tailscale/ipn/ipnlocal/peerapi_test.go

// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package ipnlocal

import (
	"bytes"
	"fmt"
	"io"
	"io/fs"
	"math/rand"
	"net/http"
	"net/http/httptest"
	"net/netip"
	"os"
	"path/filepath"
	"runtime"
	"strings"
	"testing"

	"go4.org/netipx"
	"tailscale.com/ipn"
	"tailscale.com/tailcfg"
	"tailscale.com/tstest"
	"tailscale.com/types/logger"
	"tailscale.com/wgengine"
	"tailscale.com/wgengine/filter"
)

type peerAPITestEnv struct {
	ph     *peerAPIHandler
	rr     *httptest.ResponseRecorder
	logBuf tstest.MemLogger
}

type check func(*testing.T, *peerAPITestEnv)

func checks(vv ...check) []check { return vv }

func httpStatus(wantStatus int) check {
	return func(t *testing.T, e *peerAPITestEnv) {
		if res := e.rr.Result(); res.StatusCode != wantStatus {
			t.Errorf("HTTP response code = %v; want %v", res.Status, wantStatus)
		}
	}
}

func bodyContains(sub string) check {
	return func(t *testing.T, e *peerAPITestEnv) {
		if body := e.rr.Body.String(); !strings.Contains(body, sub) {
			t.Errorf("HTTP response body does not contain %q; got: %s", sub, body)
		}
	}
}

func bodyNotContains(sub string) check {
	return func(t *testing.T, e *peerAPITestEnv) {
		if body := e.rr.Body.String(); strings.Contains(body, sub) {
			t.Errorf("HTTP response body unexpectedly contains %q; got: %s", sub, body)
		}
	}
}

func fileHasSize(name string, size int) check {
	return func(t *testing.T, e *peerAPITestEnv) {
		root := e.ph.ps.rootDir
		if root == "" {
			t.Errorf("no rootdir; can't check whether %q has size %v", name, size)
			return
		}
		path := filepath.Join(root, name)
		if fi, err := os.Stat(path); err != nil {
			t.Errorf("fileHasSize(%q, %v): %v", name, size, err)
		} else if fi.Size() != int64(size) {
			t.Errorf("file %q has size %v; want %v", name, fi.Size(), size)
		}
	}
}

func fileHasContents(name string, want string) check {
	return func(t *testing.T, e *peerAPITestEnv) {
		root := e.ph.ps.rootDir
		if root == "" {
			t.Errorf("no rootdir; can't check contents of %q", name)
			return
		}
		path := filepath.Join(root, name)
		got, err := os.ReadFile(path)
		if err != nil {
			t.Errorf("fileHasContents: %v", err)
			return
		}
		if string(got) != want {
			t.Errorf("file contents = %q; want %q", got, want)
		}
	}
}

func hexAll(v string) string {
	var sb strings.Builder
	for i := 0; i < len(v); i++ {
		fmt.Fprintf(&sb, "%%%02x", v[i])
	}
	return sb.String()
}

