2023-01-27 13:37:20 -08:00
|
|
|
// Copyright (c) Tailscale Inc & AUTHORS
|
|
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
2023-01-17 18:39:49 -08:00
|
|
|
|
2023-08-10 17:01:22 -07:00
|
|
|
// Windows-specific stuff that can't go in clientupdate.go because it needs
|
2023-01-17 18:39:49 -08:00
|
|
|
// x/sys/windows.
|
|
|
|
|
2023-08-10 17:01:22 -07:00
|
|
|
package clientupdate
|
2023-01-17 18:39:49 -08:00
|
|
|
|
|
|
|
import (
|
2023-11-14 18:21:03 -07:00
|
|
|
"errors"
|
|
|
|
"fmt"
|
2023-10-23 10:24:57 -07:00
|
|
|
"os/exec"
|
|
|
|
"os/user"
|
|
|
|
"path/filepath"
|
|
|
|
"syscall"
|
2023-11-14 18:21:03 -07:00
|
|
|
"unsafe"
|
2023-10-23 10:24:57 -07:00
|
|
|
|
2023-01-17 18:39:49 -08:00
|
|
|
"golang.org/x/sys/windows"
|
2023-08-10 17:01:22 -07:00
|
|
|
"tailscale.com/util/winutil/authenticode"
|
2023-01-17 18:39:49 -08:00
|
|
|
)
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
markTempFileFunc = markTempFileWindows
|
2023-08-10 17:01:22 -07:00
|
|
|
verifyAuthenticode = verifyTailscale
|
2023-10-23 10:24:57 -07:00
|
|
|
launchTailscaleAsWinGUIUser = launchTailscaleAsGUIUser
|
2023-01-17 18:39:49 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
func markTempFileWindows(name string) error {
|
|
|
|
name16 := windows.StringToUTF16Ptr(name)
|
|
|
|
return windows.MoveFileEx(name16, nil, windows.MOVEFILE_DELAY_UNTIL_REBOOT)
|
|
|
|
}
|
2023-08-10 17:01:22 -07:00
|
|
|
|
|
|
|
const certSubjectTailscale = "Tailscale Inc."
|
|
|
|
|
|
|
|
func verifyTailscale(path string) error {
|
|
|
|
return authenticode.Verify(path, certSubjectTailscale)
|
|
|
|
}
|
2023-10-23 10:24:57 -07:00
|
|
|
|
|
|
|
func launchTailscaleAsGUIUser(exePath string) error {
|
|
|
|
exePath = filepath.Join(filepath.Dir(exePath), "tailscale-ipn.exe")
|
|
|
|
|
|
|
|
var token windows.Token
|
|
|
|
if u, err := user.Current(); err == nil && u.Name == "SYSTEM" {
|
2023-11-14 18:21:03 -07:00
|
|
|
sessionID, err := wtsGetActiveSessionID()
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("wtsGetActiveSessionID(): %w", err)
|
2023-10-23 10:24:57 -07:00
|
|
|
}
|
2023-11-14 18:21:03 -07:00
|
|
|
if err := windows.WTSQueryUserToken(sessionID, &token); err != nil {
|
|
|
|
return fmt.Errorf("WTSQueryUserToken (0x%x): %w", sessionID, err)
|
|
|
|
}
|
|
|
|
defer token.Close()
|
2023-10-23 10:24:57 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
cmd := exec.Command(exePath)
|
|
|
|
cmd.SysProcAttr = &syscall.SysProcAttr{
|
|
|
|
Token: syscall.Token(token),
|
|
|
|
HideWindow: true,
|
|
|
|
}
|
|
|
|
return cmd.Start()
|
|
|
|
}
|
2023-11-14 18:21:03 -07:00
|
|
|
|
|
|
|
func wtsGetActiveSessionID() (uint32, error) {
|
|
|
|
var (
|
|
|
|
sessionInfo *windows.WTS_SESSION_INFO
|
|
|
|
count uint32 = 0
|
|
|
|
)
|
|
|
|
|
|
|
|
const WTS_CURRENT_SERVER_HANDLE = 0
|
|
|
|
if err := windows.WTSEnumerateSessions(WTS_CURRENT_SERVER_HANDLE, 0, 1, &sessionInfo, &count); err != nil {
|
|
|
|
return 0, fmt.Errorf("WTSEnumerateSessions: %w", err)
|
|
|
|
}
|
|
|
|
defer windows.WTSFreeMemory(uintptr(unsafe.Pointer(sessionInfo)))
|
|
|
|
|
|
|
|
current := unsafe.Pointer(sessionInfo)
|
|
|
|
for i := uint32(0); i < count; i++ {
|
|
|
|
session := (*windows.WTS_SESSION_INFO)(current)
|
|
|
|
if session.State == windows.WTSActive {
|
|
|
|
return session.SessionID, nil
|
|
|
|
}
|
|
|
|
current = unsafe.Add(current, unsafe.Sizeof(windows.WTS_SESSION_INFO{}))
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0, errors.New("no active desktop sessions found")
|
|
|
|
}
|