mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-29 04:55:31 +00:00
cmd/tailscaled, util/winutil: log our registry keys during tailscaled startup
In order to improve our ability to understand the state of policies and registry settings when troubleshooting, we enumerate all values in all subkeys. x/sys/windows does not already offer this, so we need to call RegEnumValue directly. For now we're just logging this during startup, however in a future PR I plan to also trigger this code during a bugreport. I also want to log more than just registry. Fixes #8141 Signed-off-by: Aaron Klotz <aaron@tailscale.com>
This commit is contained in:
parent
88ee857bc8
commit
2aa8299c37
@ -126,6 +126,10 @@ func isWindowsService() bool {
|
||||
// At this point we're still the parent process that
|
||||
// Windows started.
|
||||
func runWindowsService(pol *logpolicy.Policy) error {
|
||||
go func() {
|
||||
winutil.LogSupportInfo(log.Printf)
|
||||
}()
|
||||
|
||||
if winutil.GetPolicyInteger("LogSCMInteractions", 0) != 0 {
|
||||
syslog, err := eventlog.Open(serviceName)
|
||||
if err == nil {
|
||||
|
@ -4,5 +4,7 @@
|
||||
package winutil
|
||||
|
||||
//go:generate go run golang.org/x/sys/windows/mkwinsyscall -output zsyscall_windows.go mksyscall.go
|
||||
//go:generate go run golang.org/x/tools/cmd/goimports -w zsyscall_windows.go
|
||||
|
||||
//sys queryServiceConfig2(hService windows.Handle, infoLevel uint32, buf *byte, bufLen uint32, bytesNeeded *uint32) (err error) [failretval==0] = advapi32.QueryServiceConfig2W
|
||||
//sys regEnumValue(key registry.Key, index uint32, valueName *uint16, valueNameLen *uint32, reserved *uint32, valueType *uint32, pData *byte, cbData *uint32) (ret error) [failretval!=0] = advapi32.RegEnumValueW
|
||||
|
@ -4,8 +4,11 @@
|
||||
package winutil
|
||||
|
||||
import (
|
||||
"encoding/binary"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"log"
|
||||
"os/exec"
|
||||
"os/user"
|
||||
@ -13,10 +16,12 @@
|
||||
"strings"
|
||||
"syscall"
|
||||
"time"
|
||||
"unicode/utf16"
|
||||
"unsafe"
|
||||
|
||||
"golang.org/x/sys/windows"
|
||||
"golang.org/x/sys/windows/registry"
|
||||
"tailscale.com/types/logger"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -551,3 +556,166 @@ func findHomeDirInRegistry(uid string) (dir string, err error) {
|
||||
}
|
||||
return dir, nil
|
||||
}
|
||||
|
||||
const (
|
||||
maxBinaryValueLen = 128 // we'll truncate any binary values longer than this
|
||||
maxRegValueNameLen = 16384 // maximum length supported by Windows + 1
|
||||
initialValueBufLen = 80 // large enough to contain a stringified GUID encoded as UTF-16
|
||||
)
|
||||
|
||||
const (
|
||||
supportInfoKeyRegistry = "Registry"
|
||||
)
|
||||
|
||||
// LogSupportInfo obtains information useful for troubleshooting and support,
|
||||
// and writes it to the log as a JSON-encoded object.
