2020-02-05 22:16:58 +00:00
|
|
|
// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
|
|
|
|
|
// Use of this source code is governed by a BSD-style
|
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
|
2021-11-07 20:11:50 +00:00
|
|
|
//go:build !windows && !js
|
|
|
|
|
// +build !windows,!js
|
2020-02-05 22:16:58 +00:00
|
|
|
|
|
|
|
|
package safesocket
|
|
|
|
|
|
|
|
|
|
import (
|
2021-10-27 22:53:28 +01:00
|
|
|
"errors"
|
2020-02-05 22:16:58 +00:00
|
|
|
"fmt"
|
2020-03-30 06:04:20 +01:00
|
|
|
"io"
|
2020-07-20 22:23:50 +01:00
|
|
|
"io/ioutil"
|
2020-03-30 06:04:20 +01:00
|
|
|
"log"
|
2020-02-05 22:16:58 +00:00
|
|
|
"net"
|
|
|
|
|
"os"
|
2021-02-15 16:40:52 +00:00
|
|
|
"os/exec"
|
2020-03-03 19:47:21 +00:00
|
|
|
"path/filepath"
|
2020-03-30 06:04:20 +01:00
|
|
|
"runtime"
|
2021-01-29 22:32:56 +00:00
|
|
|
"strconv"
|
2020-03-30 06:04:20 +01:00
|
|
|
"strings"
|
2020-02-05 22:16:58 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// TODO(apenwarr): handle magic cookie auth
|
safesocket: add ConnectionStrategy, provide control over fallbacks
fee2d9fad added support for cmd/tailscale to connect to IPNExtension.
It came in two parts: If no socket was provided, dial IPNExtension first,
and also, if dialing the socket failed, fall back to IPNExtension.
The second half of that support caused the integration tests to fail
when run on a machine that was also running IPNExtension.
The integration tests want to wait until the tailscaled instances
that they spun up are listening. They do that by dialing the new
instance. But when that dial failed, it was falling back to IPNExtension,
so it appeared (incorrectly) that tailscaled was running.
Hilarity predictably ensued.
If a user (or a test) explicitly provides a socket to dial,
it is a reasonable assumption that they have a specific tailscaled
in mind and don't want to fall back to IPNExtension.
It is certainly true of the integration tests.
Instead of adding a bool to Connect, split out the notion of a
connection strategy. For now, the implementation remains the same,
but with the details hidden a bit. Later, we can improve that.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-12-08 21:55:55 +00:00
|
|
|
func connect(s *ConnectionStrategy) (net.Conn, error) {
|
2021-10-27 22:53:28 +01:00
|
|
|
if runtime.GOOS == "js" {
|
|
|
|
|
return nil, errors.New("safesocket.Connect not yet implemented on js/wasm")
|
|
|
|
|
}
|
safesocket: add ConnectionStrategy, provide control over fallbacks
fee2d9fad added support for cmd/tailscale to connect to IPNExtension.
It came in two parts: If no socket was provided, dial IPNExtension first,
and also, if dialing the socket failed, fall back to IPNExtension.
The second half of that support caused the integration tests to fail
when run on a machine that was also running IPNExtension.
The integration tests want to wait until the tailscaled instances
that they spun up are listening. They do that by dialing the new
instance. But when that dial failed, it was falling back to IPNExtension,
so it appeared (incorrectly) that tailscaled was running.
Hilarity predictably ensued.
If a user (or a test) explicitly provides a socket to dial,
it is a reasonable assumption that they have a specific tailscaled
in mind and don't want to fall back to IPNExtension.
It is certainly true of the integration tests.
Instead of adding a bool to Connect, split out the notion of a
connection strategy. For now, the implementation remains the same,
but with the details hidden a bit. Later, we can improve that.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-12-08 21:55:55 +00:00
|
|
|
if runtime.GOOS == "darwin" && s.fallback && s.path == "" && s.port == 0 {
|
2020-03-30 06:04:20 +01:00
|
|
|
return connectMacOSAppSandbox()
|
|
|
|
|
}
|
safesocket: add ConnectionStrategy, provide control over fallbacks
fee2d9fad added support for cmd/tailscale to connect to IPNExtension.
It came in two parts: If no socket was provided, dial IPNExtension first,
and also, if dialing the socket failed, fall back to IPNExtension.
The second half of that support caused the integration tests to fail
when run on a machine that was also running IPNExtension.
The integration tests want to wait until the tailscaled instances
that they spun up are listening. They do that by dialing the new
instance. But when that dial failed, it was falling back to IPNExtension,
so it appeared (incorrectly) that tailscaled was running.
