2023-01-27 21:37:20 +00:00
|
|
|
// Copyright (c) Tailscale Inc & AUTHORS
|
|
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
2022-11-09 05:58:10 +00:00
|
|
|
|
|
|
|
package ipnlocal
|
|
|
|
|
|
|
|
import (
|
2023-12-18 22:43:01 +00:00
|
|
|
"cmp"
|
2022-11-09 05:58:10 +00:00
|
|
|
"encoding/json"
|
|
|
|
"errors"
|
|
|
|
"fmt"
|
|
|
|
"math/rand"
|
|
|
|
"runtime"
|
2023-08-17 05:09:53 +00:00
|
|
|
"slices"
|
2023-02-01 21:43:06 +00:00
|
|
|
"strings"
|
2022-11-09 05:58:10 +00:00
|
|
|
|
2024-04-22 22:55:25 +00:00
|
|
|
"tailscale.com/clientupdate"
|
2022-11-23 23:40:47 +00:00
|
|
|
"tailscale.com/envknob"
|
2024-05-01 20:54:56 +00:00
|
|
|
"tailscale.com/health"
|
2022-11-09 05:58:10 +00:00
|
|
|
"tailscale.com/ipn"
|
|
|
|
"tailscale.com/types/logger"
|
2022-11-15 22:41:36 +00:00
|
|
|
"tailscale.com/util/clientmetric"
|
2022-11-09 05:58:10 +00:00
|
|
|
)
|
|
|
|
|
2023-04-14 23:13:06 +00:00
|
|
|
var errAlreadyMigrated = errors.New("profile migration already completed")
|
|
|
|
|
2023-05-30 16:25:27 +00:00
|
|
|
var debug = envknob.RegisterBool("TS_DEBUG_PROFILES")
|
|
|
|
|
2022-11-09 05:58:10 +00:00
|
|
|
// profileManager is a wrapper around a StateStore that manages
|
|
|
|
// multiple profiles and the current profile.
|
2023-09-01 00:55:47 +00:00
|
|
|
//
|
|
|
|
// It is not safe for concurrent use.
|
2022-11-09 05:58:10 +00:00
|
|
|
type profileManager struct {
|
2024-05-01 20:54:56 +00:00
|
|
|
store ipn.StateStore
|
|
|
|
logf logger.Logf
|
|
|
|
health *health.Tracker
|
2022-11-09 05:58:10 +00:00
|
|
|
|
2022-11-27 17:04:00 +00:00
|
|
|
currentUserID ipn.WindowsUserID
|
2023-08-04 19:22:33 +00:00
|
|
|
knownProfiles map[ipn.ProfileID]*ipn.LoginProfile // always non-nil
|
|
|
|
currentProfile *ipn.LoginProfile // always non-nil
|
|
|
|
prefs ipn.PrefsView // always Valid.
|
2022-11-09 05:58:10 +00:00
|
|
|
}
|
|
|
|
|
2023-05-30 16:25:27 +00:00
|
|
|
func (pm *profileManager) dlogf(format string, args ...any) {
|
|
|
|
if !debug() {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
pm.logf(format, args...)
|
|
|
|
}
|
|
|
|
|
2023-08-04 14:55:59 +00:00
|
|
|
func (pm *profileManager) WriteState(id ipn.StateKey, val []byte) error {
|
|
|
|
return ipn.WriteState(pm.store, id, val)
|
|
|
|
}
|
|
|
|
|
2022-11-25 14:11:06 +00:00
|
|
|
// CurrentUserID returns the current user ID. It is only non-empty on
|
2022-11-09 05:58:10 +00:00
|
|
|
// Windows where we have a multi-user system.
|
2022-11-27 17:04:00 +00:00
|
|
|
func (pm *profileManager) CurrentUserID() ipn.WindowsUserID {
|
2022-11-09 05:58:10 +00:00
|
|
|
return pm.currentUserID
|
|
|
|
}
|
|
|
|
|
2022-11-25 14:11:06 +00:00
|
|
|
// SetCurrentUserID sets the current user ID. The uid is only non-empty
|
2022-11-09 05:58:10 +00:00
|
|
|
// on Windows where we have a multi-user system.
|
2022-11-27 17:04:00 +00:00
|
|
|
func (pm *profileManager) SetCurrentUserID(uid ipn.WindowsUserID) error {
|
2022-11-09 05:58:10 +00:00
|
|
|
if pm.currentUserID == uid {
|
|
|
|
return nil
|
|
|
|
}
|
2022-11-22 13:34:28 +00:00
|
|
|
prev := pm.currentUserID
|
2022-11-22 07:02:16 +00:00
|
|
|
pm.currentUserID = uid
|
2022-11-22 13:34:28 +00:00
|
|
|
if uid == "" && prev != "" {
|
|
|
|
// This is a local user logout, or app shutdown.
|
|
|
|
// Clear the current profile.
|
|
|
|
pm.NewProfile()
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Read the CurrentProfileKey from the store which stores
|
|
|
|
// the selected profile for the current user.
