starred/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-02-22 23:57:49 +01:00
Code Issues 98 Packages Projects Releases 10 Wiki Activity
Files
ebdbe0363924fb222bcbd61a2c46c0b42e1b7db6
headscale/hscontrol
History
Kristoffer Dalby ebdbe03639 policy: validate autogroup:self sources in ACL rules 
Tailscale validates that autogroup:self destinations in ACL rules can
only be used when ALL sources are users, groups, autogroup:member, or
wildcard (*). Previously, Headscale only performed this validation for
SSH rules.
Add validateACLSrcDstCombination() to enforce that tags, autogroup:tagged,
hosts, and raw IPs cannot be used as sources with autogroup:self
destinations. Invalid policies like `tag:client → autogroup:self:*` are
now rejected at validation time, matching Tailscale behavior.
Wildcard (*) is allowed because autogroup:self evaluation narrows it
per-node to only the node's own IPs.

Updates #3036
2026-02-05 19:29:16 +01:00
..
assets
editorconfig: add basic editor config
2025-12-16 10:12:36 +01:00
capver
capver: generate
2025-12-18 10:02:23 +01:00
db
db: use PolicyManager for RequestTags migration
2026-01-21 15:10:29 +01:00
derp
derp: migrate to derpserver package API
2026-01-21 19:17:10 +00:00
dns
integration: replace time.Sleep with assert.EventuallyWithT (#2680)
2025-07-10 23:38:55 +02:00
mapper
state: set User pointer during tagged→user-owned conversion
2026-02-04 15:44:55 +01:00
policy
policy: validate autogroup:self sources in ACL rules
2026-02-05 19:29:16 +01:00
routes
debug: add json and improve
2025-09-09 09:40:00 +02:00
state
state: set User pointer during tagged→user-owned conversion
2026-02-04 15:44:55 +01:00
templates
Link to headscale.net for docs
2026-01-16 14:54:04 +01:00
types
gen: regenerate protobuf and type views
2026-01-21 19:17:10 +00:00
util
util/dns: fix variable redeclaration in ValidateDNSName
2026-01-17 10:13:24 +01:00
app.go
app: only wire up debug server if set
2025-12-17 12:32:04 +01:00
auth_tags_test.go
state: fix expiry handling during node tag conversion
2026-02-04 15:44:55 +01:00
auth_test.go
integration: add test for tagged→user-owned conversion panic
2026-02-04 15:44:55 +01:00
auth.go
cli: ensure tagged-devices is included in profile list (#2991)
2026-01-09 16:31:23 +01:00
debug.go
lint and leftover
2025-09-09 09:40:00 +02:00
grpcv1_test.go
grpc: support expire/delete API keys by ID
2026-01-20 17:13:38 +01:00
grpcv1.go
grpc: support expire/delete API keys by ID
2026-01-20 17:13:38 +01:00
handlers.go
all: remove deadcode (#2952)
2025-12-10 15:55:15 +01:00
metrics.go
all: remove deadcode (#2952)
2025-12-10 15:55:15 +01:00
noise.go
all: remove deadcode (#2952)
2025-12-10 15:55:15 +01:00
oidc_template_test.go
make tags first class node owner (#2885)
2025-12-02 12:01:25 +01:00
oidc_test.go
oidc: make email verification configurable
2025-12-18 11:42:32 +00:00
oidc.go
oidc: make email verification configurable
2025-12-18 11:42:32 +00:00
platform_config.go
Return better web errors to the user (#2398)
2025-02-01 15:25:18 +01:00
poll.go
all: remove deadcode (#2952)
2025-12-10 15:55:15 +01:00
tailsql.go
integration: replace time.Sleep with assert.EventuallyWithT (#2680)
2025-07-10 23:38:55 +02:00
templates_consistency_test.go
Link to headscale.net for docs
2026-01-16 14:54:04 +01:00