ipn/ipnlocal: handle untagging nodes better

We would end up with duplicate profiles for the node as the UserID would have chnaged. In order to correctly deduplicate profiles, we need to look at both the UserID and the NodeID. A single machine can only ever have 1 profile per NodeID and 1 profile per UserID. Note: UserID of a Node can change when the node is tagged/untagged, and the NodeID of a device can change when the node is deleted so we need to check for both. Updates #713 Signed-off-by: Maisem Ali <maisem@tailscale.com>
2025-08-13 22:47:30 +00:00 · 2022-11-17 19:05:02 +05:00
parent f18dde6ad1
commit dd50dcd067
9 changed files with 122 additions and 38 deletions
--- a/ipn/ipnlocal/local.go
+++ b/ipn/ipnlocal/local.go
@@ -884,6 +884,9 @@ func (b *LocalBackend) setClientStatus(st controlclient.Status) {
 		if !envknob.TKASkipSignatureCheck() {
 			b.tkaFilterNetmapLocked(st.NetMap)
 		}
+		if b.updatePersistFromNetMapLocked(st.NetMap, prefs) {
+			prefsChanged = true
+		}
 		b.setNetMapLocked(st.NetMap)
 		b.updateFilterLocked(st.NetMap, prefs.View())
 	}
@@ -3349,23 +3352,36 @@ func hasCapability(nm *netmap.NetworkMap, cap string) bool {
 	return false
 }

+func (b *LocalBackend) updatePersistFromNetMapLocked(nm *netmap.NetworkMap, prefs *ipn.Prefs) (changed bool) {
+	if nm == nil || nm.SelfNode == nil {
+		return
+	}
+	up := nm.UserProfiles[nm.User]
+	if prefs.Persist.UserProfile.ID != up.ID {
+		// If the current profile doesn't match the
+		// network map's user profile, then we need to
+		// update the persisted UserProfile to match.
+		prefs.Persist.UserProfile = up
+		changed = true
+	}
+	if prefs.Persist.NodeID == "" {
+		// If the current profile doesn't have a NodeID,
+		// then we need to update the persisted NodeID to
+		// match.
+		prefs.Persist.NodeID = nm.SelfNode.StableID
+		changed = true
+	}
+	return changed
+}
+
 func (b *LocalBackend) setNetMapLocked(nm *netmap.NetworkMap) {
 	b.dialer.SetNetMap(nm)
 	var login string
 	if nm != nil {
-		up := nm.UserProfiles[nm.User]
-		login = up.LoginName
+		login = nm.UserProfiles[nm.User].LoginName
 		if login == "" {
 			login = "<missing-profile>"
 		}
-		if cp := b.pm.CurrentProfile(); cp.ID != "" && cp.UserProfile.ID != up.ID {
-			// If the current profile doesn't match the
-			// network map's user profile, then we need to
-			// update the persisted UserProfile to match.
-			prefs := b.pm.CurrentPrefs().AsStruct()
-			prefs.Persist.UserProfile = up
-			b.pm.SetPrefs(prefs.View())
-		}
 	}
 	b.netMap = nm
 	if login != b.activeLogin {