|
2022-11-27 17:04:00 +00:00
|
|
|
b, err := pm.store.ReadState(ipn.CurrentProfileKey(string(uid)))
|
2023-05-30 16:25:27 +00:00
|
|
|
pm.dlogf("SetCurrentUserID: ReadState(%q) = %v, %v", string(uid), len(b), err)
|
2022-11-22 13:34:28 +00:00
|
|
|
if err == ipn.ErrStateNotExist || len(b) == 0 {
|
2023-03-29 19:18:20 +00:00
|
|
|
if runtime.GOOS == "windows" {
|
2023-05-30 16:25:27 +00:00
|
|
|
pm.dlogf("SetCurrentUserID: windows: migrating from legacy preferences")
|
2023-04-14 23:13:06 +00:00
|
|
|
if err := pm.migrateFromLegacyPrefs(); err != nil && !errors.Is(err, errAlreadyMigrated) {
|
2023-03-29 19:18:20 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
pm.NewProfile()
|
|
|
|
}
|
2022-11-22 13:34:28 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Now attempt to load the profile using the key we just read.
|
|
|
|
pk := ipn.StateKey(string(b))
|
|
|
|
prof := pm.findProfileByKey(pk)
|
|
|
|
if prof == nil {
|
2023-05-30 16:25:27 +00:00
|
|
|
pm.dlogf("SetCurrentUserID: no profile found for key: %q", pk)
|
2022-11-22 13:34:28 +00:00
|
|
|
pm.NewProfile()
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
prefs, err := pm.loadSavedPrefs(pk)
|
|
|
|
if err != nil {
|
2022-11-09 05:58:10 +00:00
|
|
|
pm.NewProfile()
|
|
|
|
return err
|
|
|
|
}
|
2022-11-22 13:34:28 +00:00
|
|
|
pm.currentProfile = prof
|
|
|
|
pm.prefs = prefs
|
2024-05-01 20:54:56 +00:00
|
|
|
pm.updateHealth()
|
2022-11-09 05:58:10 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2023-08-04 19:22:33 +00:00
|
|
|
// allProfiles returns all profiles that belong to the currentUserID.
|
|
|
|
// The returned profiles are sorted by Name.
|
|
|
|
func (pm *profileManager) allProfiles() (out []*ipn.LoginProfile) {
|
2022-11-17 14:05:02 +00:00
|
|
|
for _, p := range pm.knownProfiles {
|
2023-08-04 19:22:33 +00:00
|
|
|
if p.LocalUserID == pm.currentUserID {
|
2022-11-17 14:05:02 +00:00
|
|
|
out = append(out, p)
|
|
|
|
}
|
|
|
|
}
|
2023-08-04 19:22:33 +00:00
|
|
|
slices.SortFunc(out, func(a, b *ipn.LoginProfile) int {
|
2023-12-18 22:43:01 +00:00
|
|
|
return cmp.Compare(a.Name, b.Name)
|
2023-08-04 19:22:33 +00:00
|
|
|
})
|
2022-11-17 14:05:02 +00:00
|
|
|
return out
|
|
|
|
}
|
|
|
|
|
2023-08-04 19:22:33 +00:00
|
|
|
// matchingProfiles returns all profiles that match the given predicate and
|
|
|
|
// belong to the currentUserID.
|
|
|
|
// The returned profiles are sorted by Name.
|
|
|
|
func (pm *profileManager) matchingProfiles(f func(*ipn.LoginProfile) bool) (out []*ipn.LoginProfile) {
|
|
|
|
all := pm.allProfiles()
|
|
|
|
out = all[:0]
|
|
|
|
for _, p := range all {
|
|
|
|
if f(p) {
|
|
|
|
out = append(out, p)
|
|
|
|
}
|
2022-11-22 07:02:16 +00:00
|
|
|
}
|
2023-08-04 19:22:33 +00:00
|
|
|
return out
|
2022-11-22 07:02:16 +00:00
|
|
|
}
|
|
|
|
|
2023-08-04 19:22:33 +00:00
|
|
|
// findMatchinProfiles returns all profiles that represent the same node/user as
|
|
|
|
// prefs.
|
|
|
|
// The returned profiles are sorted by Name.
|
|
|
|
func (pm *profileManager) findMatchingProfiles(prefs *ipn.Prefs) []*ipn.LoginProfile {
|
2022-11-22 07:02:16 +00:00
|
|
|
return pm.matchingProfiles(func(p *ipn.LoginProfile) bool {
|
2023-08-04 19:22:33 +00:00
|
|
|
return p.ControlURL == prefs.ControlURL &&
|
|
|
|
(p.UserProfile.ID == prefs.Persist.UserProfile.ID ||
|
|
|
|
p.NodeID == prefs.Persist.NodeID)
|
2022-11-22 07:02:16 +00:00
|
|
|
})
|
2022-11-16 11:17:36 +00:00
|
|
|
}
|
|
|
|
|
2022-11-18 09:36:45 +00:00
|
|
|
// ProfileIDForName returns the profile ID for the profile with the
|
|
|
|
// given name. It returns "" if no such profile exists.
