util/syspolicy: add read boolean setting (#9592)

This commit is contained in:
Claire Wang 2023-09-29 21:27:04 -04:00 committed by GitHub
parent 324f0d5f80
commit a56e58c244
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 88 additions and 2 deletions

View File

@ -352,6 +352,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
tailscale.com/util/set from tailscale.com/health+ tailscale.com/util/set from tailscale.com/health+
tailscale.com/util/singleflight from tailscale.com/control/controlclient+ tailscale.com/util/singleflight from tailscale.com/control/controlclient+
tailscale.com/util/slicesx from tailscale.com/net/dnscache+ tailscale.com/util/slicesx from tailscale.com/net/dnscache+
W tailscale.com/util/syspolicy from tailscale.com/cmd/tailscaled
tailscale.com/util/sysresources from tailscale.com/wgengine/magicsock tailscale.com/util/sysresources from tailscale.com/wgengine/magicsock
tailscale.com/util/systemd from tailscale.com/control/controlclient+ tailscale.com/util/systemd from tailscale.com/control/controlclient+
tailscale.com/util/testenv from tailscale.com/ipn/ipnlocal+ tailscale.com/util/testenv from tailscale.com/ipn/ipnlocal+

View File

@ -51,6 +51,7 @@
"tailscale.com/types/logger" "tailscale.com/types/logger"
"tailscale.com/types/logid" "tailscale.com/types/logid"
"tailscale.com/util/osdiag" "tailscale.com/util/osdiag"
"tailscale.com/util/syspolicy"
"tailscale.com/util/winutil" "tailscale.com/util/winutil"
"tailscale.com/version" "tailscale.com/version"
"tailscale.com/wf" "tailscale.com/wf"
@ -131,7 +132,7 @@ func runWindowsService(pol *logpolicy.Policy) error {
osdiag.LogSupportInfo(logger.WithPrefix(log.Printf, "Support Info: "), osdiag.LogSupportInfoReasonStartup) osdiag.LogSupportInfo(logger.WithPrefix(log.Printf, "Support Info: "), osdiag.LogSupportInfoReasonStartup)
}() }()
if logSCMInteractions, _ := winutil.GetPolicyInteger("LogSCMInteractions"); logSCMInteractions != 0 { if logSCMInteractions, _ := syspolicy.GetBoolean(syspolicy.LogSCMInteractions, false); logSCMInteractions {
syslog, err := eventlog.Open(serviceName) syslog, err := eventlog.Open(serviceName)
if err == nil { if err == nil {
syslogf = func(format string, args ...any) { syslogf = func(format string, args ...any) {
@ -158,7 +159,7 @@ func (service *ipnService) Execute(args []string, r <-chan svc.ChangeRequest, ch
syslogf("Service start pending") syslogf("Service start pending")
svcAccepts := svc.AcceptStop svcAccepts := svc.AcceptStop
if flushDNSOnSessionUnlock, _ := winutil.GetPolicyInteger("FlushDNSOnSessionUnlock"); flushDNSOnSessionUnlock != 0 { if flushDNSOnSessionUnlock, _ := syspolicy.GetBoolean(syspolicy.FlushDNSOnSessionUnlock, false); flushDNSOnSessionUnlock {
svcAccepts |= svc.AcceptSessionChange svcAccepts |= svc.AcceptSessionChange
} }

View File

@ -53,6 +53,7 @@
_ "tailscale.com/util/multierr" _ "tailscale.com/util/multierr"
_ "tailscale.com/util/osdiag" _ "tailscale.com/util/osdiag"
_ "tailscale.com/util/osshare" _ "tailscale.com/util/osshare"
_ "tailscale.com/util/syspolicy"
_ "tailscale.com/util/winutil" _ "tailscale.com/util/winutil"
_ "tailscale.com/version" _ "tailscale.com/version"
_ "tailscale.com/version/distro" _ "tailscale.com/version/distro"

