mirrors/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-11-02 09:11:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
5,199 Commits 935 Branches 199 Tags
Commit Graph

397 Commits

Author SHA1 Message Date
Will Norris
71029cea2d all: update copyright and license headers 
This updates all source files to use a new standard header for copyright
and license declaration.  Notably, copyright no longer includes a date,
and we now use the standard SPDX-License-Identifier header.

This commit was done almost entirely mechanically with perl, and then
some minimal manual fixes.

Updates #6865

Signed-off-by: Will Norris <will@tailscale.com>
 2023-01-27 15:36:29 -08:00
phirework
2d29f77b24
cmd/tailscale/cli: fix TUNmode display on synology web page (#7064) 
Fixes #7059

Signed-off-by: Jenny Zhang <jz@tailscale.com>

Signed-off-by: Jenny Zhang <jz@tailscale.com>
 2023-01-25 13:22:19 -05:00
Brad Fitzpatrick
c8db70fd73 cmd/tailscale/cli: add debug set-expire command for testing 
Updates tailscale/corp#8811
Updates tailscale/corp#8613

Change-Id: I1c87806ca3ccc5c43e7ddbd6b4d521f73f7d29f1
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2023-01-23 19:12:26 -08:00
Brad Fitzpatrick
fd92fbd69e cmd/tailscale/cli: only give systemctl hint on systemd systems 
Per recent user confusion on a QNAP issue.

Change-Id: Ibda00013df793fb831f4088b40be8a04dfad17c2
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2023-01-21 13:19:54 -08:00
Brad Fitzpatrick
ba5aa2c486 version, cmd/tailscale: add version.Meta, tailscale version --json 
Add `tailscale version --json` JSON output mode. This will be used
later for a double-opt-in (per node consent like Tailscale SSH +
control config) to let admins do remote upgrades via `tailscale
update` via a c2n call, which would then need to verify the
cmd/tailscale found on disk for running tailscale update corresponds
to the running tailscaled, refusing if anything looks amiss.

Plus JSON output modes are just nice to have, rather than parsing
unstable/fragile/obscure text formats.

Updates #6995
Updates #6907

Change-Id: I7821ab7fbea4612f4b9b7bdc1be1ad1095aca71b
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2023-01-20 21:04:30 -08:00
Brad Fitzpatrick
5ca22a0068 cmd/tailscale/cli: make 'tailscale update' support Debian/Ubuntu apt 
Updates #6995

Change-Id: I3355435db583755e0fc73d76347f6423b8939dfb
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2023-01-20 13:22:19 -08:00
shayne
73399f784b
cmd/tailscale/cli: use mock impl of LocalClient for serve cmd (#6422) 
Create an interface and mock implementation of tailscale.LocalClient for
serve command tests.

Updates #6304
Closes #6372

Signed-off-by: Shayne Sweeney <shayne@tailscale.com>
 2023-01-20 12:36:25 -05:00
Brad Fitzpatrick
c129bf1da1 cmd/tailscale/cli: un-alpha login+switch in ShortUsage docs 
Change-Id: I580d4417cf03833dfa8f6a295fb416faa667c477
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2023-01-19 11:59:27 -08:00
Brad Fitzpatrick
71a7b8581d cmd/tailscale/cli: make "update" work on Windows 
Updates #6995

Co-authored-by: Aaron Klotz <aaron@tailscale.com>
Change-Id: I16622f43156a70b6fbc8205239fd489d7378d57b
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2023-01-19 10:02:19 -08:00
Tom DNetto
ee6d18e35f cmd/tailscale/cli: implement --json for lock status and lock log cmds 
Signed-off-by: Tom DNetto <tom@tailscale.com>
 2023-01-17 10:10:35 -08:00
Brad Fitzpatrick
b657187a69 cmd/tailscale, logtail: add 'tailscale debug daemon-logs' logtail mechanism 
Fixes #6836

Change-Id: Ia6eb39ff8972e1aa149aeeb63844a97497c2cf04
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2023-01-15 11:23:28 -08:00
Brad Fitzpatrick
d9144c73a8 cmd/tailscale: add start of "tailscale update" command 
Goal: one way for users to update Tailscale, downgrade, switch tracks,
regardless of platform (Windows, most Linux distros, macOS, Synology).

This is a start.