|
|
|
|
func (pm *profileManager) ProfileIDForName(name string) ipn.ProfileID {
|
|
|
|
p := pm.findProfileByName(name)
|
|
|
|
if p == nil {
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
return p.ID
|
|
|
|
}
|
|
|
|
|
2022-11-09 05:58:10 +00:00
|
|
|
func (pm *profileManager) findProfileByName(name string) *ipn.LoginProfile {
|
2022-11-22 07:02:16 +00:00
|
|
|
out := pm.matchingProfiles(func(p *ipn.LoginProfile) bool {
|
|
|
|
return p.Name == name
|
|
|
|
})
|
|
|
|
if len(out) == 0 {
|
|
|
|
return nil
|
2022-11-09 05:58:10 +00:00
|
|
|
}
|
2022-11-22 07:02:16 +00:00
|
|
|
if len(out) > 1 {
|
|
|
|
pm.logf("[unxpected] multiple profiles with the same name")
|
|
|
|
}
|
|
|
|
return out[0]
|
2022-11-09 05:58:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (pm *profileManager) findProfileByKey(key ipn.StateKey) *ipn.LoginProfile {
|
2022-11-22 07:02:16 +00:00
|
|
|
out := pm.matchingProfiles(func(p *ipn.LoginProfile) bool {
|
|
|
|
return p.Key == key
|
|
|
|
})
|
|
|
|
if len(out) == 0 {
|
|
|
|
return nil
|
2022-11-09 05:58:10 +00:00
|
|
|
}
|
2022-11-22 07:02:16 +00:00
|
|
|
if len(out) > 1 {
|
|
|
|
pm.logf("[unxpected] multiple profiles with the same key")
|
|
|
|
}
|
|
|
|
return out[0]
|
2022-11-09 05:58:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (pm *profileManager) setUnattendedModeAsConfigured() error {
|
|
|
|
if pm.currentUserID == "" {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
if pm.prefs.ForceDaemon() {
|
2023-08-04 14:55:59 +00:00
|
|
|
return pm.WriteState(ipn.ServerModeStartKey, []byte(pm.currentProfile.Key))
|
2022-11-09 05:58:10 +00:00
|
|
|
} else {
|
2023-08-04 14:55:59 +00:00
|
|
|
return pm.WriteState(ipn.ServerModeStartKey, nil)
|
2022-11-09 05:58:10 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Reset unloads the current profile, if any.
|
|
|
|
func (pm *profileManager) Reset() {
|
|
|
|
pm.currentUserID = ""
|
|
|
|
pm.NewProfile()
|
|
|
|
}
|
|
|
|
|
|
|
|
// SetPrefs sets the current profile's prefs to the provided value.
|
|
|
|
// It also saves the prefs to the StateStore. It stores a copy of the
|
|
|
|
// provided prefs, which may be accessed via CurrentPrefs.
|
2023-09-08 16:04:54 +00:00
|
|
|
//
|
2023-11-17 02:40:23 +00:00
|
|
|
// NetworkProfile stores additional information about the tailnet the user
|
|
|
|
// is logged into so that we can keep track of things like their domain name
|
|
|
|
// across user switches to disambiguate the same account but a different tailnet.
|
|
|
|
func (pm *profileManager) SetPrefs(prefsIn ipn.PrefsView, np ipn.NetworkProfile) error {
|
2023-08-04 19:22:33 +00:00
|
|
|
prefs := prefsIn.AsStruct()
|
|
|
|
newPersist := prefs.Persist
|
2023-08-04 00:38:28 +00:00
|
|
|
if newPersist == nil || newPersist.NodeID == "" || newPersist.UserProfile.LoginName == "" {
|
2023-08-04 19:22:33 +00:00
|
|
|
// We don't know anything about this profile, so ignore it for now.
|
|
|
|
return pm.setPrefsLocked(prefs.View())
|
2022-11-09 05:58:10 +00:00
|
|
|
}
|
2022-11-17 14:05:02 +00:00
|
|
|
up := newPersist.UserProfile
|
2022-11-09 05:58:10 +00:00
|
|
|
if up.DisplayName == "" {
|
|
|
|
up.DisplayName = up.LoginName
|
|
|
|
}
|
|
|
|
cp := pm.currentProfile
|
2023-08-04 19:22:33 +00:00
|
|
|
// Check if we already have an existing profile that matches the user/node.
|
|
|
|
if existing := pm.findMatchingProfiles(prefs); len(existing) > 0 {
|
|
|
|
// We already have a profile for this user/node we should reuse it. Also
|
|
|
|
// cleanup any other duplicate profiles.
|
|
|
|
cp = existing[0]
|
|
|
|
existing = existing[1:]
|
|
|
|
for _, p := range existing {
|
|
|
|
// Clear the state.
|
|
|
|
if err := pm.store.WriteState(p.Key, nil); err != nil {
|
|
|
|
// We couldn't delete the state, so keep the profile around.
|
|
|
|
continue
|
2022-11-17 14:05:02 +00:00
|
|
|
}
|
2023-08-04 19:22:33 +00:00
|
|
|
// Remove the profile, knownProfiles will be persisted below.
