webnet/tailscale
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5,252 Commits 3 Branches 0 Tags
6bae55e351fce19314d3da319eee0582f8c3943c
Commit Graph

37 Commits

Author SHA1 Message Date
Brad Fitzpatrick b1248442c3 all: update to Go 1.20, use strings.CutPrefix/Suffix instead of our fork 
Updates #7123
Updates #5309

Change-Id: I90bcd87a2fb85a91834a0dd4be6e03db08438672
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2023-02-01 15:23:54 -08:00
Will Norris 71029cea2d all: update copyright and license headers 
This updates all source files to use a new standard header for copyright
and license declaration.  Notably, copyright no longer includes a date,
and we now use the standard SPDX-License-Identifier header.

This commit was done almost entirely mechanically with perl, and then
some minimal manual fixes.

Updates #6865

Signed-off-by: Will Norris <will@tailscale.com>
 2023-01-27 15:36:29 -08:00
Brad Fitzpatrick 1116602d4c ssh/tailssh: add OpenBSD support for Tailscale SSH 
And bump go.mod for https://github.com/u-root/u-root/pull/2593

Change-Id: I36ec94c5b2b76d671cb739f1e9a1a43ca1d9d1b1
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2023-01-09 12:58:15 -08:00
Brad Fitzpatrick be67b8e75b ssh/tailssh: fix Tailscale SSH to non-root tailscaled 
Fix regression from 337c77964b where
tailscaled started calling Setgroups. Prior to that, SSH to a non-root
tailscaled was working.

Instead, ignore any failure calling Setgroups if the groups are
already correct.

Fixes #6888

Change-Id: I561991ddb37eaf2620759c6bcaabd36e0fb2a22d
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2023-01-06 13:19:12 -08:00
Brad Fitzpatrick 8047dfa2dc ssh/tailssh: unify some of the incubator_* GOOS files into incubator.go 
In prep for fix for #6888

Change-Id: I79f780c6467a9b7ac03017b27d412d6b0d2f7e6b
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2023-01-06 13:19:12 -08:00
Brad Fitzpatrick 84eaef0bbb ssh/tailssh: don't swallow process exit code in be-child 
Thanks to @nshalman and @Soypete for debugging!

Updates #6054

Change-Id: I74550cc31f8a257b37351b8152634c768e1e0a8a
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-12-23 12:56:10 -08:00
Brad Fitzpatrick 651e0d8aad ssh/tailssh: add envknob for default PATH 
As backup plan, just in case the earlier fix's logic wasn't correct
and we want to experiment in the field or have users have a quicker
fix.

Updates #5285

Change-Id: I7447466374d11f8f609de6dfbc4d9a944770826d
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-12-15 15:01:04 -08:00
Brad Fitzpatrick 56f7da0cfd ssh/tailssh: set default Tailscale SSH $PATH for non-interactive commands 
Fixes #5285

Co-authored-by: Andrew Dunham <andrew@tailscale.com>
Change-Id: Ic7e967bf6a53b056cac5f21dd39565d9c31563af
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-12-14 18:45:35 -08:00
Pat Maddox 9bf3ef4167 ssh/tailssh: add Tailscale SSH (server) support on FreeBSD 
Change-Id: I607194b6ef99205e777f3df93a74ffe1a2e0344c
Signed-off-by: Pat Maddox <pat@ratiopbc.com>
 2022-11-10 20:25:23 -08:00
Brad Fitzpatrick da8def8e13 all: remove old +build tags 
The //go:build syntax was introduced in Go 1.17:

https://go.dev/doc/go1.17#build-lines

gofmt has kept the +build and go:build lines in sync since
then, but enough time has passed. Time to remove them.

Done with:

    perl -i -npe 's,^// \+build.*\n,,' $(git grep -l -F '+build')

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-04 07:25:42 -07:00
Maisem Ali 1440742a1c ssh/tailssh: use root / as cmd.Dir when users HomeDir doesn't exist 
Fixes #5224

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-11-01 16:33:44 +05:00
Maisem Ali f16b77de5d ssh/tailssh: do the full auth flow during ssh auth 
Fixes #5091

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-10-09 10:27:31 -07:00
Josh Soref d4811f11a0 all: fix spelling mistakes 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-09-29 13:36:13 -07:00
Brad Fitzpatrick 7eaf5e509f net/netaddr: start migrating to net/netip via new netaddr adapter package 
Updates #5162

Change-Id: Id7bdec303b25471f69d542f8ce43805328d56c12
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-07-25 16:20:43 -07:00
Maisem Ali 480fd6c797 ssh/tailssh: handle not-authenticated-yet connections in matchRule 
Also make more fields in conn.info thread safe, there was previously a
data race here.

Fixes #5110

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-07-21 12:42:31 -07:00
Maisem Ali af412e8874 ssh/tailssh: better handling of signals and exits 
We were not handling errors occurred while copying data between the subprocess and the connection.
This makes it so that we pass the appropriate signals when to the process and the connection.

This also fixes mosh.

