ipn/ipnlocal: add new DNS and subnet router policies

In addition to the new policy keys for the new options, some already-in-use but missing policy keys are also being added to util/syspolicy. Updates ENG-2133 Change-Id: Iad08ca47f839ea6a65f81b76b4f9ef21183ebdc6 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>
2025-08-11 21:27:31 +00:00 · 2023-09-29 16:14:01 -04:00
parent f5a7551382
commit 32194cdc70
3 changed files with 24 additions and 3 deletions
--- a/ipn/ipnlocal/profiles.go
+++ b/ipn/ipnlocal/profiles.go
@@ -19,6 +19,7 @@ import (
 	"tailscale.com/types/logger"
 	"tailscale.com/util/clientmetric"
 	"tailscale.com/util/cmpx"
+	"tailscale.com/util/syspolicy"
 	"tailscale.com/util/winutil"
 )

@@ -463,6 +464,10 @@ var defaultPrefs = func() ipn.PrefsView {
 	prefs.ShieldsUp = shieldsUp == "never"
 	forceDaemon, _ := winutil.GetPolicyString("UnattendedMode")
 	prefs.ForceDaemon = forceDaemon == "always"
+	corpDNS, _ := syspolicy.GetPreferenceOption(syspolicy.EnableTailscaleDNS)
+	prefs.CorpDNS = corpDNS.ShouldEnable(false)
+	routeAll, _ := syspolicy.GetPreferenceOption(syspolicy.EnableTailscaleSubnets)
+	prefs.RouteAll = routeAll.ShouldEnable(false)

 	return prefs.View()
 }()
--- a/ipn/ipnlocal/profiles_windows.go
+++ b/ipn/ipnlocal/profiles_windows.go
@@ -13,6 +13,7 @@ import (

 	"tailscale.com/atomicfile"
 	"tailscale.com/ipn"
+	"tailscale.com/util/syspolicy"
 	"tailscale.com/util/winutil/policy"
 )

@@ -70,6 +71,8 @@ func (pm *profileManager) loadLegacyPrefs() (string, ipn.PrefsView, error) {
 	prefs.ExitNodeIP = resolveExitNodeIP(prefs.ExitNodeIP)
 	prefs.ShieldsUp = resolveShieldsUp(prefs.ShieldsUp)
 	prefs.ForceDaemon = resolveForceDaemon(prefs.ForceDaemon)
+	prefs.CorpDNS, _ = resolveOptionPolicy(syspolicy.EnableTailscaleDNS, prefs.CorpDNS)
+	prefs.RouteAll, _ = resolveOptionPolicy(syspolicy.EnableTailscaleSubnets, prefs.RouteAll)

 	pm.logf("migrating Windows profile to new format")
 	return migrationSentinel, prefs.View(), nil
@@ -88,3 +91,11 @@ func resolveForceDaemon(defval bool) bool {
 	pol := policy.GetPreferenceOptionPolicy("UnattendedMode")
 	return pol.ShouldEnable(defval)
 }
+
+func resolveOptionPolicy(key syspolicy.Key, defval bool) (bool, error) {
+	pol, err := syspolicy.GetPreferenceOption(key)
+	if err != nil {
+		return defval, err
+	}
+	return pol.ShouldEnable(defval), nil
+}