func TestHandlePeerAPI(t *testing.T) {
	tests := []struct {
		name       string
		isSelf     bool // the peer sending the request is owned by us
		capSharing bool // self node has file sharing capabilty
		omitRoot   bool // don't configure
		req        *http.Request
		checks     []check
	}{
		{
			name:       "not_peer_api",
			isSelf:     true,
			capSharing: true,
			req:        httptest.NewRequest("GET", "/", nil),
			checks: checks(
				httpStatus(200),
				bodyContains("This is my Tailscale device."),
				bodyContains("You are the owner of this node."),
			),
		},
		{
			name:       "not_peer_api_not_owner",
			isSelf:     false,
			capSharing: true,
			req:        httptest.NewRequest("GET", "/", nil),
			checks: checks(
				httpStatus(200),
				bodyContains("This is my Tailscale device."),
				bodyNotContains("You are the owner of this node."),
			),
		},
		{
			name:   "peer_api_goroutines_deny",
			isSelf: false,
			req:    httptest.NewRequest("GET", "/v0/goroutines", nil),
			checks: checks(httpStatus(403)),
		},
		{
			name:   "peer_api_goroutines",
			isSelf: true,
			req:    httptest.NewRequest("GET", "/v0/goroutines", nil),
			checks: checks(
				httpStatus(200),
				bodyContains("ServeHTTP"),
			),
		},
		{
			name:       "reject_non_owner_put",
			isSelf:     false,
			capSharing: true,
			req:        httptest.NewRequest("PUT", "/v0/put/foo", nil),
			checks: checks(
				httpStatus(http.StatusForbidden),
				bodyContains("Taildrop access denied"),
			),
		},
		{
			name:       "owner_without_cap",
			isSelf:     true,
			capSharing: false,
			req:        httptest.NewRequest("PUT", "/v0/put/foo", nil),
			checks: checks(
				httpStatus(http.StatusForbidden),
				bodyContains("file sharing not enabled by Tailscale admin"),
			),
		},
		{
			name:       "owner_with_cap_no_rootdir",
			omitRoot:   true,
			isSelf:     true,
			capSharing: true,
			req:        httptest.NewRequest("PUT", "/v0/put/foo", nil),
			checks: checks(
				httpStatus(http.StatusInternalServerError),
				bodyContains("Taildrop disabled; no storage directory"),
			),
		},
		{
			name:       "bad_method",
			isSelf:     true,
			capSharing: true,
			req:        httptest.NewRequest("POST", "/v0/put/foo", nil),
			checks: checks(
				httpStatus(405),
				bodyContains("expected method PUT"),
			),
		},
		{
			name:       "put_zero_length",
			isSelf:     true,
			capSharing: true,
			req:        httptest.NewRequest("PUT", "/v0/put/foo", nil),
			checks: checks(
				httpStatus(200),
				bodyContains("{}"),
				fileHasSize("foo", 0),
				fileHasContents("foo", ""),
			),
		},
		{
			name:       "put_non_zero_length_content_length",
			isSelf:     true,
			capSharing: true,
			req:        httptest.NewRequest("PUT", "/v0/put/foo", strings.NewReader("contents")),
			checks: checks(
				httpStatus(200),
				bodyContains("{}"),
				fileHasSize("foo", len("contents")),
				fileHasContents("foo", "contents"),
			),
		},
		{
			name:       "put_non_zero_length_chunked",
			isSelf:     true,
			capSharing: true,
			req:        httptest.NewRequest("PUT", "/v0/put/foo", struct{ io.Reader }{strings.NewReader("contents")}),
			checks: checks(
				httpStatus(200),
				bodyContains("{}"),
				fileHasSize("foo", len("contents")),
				fileHasContents("foo", "contents"),
			),
		},
		{
			name:       "bad_filename_partial",
			isSelf:     true,
			capSharing: true,
			req:        httptest.NewRequest("PUT", "/v0/put/foo.partial", nil),
			checks: checks(
				httpStatus(400),
				bodyContains("bad filename"),
			),
		},
		{
			name:       "bad_filename_deleted",
			isSelf:     true,
			capSharing: true,
			req:        httptest.NewRequest("PUT", "/v0/put/foo.deleted", nil),
			checks: checks(
				httpStatus(400),
				bodyContains("bad filename"),
			),
		},
		{
			name:       "bad_filename_dot",
			isSelf:     true,
			capSharing: true,
			req:        httptest.NewRequest("PUT", "/v0/put/.", nil),
			checks: checks(
				httpStatus(400),
				bodyContains("bad filename"),
			),
		},
		{
			name:       "bad_filename_empty",
			isSelf:     true,
			capSharing: true,
			req:        httptest.NewRequest("PUT", "/v0/put/", nil),
			checks: checks(
				httpStatus(400),
				bodyContains("empty filename"),
			),
		},
		{
			name:       "bad_filename_slash",
			isSelf:     true,
			capSharing: true,
			req:        httptest.NewRequest("PUT", "/v0/put/foo/bar", nil),
			checks: checks(
				httpStatus(400),
				bodyContains("directories not supported"),
			),
		},
		{
			name:       "bad_filename_encoded_dot",
			isSelf:     true,
			capSharing: true,
			req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll("."), nil),
			checks: checks(
				httpStatus(400),
				bodyContains("bad filename"),
			),
		},
		{
			name:       "bad_filename_encoded_slash",
			isSelf:     true,
			capSharing: true,
			req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll("/"), nil),
			checks: checks(
				httpStatus(400),
				bodyContains("bad filename"),
			),
		},
		{
			name:       "bad_filename_encoded_backslash",
			isSelf:     true,
			capSharing: true,
			req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll("\\"), nil),
			checks: checks(
				httpStatus(400),
				bodyContains("bad filename"),
			),
		},
		{
			name:       "bad_filename_encoded_dotdot",
			isSelf:     true,
			capSharing: true,
			req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll(".."), nil),
			checks: checks(
				httpStatus(400),
				bodyContains("bad filename"),
			),
		},
		{
			name:       "bad_filename_encoded_dotdot_out",
			isSelf:     true,
			capSharing: true,
			req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll("foo/../../../../../etc/passwd"), nil),
			checks: checks(
				httpStatus(400),
				bodyContains("bad filename"),
			),
		},
		{
			name:       "put_spaces_and_caps",
			isSelf:     true,
			capSharing: true,
			req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll("Foo Bar.dat"), strings.NewReader("baz")),
			checks: checks(
				httpStatus(200),
				bodyContains("{}"),
				fileHasContents("Foo Bar.dat", "baz"),
			),
		},
		{
			name:       "put_unicode",
			isSelf:     true,
			capSharing: true,
			req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll("Томас и его друзья.mp3"), strings.NewReader("главный озорник")),
			checks: checks(
				httpStatus(200),
				bodyContains("{}"),
				fileHasContents("Томас и его друзья.mp3", "главный озорник"),
			),
		},
		{
			name:       "put_invalid_utf8",
			isSelf:     true,
			capSharing: true,
			req:        httptest.NewRequest("PUT", "/v0/put/"+(hexAll("😜")[:3]), nil),
			checks: checks(
				httpStatus(400),
				bodyContains("bad filename"),
			),
		},
		{
			name:       "put_invalid_null",
			isSelf:     true,
			capSharing: true,
			req:        httptest.NewRequest("PUT", "/v0/put/%00", nil),
			checks: checks(
				httpStatus(400),
				bodyContains("bad filename"),
			),
		},
		{
			name:       "put_invalid_non_printable",
			isSelf:     true,
			capSharing: true,
			req:        httptest.NewRequest("PUT", "/v0/put/%01", nil),
			checks: checks(
				httpStatus(400),
				bodyContains("bad filename"),
			),
		},
		{
			name:       "put_invalid_colon",
			isSelf:     true,
			capSharing: true,
			req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll("nul:"), nil),
			checks: checks(
				httpStatus(400),
				bodyContains("bad filename"),
			),
		},
		{
			name:       "put_invalid_surrounding_whitespace",
			isSelf:     true,
			capSharing: true,
			req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll(" foo "), nil),
			checks: checks(
				httpStatus(400),
				bodyContains("bad filename"),
			),
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			var e peerAPITestEnv
			lb := &LocalBackend{
				logf:           e.logBuf.Logf,
				capFileSharing: tt.capSharing,
			}
			e.ph = &peerAPIHandler{
				isSelf: tt.isSelf,
				peerNode: &tailcfg.Node{
					ComputedName: "some-peer-name",
				},
				ps: &peerAPIServer{
					b: lb,
				},
			}
			var rootDir string
			if !tt.omitRoot {
				rootDir = t.TempDir()
				e.ph.ps.rootDir = rootDir
			}
			e.rr = httptest.NewRecorder()
			e.ph.ServeHTTP(e.rr, tt.req)
			for _, f := range tt.checks {
				f(t, &e)
			}
			if t.Failed() && rootDir != "" {
				t.Logf("Contents of %s:", rootDir)
				des, _ := fs.ReadDir(os.DirFS(rootDir), ".")
				for _, de := range des {
					fi, err := de.Info()
					if err != nil {
						t.Log(err)
					} else {
						t.Logf("  %v %5d %s", fi.Mode(), fi.Size(), de.Name())
					}
				}
			}
		})
	}
}

