|
|
|
|
@ -10,6 +10,7 @@ import ( |
|
|
|
|
"errors" |
|
|
|
|
"fmt" |
|
|
|
|
"os" |
|
|
|
|
"runtime" |
|
|
|
|
"strings" |
|
|
|
|
"sync" |
|
|
|
|
"time" |
|
|
|
|
@ -265,6 +266,11 @@ func (b *LocalBackend) setClientStatus(st controlclient.Status) { |
|
|
|
|
b.prefs.Persist = st.Persist.Clone() |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
if temporarilySetMachineKeyInPersist() && b.prefs.Persist != nil && |
|
|
|
|
b.prefs.Persist.LegacyFrontendPrivateMachineKey.IsZero() { |
|
|
|
|
b.prefs.Persist.LegacyFrontendPrivateMachineKey = b.machinePrivKey |
|
|
|
|
prefsChanged = true |
|
|
|
|
} |
|
|
|
|
if st.NetMap != nil { |
|
|
|
|
b.setNetMapLocked(st.NetMap) |
|
|
|
|
|
|
|
|
|
@ -483,6 +489,12 @@ func (b *LocalBackend) Start(opts Options) error { |
|
|
|
|
|
|
|
|
|
b.mu.Lock() |
|
|
|
|
prefs := b.prefs.Clone() |
|
|
|
|
|
|
|
|
|
if temporarilySetMachineKeyInPersist() && prefs.Persist != nil && |
|
|
|
|
prefs.Persist.LegacyFrontendPrivateMachineKey.IsZero() { |
|
|
|
|
prefs.Persist.LegacyFrontendPrivateMachineKey = b.machinePrivKey |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
b.mu.Unlock() |
|
|
|
|
|
|
|
|
|
blid := b.backendLogID |
|
|
|
|
@ -689,7 +701,16 @@ func (b *LocalBackend) popBrowserAuthNow() { |
|
|
|
|
//
|
|
|
|
|
// b.prefs must already be initialized.
|
|
|
|
|
// b.mu must be held.
|
|
|
|
|
func (b *LocalBackend) initMachineKeyLocked() error { |
|
|
|
|
func (b *LocalBackend) initMachineKeyLocked() (err error) { |
|
|
|
|
if temporarilySetMachineKeyInPersist() { |
|
|
|
|
defer func() { |
|
|
|
|
if err != nil { |
|
|
|
|
return |
|
|
|
|
} |
|
|
|
|
b.prefs.Persist.LegacyFrontendPrivateMachineKey = b.machinePrivKey |
|
|
|
|
}() |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if !b.machinePrivKey.IsZero() { |
|
|
|
|
// Already set.
|
|
|
|
|
return nil |
|
|
|
|
@ -1504,3 +1525,20 @@ func (b *LocalBackend) TestOnlyPublicKeys() (machineKey tailcfg.MachineKey, node |
|
|
|
|
nk := prefs.Persist.PrivateNodeKey.Public() |
|
|
|
|
return tailcfg.MachineKey(mk), tailcfg.NodeKey(nk) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// temporarilySetMachineKeyInPersist reports whether we should set
|
|
|
|
|
// the machine key in Prefs.Persist.LegacyFrontendPrivateMachineKey
|
|
|
|
|
// for the frontend to write out to its preferences for use later.
|
|
|
|
|
//
|
|
|
|
|
// TODO: remove this in Tailscale 1.3.x (so it effectively always
|
|
|
|
|
// returns false). It just exists so users can downgrade from 1.2.x to
|
|
|
|
|
// 1.0.x. But eventually we want to stop sending the machine key to
|
|
|
|
|
// clients. We can't do that until 1.0.x is no longer supported.
|
|
|
|
|
func temporarilySetMachineKeyInPersist() bool { |
|
|
|
|
//lint:ignore S1008 for comments
|
|
|
|
|
if runtime.GOOS == "darwin" { |
|
|
|
|
// iOS and macOS users can't downgrade anyway.
|
|
|
|
|
return false |
|
|
|
|
} |
|
|
|
|
return true |
|
|
|
|
} |
|
|
|
|
|
Brad Fitzpatrick
6 years ago
committed by
Brad Fitzpatrick