Updates #755, etc

Change-Id: I23466da1ba41b45f0029ca79a17f5796c2eedd92
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2023-01-14 07:53:41 -08:00
phirework
f011a0923a
cmd/tailscale/cli: style synology outgoing access info (#6959) 
Follow-up to #6957.

Updates #4015

Signed-off-by: Jenny Zhang <jz@tailscale.com>
 2023-01-13 20:01:28 -05:00
Brad Fitzpatrick
5eded58924 cmd/tailscale/cli: make web show/link Synology outgoing connection mode/docs 
Fixes #4015

Change-Id: I8230bb0cc3d621b6fa02ab2462cea104fa1e9cf9
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2023-01-13 13:44:41 -08:00
Brad Fitzpatrick
61dfbc0a6e cmd/tailscale/cli: plumb TUN mode into tailscale web template 
UI works remains, but data is there now.

Updates #4015

Change-Id: Ib91e94718b655ad60a63596e59468f3b3b102306
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2023-01-13 07:59:40 -08:00
salman
8a1201ac42 cmd/tailscale: correct order for -terminate-tls flag in serve tcp usage 
The -terminate-tls flag is for the tcp subsubcommand, not the serve
subcommand like the usage example suggests.

Signed-off-by: salman <salman@tailscale.com>
 2023-01-13 14:43:42 +00:00
Denton Gentry
22ebb25e83 cmd/tailscale: disable HTTPS verification for QNAP auth. 
QNAP's "Force HTTPS" mode redirects even localhost HTTP to
HTTPS, but uses a self-signed certificate which fails
verification. We accommodate this by disabling checking
of the cert.

Fixes https://github.com/tailscale/tailscale/issues/6903

Signed-off-by: Denton Gentry <dgentry@tailscale.com>
 2023-01-10 21:49:28 -08:00
Tom DNetto
907f85cd67 cmd/tailscale,tka: make KeyID return an error instead of panicking 
Signed-off-by: Tom DNetto <tom@tailscale.com>
 2023-01-04 09:51:31 -08:00
Tom DNetto
8724aa254f cmd/tailscale,tka: implement compat for TKA messages, minor UX tweaks 
Signed-off-by: Tom DNetto <tom@tailscale.com>
 2023-01-04 09:51:31 -08:00
David Anderson
91e64ca74f cmd/tailscale/cli: redact private key in debug netmap output by default 
This makes `tailscale debug watch-ipn` safe to use for troubleshooting
user issues, in addition to local debugging during development.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2023-01-03 10:06:24 -08:00
Denton Gentry
467ace7d0c cmd/tailscale: use localhost for QNAP authLogin.cgi 
When the user clicks on the Tailscale app in the QNAP App Center,
we do a GET from /cgi-bin/authLogin.cgi to look up their SID.

If the user clicked "secure login" on the QNAP login page to use
HTTPS, then our access to authLogin.cgi will also use HTTPS
but the certiciate is self-signed. Our GET fails with:
    Get "https://10.1.10.41/cgi-bin/authLogin.cgi?sid=abcd0123":
    x509: cannot validate certificate for 10.1.10.41 because it
    doesn't contain any IP SANs
or similar errors.

Instead, access QNAP authentication via http://localhost:8080/
as documented in
https://download.qnap.com/dev/API_QNAP_QTS_Authentication.pdf

Fixes https://github.com/tailscale/tailscale-qpkg/issues/62

Signed-off-by: Denton Gentry <dgentry@tailscale.com>
 2023-01-03 06:09:10 -08:00
Brad Fitzpatrick
8aac77aa19 cmd/tailscale: fix "up" warning about netfilter-mode on Synology 
Fixes #6811

Change-Id: Ia43723e6ebedc9b01729897cec271c462b16e9ae
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-12-20 12:03:17 -08:00
Brad Fitzpatrick
a06217a8bd cmd/tailscale/cli: hide Windows named pipe default name in flag help 
It's long & distracting for how low value it is.