// Windows likes to hold on to file descriptors for some indeterminate
// amount of time after you close them and not let you delete them for
// a bit. So test that we work around that sufficiently.
func TestFileDeleteRace(t *testing.T) {
	dir := t.TempDir()
	ps := &peerAPIServer{
		b: &LocalBackend{
			logf:           t.Logf,
			capFileSharing: true,
		},
		rootDir: dir,
	}
	ph := &peerAPIHandler{
		isSelf: true,
		peerNode: &tailcfg.Node{
			ComputedName: "some-peer-name",
		},
		ps: ps,
	}
	buf := make([]byte, 2<<20)
	for i := 0; i < 30; i++ {
		rr := httptest.NewRecorder()
		ph.ServeHTTP(rr, httptest.NewRequest("PUT", "/v0/put/foo.txt", bytes.NewReader(buf[:rand.Intn(len(buf))])))
		if res := rr.Result(); res.StatusCode != 200 {
			t.Fatal(res.Status)
		}
		wfs, err := ps.WaitingFiles()
		if err != nil {
			t.Fatal(err)
		}
		if len(wfs) != 1 {
			t.Fatalf("waiting files = %d; want 1", len(wfs))
		}

		if err := ps.DeleteFile("foo.txt"); err != nil {
			t.Fatal(err)
		}
		wfs, err = ps.WaitingFiles()
		if err != nil {
			t.Fatal(err)
		}
		if len(wfs) != 0 {
			t.Fatalf("waiting files = %d; want 0", len(wfs))
		}
	}
}

// Tests "foo.jpg.deleted" marks (for Windows).
func TestDeletedMarkers(t *testing.T) {
	dir := t.TempDir()
	ps := &peerAPIServer{
		b: &LocalBackend{
			logf:           t.Logf,
			capFileSharing: true,
		},
		rootDir: dir,
	}

	nothingWaiting := func() {
		t.Helper()
		ps.knownEmpty.Store(false)
		if ps.hasFilesWaiting() {
			t.Fatal("unexpected files waiting")
		}
	}
	touch := func(base string) {
		t.Helper()
		if err := touchFile(filepath.Join(dir, base)); err != nil {
			t.Fatal(err)
		}
	}
	wantEmptyTempDir := func() {
		t.Helper()
		if fis, err := os.ReadDir(dir); err != nil {
			t.Fatal(err)
		} else if len(fis) > 0 && runtime.GOOS != "windows" {
			for _, fi := range fis {
				t.Errorf("unexpected file in tempdir: %q", fi.Name())
			}
		}
	}

	nothingWaiting()
	wantEmptyTempDir()

	touch("foo.jpg.deleted")
	nothingWaiting()
	wantEmptyTempDir()

	touch("foo.jpg.deleted")
	touch("foo.jpg")
	nothingWaiting()
	wantEmptyTempDir()

	touch("foo.jpg.deleted")
	touch("foo.jpg")
	wf, err := ps.WaitingFiles()
	if err != nil {
		t.Fatal(err)
	}
	if len(wf) != 0 {
		t.Fatalf("WaitingFiles = %d; want 0", len(wf))
	}
	wantEmptyTempDir()

	touch("foo.jpg.deleted")
	touch("foo.jpg")
	if rc, _, err := ps.OpenFile("foo.jpg"); err == nil {
		rc.Close()
		t.Fatal("unexpected foo.jpg open")
	}
	wantEmptyTempDir()

	// And verify basics still work in non-deleted cases.
	touch("foo.jpg")
	touch("bar.jpg.deleted")
	if wf, err := ps.WaitingFiles(); err != nil {
		t.Error(err)
	} else if len(wf) != 1 {
		t.Errorf("WaitingFiles = %d; want 1", len(wf))
	} else if wf[0].Name != "foo.jpg" {
		t.Errorf("unexpected waiting file %+v", wf[0])
	}
	if rc, _, err := ps.OpenFile("foo.jpg"); err != nil {
		t.Fatal(err)
	} else {
		rc.Close()
	}

}

func TestPeerAPIReplyToDNSQueries(t *testing.T) {
	var h peerAPIHandler

	h.isSelf = true
	if !h.replyToDNSQueries() {
		t.Errorf("for isSelf = false; want true")
	}
	h.isSelf = false
	h.remoteAddr = netip.MustParseAddrPort("100.150.151.152:12345")

	eng, _ := wgengine.NewFakeUserspaceEngine(logger.Discard, 0)
	h.ps = &peerAPIServer{
		b: &LocalBackend{
			e: eng,
		},
	}
	if h.ps.b.OfferingExitNode() {
		t.Fatal("unexpectedly offering exit node")
	}
	h.ps.b.prefs = &ipn.Prefs{
		AdvertiseRoutes: []netip.Prefix{
			netip.MustParsePrefix("0.0.0.0/0"),
			netip.MustParsePrefix("::/0"),
		},
	}
	if !h.ps.b.OfferingExitNode() {
		t.Fatal("unexpectedly not offering exit node")
	}

	if h.replyToDNSQueries() {
		t.Errorf("unexpectedly doing DNS without filter")
	}

	h.ps.b.setFilter(filter.NewAllowNone(logger.Discard, new(netipx.IPSet)))
	if h.replyToDNSQueries() {
		t.Errorf("unexpectedly doing DNS without filter")
	}

	f := filter.NewAllowAllForTest(logger.Discard)

	h.ps.b.setFilter(f)
	if !h.replyToDNSQueries() {
		t.Errorf("unexpectedly deny; wanted to be a DNS server")
	}

	// Also test IPv6.
	h.remoteAddr = netip.MustParseAddrPort("[fe70::1]:12345")
	if !h.replyToDNSQueries() {
		t.Errorf("unexpectedly IPv6 deny; wanted to be a DNS server")
	}
}
-												ipn/ipnlocal: add some peerapi tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+								// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
 								// Use of this source code is governed by a BSD-style
 								// license that can be found in the LICENSE file.
 								package ipnlocal
 								import (
 									"bytes"
 									"fmt"
-												ipn/ipnlocal: add some more peerapi handlePeerPut tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+									"io"
-												ipn/ipnlocal: finish/fix up filename validation & encoding on disk

It used to just store received files URL-escaped on disk, but that was
a half done lazy implementation, and pushed the burden to callers to
validate and write things to disk in an unescaped way.

Instead, do all the validation in the receive handler and only
accept filenames that are UTF-8 and in the intersection of valid
names that all platforms support.

Fixes tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+									"io/fs"
-												ipn/ipnlocal: put a retry loop around Windows file deletes

oh, Windows.

Updates tailscale/corp#1626

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+									"math/rand"
-												ipn/ipnlocal: add some peerapi tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+									"net/http"
 									"net/http/httptest"
-												all: use various net/netip parse funcs directly

Mechanical change with perl+goimports.

