net/dns: do not run wsl.exe as LocalSystem

It doesn't work. It needs to run as the user.

	https://github.com/microsoft/WSL/issues/4803

The mechanism for doing this was extracted from:

	https://web.archive.org/web/20101009012531/http://blogs.msdn.com/b/winsdk/archive/2009/07/14/launching-an-interactive-process-from-windows-service-in-windows-vista-and-later.aspx

While here, we also reclaculate WSL distro set on SetDNS.
This accounts for:

	1. potential inability to access wsl.exe on startup
	2. WSL being installed while Tailscale is running
	3. A new WSL distrobution being installed

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
pull/2304/head
David Crawshaw 3 years ago committed by David Crawshaw
parent 6f3a5802a6
commit 6b9f8208f4

@ -43,9 +43,10 @@ type windowsManager struct {
func NewOSConfigurator(logf logger.Logf, interfaceName string) (OSConfigurator, error) { func NewOSConfigurator(logf logger.Logf, interfaceName string) (OSConfigurator, error) {
ret := windowsManager{ ret := windowsManager{
logf: logf, logf: logf,
guid: interfaceName, guid: interfaceName,
nrptWorks: isWindows10OrBetter(), nrptWorks: isWindows10OrBetter(),
wslManager: newWSLManager(logf),
} }
// Best-effort: if our NRPT rule exists, try to delete it. Unlike // Best-effort: if our NRPT rule exists, try to delete it. Unlike
@ -58,9 +59,11 @@ func NewOSConfigurator(logf logger.Logf, interfaceName string) (OSConfigurator,
ret.delKey(nrptBase) ret.delKey(nrptBase)
} }
if distros := wslDistros(logf); len(distros) > 0 { // Log WSL status once at startup.
logf("WSL distributions: %v", distros) if distros, err := wslDistros(); err != nil {
ret.wslManager = newWSLManager(logf, distros) logf("WSL: could not list distributions: %v", err)
} else {
logf("WSL: found %d distributions", len(distros))
} }
return ret, nil return ret, nil
@ -305,12 +308,10 @@ func (m windowsManager) SetDNS(cfg OSConfig) error {
// On initial setup of WSL, the restart caused by --shutdown is slow, // On initial setup of WSL, the restart caused by --shutdown is slow,
// so we do it out-of-line. // so we do it out-of-line.
go func() { go func() {
if m.wslManager != nil { if err := m.wslManager.SetDNS(cfg); err != nil {
if err := m.wslManager.SetDNS(cfg); err != nil { m.logf("WSL SetDNS: %v", err) // continue
m.logf("WSL SetDNS: %v", err) // continue } else {
} else { m.logf("WSL SetDNS: success")
m.logf("WSL SetDNS: success")
}
} }
}() }()