Fixes #6766

Change-Id: I51364f25c0088d9e63deb9f692ba44031f12251b
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-12-19 13:38:08 -08:00
shayne
9d335aabb2
cmd/tailscale/cli: [ssh] fix typo in help text (#6694) 
arugments => arguments

Signed-off-by: shayne <79330+shayne@users.noreply.github.com>
 2022-12-10 00:07:27 -05:00
Walter Poupore
383e203fd2
cmd/tailscale/cli: update lock status help strings (#6675) 
Signed-off-by: Walter Poupore <walterp@tailscale.com>

Signed-off-by: Walter Poupore <walterp@tailscale.com>
 2022-12-09 10:24:21 -08:00
James Tucker
389238fe4a cmd/tailscale/cli: add workaround for improper named socket quoting in ssh command 
This avoids the issue in the common case where the socket path is the
default path, avoiding the immediate need for a Windows shell quote
implementation.

Updates #6639

Signed-off-by: James Tucker <james@tailscale.com>
 2022-12-08 16:43:06 -08:00
Tom DNetto
e27f4f022e cmd/tailscale/cli: add progress to tailscale file cp 
Signed-off-by: Tom DNetto <tom@tailscale.com>
 2022-12-08 14:05:11 -08:00
shayne
98114bf608
cmd/tailscale/cli, ipn/localapi: add funnel status to status command (#6402) 
Fixes #6400

open up GETs for localapi serve-config to allow read-only access to
ServeConfig

`tailscale status` will include "Funnel on" status when Funnel is
configured. Prints nothing if Funnel is not running.

Example:

 $ tailscale status
 <nodes redacted>

 # Funnel on:
 #     - https://node-name.corp.ts.net
 #     - https://node-name.corp.ts.net:8443
 #     - tcp://node-name.corp.ts.net:10000

Signed-off-by: Shayne Sweeney <shayne@tailscale.com>
 2022-12-07 22:17:40 -05:00
Tom DNetto
55e0512a05 ipn/ipnlocal,cmd/tailscale: minor improvements to lock modify command 
* Do not print the status at the end of a successful operation
 * Ensure the key of the current node is actually trusted to make these changes

Signed-off-by: Tom DNetto <tom@tailscale.com>
 2022-12-07 10:28:21 -08:00
Mihai Parparita
5b8323509f cmd/tailscale/cli: use "account" instead of "profile" in user-visible text 
Matches the UI clients

Updates #713

Signed-off-by: Mihai Parparita <mihai@tailscale.com>
 2022-12-02 09:01:44 -08:00
Maya Kaczorowski
d5b4d2e276
cmd/tailscale/cli: improve tailnet lock help (#6583) 
Signed-off-by: Maya Kaczorowski <15946341+mayakacz@users.noreply.github.com>

Signed-off-by: Maya Kaczorowski <15946341+mayakacz@users.noreply.github.com>
 2022-12-01 09:19:28 -08:00
Walter Poupore
74b47eaad6
cmd/tailscale/cli: Fix 'tailscale switch' error message (#6585) 
Updates #713.

Signed-off-by: Walter Poupore <walterp@tailscale.com>

Signed-off-by: Walter Poupore <walterp@tailscale.com>
 2022-12-01 08:17:16 -08:00
Maisem Ali
a5a3188b7e cmd/tailscale/cli: unhide login and switch subcommands 
Updates #713

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-12-01 18:38:04 +05:00
Maya Kaczorowski
a1084047ce
cmd/tailscale/cli: capitalize Get (#6586) 
Signed-off-by: Maya Kaczorowski <15946341+mayakacz@users.noreply.github.com>

Signed-off-by: Maya Kaczorowski <15946341+mayakacz@users.noreply.github.com>
 2022-11-30 21:32:14 -08:00
Tom DNetto
74c1f632f6 types/key,cmd/tailscale/cli: support tlpub prefix for tailnet-lock keys 
Signed-off-by: Tom DNetto <tom@tailscale.com>
 2022-11-30 18:04:47 -08:00
Brad Fitzpatrick
8dd1418774 ipn{,/ipnlocal}: add ipn.NotifyInitial* flags to WatchIPNBus 
To simplify clients getting the initial state when they subscribe.