|
|
|
|
delete(pm.knownProfiles, p.ID)
|
2022-11-16 11:17:36 +00:00
|
|
|
}
|
2023-08-04 19:22:33 +00:00
|
|
|
} else if cp.ID == "" {
|
|
|
|
// We didn't have an existing profile, so create a new one.
|
|
|
|
cp.ID, cp.Key = newUnusedID(pm.knownProfiles)
|
2022-11-09 05:58:10 +00:00
|
|
|
cp.LocalUserID = pm.currentUserID
|
2023-08-04 19:22:33 +00:00
|
|
|
} else {
|
|
|
|
// This means that there was a force-reauth as a new node that
|
|
|
|
// we haven't seen before.
|
2022-11-16 13:14:02 +00:00
|
|
|
}
|
2023-08-04 19:22:33 +00:00
|
|
|
|
|
|
|
if prefs.ProfileName != "" {
|
|
|
|
cp.Name = prefs.ProfileName
|
2022-11-18 09:42:32 +00:00
|
|
|
} else {
|
|
|
|
cp.Name = up.LoginName
|
|
|
|
}
|
2023-08-04 19:22:33 +00:00
|
|
|
cp.ControlURL = prefs.ControlURL
|
2022-11-17 14:05:02 +00:00
|
|
|
cp.UserProfile = newPersist.UserProfile
|
|
|
|
cp.NodeID = newPersist.NodeID
|
2023-11-17 02:40:23 +00:00
|
|
|
cp.NetworkProfile = np
|
2022-11-09 05:58:10 +00:00
|
|
|
pm.knownProfiles[cp.ID] = cp
|
2022-11-16 11:17:36 +00:00
|
|
|
pm.currentProfile = cp
|
2022-11-09 05:58:10 +00:00
|
|
|
if err := pm.writeKnownProfiles(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if err := pm.setAsUserSelectedProfileLocked(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2023-08-04 19:22:33 +00:00
|
|
|
if err := pm.setPrefsLocked(prefs.View()); err != nil {
|
2022-11-09 05:58:10 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func newUnusedID(knownProfiles map[ipn.ProfileID]*ipn.LoginProfile) (ipn.ProfileID, ipn.StateKey) {
|
|
|
|
var idb [2]byte
|
|
|
|
for {
|
|
|
|
rand.Read(idb[:])
|
|
|
|
id := ipn.ProfileID(fmt.Sprintf("%x", idb))
|
|
|
|
if _, ok := knownProfiles[id]; ok {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
return id, ipn.StateKey("profile-" + id)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// setPrefsLocked sets the current profile's prefs to the provided value.
|
|
|
|
// It also saves the prefs to the StateStore, if the current profile
|
|
|
|
// is not new.
|
|
|
|
func (pm *profileManager) setPrefsLocked(clonedPrefs ipn.PrefsView) error {
|
|
|
|
pm.prefs = clonedPrefs
|
2024-05-01 20:54:56 +00:00
|
|
|
pm.updateHealth()
|
2023-08-04 19:22:33 +00:00
|
|
|
if pm.currentProfile.ID == "" {
|
2022-11-09 05:58:10 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
if err := pm.writePrefsToStore(pm.currentProfile.Key, pm.prefs); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return pm.setUnattendedModeAsConfigured()
|
|
|
|
}
|
|
|
|
|
|
|
|
func (pm *profileManager) writePrefsToStore(key ipn.StateKey, prefs ipn.PrefsView) error {
|
|
|
|
if key == "" {
|
|
|
|
return nil
|
|
|
|
}
|
2023-08-04 14:55:59 +00:00
|
|
|
if err := pm.WriteState(key, prefs.ToBytes()); err != nil {
|
2022-11-09 05:58:10 +00:00
|
|
|
pm.logf("WriteState(%q): %v", key, err)
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Profiles returns the list of known profiles.
|
|
|
|
func (pm *profileManager) Profiles() []ipn.LoginProfile {
|
2023-08-04 19:22:33 +00:00
|
|
|
allProfiles := pm.allProfiles()
|
|
|
|
out := make([]ipn.LoginProfile, 0, len(allProfiles))
|
|
|
|
for _, p := range allProfiles {
|
2022-11-22 07:02:16 +00:00
|
|
|
out = append(out, *p)
|
|
|
|
}
|
|
|
|
return out
|
2022-11-09 05:58:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// SwitchProfile switches to the profile with the given id.
|
|
|
|
// If the profile is not known, it returns an errProfileNotFound.