@ -9,20 +9,21 @@ import (
"fmt" "fmt"
"os" "os"
"os/exec" "os/exec"
"os/user"
"strings" "strings"
"syscall" "syscall"
"unicode/utf16" "unicode/utf16"
"golang.org/x/sys/windows"
"tailscale.com/types/logger" "tailscale.com/types/logger"
"tailscale.com/util/winutil"
) )
// wslDistros reports the names of the installed WSL2 linux distributions. // wslDistros reports the names of the installed WSL2 linux distributions.
func wslDistros(logf logger.Logf) []string { func wslDistros() ([]string, error) {
cmd := exec.Command("wsl.exe", "-l") b, err := wslCombinedOutput(exec.Command("wsl.exe", "-l"))
cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true}
b, err := cmd.CombinedOutput()
if err != nil { if err != nil {
return nil return nil, fmt.Errorf("%v: %q", err, string(b))
} }
// The first line of output is a WSL header. E.g. // The first line of output is a WSL header. E.g.
@ -42,16 +43,14 @@ func wslDistros(logf logger.Logf) []string {
if bytes.HasPrefix(b, []byte("W\x00i\x00n\x00d\x00o\x00w\x00s\x00")) { if bytes.HasPrefix(b, []byte("W\x00i\x00n\x00d\x00o\x00w\x00s\x00")) {
output, err = decodeUTF16(b) output, err = decodeUTF16(b)
if err != nil { if err != nil {
logf("failed to decode wsl.exe -l output %q: %v", b, err) return nil, fmt.Errorf("failed to decode wsl.exe -l output %q: %v", b, err)
return nil
} }
} else { } else {
output = string(b) output = string(b)
} }
fmt.Printf("wslDistros: %q\n", output)
lines := strings.Split(output, "\n") lines := strings.Split(output, "\n")
if len(lines) < 1 { if len(lines) < 1 {
return nil return nil, nil
} }
lines = lines[1:] // drop "Windows Subsystem For Linux" header lines = lines[1:] // drop "Windows Subsystem For Linux" header
@ -62,10 +61,9 @@ func wslDistros(logf logger.Logf) []string {
if name == "" { if name == "" {
continue continue
} }
fmt.Printf("wslDistros: name=%q\n", name)
distros = append(distros, name) distros = append(distros, name)
} }
return distros return distros, nil
} }
func decodeUTF16(b []byte) (string, error) { func decodeUTF16(b []byte) (string, error) {
@ -84,27 +82,33 @@ func decodeUTF16(b []byte) (string, error) {
// wslManager is a DNS manager for WSL2 linux distributions. // wslManager is a DNS manager for WSL2 linux distributions.
// It configures /etc/wsl.conf and /etc/resolv.conf. // It configures /etc/wsl.conf and /etc/resolv.conf.
type wslManager struct { type wslManager struct {
logf logger.Logf logf logger.Logf
managers map[string]directManager // distro name -> manager
} }
func newWSLManager(logf logger.Logf, distros []string) *wslManager { func newWSLManager(logf logger.Logf) *wslManager {
m := &wslManager{ m := &wslManager{
logf: logf, logf: logf,
managers: make(map[string]directManager), }
return m
}
func (wm *wslManager) SetDNS(cfg OSConfig) error {
distros, err := wslDistros()
if err != nil {
return err
} else if len(distros) == 0 {
return nil
} }
managers := make(map[string]directManager)
for _, distro := range distros { for _, distro := range distros {
m.managers[distro] = newDirectManagerOnFS(wslFS{ managers[distro] = newDirectManagerOnFS(wslFS{
user: "root", user: "root",
distro: distro, distro: distro,
}) })
} }
return m
}
func (wm *wslManager) SetDNS(cfg OSConfig) error {
if !cfg.IsZero() { if !cfg.IsZero() {
if wm.setWSLConf() { if wm.setWSLConf(managers) {
// What's this? So glad you asked. // What's this? So glad you asked.
// //
// WSL2 writes the /etc/resolv.conf. // WSL2 writes the /etc/resolv.conf.
@ -115,13 +119,13 @@ func (wm *wslManager) SetDNS(cfg OSConfig) error {
// have to shut down WSL2. // have to shut down WSL2.
// //
// So we do it here, before we call wsl.exe to write resolv.conf. // So we do it here, before we call wsl.exe to write resolv.conf.
if b, err := wslCommand("--shutdown").CombinedOutput(); err != nil { if b, err := wslCombinedOutput(wslCommand("--shutdown")); err != nil {
wm.logf("WSL SetDNS shutdown: %v: %s", err, b) wm.logf("WSL SetDNS shutdown: %v: %s", err, b)
} }
} }
} }
for distro, m := range wm.managers { for distro, m := range managers {
if err := m.SetDNS(cfg); err != nil { if err := m.SetDNS(cfg); err != nil {
wm.logf("WSL(%q) SetDNS: %v", distro, err) wm.logf("WSL(%q) SetDNS: %v", distro, err)
} }
@ -137,8 +141,8 @@ generateResolvConf = false
// setWSLConf attempts to disable generateResolvConf in each WSL2 linux. // setWSLConf attempts to disable generateResolvConf in each WSL2 linux.