Changed {Must,}Parse{IP,IPPrefix,IPPort} to their netip variants, then
goimports -d .

Finally, removed the net/netaddr wrappers, to prevent future use.

Updates #5162

Change-Id: I59c0e38b5fbca5a935d701645789cddf3d7863ad
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											2 years ago
+									"net/netip"
-												ipn/ipnlocal: add some peerapi tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+									"os"
 									"path/filepath"
-												ipn/ipnlocal: use delete marker files to work around Windows delete problems

If DeleteFile fails on Windows due to another process (anti-virus,
probably) having our file open, instead leave a marker file that the
file is logically deleted, and remove it from API calls and clean it
up lazily later.

Updates tailscale/corp#1626

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+									"runtime"
-												ipn/ipnlocal: add some peerapi tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+									"strings"
 									"testing"
-												net/netaddr: start migrating to net/netip via new netaddr adapter package

Updates #5162

Change-Id: Id7bdec303b25471f69d542f8ce43805328d56c12
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											2 years ago
+									"go4.org/netipx"
-												ipn/ipnlocal: restrict exit node DoH server based on ACL'ed packet filter

Don't be a DoH DNS server to peers unless the Tailnet admin has permitted
that peer autogroup:internet access.

Updates #1713

Change-Id: Iec69360d8e4d24d5187c26904b6a75c1dabc8979
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+									"tailscale.com/ipn"
-												ipn/ipnlocal: add some peerapi tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+									"tailscale.com/tailcfg"
-												all: update tests to use tstest.MemLogger

And give MemLogger a mutex, as one caller had, which does match the logf
contract better.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+									"tailscale.com/tstest"
-												ipn/ipnlocal: restrict exit node DoH server based on ACL'ed packet filter

Don't be a DoH DNS server to peers unless the Tailnet admin has permitted
that peer autogroup:internet access.

Updates #1713

Change-Id: Iec69360d8e4d24d5187c26904b6a75c1dabc8979
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+									"tailscale.com/types/logger"
 									"tailscale.com/wgengine"
 									"tailscale.com/wgengine/filter"
-												ipn/ipnlocal: add some peerapi tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+								)
 								type peerAPITestEnv struct {
 									ph     *peerAPIHandler
 									rr     *httptest.ResponseRecorder
-												all: update tests to use tstest.MemLogger

And give MemLogger a mutex, as one caller had, which does match the logf
contract better.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+									logBuf tstest.MemLogger
-												ipn/ipnlocal: add some peerapi tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+								}
 								type check func(*testing.T, *peerAPITestEnv)
 								func checks(vv ...check) []check { return vv }
 								func httpStatus(wantStatus int) check {
 									return func(t *testing.T, e *peerAPITestEnv) {
 										if res := e.rr.Result(); res.StatusCode != wantStatus {
 											t.Errorf("HTTP response code = %v; want %v", res.Status, wantStatus)
 										}
 									}
 								}
 								func bodyContains(sub string) check {
 									return func(t *testing.T, e *peerAPITestEnv) {
 										if body := e.rr.Body.String(); !strings.Contains(body, sub) {
 											t.Errorf("HTTP response body does not contain %q; got: %s", sub, body)
 										}
 									}
 								}
-												ipn/ipnlocal: finish/fix up filename validation & encoding on disk

It used to just store received files URL-escaped on disk, but that was
a half done lazy implementation, and pushed the burden to callers to
validate and write things to disk in an unescaped way.

Instead, do all the validation in the receive handler and only
accept filenames that are UTF-8 and in the intersection of valid
names that all platforms support.

Fixes tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+								func bodyNotContains(sub string) check {
 									return func(t *testing.T, e *peerAPITestEnv) {
 										if body := e.rr.Body.String(); strings.Contains(body, sub) {
 											t.Errorf("HTTP response body unexpectedly contains %q; got: %s", sub, body)
 										}
 									}
 								}
-												ipn/ipnlocal: add some more peerapi handlePeerPut tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+								func fileHasSize(name string, size int) check {
-												ipn/ipnlocal: add some peerapi tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+									return func(t *testing.T, e *peerAPITestEnv) {
 										root := e.ph.ps.rootDir
 										if root == "" {
 											t.Errorf("no rootdir; can't check whether %q has size %v", name, size)
 											return
 										}
 										path := filepath.Join(root, name)
 										if fi, err := os.Stat(path); err != nil {
 											t.Errorf("fileHasSize(%q, %v): %v", name, size, err)
-												ipn/ipnlocal: add some more peerapi handlePeerPut tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+										} else if fi.Size() != int64(size) {
-												ipn/ipnlocal: add some peerapi tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+											t.Errorf("file %q has size %v; want %v", name, fi.Size(), size)
 										}
 									}
 								}
-												ipn/ipnlocal: add some more peerapi handlePeerPut tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+								func fileHasContents(name string, want string) check {
 									return func(t *testing.T, e *peerAPITestEnv) {
 										root := e.ph.ps.rootDir
 										if root == "" {
 											t.Errorf("no rootdir; can't check contents of %q", name)
 											return
 										}
 										path := filepath.Join(root, name)
-												refactor: move from io/ioutil to io and os packages

The io/ioutil package has been deprecated as of Go 1.16 [1]. This commit
replaces the existing io/ioutil functions with their new definitions in
io and os packages.

Reference: https://golang.org/doc/go1.16#ioutil
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>

											
										
										
											2 years ago
+										got, err := os.ReadFile(path)
-												ipn/ipnlocal: add some more peerapi handlePeerPut tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+										if err != nil {
 											t.Errorf("fileHasContents: %v", err)
 											return
 										}
 										if string(got) != want {
 											t.Errorf("file contents = %q; want %q", got, want)
 										}
 									}
 								}
-												ipn/ipnlocal: finish/fix up filename validation & encoding on disk

It used to just store received files URL-escaped on disk, but that was
a half done lazy implementation, and pushed the burden to callers to
validate and write things to disk in an unescaped way.

Instead, do all the validation in the receive handler and only
accept filenames that are UTF-8 and in the intersection of valid
names that all platforms support.

