mirror/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2026-02-07 14:32:32 -05:00
Code Issues Packages Projects Releases Wiki Activity

ipn/ipnlocal: skip AuthKey use if profiles exist (#18619)

Browse Source 
If any profiles exist and an Authkey is provided via syspolicy, the
AuthKey is ignored on backend start, preventing re-auth attempts. This
is useful for one-time device provisioning scenarios, skipping authKey
use after initial setup when the authKey may no longer be valid.

updates #18618

Signed-off-by: Will Hannah <willh@tailscale.com>
This commit is contained in:
Will Hannah
2026-02-06 09:40:55 -05:00
committed by GitHub
parent 6587cafb3f
commit 058cc3f82b
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ipn/ipnlocal/local.go
View File

@@ -2478,7 +2478,9 @@ func (b *LocalBackend) startLocked(opts ipn.Options) error {
if b.state != ipn.Running && b.conf == nil && opts.AuthKey == "" {
sysak, _ := b.polc.GetString(pkey.AuthKey, "")
if sysak != "" {
if sysak != "" && len(b.pm.Profiles()) > 0 && b.state != ipn.NeedsLogin {
logf("not setting opts.AuthKey from syspolicy; login profiles exist, state=%v", b.state)
} else if sysak != "" {
logf("setting opts.AuthKey by syspolicy, len=%v", len(sysak))
opts.AuthKey = strings.TrimSpace(sysak)
}