safesocket: enable test to run on Windows unpriviliged

I manually tested that the code path that relaxes pipe permissions is not executed when run with elevated priviliges, and the test also passes in that case. Updates #7876 Signed-off-by: James Tucker <jftucker@gmail.com>
2025-10-10 09:45:08 +00:00 · 2023-04-14 16:52:44 -07:00
parent cd35a79136
commit f844791e15
3 changed files with 28 additions and 4 deletions
--- a/safesocket/pipe_windows_test.go
+++ b/safesocket/pipe_windows_test.go
@@ -0,0 +1,22 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+package safesocket
+
+import "tailscale.com/util/winutil"
+
+func init() {
+	// downgradeSDDL is a test helper that downgrades the windowsSDDL variable if
+	// the currently running user does not have sufficient priviliges to set the
+	// SDDL.
+	downgradeSDDL = func() (cleanup func()) {
+		// The current default descriptor can not be set by mere mortal users,
+		// so we need to undo that for executing tests as a regular user.
+		if !winutil.IsCurrentProcessElevated() {
+			var orig string
+			orig, windowsSDDL = windowsSDDL, ""
+			return func() { windowsSDDL = orig }
+		}
+		return func() {}
+	}
+}