View File

@ -19,6 +19,8 @@ type Handler interface {
ReadString(key string) (string, error) ReadString(key string) (string, error)
// ReadUInt64 reads the policy settings uint64 value given the key. // ReadUInt64 reads the policy settings uint64 value given the key.
ReadUInt64(key string) (uint64, error) ReadUInt64(key string) (uint64, error)
// ReadBool reads the policy setting's boolean value, given the key.
ReadBoolean(key string) (bool, error)
} }
// ErrNoSuchKey is returned when the specified key does not have a value set. // ErrNoSuchKey is returned when the specified key does not have a value set.
@ -35,6 +37,10 @@ func (defaultHandler) ReadUInt64(_ string) (uint64, error) {
return 0, ErrNoSuchKey return 0, ErrNoSuchKey
} }
func (defaultHandler) ReadBoolean(_ string) (bool, error) {
return false, ErrNoSuchKey
}
// markHandlerInUse is called before handler methods are called. // markHandlerInUse is called before handler methods are called.
func markHandlerInUse() { func markHandlerInUse() {
handlerUsed.Store(true) handlerUsed.Store(true)

View File

@ -30,3 +30,11 @@ func (windowsHandler) ReadUInt64(key string) (uint64, error) {
} }
return value, err return value, err
} }
func (windowsHandler) ReadBoolean(key string) (bool, error) {
value, err := winutil.GetPolicyInteger(key)
if errors.Is(err, winutil.ErrNoValue) {
err = ErrNoSuchKey
}
return value != 0, err
}

View File

@ -27,6 +27,15 @@ func GetUint64(key Key, defaultValue uint64) (uint64, error) {
return v, err return v, err
} }
func GetBoolean(key Key, defaultValue bool) (bool, error) {
markHandlerInUse()
v, err := handler.ReadBoolean(string(key))
if errors.Is(err, ErrNoSuchKey) {
return defaultValue, nil
}
return v, err
}
// PreferenceOption is a policy that governs whether a boolean variable // PreferenceOption is a policy that governs whether a boolean variable
// is forcibly assigned an administrator-defined value, or allowed to receive // is forcibly assigned an administrator-defined value, or allowed to receive
// a user-defined value. // a user-defined value.

View File

@ -17,6 +17,7 @@ type testHandler struct {
key Key key Key
s string s string
u64 uint64 u64 uint64
b bool
err error err error
} }
@ -43,6 +44,13 @@ func (th *testHandler) ReadUInt64(key string) (uint64, error) {
return th.u64, th.err return th.u64, th.err
} }
func (th *testHandler) ReadBoolean(key string) (bool, error) {
if key != string(th.key) {
th.t.Errorf("ReadBool(%q) want %q", key, th.key)
}
return th.b, th.err
}
func TestGetString(t *testing.T) { func TestGetString(t *testing.T) {
tests := []struct { tests := []struct {
name string name string
@ -157,6 +165,58 @@ func TestGetUint64(t *testing.T) {
} }
} }
func TestGetBoolean(t *testing.T) {
tests := []struct {
name string
key Key
handlerValue bool
handlerError error
defaultValue bool
wantValue bool
wantError error
}{
{
name: "read existing value",
key: FlushDNSOnSessionUnlock,
handlerValue: true,
wantValue: true,
},
{
name: "read non-existing value",
key: LogSCMInteractions,
handlerValue: false,
handlerError: ErrNoSuchKey,
wantValue: false,
},
{
name: "reading value returns other error",
key: FlushDNSOnSessionUnlock,
handlerError: someOtherError,
wantError: someOtherError,
defaultValue: true,
wantValue: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
setHandlerForTest(t, &testHandler{
t: t,
key: tt.key,
b: tt.handlerValue,
err: tt.handlerError,
})
value, err := GetBoolean(tt.key, tt.defaultValue)
if err != tt.wantError {
t.Errorf("err=%q, want %q", err, tt.wantError)
}
if value != tt.wantValue {
t.Errorf("value=%v, want %v", value, tt.wantValue)
}
})
}
}
func TestGetPreferenceOption(t *testing.T) { func TestGetPreferenceOption(t *testing.T) {
tests := []struct { tests := []struct {
name string name string