ipn,types/persist: add DisallowedTKAStateIDs, refactor as view type

Supercedes https://github.com/tailscale/tailscale/pull/6557, precursor to trying https://github.com/tailscale/tailscale/pull/6546 again Signed-off-by: Tom DNetto <tom@tailscale.com>
2025-08-11 21:27:31 +00:00 · 2022-11-29 12:00:40 -08:00
parent 6d012547b6
commit c4980f33f7
10 changed files with 74 additions and 46 deletions
--- a/ipn/ipnlocal/local.go
+++ b/ipn/ipnlocal/local.go
@@ -517,7 +517,7 @@ func (b *LocalBackend) Shutdown() {
 }

 func stripKeysFromPrefs(p ipn.PrefsView) ipn.PrefsView {
-	if !p.Valid() || p.Persist() == nil {
+	if !p.Valid() || !p.Persist().Valid() {
 		return p
 	}

@@ -816,7 +816,7 @@ func (b *LocalBackend) setClientStatus(st controlclient.Status) {
 	b.mu.Lock()

 	if st.LogoutFinished != nil {
-		if p := b.pm.CurrentPrefs(); p.Persist() == nil || p.Persist().LoginName == "" {
+		if p := b.pm.CurrentPrefs(); !p.Persist().Valid() || p.Persist().LoginName() == "" {
 			b.mu.Unlock()
 			return
 		}
@@ -1203,7 +1203,7 @@ func (b *LocalBackend) Start(opts ipn.Options) error {
 	if opts.UpdatePrefs != nil {
 		oldPrefs := b.pm.CurrentPrefs()
 		newPrefs := opts.UpdatePrefs.Clone()
-		newPrefs.Persist = oldPrefs.Persist()
+		newPrefs.Persist = oldPrefs.Persist().AsStruct()
 		pv := newPrefs.View()
 		if err := b.pm.SetPrefs(pv); err != nil {
 			b.logf("failed to save UpdatePrefs state: %v", err)
@@ -1228,7 +1228,7 @@ func (b *LocalBackend) Start(opts ipn.Options) error {
 	b.applyPrefsToHostinfoLocked(hostinfo, prefs)

 	b.setNetMapLocked(nil)
-	persistv := prefs.Persist()
+	persistv := prefs.Persist().AsStruct()
 	if persistv == nil {
 		persistv = new(persist.Persist)
 	}
@@ -1947,8 +1947,8 @@ func (b *LocalBackend) initMachineKeyLocked() (err error) {
 	}

 	var legacyMachineKey key.MachinePrivate
-	if p := b.pm.CurrentPrefs().Persist(); p != nil {
-		legacyMachineKey = p.LegacyFrontendPrivateMachineKey
+	if p := b.pm.CurrentPrefs().Persist(); p.Valid() {
+		legacyMachineKey = p.LegacyFrontendPrivateMachineKey()
 	}

 	keyText, err := b.store.ReadState(ipn.MachineKeyStateKey)
@@ -2481,7 +2481,7 @@ func (b *LocalBackend) setPrefsLockedOnEntry(caller string, newp *ipn.Prefs) ipn

 	oldp := b.pm.CurrentPrefs()
 	if oldp.Valid() {
-		newp.Persist = oldp.Persist().Clone() // caller isn't allowed to override this
+		newp.Persist = oldp.Persist().AsStruct() // caller isn't allowed to override this
 	}
 	// findExitNodeIDLocked returns whether it updated b.prefs, but
 	// everything in this function treats b.prefs as completely new
@@ -3338,7 +3338,7 @@ func (b *LocalBackend) hasNodeKey() bool {
 	b.mu.Lock()
 	defer b.mu.Unlock()
 	p := b.pm.CurrentPrefs()
-	return p.Valid() && p.Persist() != nil && !p.Persist().PrivateNodeKey.IsZero()
+	return p.Valid() && p.Persist().Valid() && !p.Persist().PrivateNodeKey().IsZero()
 }

 // nextState returns the state the backend seems to be in, based on
@@ -3926,8 +3926,8 @@ func (b *LocalBackend) SetDNS(ctx context.Context, name, value string) error {

