TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-11-03 16:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f04bc3182005d874a105592b201404448bdaf05d
tailscale/util/winutil/winutil.go

65 lines
2.7 KiB
Go
Raw Normal View History

util/winutil: add little Windows utility package Code from Alex Brainman, split out of another change. I changed it to a comma-ok return and tweaked the docs a bit.
2021-02-26 20:42:00 -08:00
// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
ipn/ipnserver, util/winutil: update workaround for os/user.LookupId failures on Windows to reject SIDs from deleted/invalid security principals. Our current workaround made the user check too lax, thus allowing deleted users. This patch adds a helper function to winutil that checks that the uid's SID represents a valid Windows security principal. Now if `lookupUserFromID` determines that the SID is invalid, we simply propagate the error. Updates https://github.com/tailscale/tailscale/issues/869 Signed-off-by: Aaron Klotz <aaron@tailscale.com>
2022-02-02 10:55:32 -07:00
// Package winutil contains misc Windows/Win32 helper functions.
util/winutil: add little Windows utility package Code from Alex Brainman, split out of another change. I changed it to a comma-ok return and tweaked the docs a bit.
2021-02-26 20:42:00 -08:00
package winutil
ipn/ipnserver, util/winutil: update workaround for os/user.LookupId failures on Windows to reject SIDs from deleted/invalid security principals. Our current workaround made the user check too lax, thus allowing deleted users. This patch adds a helper function to winutil that checks that the uid's SID represents a valid Windows security principal. Now if `lookupUserFromID` determines that the SID is invalid, we simply propagate the error. Updates https://github.com/tailscale/tailscale/issues/869 Signed-off-by: Aaron Klotz <aaron@tailscale.com>
2022-02-02 10:55:32 -07:00
// RegBase is the registry path inside HKEY_LOCAL_MACHINE where registry settings
// are stored. This constant is a non-empty string only when GOOS=windows.
const RegBase = regBase
logpolicy: set log target on windows based on a registry key (#1542) Signed-off-by: Christine Dodrill <xe@tailscale.com>
2021-03-18 13:23:56 -04:00
cmd/tailscaled, util/winutil: add accessor functions for Windows system policies. This patch adds new functions to be used when accessing system policies, and revises callers to use the new functions. They first attempt the new registry path for policies, and if that fails, attempt to fall back to the legacy path. We keep non-policy variants of these functions because we should be able to retain the ability to read settings from locations that are not exposed to sysadmins for group policy edits. The remaining changes will be done in corp. Updates https://github.com/tailscale/tailscale/issues/3584 Signed-off-by: Aaron Klotz <aaron@tailscale.com>
2022-01-10 13:10:02 -07:00
// GetPolicyString looks up a registry value in the local machine's path for
// system policies, or returns the given default if it can't.
// Use this function to read values that may be set by sysadmins via the MSI
// installer or via GPO. For registry settings that you do *not* want to be
// visible to sysadmin tools, use GetRegString instead.
//
// This function will only work on GOOS=windows. Trying to run it on any other
// OS will always return the default value.
func GetPolicyString(name, defval string) string {
return getPolicyString(name, defval)
}
// GetPolicyInteger looks up a registry value in the local machine's path for
// system policies, or returns the given default if it can't.
// Use this function to read values that may be set by sysadmins via the MSI
// installer or via GPO. For registry settings that you do *not* want to be
// visible to sysadmin tools, use GetRegInteger instead.
//
// This function will only work on GOOS=windows. Trying to run it on any other
// OS will always return the default value.
func GetPolicyInteger(name string, defval uint64) uint64 {
return getPolicyInteger(name, defval)
}
// GetRegString looks up a registry path in the local machine path, or returns
logpolicy: set log target on windows based on a registry key (#1542) Signed-off-by: Christine Dodrill <xe@tailscale.com>
2021-03-18 13:23:56 -04:00
// the given default if it can't.
