Home Explore Help
Sign In
Tailscale
/
tailscale
mirror of https://github.com/tailscale/tailscale.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

ipn/ipnlocal: skip AuthKey use if profiles exist (#18619)

If any profiles exist and an Authkey is provided via syspolicy, the
AuthKey is ignored on backend start, preventing re-auth attempts. This
is useful for one-time device provisioning scenarios, skipping authKey
use after initial setup when the authKey may no longer be valid.

updates #18618

Signed-off-by: Will Hannah <[email protected]>
Will Hannah 3 weeks ago
parent
6587cafb3f
commit
058cc3f82b
1 changed files with 3 additions and 1 deletions
Split View Show Diff Stats
  1. 3 1
      ipn/ipnlocal/local.go

+ 3 - 1
ipn/ipnlocal/local.go
View File 

@@ -2478,7 +2478,9 @@ func (b *LocalBackend) startLocked(opts ipn.Options) error {
 
 
 	if b.state != ipn.Running && b.conf == nil && opts.AuthKey == "" {
 
 		sysak, _ := b.polc.GetString(pkey.AuthKey, "")
 
-		if sysak != "" {
 
+		if sysak != "" && len(b.pm.Profiles()) > 0 && b.state != ipn.NeedsLogin {
 
+			logf("not setting opts.AuthKey from syspolicy; login profiles exist, state=%v", b.state)
 
+		} else if sysak != "" {
 
 			logf("setting opts.AuthKey by syspolicy, len=%v", len(sysak))
 
 			opts.AuthKey = strings.TrimSpace(sysak)
 
 		}