summaryrefslogtreecommitdiffhomepage
path: root/ipn
diff options
context:
space:
mode:
authorTom DNetto <tom@tailscale.com>2022-11-23 11:19:30 -0800
committerTom <twitchyliquid64@users.noreply.github.com>2022-11-28 10:39:04 -0800
commit5c8d2fa69598ced697c192c024d9dbf58991ab2f (patch)
treec8c86770dcc0aa9315e5ca587fdd63cd76c6aa61 /ipn
parente8cc78b1afdd4b7358c39b8cfbfcd7ae7faf3bd3 (diff)
downloadtailscale-5c8d2fa69598ced697c192c024d9dbf58991ab2f.tar.xz
tailscale-5c8d2fa69598ced697c192c024d9dbf58991ab2f.zip
cmd/tailscale,ipn: improve UX of lock init command, cosmetic changes
Signed-off-by: Tom DNetto <tom@tailscale.com>
Diffstat (limited to 'ipn')
-rw-r--r--ipn/ipnlocal/network-lock.go13
-rw-r--r--ipn/localapi/localapi.go7
2 files changed, 11 insertions, 9 deletions
diff --git a/ipn/ipnlocal/network-lock.go b/ipn/ipnlocal/network-lock.go
index 780043bbb..8346ed7cf 100644
--- a/ipn/ipnlocal/network-lock.go
+++ b/ipn/ipnlocal/network-lock.go
@@ -403,7 +403,7 @@ func (b *LocalBackend) NetworkLockStatus() *ipnstate.NetworkLockStatus {
// needing signatures is returned as a response.
// The Finish RPC submits signatures for all these nodes, at which point
// Control has everything it needs to atomically enable network lock.
-func (b *LocalBackend) NetworkLockInit(keys []tka.Key, disablementValues [][]byte) error {
+func (b *LocalBackend) NetworkLockInit(keys []tka.Key, disablementValues [][]byte, supportDisablement []byte) error {
if err := b.CanSupportNetworkLock(); err != nil {
return err
}
@@ -471,7 +471,7 @@ func (b *LocalBackend) NetworkLockInit(keys []tka.Key, disablementValues [][]byt
}
// Finalize enablement by transmitting signature for all nodes to Control.
- _, err = b.tkaInitFinish(ourNodeKey, sigs)
+ _, err = b.tkaInitFinish(ourNodeKey, sigs, supportDisablement)
return err
}
@@ -748,12 +748,13 @@ func (b *LocalBackend) tkaInitBegin(ourNodeKey key.NodePublic, aum tka.AUM) (*ta
return a, nil
}
-func (b *LocalBackend) tkaInitFinish(ourNodeKey key.NodePublic, nks map[tailcfg.NodeID]tkatype.MarshaledSignature) (*tailcfg.TKAInitFinishResponse, error) {
+func (b *LocalBackend) tkaInitFinish(ourNodeKey key.NodePublic, nks map[tailcfg.NodeID]tkatype.MarshaledSignature, supportDisablement []byte) (*tailcfg.TKAInitFinishResponse, error) {
var req bytes.Buffer
if err := json.NewEncoder(&req).Encode(tailcfg.TKAInitFinishRequest{
- Version: tailcfg.CurrentCapabilityVersion,
- NodeKey: ourNodeKey,
- Signatures: nks,
+ Version: tailcfg.CurrentCapabilityVersion,
+ NodeKey: ourNodeKey,
+ Signatures: nks,
+ SupportDisablement: supportDisablement,
}); err != nil {
return nil, fmt.Errorf("encoding request: %v", err)
}
diff --git a/ipn/localapi/localapi.go b/ipn/localapi/localapi.go
index 93170ea3f..ec87b25cc 100644
--- a/ipn/localapi/localapi.go
+++ b/ipn/localapi/localapi.go
@@ -1161,8 +1161,9 @@ func (h *Handler) serveTKAInit(w http.ResponseWriter, r *http.Request) {
}
type initRequest struct {
- Keys []tka.Key
- DisablementValues [][]byte
+ Keys []tka.Key
+ DisablementValues [][]byte
+ SupportDisablement []byte
}
var req initRequest
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
@@ -1170,7 +1171,7 @@ func (h *Handler) serveTKAInit(w http.ResponseWriter, r *http.Request) {
return
}
- if err := h.b.NetworkLockInit(req.Keys, req.DisablementValues); err != nil {
+ if err := h.b.NetworkLockInit(req.Keys, req.DisablementValues, req.SupportDisablement); err != nil {
http.Error(w, "initialization failed: "+err.Error(), http.StatusInternalServerError)
return
}