From c05c4bdce410db14f742d61968945a9312a7a0de Mon Sep 17 00:00:00 2001 From: Adrian Dewhurst Date: Fri, 5 Jan 2024 18:30:15 -0500 Subject: [PATCH] ipn: apply ControlURL policy before login Unlike most prefs, the ControlURL policy needs to take effect before login. This resolves an issue where on first start, even when the ControlURL policy is set, it will generate a login URL to the Tailscale SaaS server. Updates tailscale/coral#118 Fixes #10736 Change-Id: I6da2a521f64028c15dbb6ac8175839fc3cc4e858 Signed-off-by: Adrian Dewhurst --- cmd/derper/depaware.txt | 6 ++++-- cmd/tailscale/depaware.txt | 3 +++ ipn/prefs.go | 12 +++++++++--- 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/cmd/derper/depaware.txt b/cmd/derper/depaware.txt index e25e7b92c..3caf75f46 100644 --- a/cmd/derper/depaware.txt +++ b/cmd/derper/depaware.txt @@ -152,6 +152,7 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa tailscale.com/util/set from tailscale.com/health+ tailscale.com/util/singleflight from tailscale.com/net/dnscache tailscale.com/util/slicesx from tailscale.com/cmd/derper+ + tailscale.com/util/syspolicy from tailscale.com/ipn tailscale.com/util/vizerror from tailscale.com/tsweb+ W 💣 tailscale.com/util/winutil from tailscale.com/hostinfo+ tailscale.com/version from tailscale.com/derp+ @@ -231,7 +232,7 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa encoding/pem from crypto/tls+ errors from bufio+ expvar from tailscale.com/cmd/derper+ - flag from tailscale.com/cmd/derper + flag from tailscale.com/cmd/derper+ fmt from compress/flate+ go/token from google.golang.org/protobuf/internal/strs hash from crypto+ @@ -271,7 +272,7 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa runtime/debug from golang.org/x/crypto/acme+ runtime/metrics from github.com/prometheus/client_golang/prometheus+ runtime/pprof from net/http/pprof - runtime/trace from net/http/pprof + runtime/trace from net/http/pprof+ slices from tailscale.com/ipn/ipnstate+ sort from compress/flate+ strconv from compress/flate+ @@ -279,6 +280,7 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa sync from compress/flate+ sync/atomic from context+ syscall from crypto/rand+ + testing from tailscale.com/util/syspolicy text/tabwriter from runtime/pprof time from compress/gzip+ unicode from bytes+ diff --git a/cmd/tailscale/depaware.txt b/cmd/tailscale/depaware.txt index 50571b2e9..1d0987dbb 100644 --- a/cmd/tailscale/depaware.txt +++ b/cmd/tailscale/depaware.txt @@ -157,6 +157,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep tailscale.com/util/set from tailscale.com/health+ tailscale.com/util/singleflight from tailscale.com/net/dnscache+ tailscale.com/util/slicesx from tailscale.com/net/dnscache+ + tailscale.com/util/syspolicy from tailscale.com/ipn tailscale.com/util/testenv from tailscale.com/cmd/tailscale/cli tailscale.com/util/truncate from tailscale.com/cmd/tailscale/cli tailscale.com/util/vizerror from tailscale.com/types/ipproto+ @@ -296,6 +297,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep regexp from github.com/tailscale/goupnp/httpu+ regexp/syntax from regexp runtime/debug from tailscale.com/util/singleflight+ + runtime/trace from testing slices from tailscale.com/cmd/tailscale/cli+ sort from compress/flate+ strconv from compress/flate+ @@ -303,6 +305,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep sync from compress/flate+ sync/atomic from context+ syscall from crypto/rand+ + testing from tailscale.com/util/syspolicy text/tabwriter from github.com/peterbourgon/ff/v3/ffcli+ text/template from html/template text/template/parse from html/template+ diff --git a/ipn/prefs.go b/ipn/prefs.go index 866de18e2..7bfbd613f 100644 --- a/ipn/prefs.go +++ b/ipn/prefs.go @@ -26,6 +26,7 @@ import ( "tailscale.com/types/preftype" "tailscale.com/types/views" "tailscale.com/util/dnsname" + "tailscale.com/util/syspolicy" ) // DefaultControlURL is the URL base of the control plane @@ -637,11 +638,16 @@ func (p PrefsView) ControlURLOrDefault() string { // If not configured, or if the configured value is a legacy name equivalent to // the default, then DefaultControlURL is returned instead. func (p *Prefs) ControlURLOrDefault() string { - if p.ControlURL != "" { - if p.ControlURL != DefaultControlURL && IsLoginServerSynonym(p.ControlURL) { + controlURL, err := syspolicy.GetString(syspolicy.ControlURL, p.ControlURL) + if err != nil { + controlURL = p.ControlURL + } + + if controlURL != "" { + if controlURL != DefaultControlURL && IsLoginServerSynonym(controlURL) { return DefaultControlURL } - return p.ControlURL + return controlURL } return DefaultControlURL }