//
// This function will only work on GOOS=windows. Trying to run it on any other
// OS will always return the default value.
func GetRegString(name, defval string) string {
ipn/ipnserver, util/winutil: update workaround for os/user.LookupId failures on Windows to reject SIDs from deleted/invalid security principals. Our current workaround made the user check too lax, thus allowing deleted users. This patch adds a helper function to winutil that checks that the uid's SID represents a valid Windows security principal. Now if `lookupUserFromID` determines that the SID is invalid, we simply propagate the error. Updates https://github.com/tailscale/tailscale/issues/869 Signed-off-by: Aaron Klotz <aaron@tailscale.com>
2022-02-02 10:55:32 -07:00
return getRegString(name, defval)
logpolicy: set log target on windows based on a registry key (#1542) Signed-off-by: Christine Dodrill <xe@tailscale.com>
2021-03-18 13:23:56 -04:00
}
net/dns: do not run wsl.exe as LocalSystem It doesn't work. It needs to run as the user. https://github.com/microsoft/WSL/issues/4803 The mechanism for doing this was extracted from: https://web.archive.org/web/20101009012531/http://blogs.msdn.com/b/winsdk/archive/2009/07/14/launching-an-interactive-process-from-windows-service-in-windows-vista-and-later.aspx While here, we also reclaculate WSL distro set on SetDNS. This accounts for: 1. potential inability to access wsl.exe on startup 2. WSL being installed while Tailscale is running 3. A new WSL distrobution being installed Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2021-06-29 17:33:17 -07:00
cmd/tailscaled, util/winutil: add accessor functions for Windows system policies. This patch adds new functions to be used when accessing system policies, and revises callers to use the new functions. They first attempt the new registry path for policies, and if that fails, attempt to fall back to the legacy path. We keep non-policy variants of these functions because we should be able to retain the ability to read settings from locations that are not exposed to sysadmins for group policy edits. The remaining changes will be done in corp. Updates https://github.com/tailscale/tailscale/issues/3584 Signed-off-by: Aaron Klotz <aaron@tailscale.com>
2022-01-10 13:10:02 -07:00
// GetRegInteger looks up a registry path in the local machine path, or returns
util/winutil: add GetRegInteger This helper allows us to retrieve `DWORD` and `QWORD` values from the Tailscale key in the Windows registry. Signed-off-by: Aaron Klotz <aaron@tailscale.com>
2021-09-28 16:29:47 -06:00
// the given default if it can't.
//
// This function will only work on GOOS=windows. Trying to run it on any other
// OS will always return the default value.
func GetRegInteger(name string, defval uint64) uint64 {
ipn/ipnserver, util/winutil: update workaround for os/user.LookupId failures on Windows to reject SIDs from deleted/invalid security principals. Our current workaround made the user check too lax, thus allowing deleted users. This patch adds a helper function to winutil that checks that the uid's SID represents a valid Windows security principal. Now if `lookupUserFromID` determines that the SID is invalid, we simply propagate the error. Updates https://github.com/tailscale/tailscale/issues/869 Signed-off-by: Aaron Klotz <aaron@tailscale.com>
2022-02-02 10:55:32 -07:00
return getRegInteger(name, defval)
util/winutil: add GetRegInteger This helper allows us to retrieve `DWORD` and `QWORD` values from the Tailscale key in the Windows registry. Signed-off-by: Aaron Klotz <aaron@tailscale.com>
2021-09-28 16:29:47 -06:00
}
ipn/ipnserver, util/winutil: update workaround for os/user.LookupId failures on Windows to reject SIDs from deleted/invalid security principals. Our current workaround made the user check too lax, thus allowing deleted users. This patch adds a helper function to winutil that checks that the uid's SID represents a valid Windows security principal. Now if `lookupUserFromID` determines that the SID is invalid, we simply propagate the error. Updates https://github.com/tailscale/tailscale/issues/869 Signed-off-by: Aaron Klotz <aaron@tailscale.com>
2022-02-02 10:55:32 -07:00
// IsSIDValidPrincipal determines whether the SID contained in uid represents a
// type that is a valid security principal under Windows. This check helps us
// work around a bug in the standard library's Windows implementation of
// LookupId in os/user.
// See https://github.com/tailscale/tailscale/issues/869
//
// This function will only work on GOOS=windows. Trying to run it on any other
// OS will always return false.
func IsSIDValidPrincipal(uid string) bool {
return isSIDValidPrincipal(uid)
net/dns: do not run wsl.exe as LocalSystem It doesn't work. It needs to run as the user. https://github.com/microsoft/WSL/issues/4803 The mechanism for doing this was extracted from: https://web.archive.org/web/20101009012531/http://blogs.msdn.com/b/winsdk/archive/2009/07/14/launching-an-interactive-process-from-windows-service-in-windows-vista-and-later.aspx While here, we also reclaculate WSL distro set on SetDNS. This accounts for: 1. potential inability to access wsl.exe on startup 2. WSL being installed while Tailscale is running 3. A new WSL distrobution being installed Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2021-06-29 17:33:17 -07:00
}
Reference in New Issue Copy Permalink