|
|
|
|
func (pm *profileManager) SwitchProfile(id ipn.ProfileID) error {
|
2022-11-15 22:41:36 +00:00
|
|
|
metricSwitchProfile.Add(1)
|
|
|
|
|
2022-11-09 05:58:10 +00:00
|
|
|
kp, ok := pm.knownProfiles[id]
|
|
|
|
if !ok {
|
|
|
|
return errProfileNotFound
|
|
|
|
}
|
|
|
|
|
|
|
|
if pm.currentProfile != nil && kp.ID == pm.currentProfile.ID && pm.prefs.Valid() {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
if kp.LocalUserID != pm.currentUserID {
|
|
|
|
return fmt.Errorf("profile %q is not owned by current user", id)
|
|
|
|
}
|
|
|
|
prefs, err := pm.loadSavedPrefs(kp.Key)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
pm.prefs = prefs
|
2024-05-01 20:54:56 +00:00
|
|
|
pm.updateHealth()
|
2022-11-09 05:58:10 +00:00
|
|
|
pm.currentProfile = kp
|
|
|
|
return pm.setAsUserSelectedProfileLocked()
|
|
|
|
}
|
|
|
|
|
|
|
|
func (pm *profileManager) setAsUserSelectedProfileLocked() error {
|
2022-11-27 17:04:00 +00:00
|
|
|
k := ipn.CurrentProfileKey(string(pm.currentUserID))
|
2023-08-04 14:55:59 +00:00
|
|
|
return pm.WriteState(k, []byte(pm.currentProfile.Key))
|
2022-11-09 05:58:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (pm *profileManager) loadSavedPrefs(key ipn.StateKey) (ipn.PrefsView, error) {
|
|
|
|
bs, err := pm.store.ReadState(key)
|
2022-11-22 13:34:28 +00:00
|
|
|
if err == ipn.ErrStateNotExist || len(bs) == 0 {
|
2023-01-04 17:34:31 +00:00
|
|
|
return defaultPrefs, nil
|
2022-11-22 13:34:28 +00:00
|
|
|
}
|
2022-11-09 05:58:10 +00:00
|
|
|
if err != nil {
|
|
|
|
return ipn.PrefsView{}, err
|
|
|
|
}
|
2024-05-07 17:28:22 +00:00
|
|
|
savedPrefs := ipn.NewPrefs()
|
|
|
|
// NewPrefs sets a default NoStatefulFiltering, but we want to actually see
|
|
|
|
// if the saved state had an empty value. The empty value gets migrated
|
|
|
|
// based on NoSNAT, while a default "false" does not.
|
|
|
|
savedPrefs.NoStatefulFiltering = ""
|
|
|
|
if err := ipn.PrefsFromBytes(bs, savedPrefs); err != nil {
|
|
|
|
return ipn.PrefsView{}, fmt.Errorf("parsing saved prefs: %v", err)
|
2022-11-09 05:58:10 +00:00
|
|
|
}
|
|
|
|
pm.logf("using backend prefs for %q: %v", key, savedPrefs.Pretty())
|
|
|
|
|
|
|
|
// Ignore any old stored preferences for https://login.tailscale.com
|
|
|
|
// as the control server that would override the new default of
|
|
|
|
// controlplane.tailscale.com.
|
|
|
|
if savedPrefs.ControlURL != "" &&
|
|
|
|
savedPrefs.ControlURL != ipn.DefaultControlURL &&
|
|
|
|
ipn.IsLoginServerSynonym(savedPrefs.ControlURL) {
|
|
|
|
savedPrefs.ControlURL = ""
|
|
|
|
}
|
2024-04-22 22:55:25 +00:00
|
|
|
// Before
|
|
|
|
// https://github.com/tailscale/tailscale/pull/11814/commits/1613b18f8280c2bce786980532d012c9f0454fa2#diff-314ba0d799f70c8998940903efb541e511f352b39a9eeeae8d475c921d66c2ac
|
|
|
|
// prefs could set AutoUpdate.Apply=true via EditPrefs or tailnet
|
|
|
|
// auto-update defaults. After that change, such value is "invalid" and
|
2024-05-06 22:22:17 +00:00
|
|
|
// cause any EditPrefs calls to fail (other than disabling auto-updates).
|
2024-04-22 22:55:25 +00:00
|
|
|
//
|
|
|
|
// Reset AutoUpdate.Apply if we detect such invalid prefs.
|
|
|
|
if savedPrefs.AutoUpdate.Apply.EqualBool(true) && !clientupdate.CanAutoUpdate() {
|
|
|
|
savedPrefs.AutoUpdate.Apply.Clear()
|
|
|
|
}
|
2024-05-06 22:22:17 +00:00
|
|
|
|
|
|
|
// Backfill a missing NoStatefulFiltering field based on the value of
|
|
|
|
// the NoSNAT field; we want to apply stateful filtering in all cases
|
|
|
|
// *except* where the user has disabled SNAT.
|
|
|
|
//
|
|
|
|
// Only backfill if the user hasn't set a value for
|
|
|
|
// NoStatefulFiltering, however.
|
|
|
|
_, haveNoStateful := savedPrefs.NoStatefulFiltering.Get()
|
|
|
|
if !haveNoStateful {
|
|
|
|
if savedPrefs.NoSNAT {
|
|
|
|
pm.logf("backfilling NoStatefulFiltering field to true because NoSNAT is set")
|
|
|
|
|
|
|
|
// No SNAT: no stateful filtering
|
|
|
|
savedPrefs.NoStatefulFiltering.Set(true)
|
|
|
|
} else {
|
|
|
|
pm.logf("backfilling NoStatefulFiltering field to false because NoSNAT is not set")
|
|
|
|
|
|
|
|
// SNAT (default): apply stateful filtering
|
|
|
|
savedPrefs.NoStatefulFiltering.Set(false)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Write back to the preferences store now that we've updated it.