Hilarity predictably ensued.
If a user (or a test) explicitly provides a socket to dial,
it is a reasonable assumption that they have a specific tailscaled
in mind and don't want to fall back to IPNExtension.
It is certainly true of the integration tests.
Instead of adding a bool to Connect, split out the notion of a
connection strategy. For now, the implementation remains the same,
but with the details hidden a bit. Later, we can improve that.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-12-08 21:55:55 +00:00
|
|
|
pipe, err := net.Dial("unix", s.path)
|
2020-02-05 22:16:58 +00:00
|
|
|
if err != nil {
|
safesocket: add ConnectionStrategy, provide control over fallbacks
fee2d9fad added support for cmd/tailscale to connect to IPNExtension.
It came in two parts: If no socket was provided, dial IPNExtension first,
and also, if dialing the socket failed, fall back to IPNExtension.
The second half of that support caused the integration tests to fail
when run on a machine that was also running IPNExtension.
The integration tests want to wait until the tailscaled instances
that they spun up are listening. They do that by dialing the new
instance. But when that dial failed, it was falling back to IPNExtension,
so it appeared (incorrectly) that tailscaled was running.
Hilarity predictably ensued.
If a user (or a test) explicitly provides a socket to dial,
it is a reasonable assumption that they have a specific tailscaled
in mind and don't want to fall back to IPNExtension.
It is certainly true of the integration tests.
Instead of adding a bool to Connect, split out the notion of a
connection strategy. For now, the implementation remains the same,
but with the details hidden a bit. Later, we can improve that.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-12-08 21:55:55 +00:00
|
|
|
if runtime.GOOS == "darwin" && s.fallback {
|
2021-07-20 20:18:40 +01:00
|
|
|
extConn, extErr := connectMacOSAppSandbox()
|
|
|
|
|
if extErr != nil {
|
safesocket: add ConnectionStrategy, provide control over fallbacks
fee2d9fad added support for cmd/tailscale to connect to IPNExtension.
It came in two parts: If no socket was provided, dial IPNExtension first,
and also, if dialing the socket failed, fall back to IPNExtension.
The second half of that support caused the integration tests to fail
when run on a machine that was also running IPNExtension.
The integration tests want to wait until the tailscaled instances
that they spun up are listening. They do that by dialing the new
instance. But when that dial failed, it was falling back to IPNExtension,
so it appeared (incorrectly) that tailscaled was running.
Hilarity predictably ensued.
If a user (or a test) explicitly provides a socket to dial,
it is a reasonable assumption that they have a specific tailscaled
in mind and don't want to fall back to IPNExtension.
It is certainly true of the integration tests.
Instead of adding a bool to Connect, split out the notion of a
connection strategy. For now, the implementation remains the same,
but with the details hidden a bit. Later, we can improve that.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-12-08 21:55:55 +00:00
|
|
|
return nil, fmt.Errorf("safesocket: failed to connect to %v: %v; failed to connect to Tailscale IPNExtension: %v", s.path, err, extErr)
|
2020-03-30 06:04:20 +01:00
|
|
|
}
|
2021-07-20 20:18:40 +01:00
|
|
|
return extConn, nil
|
2020-03-30 06:04:20 +01:00
|
|
|
}
|
2020-02-05 22:16:58 +00:00
|
|
|
return nil, err
|
|
|
|
|
}
|
2021-07-20 20:18:40 +01:00
|
|
|
return pipe, nil
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TODO(apenwarr): handle magic cookie auth
|
2020-02-25 16:46:26 +00:00
|
|
|
func listen(path string, port uint16) (ln net.Listener, _ uint16, err error) {
|
2020-02-05 22:16:58 +00:00
|
|
|
// Unix sockets hang around in the filesystem even after nobody
|
|
|
|
|
// is listening on them. (Which is really unfortunate but long-
|
|
|
|
|
// entrenched semantics.) Try connecting first; if it works, then
|
|
|
|
|
// the socket is still live, so let's not replace it. If it doesn't
|
|
|
|
|
// work, then replace it.
|
|
|
|
|
//
|
|
|
|
|
// Note that there's a race condition between these two steps. A
|
|
|
|
|
// "proper" daemon usually uses a dance involving pidfiles to first
|
|
|
|
|
// ensure that no other instances of itself are running, but that's
|
|
|
|
|
// beyond the scope of our simple socket library.
