Update dependencies

vendor/tailscale.com/util/syspolicy/syspolicy_windows.go

@@ -0,0 +1,92 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+package syspolicy
+
+import (
+	"errors"
+	"fmt"
+	"os/user"
+
+	"tailscale.com/util/syspolicy/internal"
+	"tailscale.com/util/syspolicy/rsop"
+	"tailscale.com/util/syspolicy/setting"
+	"tailscale.com/util/syspolicy/source"
+	"tailscale.com/util/testenv"
+)
+
+func init() {
+	// On Windows, we should automatically register the Registry-based policy
+	// store for the device. If we are running in a user's security context
+	// (e.g., we're the GUI), we should also register the Registry policy store for
+	// the user. In the future, we should register (and unregister) user policy
+	// stores whenever a user connects to (or disconnects from) the local backend.
+	// This ensures the backend is aware of the user's policy settings and can send
+	// them to the GUI/CLI/Web clients on demand or whenever they change.
+	//
+	// Other platforms, such as macOS, iOS and Android, should register their
+	// platform-specific policy stores via [RegisterStore]
+	// (or [RegisterHandler] until they implement the [source.Store] interface).
+	//
+	// External code, such as the ipnlocal package, may choose to register
+	// additional policy stores, such as config files and policies received from
+	// the control plane.
+	internal.Init.MustDefer(func() error {
+		// Do not register or use default policy stores during tests.
+		// Each test should set up its own necessary configurations.
+		if testenv.InTest() {
+			return nil
+		}
+		return configureSyspolicy(nil)
+	})
+}
+
+// configureSyspolicy configures syspolicy for use on Windows,
+// either in test or regular builds depending on whether tb has a non-nil value.
+func configureSyspolicy(tb internal.TB) error {
+	const localSystemSID = "S-1-5-18"
+	// Always create and register a machine policy store that reads
+	// policy settings from the HKEY_LOCAL_MACHINE registry hive.
+	machineStore, err := source.NewMachinePlatformPolicyStore()
+	if err != nil {
+		return fmt.Errorf("failed to create the machine policy store: %v", err)
+	}
+	if tb == nil {
+		_, err = rsop.RegisterStore("Platform", setting.DeviceScope, machineStore)
+	} else {
+		_, err = rsop.RegisterStoreForTest(tb, "Platform", setting.DeviceScope, machineStore)
+	}
+	if err != nil {
+		return err
+	}
+	// Check whether the current process is running as Local System or not.
+	u, err := user.Current()
+	if err != nil {
+		return err
+	}
+	if u.Uid == localSystemSID {
+		return nil
+	}
+	// If it's not a Local System's process (e.g., it's the GUI rather than the tailscaled service),
+	// we should create and use a policy store for the current user that reads
+	// policy settings from that user's registry hive (HKEY_CURRENT_USER).
+	userStore, err := source.NewUserPlatformPolicyStore(0)
+	if err != nil {
+		return fmt.Errorf("failed to create the current user's policy store: %v", err)
+	}
+	if tb == nil {
+		_, err = rsop.RegisterStore("Platform", setting.CurrentUserScope, userStore)
+	} else {
+		_, err = rsop.RegisterStoreForTest(tb, "Platform", setting.CurrentUserScope, userStore)
+	}
+	if err != nil {
+		return err
+	}
+	// And also set [setting.CurrentUserScope] as the [setting.DefaultScope], so [GetString],
+	// [GetVisibility] and similar functions would be returning a merged result
+	// of the machine's and user's policies.
+	if !setting.SetDefaultScope(setting.CurrentUserScope) {
+		return errors.New("current scope already set")
+	}
+	return nil
+}