lzc256
/
tailscale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ipn/ipnlocal: disallow unsigned peers from WoL 

Unsigned peers should not be allowed to generate Wake-on-Lan packets,
only access Funnel.

Updates #6934
Updates #7515
Updates #6475

Signed-off-by: James Tucker <james@tailscale.com>
pull/6919/head
James Tucker 2023-01-10 15:40:07 -08:00 committed by James Tucker
parent 237b1108b3
commit 2afa1672ac
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ipn/ipnlocal/peerapi.go
View File

@ -903,6 +903,9 @@ func (h *peerAPIHandler) canDebug() bool {
// canWakeOnLAN reports whether h can send a Wake-on-LAN packet from this node. // canWakeOnLAN reports whether h can send a Wake-on-LAN packet from this node.
func (h *peerAPIHandler) canWakeOnLAN() bool { func (h *peerAPIHandler) canWakeOnLAN() bool {
if h.peerNode.UnsignedPeerAPIOnly {
return false
}
return h.isSelf || h.peerHasCap(tailcfg.CapabilityWakeOnLAN) return h.isSelf || h.peerHasCap(tailcfg.CapabilityWakeOnLAN)
} }