// Copyright (c) Tailscale Inc & AUTHORS // SPDX-License-Identifier: BSD-3-Clause // Package syspolicy provides functions to retrieve system settings of a device. package syspolicy import ( "errors" "time" ) func GetString(key Key, defaultValue string) (string, error) { markHandlerInUse() v, err := handler.ReadString(string(key)) if errors.Is(err, ErrNoSuchKey) { return defaultValue, nil } return v, err } func GetUint64(key Key, defaultValue uint64) (uint64, error) { markHandlerInUse() v, err := handler.ReadUInt64(string(key)) if errors.Is(err, ErrNoSuchKey) { return defaultValue, nil } return v, err } // PreferenceOption is a policy that governs whether a boolean variable // is forcibly assigned an administrator-defined value, or allowed to receive // a user-defined value. type PreferenceOption int const ( showChoiceByPolicy PreferenceOption = iota neverByPolicy alwaysByPolicy ) // Show returns if the UI option that controls the choice administered by this // policy should be shown. Currently this is true if and only if the policy is // showChoiceByPolicy. func (p PreferenceOption) Show() bool { return p == showChoiceByPolicy } // ShouldEnable checks if the choice administered by this policy should be // enabled. If the administrator has chosen a setting, the administrator's // setting is returned, otherwise userChoice is returned. func (p PreferenceOption) ShouldEnable(userChoice bool) bool { switch p { case neverByPolicy: return false case alwaysByPolicy: return true default: return userChoice } } // GetPreferenceOption loads a policy from the registry that can be // managed by an enterprise policy management system and allows administrative // overrides of users' choices in a way that we do not want tailcontrol to have // the authority to set. It describes user-decides/always/never options, where // "always" and "never" remove the user's ability to make a selection. If not // present or set to a different value, "user-decides" is the default. func GetPreferenceOption(name Key) (PreferenceOption, error) { opt, err := GetString(name, "user-decides") if err != nil { return showChoiceByPolicy, err } switch opt { case "always": return alwaysByPolicy, nil case "never": return neverByPolicy, nil default: return showChoiceByPolicy, nil } } // Visibility is a policy that controls whether or not a particular // component of a user interface is to be shown. type Visibility byte const ( visibleByPolicy Visibility = 'v' hiddenByPolicy Visibility = 'h' ) // Show reports whether the UI option administered by this policy should be shown. // Currently this is true if and only if the policy is visibleByPolicy. func (p Visibility) Show() bool { return p == visibleByPolicy } // GetVisibility loads a policy from the registry that can be managed // by an enterprise policy management system and describes show/hide decisions // for UI elements. The registry value should be a string set to "show" (return // true) or "hide" (return true). If not present or set to a different value, // "show" (return false) is the default. func GetVisibility(name Key) (Visibility, error) { opt, err := GetString(name, "show") if err != nil { return visibleByPolicy, err } switch opt { case "hide": return hiddenByPolicy, nil default: return visibleByPolicy, nil } } // GetDuration loads a policy from the registry that can be managed // by an enterprise policy management system and describes a duration for some // action. The registry value should be a string that time.ParseDuration // understands. If the registry value is "" or can not be processed, // defaultValue is returned instead. func GetDuration(name Key, defaultValue time.Duration) (time.Duration, error) { opt, err := GetString(name, "") if opt == "" || err != nil { return defaultValue, err } v, err := time.ParseDuration(opt) if err != nil || v < 0 { return defaultValue, nil } return v, nil } // SelectControlURL returns the ControlURL to use based on a value in // the registry (LoginURL) and the one on disk (in the GUI's // prefs.conf). If both are empty, it returns a default value. (It // always return a non-empty value) // // See https://github.com/tailscale/tailscale/issues/2798 for some background. func SelectControlURL(reg, disk string) string { const def = "https://controlplane.tailscale.com" // Prior to Dec 2020's commit 739b02e6, the installer // wrote a LoginURL value of https://login.tailscale.com to the registry. const oldRegDef = "https://login.tailscale.com" // If they have an explicit value in the registry, use it, // unless it's an old default value from an old installer. // Then we have to see which is better. if reg != "" { if reg != oldRegDef { // Something explicit in the registry that we didn't // set ourselves by the installer. return reg } if disk == "" { // Something in the registry is better than nothing on disk. return reg } if disk != def && disk != oldRegDef { // The value in the registry is the old // default (login.tailscale.com) but the value // on disk is neither our old nor new default // value, so it must be some custom thing that // the user cares about. Prefer the disk value. return disk } } if disk != "" { return disk } return def }