Updates #4919

Co-authored-by: James Tucker <raggi@tailscale.com>
Co-authored-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-07-15 09:06:01 -07:00
Adam Eijdenberg 9294a14a37 ssh/tailssh: limit setgroups to 16 on macOS 
Fixes #4938

Signed-off-by: Adam Eijdenberg <adam@continusec.com>
 2022-06-25 22:17:53 -07:00
Adam Eijdenberg 7f807fef6c ssh/tailssh: fix /usr/bin/login args on macOS 
Fixes #4931

Signed-off-by: Adam Eijdenberg <adam@continusec.com>
 2022-06-25 22:17:53 -07:00
Maisem Ali 760740905e ssh/tailssh: only use login with TTY sessions 
Otherwise, the shell exits immediately causing applications like mosh
and VSCode to fail.

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-05-28 21:03:40 +05:00
Maisem Ali 5cd56fe8d5 ssh/tailssh: exec into login when launching a shell 
This has the added benefit of displaying the MOTD and reducing our
dependency on the DBus interface.

Fixes #4627
Updates #3802

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-05-09 19:17:52 -07:00
Maisem Ali a253057fc3 ssh/tailssh: refactor incubator flags 
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-05-09 19:17:52 -07:00
David Anderson a364bf2b62 ssh/tailssh: various typo fixes, clarifications. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2022-04-21 15:04:13 -07:00
Maisem Ali 337c77964b ssh/tailssh: set groups and gid in the incubated process 
Updates #3802

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-04-21 14:48:34 -07:00
Brad Fitzpatrick 8ac4d52b59 ssh/tailssh: filter accepted environment variables 
Noted by @danderson

Updates #3802

Change-Id: Iac70717ed57f11726209ac1ea93ddc6696605f94
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-04-21 14:44:46 -07:00
Maisem Ali 695f8a1d7e ssh/tailssh: add support for sftp 
Updates #3802

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-04-21 10:52:22 -07:00
Maisem Ali 2b8b887d55 ssh/tailssh: send banner messages during auth, move more to conn 
(VSCode Live Share between Brad & Maisem!)

Updates #3802

Change-Id: Id8edca4481b0811debfdf56d4ccb1a46f71dd6d3
Co-Authored-By: Brad Fitzpatrick <bradfitz@tailscale.com>
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-04-20 18:34:11 -07:00
Brad Fitzpatrick da14e024a8 tailcfg, ssh/tailssh: optionally support SSH public keys in wire policy 
And clean up logging.

Updates #3802

Change-Id: I756dc2d579a16757537142283d791f1d0319f4f0
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-04-15 13:36:57 -07:00
Brad Fitzpatrick 5a44f9f5b5 tempfork: temporarily fork gliderlabs/ssh and x/crypto/ssh 
While we rearrange/upstream things.

gliderlabs/ssh is forked into tempfork from our prior fork
at https://github.com/tailscale/ssh/commit/be8b7add4057ef5a8e458b42331a7633c06d026a

x/crypto/ssh OTOH is forked at
https://github.com/tailscale/golang-x-crypto because it was gnarlier
to vendor with various internal packages, etc.
Its git history shows where it starts (2c7772ba30643b7a2026cbea938420dce7c6384d).

Updates #3802

Change-Id: I546e5cdf831cfc030a6c42557c0ad2c58766c65f
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-03-26 21:07:01 -07:00
Maisem Ali 98b45ef12c ssh/tailssh: add support for agent forwarding. 
Updates #3802

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-03-14 13:38:53 -07:00
Brad Fitzpatrick 6e86bbcb06 ssh/tailssh: add a new sshSession type to clean up existing+future code 
Updates #3802

Change-Id: I7054dca387f5e5aee1185937ecf41b77a5a07f1a
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Co-authored-by: Maisem Ali <maisem@tailscale.com>
 2022-03-14 12:01:49 -07:00
Maisem Ali bf3559171f ssh/tailssh: set DBUS_SESSION_BUS_ADDRESS and SSH_TTY variables 
Updates #3802

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-03-12 19:40:51 -08:00
Maisem Ali 6d61b7906e ssh/tailssh: handle terminal opcodes 
Updates #3802 #4146

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-03-12 17:57:07 -08:00
Maisem Ali da6ce27416 go.mod: move from github.com/gliderlabs/ssh to github.com/tailscale/ssh 
Updates #4146

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-03-12 17:57:07 -08:00
Brad Fitzpatrick ba1adf6c24 ssh/tailssh: make pty termios options match OpenSSH 
Still not sure the exact rules of how/when/who's supposed to set
these, but this works for now on making them match. Baby steps.
Will research more and adjust later.

Updates #4146 (but not enough to fix it, something's still wrong)
Updates #3802

Change-Id: I496d8cd7e31d45fe9ede88fc8894f35dc096de67
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-03-11 12:16:10 -08:00
Brad Fitzpatrick 1dd5cf62a5 ssh/tailssh: start login shell, fix arg passing, width/height mismatch 
Updates #3802

Change-Id: I137d7a79195ee86d5dd7c8999f2797fc3cb57cec
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-03-10 20:11:41 -08:00
Maisem Ali 598c7a22e7 ssh/tailssh: use lu.Username not lu.Name. 
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-03-08 22:39:03 -08:00
Maisem Ali 06c147d848 ssh/tailssh: create login sessions for new connections 
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-03-08 21:47:19 -08:00