|
2020-02-18 20:33:28 +00:00
|
|
|
c, err := net.Dial("unix", path)
|
2020-02-05 22:16:58 +00:00
|
|
|
if err == nil {
|
|
|
|
|
c.Close()
|
2021-02-15 16:40:52 +00:00
|
|
|
if tailscaledRunningUnderLaunchd() {
|
|
|
|
|
return nil, 0, fmt.Errorf("%v: address already in use; tailscaled already running under launchd (to stop, run: $ sudo launchctl stop com.tailscale.tailscaled)", path)
|
|
|
|
|
}
|
2020-02-18 20:33:28 +00:00
|
|
|
return nil, 0, fmt.Errorf("%v: address already in use", path)
|
2020-02-05 22:16:58 +00:00
|
|
|
}
|
2020-02-18 20:33:28 +00:00
|
|
|
_ = os.Remove(path)
|
2021-01-21 19:29:38 +00:00
|
|
|
|
|
|
|
|
perm := socketPermissionsForOS()
|
|
|
|
|
|
|
|
|
|
sockDir := filepath.Dir(path)
|
|
|
|
|
if _, err := os.Stat(sockDir); os.IsNotExist(err) {
|
|
|
|
|
os.MkdirAll(sockDir, 0755) // best effort
|
|
|
|
|
|
|
|
|
|
// If we're on a platform where we want the socket
|
|
|
|
|
// world-readable, open up the permissions on the
|
|
|
|
|
// just-created directory too, in case a umask ate
|
|
|
|
|
// it. This primarily affects running tailscaled by
|
|
|
|
|
// hand as root in a shell, as there is no umask when
|
|
|
|
|
// running under systemd.
|
|
|
|
|
if perm == 0666 {
|
|
|
|
|
if fi, err := os.Stat(sockDir); err == nil && fi.Mode()&0077 == 0 {
|
|
|
|
|
if err := os.Chmod(sockDir, 0755); err != nil {
|
|
|
|
|
log.Print(err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-02-18 20:33:28 +00:00
|
|
|
pipe, err := net.Listen("unix", path)
|
2020-02-05 22:16:58 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, 0, err
|
|
|
|
|
}
|
2021-01-21 19:29:38 +00:00
|
|
|
os.Chmod(path, perm)
|
2020-02-05 22:16:58 +00:00
|
|
|
return pipe, 0, err
|
|
|
|
|
}
|
2020-03-30 06:04:20 +01:00
|
|
|
|
2021-02-15 16:40:52 +00:00
|
|
|
func tailscaledRunningUnderLaunchd() bool {
|
|
|
|
|
if runtime.GOOS != "darwin" {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
plist, err := exec.Command("launchctl", "list", "com.tailscale.tailscaled").Output()
|
|
|
|
|
_ = plist // parse it? https://github.com/DHowett/go-plist if we need something.
|
|
|
|
|
running := err == nil
|
|
|
|
|
return running
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-15 16:43:23 +00:00
|
|
|
// socketPermissionsForOS returns the permissions to use for the
|
|
|
|
|
// tailscaled.sock.
|
|
|
|
|
func socketPermissionsForOS() os.FileMode {
|
2021-03-02 19:12:14 +00:00
|
|
|
if PlatformUsesPeerCreds() {
|
2021-01-15 16:43:23 +00:00
|
|
|
return 0666
|
|
|
|
|
}
|
|
|
|
|
// Otherwise, root only.
|
|
|
|
|
return 0600
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-30 06:04:20 +01:00
|
|
|
// connectMacOSAppSandbox connects to the Tailscale Network Extension,
|
|
|
|
|
// which is necessarily running within the macOS App Sandbox. Our
|
|
|
|
|
// little dance to connect a regular user binary to the sandboxed
|
2021-08-24 15:36:48 +01:00
|
|
|
// network extension is:
|
2020-03-30 06:04:20 +01:00
|
|
|
//
|
|
|
|
|
// * the sandboxed IPNExtension picks a random localhost:0 TCP port
|
|
|
|
|
// to listen on
|
|
|
|
|
// * it also picks a random hex string that acts as an auth token
|
|
|
|
|
// * it then creates a file named "sameuserproof-$PORT-$TOKEN" and leaves
|
|
|
|
|
// that file descriptor open forever.
|
2020-07-20 22:23:50 +01:00
|
|
|
//
|
|
|
|
|
// Then, we do different things depending on whether the user is
|
|
|
|
|
// running cmd/tailscale that they built themselves (running as
|
|
|
|
|
// themselves, outside the App Sandbox), or whether the user is
|
|
|
|
|
// running the CLI via the GUI binary
|
|
|
|
|
// (e.g. /Applications/Tailscale.app/Contents/MacOS/Tailscale <args>),
|
|
|
|
|
// in which case we're running within the App Sandbox.