 	b.mu.Lock()
 	cc := b.ccAuto
-	if prefs := b.pm.CurrentPrefs(); prefs.Valid() {
-		req.NodeKey = prefs.Persist().PrivateNodeKey.Public()
+	if prefs := b.pm.CurrentPrefs(); prefs.Valid() && prefs.Persist().Valid() {
+		req.NodeKey = prefs.Persist().PrivateNodeKey().Public()
 	}
 	b.mu.Unlock()
 	if cc == nil {
--- a/ipn/ipnlocal/network-lock.go
+++ b/ipn/ipnlocal/network-lock.go
@@ -345,10 +345,10 @@ func (b *LocalBackend) NetworkLockStatus() *ipnstate.NetworkLockStatus {
 		nodeKey *key.NodePublic
 		nlPriv  key.NLPrivate
 	)
-	if p := b.pm.CurrentPrefs(); p.Valid() && p.Persist() != nil && !p.Persist().PrivateNodeKey.IsZero() {
+	if p := b.pm.CurrentPrefs(); p.Valid() && p.Persist().Valid() && !p.Persist().PrivateNodeKey().IsZero() {
 		nkp := p.Persist().PublicNodeKey()
 		nodeKey = &nkp
-		nlPriv = p.Persist().NetworkLockKey
+		nlPriv = p.Persist().NetworkLockKey()
 	}

 	if nlPriv.IsZero() {
@@ -411,9 +411,9 @@ func (b *LocalBackend) NetworkLockInit(keys []tka.Key, disablementValues [][]byt
 	var ourNodeKey key.NodePublic
 	var nlPriv key.NLPrivate
 	b.mu.Lock()
-	if p := b.pm.CurrentPrefs(); p.Valid() && p.Persist() != nil && !p.Persist().PrivateNodeKey.IsZero() {
+	if p := b.pm.CurrentPrefs(); p.Valid() && p.Persist().Valid() && !p.Persist().PrivateNodeKey().IsZero() {
 		ourNodeKey = p.Persist().PublicNodeKey()
-		nlPriv = p.Persist().NetworkLockKey
+		nlPriv = p.Persist().NetworkLockKey()
 	}
 	b.mu.Unlock()
 	if ourNodeKey.IsZero() || nlPriv.IsZero() {
@@ -503,8 +503,8 @@ func (b *LocalBackend) NetworkLockSign(nodeKey key.NodePublic, rotationPublic []
 		defer b.mu.Unlock()

 		var nlPriv key.NLPrivate
-		if p := b.pm.CurrentPrefs(); p.Valid() && p.Persist() != nil {
-			nlPriv = p.Persist().NetworkLockKey
+		if p := b.pm.CurrentPrefs(); p.Valid() && p.Persist().Valid() {
+			nlPriv = p.Persist().NetworkLockKey()
 		}
 		if nlPriv.IsZero() {
 			return key.NodePublic{}, tka.NodeKeySignature{}, errMissingNetmap
@@ -557,7 +557,7 @@ func (b *LocalBackend) NetworkLockModify(addKeys, removeKeys []tka.Key) (err err
 	defer b.mu.Unlock()

 	var ourNodeKey key.NodePublic
-	if p := b.pm.CurrentPrefs(); p.Valid() && p.Persist() != nil && !p.Persist().PrivateNodeKey.IsZero() {
+	if p := b.pm.CurrentPrefs(); p.Valid() && p.Persist().Valid() && !p.Persist().PrivateNodeKey().IsZero() {
 		ourNodeKey = p.Persist().PublicNodeKey()
 	}
 	if ourNodeKey.IsZero() {
@@ -568,8 +568,8 @@ func (b *LocalBackend) NetworkLockModify(addKeys, removeKeys []tka.Key) (err err
 		return err
 	}
 	var nlPriv key.NLPrivate
-	if p := b.pm.CurrentPrefs(); p.Valid() && p.Persist() != nil {
-		nlPriv = p.Persist().NetworkLockKey
+	if p := b.pm.CurrentPrefs(); p.Valid() && p.Persist().Valid() {
+		nlPriv = p.Persist().NetworkLockKey()
 	}
 	if nlPriv.IsZero() {
 		return errMissingNetmap
@@ -634,7 +634,7 @@ func (b *LocalBackend) NetworkLockDisable(secret []byte) error {
 	)