Change-Id: I2490a5ab2411253717c74265a46a98012b80db82
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-30 17:50:51 -08:00
Brad Fitzpatrick
197a4f1ae8 types/ptr: move all the ptrTo funcs to one new package's ptr.To 
Change-Id: Ia0b820ffe7aa72897515f19bd415204b6fe743c7
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-30 17:50:51 -08:00
Tom DNetto
9a80b8fb10 cmd/tailscale,ipn: surface TKA-filtered peers in lock status command 
Signed-off-by: Tom DNetto <tom@tailscale.com>
 2022-11-30 13:25:31 -08:00
Tom DNetto
731be07777 cmd/tailscale/cli: show rotation key when suggesting lock sign command 
Signed-off-by: Tom DNetto <tom@tailscale.com>
 2022-11-30 13:25:21 -08:00
Brad Fitzpatrick
f710d1cb20 cmd/tailscale/cli: add set --unattended on Windows 
Fixes #6567

Change-Id: I8cb57196c601466401f8602eb50456e7cf7c31ef
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-30 04:33:03 -08:00
Denton Gentry
a200a23f97 Revert "cmd/tailscale: access QNAP via localhost" 
When running `tailscale web` as a standalone process,
it was necessary to send auth requests to QTS using
localhost to avoid hitting the proxy recursively.

However running `tailscale web` as a process means it is
consuming RAM all the time even when it isn't actively
doing anything.

After switching back to the `tailscale web` CGI mode, we
don't need to specifically use localhost for QNAP auth.

This reverts commit e0cadc54968519eae7e37e0e65ab9a7052bd54e8.

Signed-off-by: Denton Gentry <dgentry@tailscale.com>
 2022-11-29 16:17:34 -08:00
Maisem Ali
adc302f428 all: use named pipes on windows 
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-11-30 04:05:26 +05:00
Tom DNetto
45042a76cd cmd/tailscale,ipn: store disallowed TKA's in prefs, lock local-disable 
Take 2 of https://github.com/tailscale/tailscale/pull/6546

Builds on https://github.com/tailscale/tailscale/pull/6560

Signed-off-by: Tom DNetto <tom@tailscale.com>
 2022-11-29 13:43:38 -08:00
Brad Fitzpatrick
390d1bb871 Revert "ipn,types/persist: store disallowed TKA's in prefs, lock local-disable" 
This reverts commit f1130421f063d391d4a94ca7eb819facffdbe7c3.

It was submitted with failing tests (go generate checks)

Requires a lot of API changes to fix so rolling back instead of
forward.

Change-Id: I024e8885c0ed44675d3028a662f386dda811f2ad
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-29 11:20:26 -08:00
Tom DNetto
f1130421f0 ipn,types/persist: store disallowed TKA's in prefs, lock local-disable 
Signed-off-by: Tom DNetto <tom@tailscale.com>
 2022-11-29 10:31:02 -08:00
Tom DNetto
5c8d2fa695 cmd/tailscale,ipn: improve UX of lock init command, cosmetic changes 
Signed-off-by: Tom DNetto <tom@tailscale.com>
 2022-11-28 10:39:04 -08:00
Brad Fitzpatrick
3b73727e39 cmd/tailscale: de-punycode hostnames in status display 
Still show original, but show de-punycode version in parens,
similar to how we show DNS-less hostnames.

Change-Id: I7e57da5e4029c5b49e8cd3014c350eddd2b3c338
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-27 03:11:49 -08:00
Brad Fitzpatrick
109aa3b2fb cmd/tailscale: add start of "debug derp" subcommand 
Updates #6526

Change-Id: I84e440a8bd837c383000ce0cec4ff36b24249e8b
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-26 15:40:25 -08:00
Brad Fitzpatrick
7e016c1d90 ipn/ipnserver: remove IPN protocol server 
Unused in this repo as of the earlier #6450 (300aba61a6)
and unused in the Windows GUI as of tailscale/corp#8065.

With this ipn.BackendServer is no longer used and could also be
removed from this repo. The macOS and iOS clients still temporarily
depend on it, but I can move it to that repo instead while and let its
migration proceed on its own schedule while we clean this repo up.

Updates #6417
Updates tailscale/corp#8051

Change-Id: Ie13f82af3eb9f96b3a21c56cdda51be31ddebdcf
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-25 08:12:06 -08:00
shayne
0c4c66948b
cmd/tailscale/cli: Improve messaging when Funnel is unavailable. (#6502) 
There are three specific requirements for Funnel to work:
1) They must accept an invite.
2) They must enable HTTPS.
3) The "funnel" node attribute must be appropriately set up in the ACLs.

Signed-off-by: Shayne Sweeney <shayne@tailscale.com>
 2022-11-24 22:40:48 -05:00