From 9a56184beff409f1151afb8db5104bed140ba829 Mon Sep 17 00:00:00 2001
From: Paul Scott <408401+icio@users.noreply.github.com>
Date: Wed, 6 Sep 2023 12:43:10 +0100
Subject: [PATCH] cmd/tailscale: Check App Store tailscaled dialable before
 selecting. (#9234)

PR #9217 attempted to fix the same issue, but suffered from not letting the
user connect to non-oss tailscaled if something was listening on the socket, as
the --socket flag doesn't let you select the mac apps.

Rather than leave the user unable to choose, we keep the mac/socket preference
order the same and check a bit harder whether the macsys version really is
running. Now, we prefer the App Store Tailscale (even if it's Stopped) and you
can use --socket to sswitch. But if you quit the App Store Tailscale, we'll try
the socket without needing the flag.

Fixes #5761
Signed-off-by: Paul Scott <408401+icio@users.noreply.github.com>
---
 safesocket/safesocket_darwin.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/safesocket/safesocket_darwin.go b/safesocket/safesocket_darwin.go
index f72570890..36fc7c438 100644
--- a/safesocket/safesocket_darwin.go
+++ b/safesocket/safesocket_darwin.go
@@ -8,12 +8,14 @@ import (
 	"bytes"
 	"errors"
 	"fmt"
+	"net"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"strconv"
 	"strings"
 	"sync"
+	"time"
 )
 
 func init() {
@@ -46,6 +48,17 @@ func localTCPPortAndTokenMacsys() (port int, token string, err error) {
 	if auth == "" {
 		return 0, "", errors.New("empty auth token in sameuserproof file")
 	}
+
+	// The above files exist forever after the first run of
+	// /Applications/Tailscale.app, so check we can connect to avoid returning a
+	// port nothing is listening on. Connect to "127.0.0.1" rather than
+	// "localhost" due to #7851.
+	conn, err := net.DialTimeout("tcp", "127.0.0.1:"+portStr, time.Second)
+	if err != nil {
+		return 0, "", err
+	}
+	conn.Close()
+
 	return port, auth, nil
 }