// If any are changed, it reports true. // If any are changed, it reports true.
func (wm *wslManager) setWSLConf() (changed bool) { func (wm *wslManager) setWSLConf(managers map[string]directManager) (changed bool) {
for distro, m := range wm.managers { for distro, m := range managers {
b, err := m.fs.ReadFile(wslConf) b, err := m.fs.ReadFile(wslConf)
if err != nil && !os.IsNotExist(err) { if err != nil && !os.IsNotExist(err) {
wm.logf("WSL(%q) wsl.conf: read: %v", distro, err) wm.logf("WSL(%q) wsl.conf: read: %v", distro, err)
@ -170,7 +174,7 @@ type wslFS struct {
} }
func (fs wslFS) Stat(name string) (isRegular bool, err error) { func (fs wslFS) Stat(name string) (isRegular bool, err error) {
err = fs.cmd("test", "-f", name).Run() err = wslRun(fs.cmd("test", "-f", name))
if ee, _ := err.(*exec.ExitError); ee != nil { if ee, _ := err.(*exec.ExitError); ee != nil {
if ee.ExitCode() == 1 { if ee.ExitCode() == 1 {
return false, os.ErrNotExist return false, os.ErrNotExist
@ -181,12 +185,12 @@ func (fs wslFS) Stat(name string) (isRegular bool, err error) {
} }
func (fs wslFS) Rename(oldName, newName string) error { func (fs wslFS) Rename(oldName, newName string) error {
return fs.cmd("mv", "--", oldName, newName).Run() return wslRun(fs.cmd("mv", "--", oldName, newName))
} }
func (fs wslFS) Remove(name string) error { return fs.cmd("rm", "--", name).Run() } func (fs wslFS) Remove(name string) error { return wslRun(fs.cmd("rm", "--", name)) }
func (fs wslFS) ReadFile(name string) ([]byte, error) { func (fs wslFS) ReadFile(name string) ([]byte, error) {
b, err := fs.cmd("cat", "--", name).CombinedOutput() b, err := wslCombinedOutput(fs.cmd("cat", "--", name))
if ee, _ := err.(*exec.ExitError); ee != nil && ee.ExitCode() == 1 { if ee, _ := err.(*exec.ExitError); ee != nil && ee.ExitCode() == 1 {
return nil, os.ErrNotExist return nil, os.ErrNotExist
} }
@ -197,21 +201,54 @@ func (fs wslFS) WriteFile(name string, contents []byte, perm os.FileMode) error
cmd := fs.cmd("tee", "--", name) cmd := fs.cmd("tee", "--", name)
cmd.Stdin = bytes.NewReader(contents) cmd.Stdin = bytes.NewReader(contents)
cmd.Stdout = nil cmd.Stdout = nil
if err := cmd.Run(); err != nil { if err := wslRun(cmd); err != nil {
return err return err
} }
return fs.cmd("chmod", "--", fmt.Sprintf("%04o", perm), name).Run() return wslRun(fs.cmd("chmod", "--", fmt.Sprintf("%04o", perm), name))
} }
func (fs wslFS) cmd(args ...string) *exec.Cmd { func (fs wslFS) cmd(args ...string) *exec.Cmd {
cmd := wslCommand("-u", fs.user, "-d", fs.distro, "-e") cmd := wslCommand("-u", fs.user, "-d", fs.distro, "-e")
cmd.Args = append(cmd.Args, args...) cmd.Args = append(cmd.Args, args...)
fmt.Printf("wslFS.cmd: %v\n", cmd.Args)
return cmd return cmd
} }
func wslCommand(args ...string) *exec.Cmd { func wslCommand(args ...string) *exec.Cmd {
cmd := exec.Command("wsl.exe", args...) cmd := exec.Command("wsl.exe", args...)
cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true}
return cmd return cmd
} }
func wslCombinedOutput(cmd *exec.Cmd) ([]byte, error) {
buf := new(bytes.Buffer)
cmd.Stdout = buf
cmd.Stderr = buf
err := wslRun(cmd)
return buf.Bytes(), err
}
func wslRun(cmd *exec.Cmd) (err error) {
defer func() {
if err != nil {
err = fmt.Errorf("wslRun(%v): %w", cmd.Args, err)
}
}()
var token windows.Token
if u, err := user.Current(); err == nil && u.Name == "SYSTEM" {
// We need to switch user to run wsl.exe.
// https://github.com/microsoft/WSL/issues/4803
sessionID := winutil.WTSGetActiveConsoleSessionId()
if sessionID != 0xFFFFFFFF {
if err := windows.WTSQueryUserToken(sessionID, &token); err != nil {
return err
}
defer token.Close()
}
}
cmd.SysProcAttr = &syscall.SysProcAttr{
Token: syscall.Token(token),
HideWindow: true,
}
return cmd.Run()
}

@ -9,6 +9,7 @@ package winutil
import ( import (
"log" "log"
"syscall"
"golang.org/x/sys/windows" "golang.org/x/sys/windows"
"golang.org/x/sys/windows/registry" "golang.org/x/sys/windows/registry"
@ -50,3 +51,15 @@ func GetRegString(name, defval string) string {
} }
return val return val
} }
var (
kernel32 = syscall.NewLazyDLL("kernel32.dll")
procWTSGetActiveConsoleSessionId = kernel32.NewProc("WTSGetActiveConsoleSessionId")
)
// TODO(crawshaw): replace with x/sys/windows... one day.
// https://go-review.googlesource.com/c/sys/+/331909
func WTSGetActiveConsoleSessionId() uint32 {
r1, _, _ := procWTSGetActiveConsoleSessionId.Call()
return uint32(r1)
}

Loading…
Cancel
Save