tailfs

Documentation

Overview

Package tailfs provides a filesystem that allows sharing folders between Tailscale nodes using WebDAV. The actual implementation of the core TailFS functionality lives in package tailfsimpl. These packages are separated to allow users of tailfs to refer to the interfaces without having a hard dependency on tailfs, so that programs which don't actually use tailfs can avoid its transitive dependencies.

Index

• Variables
• func AllowShareAs() bool
• type FileSystemForLocal
• type FileSystemForRemote
• type Permission
• type Permissions
  • func ParsePermissions(rawGrants [][]byte) (Permissions, error)
  • func (p Permissions) For(share string) Permission
• type Remote
• type Share

Variables

var (
	// DisallowShareAs forcibly disables sharing as a specific user, only used
	// for testing.
	DisallowShareAs = false
)

Functions

func AllowShareAs

func AllowShareAs() bool

AllowShareAs reports whether sharing files as a specific user is allowed.

Types

type FileSystemForLocal

type FileSystemForLocal interface {
	// HandleConn handles connections from local WebDAV clients
	HandleConn(conn net.Conn, remoteAddr net.Addr) error

	// SetRemotes sets the complete set of remotes on the given tailnet domain
	// using a map of name -> url. If transport is specified, that transport
	// will be used to connect to these remotes.
	SetRemotes(domain string, remotes []*Remote, transport http.RoundTripper)

	// Close() stops serving the WebDAV content
	Close() error
}

FileSystemForLocal is the TailFS filesystem exposed to local clients. It provides a unified WebDAV interface to remote TailFS shares on other nodes.

type FileSystemForRemote

type FileSystemForRemote interface {
	// SetFileServerAddr sets the address of the file server to which we
	// should proxy. This is used on platforms like Windows and MacOS
	// sandboxed where we can't spawn user-specific sub-processes and instead
	// rely on the UI application that's already running as an unprivileged
	// user to access the filesystem for us.
	SetFileServerAddr(addr string)

	// SetShares sets the complete set of shares exposed by this node. If
	// AllowShareAs() reports true, we will use one subprocess per user to
	// access the filesystem (see userServer). Otherwise, we will use the file
	// server configured via SetFileServerAddr.
	SetShares(shares map[string]*Share)

	// ServeHTTPWithPerms behaves like the similar method from http.Handler but
	// also accepts a Permissions map that captures the permissions of the
	// connecting node.
	ServeHTTPWithPerms(permissions Permissions, w http.ResponseWriter, r *http.Request)

	// Close() stops serving the WebDAV content
	Close() error
}

FileSystemForRemote is the TailFS filesystem exposed to remote nodes. It provides a unified WebDAV interface to local directories that have been shared.

type Permission

type Permission uint8

const (
	PermissionNone Permission = iota
	PermissionReadOnly
	PermissionReadWrite
)

type Permissions

type Permissions map[string]Permission

Permissions represents the set of permissions for a given principal to a set of shares.

func ParsePermissions

func ParsePermissions(rawGrants [][]byte) (Permissions, error)

ParsePermissions builds a Permissions map from a lis of raw grants.

func (Permissions) For

func (p Permissions) For(share string) Permission

type Remote

type Remote struct {
	Name      string
	URL       string
	Available func() bool
}

Remote represents a remote TailFS node.

type Share

type Share struct {
	// Name is how this share appears on remote nodes.
	Name string `json:"name"`

	// Path is the path to the directory on this machine that's being shared.
	Path string `json:"path"`

	// As is the UNIX or Windows username of the local account used for this
	// share. File read/write permissions are enforced based on this username.
	// Can be left blank to use the default value of "whoever is running the
	// Tailscale GUI".
	As string `json:"who"`
}

Share configures a folder to be shared through TailFS.