Mirrors/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-01-23 02:24:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7
headscale/hscontrol
History
Kristoffer Dalby 22afb2c61b policy: fix asymmetric peer visibility with autogroup:self 
When autogroup:self was combined with other ACL rules (e.g., group:admin
-> *:*), tagged nodes became invisible to users who should have access.

The BuildPeerMap function had two code paths:
- Global filter path: used symmetric OR logic (if either can access, both
  see each other)
- Autogroup:self path: used asymmetric logic (only add peer if that
  specific direction has access)

This caused problems with one-way rules like admin -> tagged-server. The
admin could access the server, but since the server couldn't access the
admin, neither was added to the other's peer list.

Fix by using symmetric visibility in the autogroup:self path, matching
the global filter path behavior: if either node can access the other,
both should see each other as peers.

Credit: vdovhanych <vdovhanych@users.noreply.github.com>

Fixes #2990
2026-01-21 14:35:16 +01:00
..
assets editorconfig: add basic editor config 2025-12-16 10:12:36 +01:00
capver capver: generate 2025-12-18 10:02:23 +01:00
db grpc: support expire/delete API keys by ID 2026-01-20 17:13:38 +01:00
derp golangci-lint: use forbidigo to block time.Sleep (#2946) 2025-12-10 16:45:59 +00:00
dns integration: replace time.Sleep with assert.EventuallyWithT (#2680) 2025-07-10 23:38:55 +02:00
mapper db: migrate tests from check.v1 to testify 2026-01-20 15:41:33 +01:00
policy policy: fix asymmetric peer visibility with autogroup:self 2026-01-21 14:35:16 +01:00
routes debug: add json and improve 2025-09-09 09:40:00 +02:00
state state: add GetAPIKeyByID method 2026-01-20 17:13:38 +01:00
templates Link to headscale.net for docs 2026-01-16 14:54:04 +01:00
types hscontrol: fix tag updates not propagating to node self view 2026-01-20 10:13:47 +01:00
util util/dns: fix variable redeclaration in ValidateDNSName 2026-01-17 10:13:24 +01:00
app.go app: only wire up debug server if set 2025-12-17 12:32:04 +01:00
auth.go cli: ensure tagged-devices is included in profile list (#2991) 2026-01-09 16:31:23 +01:00
auth_tags_test.go state: disable key expiry for tagged nodes 2026-01-16 17:05:59 +01:00
auth_test.go state: allow untagging nodes via reauth with empty RequestTags 2026-01-17 10:13:24 +01:00
debug.go lint and leftover 2025-09-09 09:40:00 +02:00
grpcv1.go grpc: support expire/delete API keys by ID 2026-01-20 17:13:38 +01:00
grpcv1_test.go grpc: support expire/delete API keys by ID 2026-01-20 17:13:38 +01:00
handlers.go all: remove deadcode (#2952) 2025-12-10 15:55:15 +01:00
metrics.go all: remove deadcode (#2952) 2025-12-10 15:55:15 +01:00
noise.go all: remove deadcode (#2952) 2025-12-10 15:55:15 +01:00
oidc.go oidc: make email verification configurable 2025-12-18 11:42:32 +00:00
oidc_template_test.go make tags first class node owner (#2885) 2025-12-02 12:01:25 +01:00
oidc_test.go oidc: make email verification configurable 2025-12-18 11:42:32 +00:00
platform_config.go Return better web errors to the user (#2398) 2025-02-01 15:25:18 +01:00
poll.go all: remove deadcode (#2952) 2025-12-10 15:55:15 +01:00
tailsql.go integration: replace time.Sleep with assert.EventuallyWithT (#2680) 2025-07-10 23:38:55 +02:00
templates_consistency_test.go Link to headscale.net for docs 2026-01-16 14:54:04 +01:00