 	b.mu.Lock()
-	if p := b.pm.CurrentPrefs(); p.Valid() && p.Persist() != nil && !p.Persist().PrivateNodeKey.IsZero() {
+	if p := b.pm.CurrentPrefs(); p.Valid() && p.Persist().Valid() && !p.Persist().PrivateNodeKey().IsZero() {
 		ourNodeKey = p.Persist().PublicNodeKey()
 	}
 	if b.tka == nil {
--- a/ipn/ipnlocal/profiles.go
+++ b/ipn/ipnlocal/profiles.go
@@ -179,7 +179,7 @@ func init() {
 // provided prefs, which may be accessed via CurrentPrefs.
 func (pm *profileManager) SetPrefs(prefsIn ipn.PrefsView) error {
 	prefs := prefsIn.AsStruct().View()
-	newPersist := prefs.Persist()
+	newPersist := prefs.Persist().AsStruct()
 	if newPersist == nil || newPersist.LoginName == "" {
 		return pm.setPrefsLocked(prefs)
 	}
--- a/ipn/ipnlocal/state_test.go
+++ b/ipn/ipnlocal/state_test.go
@@ -489,7 +489,7 @@ func TestStateMachine(t *testing.T) {
 		c.Assert(nn[0].LoginFinished, qt.IsNotNil)
 		c.Assert(nn[1].Prefs, qt.IsNotNil)
 		c.Assert(nn[2].State, qt.IsNotNil)
-		c.Assert(nn[1].Prefs.Persist().LoginName, qt.Equals, "user1")
+		c.Assert(nn[1].Prefs.Persist().LoginName(), qt.Equals, "user1")
 		c.Assert(ipn.NeedsMachineAuth, qt.Equals, *nn[2].State)
 		c.Assert(ipn.NeedsMachineAuth, qt.Equals, b.State())
 	}
@@ -711,7 +711,7 @@ func TestStateMachine(t *testing.T) {
 		c.Assert(nn[1].Prefs.Persist(), qt.IsNotNil)
 		c.Assert(nn[2].State, qt.IsNotNil)
 		// Prefs after finishing the login, so LoginName updated.
-		c.Assert(nn[1].Prefs.Persist().LoginName, qt.Equals, "user2")
+		c.Assert(nn[1].Prefs.Persist().LoginName(), qt.Equals, "user2")
 		c.Assert(nn[1].Prefs.LoggedOut(), qt.IsFalse)
 		c.Assert(nn[1].Prefs.WantRunning(), qt.IsTrue)
 		c.Assert(ipn.Starting, qt.Equals, *nn[2].State)
@@ -852,7 +852,7 @@ func TestStateMachine(t *testing.T) {
 		c.Assert(nn[1].Prefs, qt.IsNotNil)
 		c.Assert(nn[2].State, qt.IsNotNil)
 		// Prefs after finishing the login, so LoginName updated.
-		c.Assert(nn[1].Prefs.Persist().LoginName, qt.Equals, "user3")
+		c.Assert(nn[1].Prefs.Persist().LoginName(), qt.Equals, "user3")
 		c.Assert(nn[1].Prefs.LoggedOut(), qt.IsFalse)
 		c.Assert(nn[1].Prefs.WantRunning(), qt.IsTrue)
 		c.Assert(ipn.Starting, qt.Equals, *nn[2].State)
@@ -957,7 +957,7 @@ func TestEditPrefsHasNoKeys(t *testing.T) {
 			LegacyFrontendPrivateMachineKey: key.NewMachine(),
 		},
 	}).View())
-	if b.pm.CurrentPrefs().Persist().PrivateNodeKey.IsZero() {
+	if p := b.pm.CurrentPrefs().Persist(); !p.Valid() || p.PrivateNodeKey().IsZero() {
 		t.Fatalf("PrivateNodeKey not set")
 	}
 	p, err := b.EditPrefs(&ipn.MaskedPrefs{
@@ -973,20 +973,20 @@ func TestEditPrefsHasNoKeys(t *testing.T) {
 		t.Errorf("Hostname = %q; want foo", p.Hostname())
 	}

-	if !p.Persist().PrivateNodeKey.IsZero() {
-		t.Errorf("PrivateNodeKey = %v; want zero", p.Persist().PrivateNodeKey)
+	if !p.Persist().PrivateNodeKey().IsZero() {
+		t.Errorf("PrivateNodeKey = %v; want zero", p.Persist().PrivateNodeKey())
 	}

-	if !p.Persist().OldPrivateNodeKey.IsZero() {
-		t.Errorf("OldPrivateNodeKey = %v; want zero", p.Persist().OldPrivateNodeKey)
+	if !p.Persist().OldPrivateNodeKey().IsZero() {
+		t.Errorf("OldPrivateNodeKey = %v; want zero", p.Persist().OldPrivateNodeKey())
 	}

-	if !p.Persist().LegacyFrontendPrivateMachineKey.IsZero() {
-		t.Errorf("LegacyFrontendPrivateMachineKey = %v; want zero", p.Persist().LegacyFrontendPrivateMachineKey)
+	if !p.Persist().LegacyFrontendPrivateMachineKey().IsZero() {
+		t.Errorf("LegacyFrontendPrivateMachineKey = %v; want zero", p.Persist().LegacyFrontendPrivateMachineKey())
 	}

-	if !p.Persist().NetworkLockKey.IsZero() {
-		t.Errorf("NetworkLockKey= %v; want zero", p.Persist().NetworkLockKey)
+	if !p.Persist().NetworkLockKey().IsZero() {
+		t.Errorf("NetworkLockKey= %v; want zero", p.Persist().NetworkLockKey())
 	}
 }