|
|
|
|
if err := pm.writePrefsToStore(key, savedPrefs.View()); err != nil {
|
|
|
|
return ipn.PrefsView{}, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-11-09 05:58:10 +00:00
|
|
|
return savedPrefs.View(), nil
|
|
|
|
}
|
|
|
|
|
2022-11-14 12:29:49 +00:00
|
|
|
// CurrentProfile returns the current LoginProfile.
|
|
|
|
// The value may be zero if the profile is not persisted.
|
2022-11-09 05:58:10 +00:00
|
|
|
func (pm *profileManager) CurrentProfile() ipn.LoginProfile {
|
|
|
|
return *pm.currentProfile
|
|
|
|
}
|
|
|
|
|
|
|
|
// errProfileNotFound is returned by methods that accept a ProfileID.
|
|
|
|
var errProfileNotFound = errors.New("profile not found")
|
|
|
|
|
|
|
|
// DeleteProfile removes the profile with the given id. It returns
|
|
|
|
// errProfileNotFound if the profile does not exist.
|
|
|
|
// If the profile is the current profile, it is the equivalent of
|
|
|
|
// calling NewProfile() followed by DeleteProfile(id). This is
|
|
|
|
// useful for deleting the last profile. In other cases, it is
|
|
|
|
// recommended to call SwitchProfile() first.
|
|
|
|
func (pm *profileManager) DeleteProfile(id ipn.ProfileID) error {
|
2022-11-15 22:41:36 +00:00
|
|
|
metricDeleteProfile.Add(1)
|
|
|
|
|
2023-08-04 19:22:33 +00:00
|
|
|
if id == "" {
|
2022-11-12 12:39:29 +00:00
|
|
|
// Deleting the in-memory only new profile, just create a new one.
|
|
|
|
pm.NewProfile()
|
|
|
|
return nil
|
|
|
|
}
|
2022-11-09 05:58:10 +00:00
|
|
|
kp, ok := pm.knownProfiles[id]
|
|
|
|
if !ok {
|
|
|
|
return errProfileNotFound
|
|
|
|
}
|
|
|
|
if kp.ID == pm.currentProfile.ID {
|
|
|
|
pm.NewProfile()
|
|
|
|
}
|
2023-08-04 14:55:59 +00:00
|
|
|
if err := pm.WriteState(kp.Key, nil); err != nil {
|
2022-11-09 05:58:10 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
delete(pm.knownProfiles, id)
|
|
|
|
return pm.writeKnownProfiles()
|
|
|
|
}
|
|
|
|
|
2023-01-27 23:41:03 +00:00
|
|
|
// DeleteAllProfiles removes all known profiles and switches to a new empty
|
|
|
|
// profile.
|
|
|
|
func (pm *profileManager) DeleteAllProfiles() error {
|
|
|
|
metricDeleteAllProfile.Add(1)
|
|
|
|
|
|
|
|
for _, kp := range pm.knownProfiles {
|
2023-08-04 14:55:59 +00:00
|
|
|
if err := pm.WriteState(kp.Key, nil); err != nil {
|
2023-01-27 23:41:03 +00:00
|
|
|
// Write to remove references to profiles we've already deleted, but
|
|
|
|
// return the original error.
|
|
|
|
pm.writeKnownProfiles()
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
delete(pm.knownProfiles, kp.ID)
|
|
|
|
}
|
|
|
|
pm.NewProfile()
|
|
|
|
return pm.writeKnownProfiles()
|
|
|
|
}
|
|
|
|
|
2022-11-09 05:58:10 +00:00
|
|
|
func (pm *profileManager) writeKnownProfiles() error {
|
|
|
|
b, err := json.Marshal(pm.knownProfiles)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2023-08-04 14:55:59 +00:00
|
|
|
return pm.WriteState(ipn.KnownProfilesStateKey, b)
|
2022-11-09 05:58:10 +00:00
|
|
|
}
|
|
|
|
|
2024-05-01 20:54:56 +00:00
|
|
|
func (pm *profileManager) updateHealth() {
|
|
|
|
if !pm.prefs.Valid() {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
pm.health.SetCheckForUpdates(pm.prefs.AutoUpdate().Check)
|
|
|
|
}
|
|
|
|
|
2022-11-09 05:58:10 +00:00
|
|
|
// NewProfile creates and switches to a new unnamed profile. The new profile is
|
|
|
|
// not persisted until SetPrefs is called with a logged-in user.
|
|
|
|
func (pm *profileManager) NewProfile() {
|
2022-11-15 22:41:36 +00:00
|
|
|
metricNewProfile.Add(1)
|
|
|
|
|
2023-01-04 17:34:31 +00:00
|
|
|
pm.prefs = defaultPrefs
|
2024-05-01 20:54:56 +00:00
|
|
|
pm.updateHealth()
|
2022-11-09 05:58:10 +00:00
|
|
|
pm.currentProfile = &ipn.LoginProfile{}
|
|
|
|
}
|
|
|
|
|
2023-11-01 21:20:25 +00:00
|
|
|
// defaultPrefs is the default prefs for a new profile. This initializes before
|
|
|
|
// even this package's init() so do not rely on other parts of the system being
|
|
|
|
// fully initialized here (for example, syspolicy will not be available on
|
|
|
|
// Apple platforms).