|
|
|
|
|
//
|
|
|
|
|
// If we're outside the App Sandbox:
|
|
|
|
|
//
|
2020-03-30 06:04:20 +01:00
|
|
|
// * then we come along here, running as the same UID, but outside
|
|
|
|
|
// of the sandbox, and look for it. We can run lsof on our own processes,
|
|
|
|
|
// but other users on the system can't.
|
|
|
|
|
// * we parse out the localhost port number and the auth token
|
|
|
|
|
// * we connect to TCP localhost:$PORT
|
|
|
|
|
// * we send $TOKEN + "\n"
|
|
|
|
|
// * server verifies $TOKEN, sends "#IPN\n" if okay.
|
|
|
|
|
// * server is now protocol switched
|
|
|
|
|
// * we return the net.Conn and the caller speaks the normal protocol
|
2020-07-20 22:23:50 +01:00
|
|
|
//
|
|
|
|
|
// If we're inside the App Sandbox, then TS_MACOS_CLI_SHARED_DIR has
|
|
|
|
|
// been set to our shared directory. We now have to find the most
|
|
|
|
|
// recent "sameuserproof" file (there should only be 1, but previous
|
|
|
|
|
// versions of the macOS app didn't clean them up).
|
2020-03-30 06:04:20 +01:00
|
|
|
func connectMacOSAppSandbox() (net.Conn, error) {
|
2020-07-20 22:23:50 +01:00
|
|
|
// Are we running the Tailscale.app GUI binary as a CLI, running within the App Sandbox?
|
|
|
|
|
if d := os.Getenv("TS_MACOS_CLI_SHARED_DIR"); d != "" {
|
|
|
|
|
fis, err := ioutil.ReadDir(d)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("reading TS_MACOS_CLI_SHARED_DIR: %w", err)
|
|
|
|
|
}
|
|
|
|
|
var best os.FileInfo
|
|
|
|
|
for _, fi := range fis {
|
|
|
|
|
if !strings.HasPrefix(fi.Name(), "sameuserproof-") || strings.Count(fi.Name(), "-") != 2 {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
if best == nil || fi.ModTime().After(best.ModTime()) {
|
|
|
|
|
best = fi
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if best == nil {
|
|
|
|
|
return nil, fmt.Errorf("no sameuserproof token found in TS_MACOS_CLI_SHARED_DIR %q", d)
|
|
|
|
|
}
|
|
|
|
|
f := strings.SplitN(best.Name(), "-", 3)
|
|
|
|
|
portStr, token := f[1], f[2]
|
2021-01-29 22:32:56 +00:00
|
|
|
port, err := strconv.Atoi(portStr)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("invalid port %q", portStr)
|
|
|
|
|
}
|
|
|
|
|
return connectMacTCP(port, token)
|
2020-07-20 22:23:50 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Otherwise, assume we're running the cmd/tailscale binary from outside the
|
|
|
|
|
// App Sandbox.
|
2021-01-29 22:32:56 +00:00
|
|
|
port, token, err := LocalTCPPortAndToken()
|
2020-03-30 06:04:20 +01:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2021-01-29 22:32:56 +00:00
|
|
|
return connectMacTCP(port, token)
|
2020-03-30 06:04:20 +01:00
|
|
|
}
|
2020-07-20 22:23:50 +01:00
|
|
|
|
2021-01-29 22:32:56 +00:00
|
|
|
func connectMacTCP(port int, token string) (net.Conn, error) {
|
|
|
|
|
c, err := net.Dial("tcp", "localhost:"+strconv.Itoa(port))
|
2020-07-20 22:23:50 +01:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("error dialing IPNExtension: %w", err)
|
|
|
|
|
}
|
|
|
|
|
if _, err := io.WriteString(c, token+"\n"); err != nil {
|
|
|
|
|
return nil, fmt.Errorf("error writing auth token: %w", err)
|
|
|
|
|
}
|
|
|
|
|
buf := make([]byte, 5)
|
|
|
|
|
const authOK = "#IPN\n"
|
|
|
|
|
if _, err := io.ReadFull(c, buf); err != nil {
|
|
|
|
|
return nil, fmt.Errorf("error reading from IPNExtension post-auth: %w", err)
|
|
|
|
|
}
|
|
|
|
|
if string(buf) != authOK {
|
|
|
|
|
return nil, fmt.Errorf("invalid response reading from IPNExtension post-auth")
|
|
|
|
|
}
|
|
|
|
|
return c, nil
|
|
|
|
|
}
|
