From 8e75c8504c4db703debc7f70fc675f170fd48b8f Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <bradfitz@tailscale.com>
Date: Mon, 12 Apr 2021 15:12:47 -0700
Subject: [PATCH] ipn/ipnlocal: in direct file mode, don't readdir

And don't even allow attempts at Open/Delete.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
---
 ipn/ipnlocal/peerapi.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/ipn/ipnlocal/peerapi.go b/ipn/ipnlocal/peerapi.go
index 0f84cdb06..33ec9df0b 100644
--- a/ipn/ipnlocal/peerapi.go
+++ b/ipn/ipnlocal/peerapi.go
@@ -63,7 +63,7 @@ func (s *peerAPIServer) diskPath(baseName string) (fullPath string, ok bool) {
 // hasFilesWaiting reports whether any files are buffered in the
 // tailscaled daemon storage.
 func (s *peerAPIServer) hasFilesWaiting() bool {
-	if s.rootDir == "" {
+	if s.rootDir == "" || s.directFileMode {
 		return false
 	}
 	if s.knownEmpty.Get() {
@@ -110,6 +110,9 @@ func (s *peerAPIServer) WaitingFiles() (ret []WaitingFile, err error) {
 	if s.rootDir == "" {
 		return nil, errors.New("peerapi disabled; no storage configured")
 	}
+	if s.directFileMode {
+		return nil, nil
+	}
 	f, err := os.Open(s.rootDir)
 	if err != nil {
 		return nil, err
@@ -147,6 +150,9 @@ func (s *peerAPIServer) DeleteFile(baseName string) error {
 	if s.rootDir == "" {
 		return errors.New("peerapi disabled; no storage configured")
 	}
+	if s.directFileMode {
+		return errors.New("deletes not allowed in direct mode")
+	}
 	path, ok := s.diskPath(baseName)
 	if !ok {
 		return errors.New("bad filename")
@@ -162,6 +168,9 @@ func (s *peerAPIServer) OpenFile(baseName string) (rc io.ReadCloser, size int64,
 	if s.rootDir == "" {
 		return nil, 0, errors.New("peerapi disabled; no storage configured")
 	}
+	if s.directFileMode {
+		return nil, 0, errors.New("opens not allowed in direct mode")
+	}
 	path, ok := s.diskPath(baseName)
 	if !ok {
 		return nil, 0, errors.New("bad filename")