|
2023-01-04 17:34:31 +00:00
|
|
|
var defaultPrefs = func() ipn.PrefsView {
|
2022-11-09 05:58:10 +00:00
|
|
|
prefs := ipn.NewPrefs()
|
2023-09-01 00:44:13 +00:00
|
|
|
prefs.LoggedOut = true
|
2022-11-09 05:58:10 +00:00
|
|
|
prefs.WantRunning = false
|
2023-01-04 17:34:31 +00:00
|
|
|
|
2022-11-09 05:58:10 +00:00
|
|
|
return prefs.View()
|
|
|
|
}()
|
|
|
|
|
|
|
|
// Store returns the StateStore used by the ProfileManager.
|
|
|
|
func (pm *profileManager) Store() ipn.StateStore {
|
|
|
|
return pm.store
|
|
|
|
}
|
|
|
|
|
|
|
|
// CurrentPrefs returns a read-only view of the current prefs.
|
2022-11-25 14:50:15 +00:00
|
|
|
// The returned view is always valid.
|
2022-11-09 05:58:10 +00:00
|
|
|
func (pm *profileManager) CurrentPrefs() ipn.PrefsView {
|
|
|
|
return pm.prefs
|
|
|
|
}
|
|
|
|
|
|
|
|
// ReadStartupPrefsForTest reads the startup prefs from disk. It is only used for testing.
|
|
|
|
func ReadStartupPrefsForTest(logf logger.Logf, store ipn.StateStore) (ipn.PrefsView, error) {
|
2024-05-03 14:59:22 +00:00
|
|
|
ht := new(health.Tracker) // in tests, don't care about the health status
|
|
|
|
pm, err := newProfileManager(store, logf, ht)
|
2022-11-09 05:58:10 +00:00
|
|
|
if err != nil {
|
|
|
|
return ipn.PrefsView{}, err
|
|
|
|
}
|
|
|
|
return pm.CurrentPrefs(), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// newProfileManager creates a new ProfileManager using the provided StateStore.
|
|
|
|
// It also loads the list of known profiles from the StateStore.
|
2024-05-03 14:59:22 +00:00
|
|
|
func newProfileManager(store ipn.StateStore, logf logger.Logf, health *health.Tracker) (*profileManager, error) {
|
|
|
|
return newProfileManagerWithGOOS(store, logf, health, envknob.GOOS())
|
2022-11-09 05:58:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func readAutoStartKey(store ipn.StateStore, goos string) (ipn.StateKey, error) {
|
|
|
|
startKey := ipn.CurrentProfileStateKey
|
|
|
|
if goos == "windows" {
|
|
|
|
// When tailscaled runs on Windows it is not typically run unattended.
|
|
|
|
// So we can't use the profile mechanism to load the profile at startup.
|
|
|
|
startKey = ipn.ServerModeStartKey
|
|
|
|
}
|
|
|
|
autoStartKey, err := store.ReadState(startKey)
|
|
|
|
if err != nil && err != ipn.ErrStateNotExist {
|
|
|
|
return "", fmt.Errorf("calling ReadState on state store: %w", err)
|
|
|
|
}
|
|
|
|
return ipn.StateKey(autoStartKey), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func readKnownProfiles(store ipn.StateStore) (map[ipn.ProfileID]*ipn.LoginProfile, error) {
|
|
|
|
var knownProfiles map[ipn.ProfileID]*ipn.LoginProfile
|
|
|
|
prfB, err := store.ReadState(ipn.KnownProfilesStateKey)
|
|
|
|
switch err {
|
|
|
|
case nil:
|
|
|
|
if err := json.Unmarshal(prfB, &knownProfiles); err != nil {
|
|
|
|
return nil, fmt.Errorf("unmarshaling known profiles: %w", err)
|
|
|
|
}
|
|
|
|
case ipn.ErrStateNotExist:
|
|
|
|
knownProfiles = make(map[ipn.ProfileID]*ipn.LoginProfile)
|
|
|
|
default:
|
|
|
|
return nil, fmt.Errorf("calling ReadState on state store: %w", err)
|
|
|
|
}
|
|
|
|
return knownProfiles, nil
|
|
|
|
}
|
|
|
|
|
2024-05-03 14:59:22 +00:00
|
|
|
func newProfileManagerWithGOOS(store ipn.StateStore, logf logger.Logf, ht *health.Tracker, goos string) (*profileManager, error) {
|
2022-11-22 07:02:16 +00:00
|
|
|
logf = logger.WithPrefix(logf, "pm: ")
|
2023-01-31 01:28:13 +00:00
|
|
|
stateKey, err := readAutoStartKey(store, goos)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
2022-11-09 05:58:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
knownProfiles, err := readKnownProfiles(store)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
pm := &profileManager{
|
|
|
|
store: store,
|
|
|
|
knownProfiles: knownProfiles,
|
|
|
|
logf: logf,
|
2024-05-03 14:59:22 +00:00
|
|
|
health: ht,
|
2022-11-09 05:58:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if stateKey != "" {
|
|
|
|
for _, v := range knownProfiles {
|
|
|
|
if v.Key == stateKey {
|
|
|
|
pm.currentProfile = v
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if pm.currentProfile == nil {
|
2023-02-01 21:43:06 +00:00
|
|
|
if suf, ok := strings.CutPrefix(string(stateKey), "user-"); ok {
|
2022-11-27 17:04:00 +00:00
|
|
|
pm.currentUserID = ipn.WindowsUserID(suf)
|
2022-11-09 05:58:10 +00:00
|
|
|
}
|
|
|
|
pm.NewProfile()
|
|
|
|
} else {
|
|
|
|
pm.currentUserID = pm.currentProfile.LocalUserID
|
|
|
|
}
|
|
|
|
prefs, err := pm.loadSavedPrefs(stateKey)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if err := pm.setPrefsLocked(prefs); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2023-04-14 23:13:06 +00:00
|
|
|
// Most platform behavior is controlled by the goos parameter, however
|
|
|
|
// some behavior is implied by build tag and fails when run on Windows,
|
|
|
|
// so we explicitly avoid that behavior when running on Windows.
