Mirrors/juanfont.headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2025-08-01 13:46:49 +02:00
Code Issues Projects Releases Wiki Activity
doc/0.26.1
juanfont.headscale/hscontrol
History
Mustafa Enes Batur 474ea236d0
Fix /machine/map endpoint vulnerability (#2642) 
* Improve map auth logic

* Bugfix

* Add comment, improve error message

* noise: make func, get by node

this commit splits the additional validation into a
separate function so it can be reused if we add more
endpoints in the future.

It swaps the check, so we still look up by NodeKey, but before
accepting the connection, we validate the known machinekey from
the db against the noise connection.

The reason for this is that when a node logs in or out, the node key
is replaced and it will no longer be possible to look it up, breaking
reauthentication.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
Co-authored-by: Kristoffer Dalby <kristoffer@tailscale.com>
2025-06-06 12:16:37 +02:00
..
assets update flake, fix prettier lint 2023-09-05 08:47:43 +02:00
capver update capmap and deps for release (#2522) 2025-05-02 22:12:29 +02:00
db users: harden, test, and add cleaner of identifier (#2593) 2025-05-14 16:45:14 +02:00
derp feat: derpmap field in config (#1823) 2024-10-17 05:34:20 -06:00
dns fixes to extra-record file watcher (#2298) 2024-12-16 11:26:56 +01:00
mapper policy: reduce routes sent to peers based on packetfilter (#2561) 2025-05-04 21:52:47 +02:00
notifier policy: reduce routes sent to peers based on packetfilter (#2561) 2025-05-04 21:52:47 +02:00
policy policy/v2: separate exit node and 0.0.0.0/0 routes (#2578) 2025-05-09 23:20:04 +02:00
routes Multi network integration tests (#2464) 2025-03-21 11:49:32 +01:00
templates use dedicated registration ID for auth flow (#2337) 2025-01-26 22:20:11 +01:00
types users: harden, test, and add cleaner of identifier (#2593) 2025-05-14 16:45:14 +02:00
util fix webauth + autoapprove routes (#2528) 2025-04-30 07:54:04 +02:00
app.go bring back last_seen in database (#2579) 2025-05-10 09:49:08 +02:00
auth_test.go Return better web errors to the user (#2398) 2025-02-01 15:25:18 +01:00
auth.go auth: ensure that routes are autoapproved when the node is stored (#2550) 2025-05-01 07:05:42 +02:00
debug.go Make matchers part of the Policy interface (#2514) 2025-05-01 07:06:30 +02:00
grpcv1_test.go rename package name to hscontrol 2023-05-10 20:47:51 +02:00
grpcv1.go auth: ensure that routes are autoapproved when the node is stored (#2550) 2025-05-01 07:05:42 +02:00
handlers.go Return better web errors to the user (#2398) 2025-02-01 15:25:18 +01:00
metrics.go Handle /derp/latency-check (#2227) 2024-11-06 15:59:38 +01:00
noise.go Fix /machine/map endpoint vulnerability (#2642) 2025-06-06 12:16:37 +02:00
oidc.go auth: ensure that routes are autoapproved when the node is stored (#2550) 2025-05-01 07:05:42 +02:00
platform_config.go Return better web errors to the user (#2398) 2025-02-01 15:25:18 +01:00
poll.go bring back last_seen in database (#2579) 2025-05-10 09:49:08 +02:00
suite_test.go Redo OIDC configuration (#2020) 2024-10-02 14:50:17 +02:00
tailsql.go Use result of fmt.Errorf call (#1668) 2024-02-15 11:02:54 +01:00