juanfont/headscale
1
1
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2024-09-20 15:26:35 +08:00
Code Issues Packages Projects Releases Wiki Activity
2417 commits 53 branches 130 tags 28 MiB
Commit graph

59 commits

Author SHA1 Message Date
Kristoffer Dalby 8be14ef6fe
gofumpt 
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
 2022-09-23 11:53:42 +02:00
Kristoffer Dalby 2bb34751d1
Validate the incoming nodekey with regex before attempting to parse 
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
 2022-09-23 11:53:42 +02:00
Juan Font Alonso cdf48b1216 Migrate utils to net/netip 2022-09-02 00:05:18 +02:00
Juan Font Alonso 43ad0d4416 Removed unused method 2022-08-19 14:24:43 +02:00
Juan Font Alonso 5cf9eedf42 Minor logging corrections 2022-08-15 10:43:39 +02:00
Juan Font Alonso 0d0042b7e6 Added zstd constant for linting 2022-08-14 17:04:07 +02:00
Grigoriy Mikhalkin cc1343d31d fixed typo in ErrCannotDecryptResponse name 2022-08-05 00:00:36 +02:00
Grigoriy Mikhalkin 911e6ba6de exported API errors 2022-07-29 17:35:21 +02:00
Juan Font Alonso a913d1b521 Lint fixes 2/n 2022-06-26 11:55:37 +02:00
Anton Schubert 8f31ed51e1 fix occasional panic on registration 
GenerateRandomStringDNSSafe will panic occasionally if the random base64
string contains too many - and _ due to the replacement. Fix by looping.
 2022-06-15 12:22:57 +02:00
Kristoffer Dalby 35722cd5aa Move FilePerm function from cli to headscale 2022-06-03 09:24:36 +02:00
Kristoffer Dalby 36dca3516a Move Abspath function to headscale utils 2022-05-31 14:28:23 +02:00
Juan Font Alonso 4f3f0542d4 Fix some issues in testing with new hostname handling 2022-05-28 12:54:57 +02:00
Kristoffer Dalby e631c6f7e0 Merge master 2022-05-16 21:41:46 +02:00
Kristoffer Dalby 177c21b294 Add helper function to create a unique givenname 2022-05-16 20:30:43 +02:00
Adrien Raffin-Caboisse 4435a4f19d
chore: apply lint recommendations 2022-05-16 14:59:46 +02:00
Adrien Raffin-Caboisse a2fb5b2b9d
Merge remote-tracking branch 'origin/main' into feat-list-tags-of-machines 2022-05-03 20:35:28 +02:00
Antoine POPINEAU 7cc58af932
Allow more configuration over the OIDC flow. 
Adds knobs to configure three aspects of the OpenID Connect flow:

 * Custom scopes to override the default "openid profile email".
 * Custom parameters to be added to the Authorize Endpoint request.
 * Domain allowlisting for authenticated principals.
 * User allowlisting for authenticated principals.
 2022-05-02 17:11:07 +02:00
Adrien Raffin-Caboisse 8061abe279 refact: use generics for contains functions 2022-04-25 22:17:23 +02:00
Kristoffer Dalby 67d6c8f946 Remove oversensitive tracing output 2022-02-27 09:04:27 +01:00
Kristoffer Dalby ebe59a5a27 Fix utils tests, use ipset datastructure 2022-02-25 08:28:22 +00:00
Kristoffer Dalby eda0a9f88a Lock allocation of IP address 
current logic is not safe as it will allow an IP that isnt persisted to
the DB to be given out multiple times if machines joins in quick
succession.

This adds a lock around the "get ip" and machine registration and save
to DB so we ensure thiis isnt happning.

