ipnauth

package

v1.50.0 Latest Latest Go to latest Published: Sep 25, 2023 License: BSD-3-Clause Imports: 17 Imported by: 5

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/tailscale/tailscale

Links

Open Source Insights

Documentation ¶

Rendered for

Overview ¶

Package ipnauth controls access to the LocalAPI.

Index ¶

func LookupUserFromID(logf logger.Logf, uid string) (*user.User, error)
type ConnIdentity
- func GetConnIdentity(_ logger.Logf, c net.Conn) (ci *ConnIdentity, err error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func LookupUserFromID ¶

func LookupUserFromID(logf logger.Logf, uid string) (*user.User, error)

LookupUserFromID is a wrapper around os/user.LookupId that works around some issues on Windows. On non-Windows platforms it's identical to user.LookupId.

Types ¶

type ConnIdentity ¶

type ConnIdentity struct {
	// contains filtered or unexported fields
}

ConnIdentity represents the owner of a localhost TCP or unix socket connection connecting to the LocalAPI.

func GetConnIdentity ¶

func GetConnIdentity(_ logger.Logf, c net.Conn) (ci *ConnIdentity, err error)

GetConnIdentity extracts the identity information from the connection based on the user who owns the other end of the connection. and couldn't. The returned connIdentity has NotWindows set to true.

func (*ConnIdentity) Creds ¶

func (ci *ConnIdentity) Creds() *peercred.Creds

func (*ConnIdentity) IsReadonlyConn ¶

func (ci *ConnIdentity) IsReadonlyConn(operatorUID string, logf logger.Logf) bool

IsReadonlyConn reports whether the connection should be considered read-only, meaning it's not allowed to change the state of the node.

Read-only also means it's not allowed to access sensitive information, which admittedly doesn't follow from the name. Consider this "IsUnprivileged". Also, Windows doesn't use this. For Windows it always returns false.

TODO(bradfitz): rename it? Also make Windows use this.

func (*ConnIdentity) IsUnixSock ¶

func (ci *ConnIdentity) IsUnixSock() bool

func (*ConnIdentity) Pid ¶

func (ci *ConnIdentity) Pid() int

func (*ConnIdentity) User ¶

func (ci *ConnIdentity) User() *user.User

func (*ConnIdentity) WindowsUserID ¶

func (ci *ConnIdentity) WindowsUserID() ipn.WindowsUserID

WindowsUserID returns the local machine's userid of the connection if it's on Windows. Otherwise it returns the empty string.

It's suitable for passing to LookupUserFromID (os/user.LookupId) on any operating system.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL