Mirrors/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-01-23 02:24:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

policy: fix issue where non existent user results in empty ssh pol
Some checks are pending
Build / build-nix (push) Waiting to run
Details
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Waiting to run
Details
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Waiting to run
Details
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Waiting to run
Details
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Waiting to run
Details
Check Generated Files / check-generated (push) Waiting to run
Details
Tests / test (push) Waiting to run
Details

Browse source 
When we encounter a source we cannot resolve, we skipped the whole rule,
even if some of the srcs could be resolved. In this case, if we had one user
that exists and one that does not.

In the regular policy, we log this, and still let a rule be created from what
does exist, while in the SSH policy we did not.

This commit fixes it so the behaviour is the same.

Fixes #2863

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
Kristoffer Dalby 2025-11-10 17:00:03 +01:00 committed by Kristoffer Dalby
parent a28d9bed6d
commit 21e3f2598d
1 changed files with 0 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hscontrol/policy/v2/filter.go
View file

@ -316,7 +316,6 @@ func (pol *Policy) compileSSHPolicy(
srcIPs, err := rule.Sources.Resolve(pol, users, nodes)
if err != nil {
log.Trace().Caller().Err(err).Msgf("SSH policy compilation failed resolving source ips for rule %+v", rule)
continue // Skip this rule if we can't resolve sources
}
if srcIPs == nil || len(srcIPs.Prefixes()) == 0 {