|
||||
func LogSupportInfo(logf logger.Logf) {
|
||||
var b strings.Builder
|
||||
if err := getSupportInfo(&b); err != nil {
|
||||
log.Printf("error encoding support info: %v", err)
|
||||
return
|
||||
}
|
||||
logf("Support Info: %s", b.String())
|
||||
}
|
||||
|
||||
func getSupportInfo(w io.Writer) error {
|
||||
output := make(map[string]any)
|
||||
|
||||
regInfo, err := getRegistrySupportInfo(registry.LOCAL_MACHINE, []string{regPolicyBase, regBase})
|
||||
if err == nil {
|
||||
output[supportInfoKeyRegistry] = regInfo
|
||||
} else {
|
||||
output[supportInfoKeyRegistry] = err
|
||||
}
|
||||
|
||||
enc := json.NewEncoder(w)
|
||||
return enc.Encode(output)
|
||||
}
|
||||
|
||||
type getRegistrySupportInfoBufs struct {
|
||||
nameBuf []uint16
|
||||
valueBuf []byte
|
||||
}
|
||||
|
||||
func getRegistrySupportInfo(root registry.Key, subKeys []string) (map[string]any, error) {
|
||||
bufs := getRegistrySupportInfoBufs{
|
||||
nameBuf: make([]uint16, maxRegValueNameLen),
|
||||
valueBuf: make([]byte, initialValueBufLen),
|
||||
}
|
||||
|
||||
output := make(map[string]any)
|
||||
|
||||
for _, subKey := range subKeys {
|
||||
if err := getRegSubKey(root, subKey, 5, &bufs, output); err != nil && !errors.Is(err, registry.ErrNotExist) {
|
||||
return nil, fmt.Errorf("getRegistrySupportInfo: %w", err)
|
||||
}
|
||||
}
|
||||
|
||||
return output, nil
|
||||
}
|
||||
|
||||
func keyString(key registry.Key, subKey string) string {
|
||||
var keyStr string
|
||||
switch key {
|
||||
case registry.CLASSES_ROOT:
|
||||
keyStr = `HKCR\`
|
||||
case registry.CURRENT_USER:
|
||||
keyStr = `HKCU\`
|
||||
case registry.LOCAL_MACHINE:
|
||||
keyStr = `HKLM\`
|
||||
case registry.USERS:
|
||||
keyStr = `HKU\`
|
||||
case registry.CURRENT_CONFIG:
|
||||
keyStr = `HKCC\`
|
||||
case registry.PERFORMANCE_DATA:
|
||||
keyStr = `HKPD\`
|
||||
default:
|
||||
}
|
||||
|
||||
return keyStr + subKey
|
||||
}
|
||||
|
||||
func getRegSubKey(key registry.Key, subKey string, recursionLimit int, bufs *getRegistrySupportInfoBufs, output map[string]any) error {
|
||||
keyStr := keyString(key, subKey)
|
||||
k, err := registry.OpenKey(key, subKey, registry.READ)
|
||||
if err != nil {
|
||||
return fmt.Errorf("opening %q: %w", keyStr, err)
|
||||
}
|
||||
defer k.Close()
|
||||
|
||||
kv := make(map[string]any)
|
||||
index := uint32(0)
|
||||
|
||||
loopValues:
|
||||
for {
|
||||
nbuf := bufs.nameBuf
|
||||
nameLen := uint32(len(nbuf))
|
||||
valueType := uint32(0)
|
||||
vbuf := bufs.valueBuf
|
||||
valueLen := uint32(len(vbuf))
|
||||
|
||||
err := regEnumValue(k, index, &nbuf[0], &nameLen, nil, &valueType, &vbuf[0], &valueLen)
|
||||
switch err {
|
||||
case windows.ERROR_NO_MORE_ITEMS:
|
||||
break loopValues
|
||||
case windows.ERROR_MORE_DATA:
|
||||
bufs.valueBuf = make([]byte, valueLen)
|
||||
continue
|
||||
case nil:
|
||||
default:
|
||||
return fmt.Errorf("regEnumValue: %w", err)
|
||||
}
|
||||
|
||||
var value any
|
||||
|
||||
switch valueType {
|
||||
case registry.SZ, registry.EXPAND_SZ:
|
||||
value = windows.UTF16PtrToString((*uint16)(unsafe.Pointer(&vbuf[0])))
|
||||
case registry.BINARY:
|
||||
if valueLen > maxBinaryValueLen {
|
||||
valueLen = maxBinaryValueLen
|
||||
}
|
||||
value = append([]byte{}, vbuf[:valueLen]...)