Fixes tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+								func hexAll(v string) string {
 									var sb strings.Builder
 									for i := 0; i < len(v); i++ {
 										fmt.Fprintf(&sb, "%%%02x", v[i])
 									}
 									return sb.String()
 								}
-												ipn/ipnlocal: add peerapi goroutine fetch

Between owners.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+								func TestHandlePeerAPI(t *testing.T) {
-												ipn/ipnlocal: add some peerapi tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+									tests := []struct {
 										name       string
 										isSelf     bool // the peer sending the request is owned by us
 										capSharing bool // self node has file sharing capabilty
 										omitRoot   bool // don't configure
 										req        *http.Request
 										checks     []check
 									}{
-												ipn/ipnlocal: finish/fix up filename validation & encoding on disk

It used to just store received files URL-escaped on disk, but that was
a half done lazy implementation, and pushed the burden to callers to
validate and write things to disk in an unescaped way.

Instead, do all the validation in the receive handler and only
accept filenames that are UTF-8 and in the intersection of valid
names that all platforms support.

Fixes tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+										{
 											name:       "not_peer_api",
 											isSelf:     true,
 											capSharing: true,
 											req:        httptest.NewRequest("GET", "/", nil),
 											checks: checks(
 												httpStatus(200),
 												bodyContains("This is my Tailscale device."),
 												bodyContains("You are the owner of this node."),
 											),
 										},
 										{
 											name:       "not_peer_api_not_owner",
 											isSelf:     false,
 											capSharing: true,
 											req:        httptest.NewRequest("GET", "/", nil),
 											checks: checks(
 												httpStatus(200),
 												bodyContains("This is my Tailscale device."),
 												bodyNotContains("You are the owner of this node."),
 											),
 										},
-												ipn/ipnlocal: add peerapi goroutine fetch

Between owners.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+										{
 											name:   "peer_api_goroutines_deny",
 											isSelf: false,
 											req:    httptest.NewRequest("GET", "/v0/goroutines", nil),
 											checks: checks(httpStatus(403)),
 										},
 										{
 											name:   "peer_api_goroutines",
 											isSelf: true,
 											req:    httptest.NewRequest("GET", "/v0/goroutines", nil),
 											checks: checks(
 												httpStatus(200),
 												bodyContains("ServeHTTP"),
 											),
 										},
-												ipn/ipnlocal: add some peerapi tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+										{
 											name:       "reject_non_owner_put",
 											isSelf:     false,
 											capSharing: true,
 											req:        httptest.NewRequest("PUT", "/v0/put/foo", nil),
 											checks: checks(
 												httpStatus(http.StatusForbidden),
-												ipn/ipnlocal: add start of inter-user Taildrop

Controlled by server-sent capability policy.

To be initially used for SSH servers to record sessions to other
nodes. Not yet productized into something user-accessible. (Notably,
the list of Taildrop targets from the sender side isn't augmented
yet.) This purely permits expanding the set of expands a node will
accept a drop from.

Updates #3802
Updates #4217

Change-Id: Id7a5bccd686490f8ef2cdc7dae7c07c440dc0085
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											2 years ago
+												bodyContains("Taildrop access denied"),
-												ipn/ipnlocal: add some peerapi tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+											),
 										},
 										{
 											name:       "owner_without_cap",
 											isSelf:     true,
 											capSharing: false,
 											req:        httptest.NewRequest("PUT", "/v0/put/foo", nil),
 											checks: checks(
 												httpStatus(http.StatusForbidden),
 												bodyContains("file sharing not enabled by Tailscale admin"),
 											),
 										},
 										{
 											name:       "owner_with_cap_no_rootdir",
 											omitRoot:   true,
 											isSelf:     true,
 											capSharing: true,
 											req:        httptest.NewRequest("PUT", "/v0/put/foo", nil),
 											checks: checks(
 												httpStatus(http.StatusInternalServerError),
-												ipn/ipnlocal: run peerapi even if Taildrop storage not configured

Change-Id: I77f9ecbe4617d01d13aa1127fa59c83f2aa3e1b8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											2 years ago
+												bodyContains("Taildrop disabled; no storage directory"),
-												ipn/ipnlocal: add some peerapi tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+											),
 										},
 										{
-												ipn/ipnlocal: add some more peerapi handlePeerPut tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+											name:       "bad_method",
 											isSelf:     true,
 											capSharing: true,
 											req:        httptest.NewRequest("POST", "/v0/put/foo", nil),
 											checks: checks(
 												httpStatus(405),
 												bodyContains("expected method PUT"),
 											),
 										},
 										{
 											name:       "put_zero_length",
-												ipn/ipnlocal: add some peerapi tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+											isSelf:     true,
 											capSharing: true,
 											req:        httptest.NewRequest("PUT", "/v0/put/foo", nil),
 											checks: checks(
 												httpStatus(200),
 												bodyContains("{}"),
 												fileHasSize("foo", 0),
-												ipn/ipnlocal: add some more peerapi handlePeerPut tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+												fileHasContents("foo", ""),
 											),
 										},
 										{
 											name:       "put_non_zero_length_content_length",
 											isSelf:     true,
 											capSharing: true,
 											req:        httptest.NewRequest("PUT", "/v0/put/foo", strings.NewReader("contents")),
 											checks: checks(
 												httpStatus(200),
 												bodyContains("{}"),
 												fileHasSize("foo", len("contents")),
 												fileHasContents("foo", "contents"),
 											),
 										},
 										{
 											name:       "put_non_zero_length_chunked",
 											isSelf:     true,
 											capSharing: true,
 											req:        httptest.NewRequest("PUT", "/v0/put/foo", struct{ io.Reader }{strings.NewReader("contents")}),
 											checks: checks(
 												httpStatus(200),
 												bodyContains("{}"),
 												fileHasSize("foo", len("contents")),
 												fileHasContents("foo", "contents"),
 											),
 										},
 										{
 											name:       "bad_filename_partial",
 											isSelf:     true,
 											capSharing: true,
 											req:        httptest.NewRequest("PUT", "/v0/put/foo.partial", nil),
 											checks: checks(
 												httpStatus(400),
 												bodyContains("bad filename"),
 											),
 										},
-												ipn/ipnlocal: use delete marker files to work around Windows delete problems

If DeleteFile fails on Windows due to another process (anti-virus,
probably) having our file open, instead leave a marker file that the
file is logically deleted, and remove it from API calls and clean it
up lazily later.