|
|
|
|
// Specifically this reaches down into legacy preference loading that is
|
|
|
|
// specialized by profiles_windows.go and fails in tests on an invalid
|
|
|
|
// uid passed in from the unix tests. The uid's used for Windows tests
|
|
|
|
// and runtime must be valid Windows security identifier structures.
|
|
|
|
} else if len(knownProfiles) == 0 && goos != "windows" && runtime.GOOS != "windows" {
|
2022-11-09 05:58:10 +00:00
|
|
|
// No known profiles, try a migration.
|
2023-05-30 16:25:27 +00:00
|
|
|
pm.dlogf("no known profiles; trying to migrate from legacy prefs")
|
2022-11-09 05:58:10 +00:00
|
|
|
if err := pm.migrateFromLegacyPrefs(); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
pm.NewProfile()
|
|
|
|
}
|
|
|
|
|
|
|
|
return pm, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (pm *profileManager) migrateFromLegacyPrefs() error {
|
2022-11-15 22:41:36 +00:00
|
|
|
metricMigration.Add(1)
|
2022-11-09 05:58:10 +00:00
|
|
|
pm.NewProfile()
|
2023-03-29 19:18:20 +00:00
|
|
|
sentinel, prefs, err := pm.loadLegacyPrefs()
|
2022-11-09 05:58:10 +00:00
|
|
|
if err != nil {
|
2022-11-15 22:41:36 +00:00
|
|
|
metricMigrationError.Add(1)
|
2023-04-14 23:13:06 +00:00
|
|
|
return fmt.Errorf("load legacy prefs: %w", err)
|
2022-11-09 05:58:10 +00:00
|
|
|
}
|
2023-05-30 16:25:27 +00:00
|
|
|
pm.dlogf("loaded legacy preferences; sentinel=%q", sentinel)
|
2023-11-17 02:40:23 +00:00
|
|
|
if err := pm.SetPrefs(prefs, ipn.NetworkProfile{}); err != nil {
|
2022-11-15 22:41:36 +00:00
|
|
|
metricMigrationError.Add(1)
|
2022-11-09 05:58:10 +00:00
|
|
|
return fmt.Errorf("migrating _daemon profile: %w", err)
|
|
|
|
}
|
2023-03-29 19:18:20 +00:00
|
|
|
pm.completeMigration(sentinel)
|
2023-05-30 16:25:27 +00:00
|
|
|
pm.dlogf("completed legacy preferences migration with sentinel=%q", sentinel)
|
2022-11-15 22:41:36 +00:00
|
|
|
metricMigrationSuccess.Add(1)
|
2022-11-09 05:58:10 +00:00
|
|
|
return nil
|
|
|
|
}
|
2022-11-15 22:41:36 +00:00
|
|
|
|
2023-11-17 02:40:23 +00:00
|
|
|
func (pm *profileManager) requiresBackfill() bool {
|
|
|
|
return pm != nil &&
|
|
|
|
pm.currentProfile != nil &&
|
|
|
|
pm.currentProfile.NetworkProfile.RequiresBackfill()
|
|
|
|
}
|
|
|
|
|
2022-11-15 22:41:36 +00:00
|
|
|
var (
|
2023-01-27 23:41:03 +00:00
|
|
|
metricNewProfile = clientmetric.NewCounter("profiles_new")
|
|
|
|
metricSwitchProfile = clientmetric.NewCounter("profiles_switch")
|
|
|
|
metricDeleteProfile = clientmetric.NewCounter("profiles_delete")
|
|
|
|
metricDeleteAllProfile = clientmetric.NewCounter("profiles_delete_all")
|
2022-11-15 22:41:36 +00:00
|
|
|
|
|
|
|
metricMigration = clientmetric.NewCounter("profiles_migration")
|
|
|
|
metricMigrationError = clientmetric.NewCounter("profiles_migration_error")
|
|
|
|
metricMigrationSuccess = clientmetric.NewCounter("profiles_migration_success")
|
|
|
|
)
|