|
||||
case registry.DWORD:
|
||||
value = binary.LittleEndian.Uint32(vbuf[:4])
|
||||
case registry.MULTI_SZ:
|
||||
// Adapted from x/sys/windows/registry/(Key).GetStringsValue
|
||||
p := (*[1 << 29]uint16)(unsafe.Pointer(&vbuf[0]))[: valueLen/2 : valueLen/2]
|
||||
var strs []string
|
||||
if len(p) > 0 {
|
||||
if p[len(p)-1] == 0 {
|
||||
p = p[:len(p)-1]
|
||||
}
|
||||
strs = make([]string, 0, 5)
|
||||
from := 0
|
||||
for i, c := range p {
|
||||
if c == 0 {
|
||||
strs = append(strs, string(utf16.Decode(p[from:i])))
|
||||
from = i + 1
|
||||
}
|
||||
}
|
||||
}
|
||||
value = strs
|
||||
case registry.QWORD:
|
||||
value = binary.LittleEndian.Uint64(vbuf[:8])
|
||||
default:
|
||||
value = fmt.Sprintf("<unsupported value type %d>", valueType)
|
||||
}
|
||||
|
||||
kv[windows.UTF16PtrToString(&nbuf[0])] = value
|
||||
index++
|
||||
}
|
||||
|
||||
if recursionLimit > 0 {
|
||||
if sks, err := k.ReadSubKeyNames(0); err == nil {
|
||||
for _, sk := range sks {
|
||||
if err := getRegSubKey(k, sk, recursionLimit-1, bufs, kv); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
output[keyStr] = kv
|
||||
return nil
|
||||
}
|
||||
|
@ -4,7 +4,13 @@
|
||||
package winutil
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"golang.org/x/exp/maps"
|
||||
"golang.org/x/sys/windows/registry"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -28,3 +34,117 @@ func TestLookupPseudoUser(t *testing.T) {
|
||||
t.Errorf("LookupPseudoUser(%q) unexpectedly succeeded", networkSID)
|
||||
}
|
||||
}
|
||||
|
||||
func makeLongBinaryValue() []byte {
|
||||
buf := make([]byte, maxBinaryValueLen*2)
|
||||
for i, _ := range buf {
|
||||
buf[i] = byte(i % 0xFF)
|
||||
}
|
||||
return buf
|
||||
}
|
||||
|
||||
var testData = map[string]any{
|
||||
"": "I am the default",
|
||||
"StringEmpty": "",
|
||||
"StringShort": "Hello",
|
||||
"StringLong": strings.Repeat("7", initialValueBufLen+1),
|
||||
"MultiStringEmpty": []string{},
|
||||
"MultiStringSingle": []string{"Foo"},
|
||||
"MultiStringSingleEmpty": []string{""},
|
||||
"MultiString": []string{"Foo", "Bar", "Baz"},
|
||||
"MultiStringWithEmptyBeginning": []string{"", "Foo", "Bar"},
|
||||
"MultiStringWithEmptyMiddle": []string{"Foo", "", "Bar"},
|
||||
"MultiStringWithEmptyEnd": []string{"Foo", "Bar", ""},
|
||||
"DWord": uint32(0x12345678),
|
||||
"QWord": uint64(0x123456789abcdef0),
|
||||
"BinaryEmpty": []byte{},
|
||||
"BinaryShort": []byte{0x01, 0x02, 0x03, 0x04},
|
||||
"BinaryLong": makeLongBinaryValue(),
|
||||
}
|
||||
|
||||
const (
|
||||
keyNameTest = `SOFTWARE\Tailscale Test`
|
||||
subKeyNameTest = "SubKey"
|
||||
)
|
||||
|
||||
func setValues(t *testing.T, k registry.Key) {
|
||||
for vk, v := range testData {
|
||||
var err error
|
||||
switch tv := v.(type) {
|
||||
case string:
|
||||
err = k.SetStringValue(vk, tv)
|
||||
case []string:
|
||||
err = k.SetStringsValue(vk, tv)
|
||||
case uint32:
|
||||
err = k.SetDWordValue(vk, tv)
|
||||
case uint64:
|
||||
err = k.SetQWordValue(vk, tv)
|
||||
case []byte:
|
||||
err = k.SetBinaryValue(vk, tv)
|
||||
default:
|
||||
t.Fatalf("Unknown type")
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
t.Fatalf("Error setting %q: %v", vk, err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestRegistrySupportInfo(t *testing.T) {