Updates tailscale/corp#1626

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+										{
 											name:       "bad_filename_deleted",
 											isSelf:     true,
 											capSharing: true,
 											req:        httptest.NewRequest("PUT", "/v0/put/foo.deleted", nil),
 											checks: checks(
 												httpStatus(400),
 												bodyContains("bad filename"),
 											),
 										},
-												ipn/ipnlocal: add some more peerapi handlePeerPut tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+										{
 											name:       "bad_filename_dot",
 											isSelf:     true,
 											capSharing: true,
 											req:        httptest.NewRequest("PUT", "/v0/put/.", nil),
 											checks: checks(
 												httpStatus(400),
 												bodyContains("bad filename"),
-												ipn/ipnlocal: add some peerapi tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+											),
 										},
-												ipn/ipnlocal: finish/fix up filename validation & encoding on disk

It used to just store received files URL-escaped on disk, but that was
a half done lazy implementation, and pushed the burden to callers to
validate and write things to disk in an unescaped way.

Instead, do all the validation in the receive handler and only
accept filenames that are UTF-8 and in the intersection of valid
names that all platforms support.

Fixes tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+										{
 											name:       "bad_filename_empty",
 											isSelf:     true,
 											capSharing: true,
 											req:        httptest.NewRequest("PUT", "/v0/put/", nil),
 											checks: checks(
 												httpStatus(400),
 												bodyContains("empty filename"),
 											),
 										},
 										{
 											name:       "bad_filename_slash",
 											isSelf:     true,
 											capSharing: true,
 											req:        httptest.NewRequest("PUT", "/v0/put/foo/bar", nil),
 											checks: checks(
 												httpStatus(400),
 												bodyContains("directories not supported"),
 											),
 										},
 										{
 											name:       "bad_filename_encoded_dot",
 											isSelf:     true,
 											capSharing: true,
 											req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll("."), nil),
 											checks: checks(
 												httpStatus(400),
 												bodyContains("bad filename"),
 											),
 										},
 										{
 											name:       "bad_filename_encoded_slash",
 											isSelf:     true,
 											capSharing: true,
 											req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll("/"), nil),
 											checks: checks(
 												httpStatus(400),
 												bodyContains("bad filename"),
 											),
 										},
 										{
 											name:       "bad_filename_encoded_backslash",
 											isSelf:     true,
 											capSharing: true,
 											req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll("\\"), nil),
 											checks: checks(
 												httpStatus(400),
 												bodyContains("bad filename"),
 											),
 										},
 										{
 											name:       "bad_filename_encoded_dotdot",
 											isSelf:     true,
 											capSharing: true,
 											req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll(".."), nil),
 											checks: checks(
 												httpStatus(400),
 												bodyContains("bad filename"),
 											),
 										},
 										{
 											name:       "bad_filename_encoded_dotdot_out",
 											isSelf:     true,
 											capSharing: true,
 											req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll("foo/../../../../../etc/passwd"), nil),
 											checks: checks(
 												httpStatus(400),
 												bodyContains("bad filename"),
 											),
 										},
 										{
 											name:       "put_spaces_and_caps",
 											isSelf:     true,
 											capSharing: true,
 											req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll("Foo Bar.dat"), strings.NewReader("baz")),
 											checks: checks(
 												httpStatus(200),
 												bodyContains("{}"),
 												fileHasContents("Foo Bar.dat", "baz"),
 											),
 										},
 										{
 											name:       "put_unicode",
 											isSelf:     true,
 											capSharing: true,
 											req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll("Томас и его друзья.mp3"), strings.NewReader("главный озорник")),
 											checks: checks(
 												httpStatus(200),
 												bodyContains("{}"),
 												fileHasContents("Томас и его друзья.mp3", "главный озорник"),
 											),
 										},
 										{
 											name:       "put_invalid_utf8",
 											isSelf:     true,
 											capSharing: true,
 											req:        httptest.NewRequest("PUT", "/v0/put/"+(hexAll("😜")[:3]), nil),
 											checks: checks(
 												httpStatus(400),
 												bodyContains("bad filename"),
 											),
 										},
 										{
 											name:       "put_invalid_null",
 											isSelf:     true,
 											capSharing: true,
 											req:        httptest.NewRequest("PUT", "/v0/put/%00", nil),
 											checks: checks(
 												httpStatus(400),
 												bodyContains("bad filename"),
 											),
 										},
 										{
 											name:       "put_invalid_non_printable",
 											isSelf:     true,
 											capSharing: true,
 											req:        httptest.NewRequest("PUT", "/v0/put/%01", nil),
 											checks: checks(
 												httpStatus(400),
 												bodyContains("bad filename"),
 											),
 										},
 										{
 											name:       "put_invalid_colon",
 											isSelf:     true,
 											capSharing: true,
 											req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll("nul:"), nil),
 											checks: checks(
 												httpStatus(400),
 												bodyContains("bad filename"),
 											),
 										},
 										{
 											name:       "put_invalid_surrounding_whitespace",
 											isSelf:     true,
 											capSharing: true,
 											req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll(" foo "), nil),
 											checks: checks(
 												httpStatus(400),
 												bodyContains("bad filename"),
 											),
 										},
-												ipn/ipnlocal: add some peerapi tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+									}
 									for _, tt := range tests {
 										t.Run(tt.name, func(t *testing.T) {
 											var e peerAPITestEnv
 											lb := &LocalBackend{
-												all: update tests to use tstest.MemLogger

And give MemLogger a mutex, as one caller had, which does match the logf
contract better.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+												logf:           e.logBuf.Logf,
-												ipn/ipnlocal: add file sharing to windows shell

Updates: tailscale/winmin#33

Signed-off-by: Aleksandar Pesic <peske.nis@gmail.com>

											
										
										
											3 years ago
+												capFileSharing: tt.capSharing,
-												ipn/ipnlocal: add some peerapi tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+											}
 											e.ph = &peerAPIHandler{
 												isSelf: tt.isSelf,
 												peerNode: &tailcfg.Node{
 													ComputedName: "some-peer-name",
 												},
 												ps: &peerAPIServer{
 													b: lb,
 												},
 											}
-												ipn/ipnlocal: finish/fix up filename validation & encoding on disk

It used to just store received files URL-escaped on disk, but that was
a half done lazy implementation, and pushed the burden to callers to
validate and write things to disk in an unescaped way.

Instead, do all the validation in the receive handler and only
accept filenames that are UTF-8 and in the intersection of valid
names that all platforms support.

