safesocket: refactor macOS auth code, pull out separate LocalTCPPortAndToken

4 years ago · 914a486af6
parent 60e189f699
commit 914a486af6
5 changed files with 96 additions and 31 deletions
--- a/safesocket/basic_test.go
+++ b/safesocket/basic_test.go
@ -32,7 +32,7 @@ func TestBasics(t *testing.T) {
 			errs <- err
 			return
 		}
-		fmt.Printf("server read %d bytes.\n", n)
+		t.Logf("server read %d bytes.", n)
 		if string(b[:n]) != "world" {
 			errs <- fmt.Errorf("got %#v, expected %#v\n", string(b[:n]), "world")
 			return
--- a/safesocket/safesocket.go
+++ b/safesocket/safesocket.go
@ -7,7 +7,9 @@
 package safesocket
 import (
 	"errors"
 	"net"
 	"runtime"
 )
 type closeable interface {
@ -43,3 +45,21 @@ func Connect(path string, port uint16) (net.Conn, error) {
 func Listen(path string, port uint16) (_ net.Listener, gotPort uint16, _ error) {
 	return listen(path, port)
 }
 var (
 	ErrTokenNotFound = errors.New("no token found")
 	ErrNoTokenOnOS   = errors.New("no token on " + runtime.GOOS)
 )
 var localTCPPortAndToken func() (port int, token string, err error)
 // LocalTCPPortAndToken returns the port number and auth token to connect to
 // the local Tailscale daemon. It's currently only applicable on macOS
 // when tailscaled is being run in the Mac Sandbox from the App Store version
 // of Tailscale.
 func LocalTCPPortAndToken() (port int, token string, err error) {
 	if localTCPPortAndToken == nil {
 		return 0, "", ErrNoTokenOnOS
 	}
 	return localTCPPortAndToken()
 }
--- a/safesocket/safesocket_darwin.go
+++ b/safesocket/safesocket_darwin.go
@ -0,0 +1,52 @@
 // Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 package safesocket
 import (
 	"bufio"
 	"bytes"
 	"fmt"
 	"os"
 	"os/exec"
 	"strconv"
 	"strings"
 )
 func init() {
 	localTCPPortAndToken = localTCPPortAndTokenDarwin
 }
 func localTCPPortAndTokenDarwin() (port int, token string, err error) {
 	out, err := exec.Command("lsof",
 		"-n",                             // numeric sockets; don't do DNS lookups, etc
 		"-a",                             // logical AND remaining options
 		fmt.Sprintf("-u%d", os.Getuid()), // process of same user only
 		"-c", "IPNExtension",             // starting with IPNExtension
 		"-F", // machine-readable output
 	).Output()
 	if err != nil {
 		return 0, "", fmt.Errorf("failed to run lsof looking for IPNExtension: %w", err)
 	}
 	bs := bufio.NewScanner(bytes.NewReader(out))
 	subStr := []byte(".tailscale.ipn.macos/sameuserproof-")
 	for bs.Scan() {
 		line := bs.Bytes()
 		i := bytes.Index(line, subStr)
 		if i == -1 {
 			continue
 		}
 		f := strings.SplitN(string(line[i+len(subStr):]), "-", 2)
 		if len(f) != 2 {
 			continue
 		}
 		portStr, token := f[0], f[1]
 		port, err := strconv.Atoi(portStr)
 		if err != nil {
 			return 0, "", fmt.Errorf("invalid port %q found in lsof", portStr)
 		}
 		return port, token, nil
 	}
 	return 0, "", ErrTokenNotFound
 }
--- a/safesocket/safesocket_test.go
+++ b/safesocket/safesocket_test.go
@ -0,0 +1,13 @@
 // Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 package safesocket
 import "testing"
 func TestLocalTCPPortAndToken(t *testing.T) {
 	// Just test that it compiles for now (is available on all platforms).
 	port, token, err := LocalTCPPortAndToken()
 	t.Logf("got %v, %s, %v", port, token, err)
 }
--- a/safesocket/unixsocket.go
+++ b/safesocket/unixsocket.go
@ -7,17 +7,15 @@
 package safesocket
 import (
 	"bufio"
 	"bytes"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"log"
 	"net"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"runtime"
 	"strconv"
 	"strings"
 )
@ -166,42 +164,24 @@ func connectMacOSAppSandbox() (net.Conn, error) {
 		}
 		f := strings.SplitN(best.Name(), "-", 3)
 		portStr, token := f[1], f[2]
-		return connectMacTCP(portStr, token)
+		port, err := strconv.Atoi(portStr)
 		if err != nil {
 			return nil, fmt.Errorf("invalid port %q", portStr)
 		}
 		return connectMacTCP(port, token)
 	}
 	// Otherwise, assume we're running the cmd/tailscale binary from outside the
 	// App Sandbox.
-
+	port, token, err := LocalTCPPortAndToken()
 	out, err := exec.Command("lsof",
 		"-n",                             // numeric sockets; don't do DNS lookups, etc
 		"-a",                             // logical AND remaining options
 		fmt.Sprintf("-u%d", os.Getuid()), // process of same user only
 		"-c", "IPNExtension",             // starting with IPNExtension
 		"-F", // machine-readable output
 	).Output()
 	if err != nil {
 		return nil, err
 	}
-	bs := bufio.NewScanner(bytes.NewReader(out))
+	return connectMacTCP(port, token)
 	subStr := []byte(".tailscale.ipn.macos/sameuserproof-")
 	for bs.Scan() {
 		line := bs.Bytes()
 		i := bytes.Index(line, subStr)
 		if i == -1 {
 			continue
 		}
 		f := strings.SplitN(string(line[i+len(subStr):]), "-", 2)
 		if len(f) != 2 {
 			continue
 		}
 		portStr, token := f[0], f[1]
 		return connectMacTCP(portStr, token)
 	}
 	return nil, fmt.Errorf("failed to find Tailscale's IPNExtension process")
 }
-func connectMacTCP(portStr, token string) (net.Conn, error) {
+func connectMacTCP(port int, token string) (net.Conn, error) {
-	c, err := net.Dial("tcp", "localhost:"+portStr)
+	c, err := net.Dial("tcp", "localhost:"+strconv.Itoa(port))
 	if err != nil {
 		return nil, fmt.Errorf("error dialing IPNExtension: %w", err)
 	}