Currently this had to be done three places, which is silly, and outlined
in #294.
 2022-02-24 13:18:18 +00:00
Adrien Raffin-Caboisse 5f642eef76
chore(lint): more lint fixing 2022-02-17 09:32:54 +01:00
Adrien Raffin e482dfeed4
feat(machine): add ACLFilter if ACL's are enabled. 
This commit change the default behaviour and remove the notion of namespaces between the hosts. It allows all namespaces to be only filtered by the ACLs. This behavior is closer to tailsnet.
 2022-02-17 09:30:05 +01:00
Kristoffer Dalby ead8b68a03 Fix lint 2022-02-12 19:42:55 +00:00
Kristoffer Dalby 3393363a67 Add safe random hash generators 2022-01-25 22:11:15 +00:00
Kristoffer Dalby 445c04baf7 Fix lint 2022-01-30 08:35:10 +00:00
Csaba Sarkadi 6220836050 utils: extract GetIPPrefixEndpoints from anonymous function 2022-01-29 15:26:28 +01:00
Csaba Sarkadi 1a6e5d8770 Add support for multiple IP prefixes 2022-01-16 14:18:22 +01:00
Csaba Sarkadi 46cdce00af Do not assume IPv4 during address generation 2022-01-15 16:06:34 +01:00
Kristoffer Dalby 34f4109fbd Add back privatekey, but automatically generate it if it does not exist 2021-11-28 09:17:18 +00:00
Kristoffer Dalby 59aeaa8476 Ensure we always have the key prefix when needed 2021-11-27 20:25:12 +00:00
Kristoffer Dalby c38f00fab8 Unmarshal keys in the non-deprecated way 2021-11-26 23:50:42 +00:00
Kristoffer Dalby cfd53bc4aa Factor wgkey to types/key 
This commit converts all the uses of wgkey to the new key interfaces.

It now has specific  machine, node and discovery keys and we now should
use them correctly.

Please note the new logic which strips a key prefix (in utils.go) that
is now standard inside tailscale.

In theory we could put it in the database, but to preserve backwards
compatibility and not spend a lot of resources on accounting for both,
we just strip them.
 2021-11-26 23:30:42 +00:00
Kristoffer Dalby d6739386a0
Get rid of dynamic errors 2021-11-15 19:18:14 +00:00
Kristoffer Dalby 715542ac1c
Add and fix stylecheck (golint replacement) 2021-11-15 17:24:24 +00:00
Kristoffer Dalby 0c45f8d252
Add and fix errorlint 2021-11-15 16:26:41 +00:00
Kristoffer Dalby 471c0b4993
Initial work eliminating one/two letter variables 2021-11-14 20:32:03 +01:00
Kristoffer Dalby 89eb13c6cb
Add and fix nlreturn (new line return) 2021-11-14 16:46:09 +01:00
Kristoffer Dalby 2634215f12 golangci-lint --fix 2021-11-13 08:39:04 +00:00
Kristoffer Dalby 03b7ec62ca Go format with shorter lines 2021-11-13 08:36:45 +00:00
Kristoffer Dalby 9acc3e0e73 Add a set of ip prefix convert helpers 2021-11-04 22:17:44 +00:00
Kristoffer Dalby 434fac52b7 Fix lint error 2021-10-30 14:29:03 +00:00
Kristoffer Dalby 6aacada852 Switch from gRPC localhost to socket 
This commit changes the way CLI and grpc-gateway communicates with the
gRPC backend to socket, instead of localhost. Unauthenticated access now
goes on the socket, while the network interface will require API key (in
the future).
 2021-10-30 14:08:16 +00:00
Kristoffer Dalby 68dab0fe7b Move localhost check to utils 2021-10-29 17:04:58 +00:00
Kristoffer Dalby 9698abbfd5
Resolve merge conflict 2021-08-13 10:33:19 +01:00
Kristoffer Dalby ea615e3a26
Do not issue "network" or "broadcast" addresses (0 or 255) 2021-08-03 10:06:42 +01:00
Kristoffer Dalby 73207decfd Check that IP is set before parsing 
Machine is saved to db before it is assigned an ip, so we might have
empty ip fields coming back.
 2021-08-03 07:42:11 +01:00
Kristoffer Dalby b5841c8a8b Rework getAvailableIp 
This commit reworks getAvailableIp with a "simpler" version that will
look for the first available IP address in our IP Prefix.

There is a couple of ideas behind this:

* Make the host IPs reasonably predictable and in within similar
  subnets, which should simplify ACLs for subnets
* The code is not random, but deterministic so we can have tests
* The code is a bit more understandable (no bit shift magic)
 2021-08-02 21:57:45 +01:00
Kristoffer Dalby 309f868a21 Make IP prefix configurable 
This commit makes the IP prefix used to generate addresses configurable
to users. This can be useful if you would like to use a smaller range or
if your current setup is overlapping with the current range.

The current range is left as a default
 2021-08-02 20:06:26 +01:00