Fixes tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+											var rootDir string
-												ipn/ipnlocal: add some peerapi tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+											if !tt.omitRoot {
-												ipn/ipnlocal: finish/fix up filename validation & encoding on disk

It used to just store received files URL-escaped on disk, but that was
a half done lazy implementation, and pushed the burden to callers to
validate and write things to disk in an unescaped way.

Instead, do all the validation in the receive handler and only
accept filenames that are UTF-8 and in the intersection of valid
names that all platforms support.

Fixes tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+												rootDir = t.TempDir()
 												e.ph.ps.rootDir = rootDir
-												ipn/ipnlocal: add some peerapi tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+											}
 											e.rr = httptest.NewRecorder()
 											e.ph.ServeHTTP(e.rr, tt.req)
 											for _, f := range tt.checks {
 												f(t, &e)
 											}
-												ipn/ipnlocal: finish/fix up filename validation & encoding on disk

It used to just store received files URL-escaped on disk, but that was
a half done lazy implementation, and pushed the burden to callers to
validate and write things to disk in an unescaped way.

Instead, do all the validation in the receive handler and only
accept filenames that are UTF-8 and in the intersection of valid
names that all platforms support.

Fixes tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+											if t.Failed() && rootDir != "" {
 												t.Logf("Contents of %s:", rootDir)
 												des, _ := fs.ReadDir(os.DirFS(rootDir), ".")
 												for _, de := range des {
 													fi, err := de.Info()
 													if err != nil {
 														t.Log(err)
 													} else {
 														t.Logf("  %v %5d %s", fi.Mode(), fi.Size(), de.Name())
 													}
 												}
 											}
-												ipn/ipnlocal: add some peerapi tests

Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+										})
 									}
 								}
-												ipn/ipnlocal: put a retry loop around Windows file deletes

oh, Windows.

Updates tailscale/corp#1626

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
 								// Windows likes to hold on to file descriptors for some indeterminate
 								// amount of time after you close them and not let you delete them for
 								// a bit. So test that we work around that sufficiently.
 								func TestFileDeleteRace(t *testing.T) {
 									dir := t.TempDir()
 									ps := &peerAPIServer{
 										b: &LocalBackend{
-												ipn/ipnlocal: add file sharing to windows shell

Updates: tailscale/winmin#33

Signed-off-by: Aleksandar Pesic <peske.nis@gmail.com>

											
										
										
											3 years ago
+											logf:           t.Logf,
 											capFileSharing: true,
-												ipn/ipnlocal: put a retry loop around Windows file deletes

oh, Windows.

Updates tailscale/corp#1626

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+										},
 										rootDir: dir,
 									}
 									ph := &peerAPIHandler{
 										isSelf: true,
 										peerNode: &tailcfg.Node{
 											ComputedName: "some-peer-name",
 										},
 										ps: ps,
 									}
 									buf := make([]byte, 2<<20)
 									for i := 0; i < 30; i++ {
 										rr := httptest.NewRecorder()
 										ph.ServeHTTP(rr, httptest.NewRequest("PUT", "/v0/put/foo.txt", bytes.NewReader(buf[:rand.Intn(len(buf))])))
 										if res := rr.Result(); res.StatusCode != 200 {
 											t.Fatal(res.Status)
 										}
 										wfs, err := ps.WaitingFiles()
 										if err != nil {
 											t.Fatal(err)
 										}
 										if len(wfs) != 1 {
 											t.Fatalf("waiting files = %d; want 1", len(wfs))
 										}
 										if err := ps.DeleteFile("foo.txt"); err != nil {
 											t.Fatal(err)
 										}
 										wfs, err = ps.WaitingFiles()
 										if err != nil {
 											t.Fatal(err)
 										}
 										if len(wfs) != 0 {
 											t.Fatalf("waiting files = %d; want 0", len(wfs))
 										}
 									}
 								}
-												ipn/ipnlocal: use delete marker files to work around Windows delete problems

If DeleteFile fails on Windows due to another process (anti-virus,
probably) having our file open, instead leave a marker file that the
file is logically deleted, and remove it from API calls and clean it
up lazily later.

Updates tailscale/corp#1626

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
 								// Tests "foo.jpg.deleted" marks (for Windows).
 								func TestDeletedMarkers(t *testing.T) {
 									dir := t.TempDir()
 									ps := &peerAPIServer{
 										b: &LocalBackend{
 											logf:           t.Logf,
 											capFileSharing: true,
 										},
 										rootDir: dir,
 									}
 									nothingWaiting := func() {
 										t.Helper()
-												syncs, all: move to using Go's new atomic types instead of ours

Fixes #5185

Change-Id: I850dd532559af78c3895e2924f8237ccc328449d
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											2 years ago
+										ps.knownEmpty.Store(false)
-												ipn/ipnlocal: use delete marker files to work around Windows delete problems

If DeleteFile fails on Windows due to another process (anti-virus,
probably) having our file open, instead leave a marker file that the
file is logically deleted, and remove it from API calls and clean it
up lazily later.

Updates tailscale/corp#1626

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+										if ps.hasFilesWaiting() {
 											t.Fatal("unexpected files waiting")
 										}
 									}
 									touch := func(base string) {
 										t.Helper()
 										if err := touchFile(filepath.Join(dir, base)); err != nil {
 											t.Fatal(err)
 										}
 									}
 									wantEmptyTempDir := func() {
 										t.Helper()
-												refactor: move from io/ioutil to io and os packages

The io/ioutil package has been deprecated as of Go 1.16 [1]. This commit
replaces the existing io/ioutil functions with their new definitions in
io and os packages.

Reference: https://golang.org/doc/go1.16#ioutil
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>

											
										
										
											2 years ago
+										if fis, err := os.ReadDir(dir); err != nil {
-												ipn/ipnlocal: use delete marker files to work around Windows delete problems

If DeleteFile fails on Windows due to another process (anti-virus,
probably) having our file open, instead leave a marker file that the
file is logically deleted, and remove it from API calls and clean it
up lazily later.

