2023-01-27 21:37:20 +00:00
|
|
|
// Copyright (c) Tailscale Inc & AUTHORS
|
|
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
2020-02-05 22:16:58 +00:00
|
|
|
|
|
|
|
package safesocket
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"net"
|
|
|
|
"syscall"
|
2022-11-21 17:00:20 +00:00
|
|
|
|
|
|
|
"github.com/Microsoft/go-winio"
|
2020-02-05 22:16:58 +00:00
|
|
|
)
|
|
|
|
|
safesocket: add ConnectionStrategy, provide control over fallbacks
fee2d9fad added support for cmd/tailscale to connect to IPNExtension.
It came in two parts: If no socket was provided, dial IPNExtension first,
and also, if dialing the socket failed, fall back to IPNExtension.
The second half of that support caused the integration tests to fail
when run on a machine that was also running IPNExtension.
The integration tests want to wait until the tailscaled instances
that they spun up are listening. They do that by dialing the new
instance. But when that dial failed, it was falling back to IPNExtension,
so it appeared (incorrectly) that tailscaled was running.
Hilarity predictably ensued.
If a user (or a test) explicitly provides a socket to dial,
it is a reasonable assumption that they have a specific tailscaled
in mind and don't want to fall back to IPNExtension.
It is certainly true of the integration tests.
Instead of adding a bool to Connect, split out the notion of a
connection strategy. For now, the implementation remains the same,
but with the details hidden a bit. Later, we can improve that.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-12-08 21:55:55 +00:00
|
|
|
func connect(s *ConnectionStrategy) (net.Conn, error) {
|
2022-11-21 17:00:20 +00:00
|
|
|
return winio.DialPipe(s.path, nil)
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func setFlags(network, address string, c syscall.RawConn) error {
|
|
|
|
return c.Control(func(fd uintptr) {
|
|
|
|
syscall.SetsockoptInt(syscall.Handle(fd), syscall.SOL_SOCKET,
|
|
|
|
syscall.SO_REUSEADDR, 1)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2022-11-21 17:00:20 +00:00
|
|
|
// windowsSDDL is the Security Descriptor set on the namedpipe.
|
|
|
|
// It provides read/write access to all users and the local system.
|
2023-04-14 23:52:44 +00:00
|
|
|
// It is a var for testing, do not change this value.
|
|
|
|
var windowsSDDL = "O:BAG:BAD:PAI(A;OICI;GWGR;;;BU)(A;OICI;GWGR;;;SY)"
|
2022-11-21 17:00:20 +00:00
|
|
|
|
2023-01-30 17:34:51 +00:00
|
|
|
func listen(path string) (net.Listener, error) {
|
2022-11-21 17:00:20 +00:00
|
|
|
lc, err := winio.ListenPipe(
|
|
|
|
path,
|
|
|
|
&winio.PipeConfig{
|
|
|
|
SecurityDescriptor: windowsSDDL,
|
|
|
|
InputBufferSize: 256 * 1024,
|
|
|
|
OutputBufferSize: 256 * 1024,
|
|
|
|
},
|
|
|
|
)
|
2020-02-05 22:16:58 +00:00
|
|
|
if err != nil {
|
2023-01-30 17:34:51 +00:00
|
|
|
return nil, fmt.Errorf("namedpipe.Listen: %w", err)
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
2023-01-30 17:34:51 +00:00
|
|
|
return lc, nil
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|