starred/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-03-21 00:49:38 +01:00
Code Issues 98 Packages Projects Releases 10 Wiki Activity
Files
22afb2c61b3fb6c24e409ac4d9d1f541e9de2885
headscale/hscontrol
History
Kristoffer Dalby 22afb2c61b policy: fix asymmetric peer visibility with autogroup:self 
When autogroup:self was combined with other ACL rules (e.g., group:admin
-> *:*), tagged nodes became invisible to users who should have access.

The BuildPeerMap function had two code paths:
- Global filter path: used symmetric OR logic (if either can access, both
  see each other)
- Autogroup:self path: used asymmetric logic (only add peer if that
  specific direction has access)

This caused problems with one-way rules like admin -> tagged-server. The
admin could access the server, but since the server couldn't access the
admin, neither was added to the other's peer list.

Fix by using symmetric visibility in the autogroup:self path, matching
the global filter path behavior: if either node can access the other,
both should see each other as peers.

Credit: vdovhanych <vdovhanych@users.noreply.github.com>

Fixes #2990
2026-01-21 14:35:16 +01:00
..
assets
editorconfig: add basic editor config
2025-12-16 10:12:36 +01:00
capver
capver: generate
2025-12-18 10:02:23 +01:00
db
grpc: support expire/delete API keys by ID
2026-01-20 17:13:38 +01:00
derp
golangci-lint: use forbidigo to block time.Sleep (#2946)
2025-12-10 16:45:59 +00:00
dns
integration: replace time.Sleep with assert.EventuallyWithT (#2680)
2025-07-10 23:38:55 +02:00
mapper
db: migrate tests from check.v1 to testify
2026-01-20 15:41:33 +01:00
policy
policy: fix asymmetric peer visibility with autogroup:self
2026-01-21 14:35:16 +01:00
routes
debug: add json and improve
2025-09-09 09:40:00 +02:00
state
state: add GetAPIKeyByID method
2026-01-20 17:13:38 +01:00
templates
Link to headscale.net for docs
2026-01-16 14:54:04 +01:00
types
hscontrol: fix tag updates not propagating to node self view
2026-01-20 10:13:47 +01:00
util
util/dns: fix variable redeclaration in ValidateDNSName
2026-01-17 10:13:24 +01:00
app.go
app: only wire up debug server if set
2025-12-17 12:32:04 +01:00
auth_tags_test.go
state: disable key expiry for tagged nodes
2026-01-16 17:05:59 +01:00
auth_test.go
state: allow untagging nodes via reauth with empty RequestTags
2026-01-17 10:13:24 +01:00
auth.go
cli: ensure tagged-devices is included in profile list (#2991)
2026-01-09 16:31:23 +01:00
debug.go
lint and leftover
2025-09-09 09:40:00 +02:00
grpcv1_test.go
grpc: support expire/delete API keys by ID
2026-01-20 17:13:38 +01:00
grpcv1.go
grpc: support expire/delete API keys by ID
2026-01-20 17:13:38 +01:00
handlers.go
all: remove deadcode (#2952)
2025-12-10 15:55:15 +01:00
metrics.go
all: remove deadcode (#2952)
2025-12-10 15:55:15 +01:00
noise.go
all: remove deadcode (#2952)
2025-12-10 15:55:15 +01:00
oidc_template_test.go
make tags first class node owner (#2885)
2025-12-02 12:01:25 +01:00
oidc_test.go
oidc: make email verification configurable
2025-12-18 11:42:32 +00:00
oidc.go
oidc: make email verification configurable
2025-12-18 11:42:32 +00:00
platform_config.go
Return better web errors to the user (#2398)
2025-02-01 15:25:18 +01:00
poll.go
all: remove deadcode (#2952)
2025-12-10 15:55:15 +01:00
tailsql.go
integration: replace time.Sleep with assert.EventuallyWithT (#2680)
2025-07-10 23:38:55 +02:00
templates_consistency_test.go
Link to headscale.net for docs
2026-01-16 14:54:04 +01:00