if n.Key.IsZero() { |
|
|
|
|
panic("zero nodekey") |
|
|
|
|
} |
|
|
|
|
s.nodes[n.Key] = n.Clone() |
|
|
|
|
s.nodes[n.Key.AsNodePublic()] = n.Clone() |
|
|
|
|
for _, n2 := range s.nodes { |
|
|
|
|
if n.ID != n2.ID { |
|
|
|
|
peersToUpdate = append(peersToUpdate, n2.ID) |
|
|
|
|
@ -578,7 +581,7 @@ func (s *Server) serveMap(w http.ResponseWriter, r *http.Request, mkey key.Machi |
|
|
|
|
jitter := time.Duration(rand.Intn(8000)) * time.Millisecond |
|
|
|
|
keepAlive := 50*time.Second + jitter |
|
|
|
|
|
|
|
|
|
node := s.Node(req.NodeKey) |
|
|
|
|
node := s.Node(req.NodeKey.AsNodePublic()) |
|
|
|
|
if node == nil { |
|
|
|
|
http.Error(w, "node not found", 400) |
|
|
|
|
return |
|
|
|
|
@ -690,12 +693,13 @@ var keepAliveMsg = &struct { |
|
|
|
|
//
|
|
|
|
|
// No updates to s are done here.
|
|
|
|
|
func (s *Server) MapResponse(req *tailcfg.MapRequest) (res *tailcfg.MapResponse, err error) { |
|
|
|
|
node := s.Node(req.NodeKey) |
|
|
|
|
nk := req.NodeKey.AsNodePublic() |
|
|
|
|
node := s.Node(nk) |
|
|
|
|
if node == nil { |
|
|
|
|
// node key rotated away (once test server supports that)
|
|
|
|
|
return nil, nil |
|
|
|
|
} |
|
|
|
|
user, _ := s.getUser(req.NodeKey) |
|
|
|
|
user, _ := s.getUser(nk) |
|
|
|
|
res = &tailcfg.MapResponse{ |
|
|
|
|
Node: node, |
|
|
|
|
DERPMap: s.DERPMap, |
|
|
|
|
@ -727,9 +731,9 @@ func (s *Server) MapResponse(req *tailcfg.MapRequest) (res *tailcfg.MapResponse, |
|
|
|
|
|
|
|
|
|
// Consume the PingRequest while protected by mutex if it exists
|
|
|
|
|
s.mu.Lock() |
|
|
|
|
if pr, ok := s.pingReqsToAdd[node.Key]; ok { |
|
|
|
|
if pr, ok := s.pingReqsToAdd[nk]; ok { |
|
|
|
|
res.PingRequest = pr |
|
|
|
|
delete(s.pingReqsToAdd, node.Key) |
|
|
|
|
delete(s.pingReqsToAdd, nk) |
|
|
|
|
} |
|
|
|
|
s.mu.Unlock() |
|
|
|
|
return res, nil |
|
|
|
|
|
David Anderson
5 years ago