MyFavMirrors/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2025-11-20 09:46:01 -05:00
Code Issues Packages Projects Releases Wiki Activity

policy: fix issue where non existent user results in empty ssh pol

Browse Source 
When we encounter a source we cannot resolve, we skipped the whole rule,
even if some of the srcs could be resolved. In this case, if we had one user
that exists and one that does not.

In the regular policy, we log this, and still let a rule be created from what
does exist, while in the SSH policy we did not.

This commit fixes it so the behaviour is the same.

Fixes #2863

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
Kristoffer Dalby
2025-11-10 17:00:03 +01:00
committed by Kristoffer Dalby
parent a28d9bed6d
commit 21e3f2598d
1 changed files with 0 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hscontrol/policy/v2/filter.go
View File

@@ -316,7 +316,6 @@ func (pol *Policy) compileSSHPolicy(
srcIPs, err := rule.Sources.Resolve(pol, users, nodes) srcIPs, err := rule.Sources.Resolve(pol, users, nodes)
if err != nil { if err != nil {
log.Trace().Caller().Err(err).Msgf("SSH policy compilation failed resolving source ips for rule %+v", rule) log.Trace().Caller().Err(err).Msgf("SSH policy compilation failed resolving source ips for rule %+v", rule)
continue // Skip this rule if we can't resolve sources
} }
if srcIPs == nil || len(srcIPs.Prefixes()) == 0 { if srcIPs == nil || len(srcIPs.Prefixes()) == 0 {