Updates tailscale/corp#1626

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+											t.Fatal(err)
 										} else if len(fis) > 0 && runtime.GOOS != "windows" {
 											for _, fi := range fis {
 												t.Errorf("unexpected file in tempdir: %q", fi.Name())
 											}
 										}
 									}
 									nothingWaiting()
 									wantEmptyTempDir()
 									touch("foo.jpg.deleted")
 									nothingWaiting()
 									wantEmptyTempDir()
 									touch("foo.jpg.deleted")
 									touch("foo.jpg")
 									nothingWaiting()
 									wantEmptyTempDir()
 									touch("foo.jpg.deleted")
 									touch("foo.jpg")
 									wf, err := ps.WaitingFiles()
 									if err != nil {
 										t.Fatal(err)
 									}
 									if len(wf) != 0 {
 										t.Fatalf("WaitingFiles = %d; want 0", len(wf))
 									}
 									wantEmptyTempDir()
 									touch("foo.jpg.deleted")
 									touch("foo.jpg")
 									if rc, _, err := ps.OpenFile("foo.jpg"); err == nil {
 										rc.Close()
 										t.Fatal("unexpected foo.jpg open")
 									}
 									wantEmptyTempDir()
 									// And verify basics still work in non-deleted cases.
 									touch("foo.jpg")
 									touch("bar.jpg.deleted")
 									if wf, err := ps.WaitingFiles(); err != nil {
 										t.Error(err)
 									} else if len(wf) != 1 {
 										t.Errorf("WaitingFiles = %d; want 1", len(wf))
 									} else if wf[0].Name != "foo.jpg" {
 										t.Errorf("unexpected waiting file %+v", wf[0])
 									}
 									if rc, _, err := ps.OpenFile("foo.jpg"); err != nil {
 										t.Fatal(err)
 									} else {
 										rc.Close()
 									}
 								}
-												ipn/ipnlocal: restrict exit node DoH server based on ACL'ed packet filter

Don't be a DoH DNS server to peers unless the Tailnet admin has permitted
that peer autogroup:internet access.

Updates #1713

Change-Id: Iec69360d8e4d24d5187c26904b6a75c1dabc8979
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
 								func TestPeerAPIReplyToDNSQueries(t *testing.T) {
 									var h peerAPIHandler
 									h.isSelf = true
 									if !h.replyToDNSQueries() {
 										t.Errorf("for isSelf = false; want true")
 									}
 									h.isSelf = false
-												all: use various net/netip parse funcs directly

Mechanical change with perl+goimports.

Changed {Must,}Parse{IP,IPPrefix,IPPort} to their netip variants, then
goimports -d .

Finally, removed the net/netaddr wrappers, to prevent future use.

Updates #5162

Change-Id: I59c0e38b5fbca5a935d701645789cddf3d7863ad
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											2 years ago
+									h.remoteAddr = netip.MustParseAddrPort("100.150.151.152:12345")
-												ipn/ipnlocal: restrict exit node DoH server based on ACL'ed packet filter

Don't be a DoH DNS server to peers unless the Tailnet admin has permitted
that peer autogroup:internet access.

Updates #1713

Change-Id: Iec69360d8e4d24d5187c26904b6a75c1dabc8979
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
 									eng, _ := wgengine.NewFakeUserspaceEngine(logger.Discard, 0)
 									h.ps = &peerAPIServer{
 										b: &LocalBackend{
 											e: eng,
 										},
 									}
 									if h.ps.b.OfferingExitNode() {
 										t.Fatal("unexpectedly offering exit node")
 									}
 									h.ps.b.prefs = &ipn.Prefs{
-												all: convert more code to use net/netip directly

    perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
    perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
    goimports -w .

Then delete some stuff from the net/netaddr shim package which is no
longer neeed.

Updates #5162

Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											2 years ago
+										AdvertiseRoutes: []netip.Prefix{
-												all: use various net/netip parse funcs directly

Mechanical change with perl+goimports.

Changed {Must,}Parse{IP,IPPrefix,IPPort} to their netip variants, then
goimports -d .

Finally, removed the net/netaddr wrappers, to prevent future use.

Updates #5162

Change-Id: I59c0e38b5fbca5a935d701645789cddf3d7863ad
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											2 years ago
+											netip.MustParsePrefix("0.0.0.0/0"),
 											netip.MustParsePrefix("::/0"),
-												ipn/ipnlocal: restrict exit node DoH server based on ACL'ed packet filter

Don't be a DoH DNS server to peers unless the Tailnet admin has permitted
that peer autogroup:internet access.

Updates #1713

Change-Id: Iec69360d8e4d24d5187c26904b6a75c1dabc8979
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+										},
 									}
 									if !h.ps.b.OfferingExitNode() {
 										t.Fatal("unexpectedly not offering exit node")
 									}
 									if h.replyToDNSQueries() {
 										t.Errorf("unexpectedly doing DNS without filter")
 									}
-												net/netaddr: start migrating to net/netip via new netaddr adapter package

Updates #5162

Change-Id: Id7bdec303b25471f69d542f8ce43805328d56c12
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											2 years ago
+									h.ps.b.setFilter(filter.NewAllowNone(logger.Discard, new(netipx.IPSet)))
-												ipn/ipnlocal: restrict exit node DoH server based on ACL'ed packet filter

Don't be a DoH DNS server to peers unless the Tailnet admin has permitted
that peer autogroup:internet access.

Updates #1713

Change-Id: Iec69360d8e4d24d5187c26904b6a75c1dabc8979
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+									if h.replyToDNSQueries() {
 										t.Errorf("unexpectedly doing DNS without filter")
 									}
 									f := filter.NewAllowAllForTest(logger.Discard)
 									h.ps.b.setFilter(f)
 									if !h.replyToDNSQueries() {
 										t.Errorf("unexpectedly deny; wanted to be a DNS server")
 									}
 									// Also test IPv6.
-												all: use various net/netip parse funcs directly

Mechanical change with perl+goimports.

Changed {Must,}Parse{IP,IPPrefix,IPPort} to their netip variants, then
goimports -d .

Finally, removed the net/netaddr wrappers, to prevent future use.

Updates #5162

Change-Id: I59c0e38b5fbca5a935d701645789cddf3d7863ad
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											2 years ago
+									h.remoteAddr = netip.MustParseAddrPort("[fe70::1]:12345")
-												ipn/ipnlocal: restrict exit node DoH server based on ACL'ed packet filter

Don't be a DoH DNS server to peers unless the Tailnet admin has permitted
that peer autogroup:internet access.

Updates #1713

Change-Id: Iec69360d8e4d24d5187c26904b6a75c1dabc8979
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

											
										
										
											3 years ago
+									if !h.replyToDNSQueries() {
 										t.Errorf("unexpectedly IPv6 deny; wanted to be a DNS server")
 									}
 								}