|
||||
// Make sure the key doesn't exist yet
|
||||
k, err := registry.OpenKey(registry.CURRENT_USER, keyNameTest, registry.READ)
|
||||
switch {
|
||||
case err == nil:
|
||||
k.Close()
|
||||
t.Fatalf("Test key already exists")
|
||||
case !errors.Is(err, registry.ErrNotExist):
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
func() {
|
||||
k, _, err := registry.CreateKey(registry.CURRENT_USER, keyNameTest, registry.WRITE)
|
||||
if err != nil {
|
||||
t.Fatalf("Error creating test key: %v", err)
|
||||
}
|
||||
defer k.Close()
|
||||
|
||||
setValues(t, k)
|
||||
|
||||
sk, _, err := registry.CreateKey(k, subKeyNameTest, registry.WRITE)
|
||||
if err != nil {
|
||||
t.Fatalf("Error creating test subkey: %v", err)
|
||||
}
|
||||
defer sk.Close()
|
||||
|
||||
setValues(t, sk)
|
||||
}()
|
||||
|
||||
t.Cleanup(func() {
|
||||
registry.DeleteKey(registry.CURRENT_USER, keyNameTest+"\\"+subKeyNameTest)
|
||||
registry.DeleteKey(registry.CURRENT_USER, keyNameTest)
|
||||
})
|
||||
|
||||
wantValuesData := maps.Clone(testData)
|
||||
wantValuesData["BinaryLong"] = (wantValuesData["BinaryLong"].([]byte))[:maxBinaryValueLen]
|
||||
|
||||
wantKeyData := make(map[string]any)
|
||||
maps.Copy(wantKeyData, wantValuesData)
|
||||
wantSubKeyData := make(map[string]any)
|
||||
maps.Copy(wantSubKeyData, wantValuesData)
|
||||
wantKeyData[subKeyNameTest] = wantSubKeyData
|
||||
|
||||
wantData := map[string]any{
|
||||
"HKCU\\" + keyNameTest: wantKeyData,
|
||||
}
|
||||
|
||||
gotData, err := getRegistrySupportInfo(registry.CURRENT_USER, []string{keyNameTest})
|
||||
if err != nil {
|
||||
t.Errorf("getRegistrySupportInfo error: %v", err)
|
||||
}
|
||||
|
||||
want, got := fmt.Sprintf("%#v", wantData), fmt.Sprintf("%#v", gotData)
|
||||
if want != got {
|
||||
t.Errorf("Compare error: want\n%s,\ngot %s", want, got)
|
||||
}
|
||||
}
|
||||
|
@ -7,6 +7,7 @@
|
||||
"unsafe"
|
||||
|
||||
"golang.org/x/sys/windows"
|
||||
"golang.org/x/sys/windows/registry"
|
||||
)
|
||||
|
||||
var _ unsafe.Pointer
|
||||
@ -41,6 +42,7 @@ func errnoErr(e syscall.Errno) error {
|
||||
modadvapi32 = windows.NewLazySystemDLL("advapi32.dll")
|
||||
|
||||
procQueryServiceConfig2W = modadvapi32.NewProc("QueryServiceConfig2W")
|
||||
procRegEnumValueW = modadvapi32.NewProc("RegEnumValueW")
|
||||
)
|
||||
|
||||
func queryServiceConfig2(hService windows.Handle, infoLevel uint32, buf *byte, bufLen uint32, bytesNeeded *uint32) (err error) {
|
||||
@ -50,3 +52,11 @@ func queryServiceConfig2(hService windows.Handle, infoLevel uint32, buf *byte, b
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
func regEnumValue(key registry.Key, index uint32, valueName *uint16, valueNameLen *uint32, reserved *uint32, valueType *uint32, pData *byte, cbData *uint32) (ret error) {
|
||||
r0, _, _ := syscall.Syscall9(procRegEnumValueW.Addr(), 8, uintptr(key), uintptr(index), uintptr(unsafe.Pointer(valueName)), uintptr(unsafe.Pointer(valueNameLen)), uintptr(unsafe.Pointer(reserved)), uintptr(unsafe.Pointer(valueType)), uintptr(unsafe.Pointer(pData)), uintptr(unsafe.Pointer(cbData)), 0)
|
||||
if r0 != 0 {
|
||||
ret = syscall.Errno(r0)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user