diff --git a/paths/paths.go b/paths/paths.go index 343692f20..bf4ab3094 100644 --- a/paths/paths.go +++ b/paths/paths.go @@ -45,7 +45,14 @@ func DefaultTailscaledSocket() string { return "tailscaled.sock" } -var stateFileFunc func() string +// Overridden in init by OS-specific files. +var ( + stateFileFunc func() string + + // ensureStateDirPerms applies a restrictive ACL/chmod + // to the provided directory. + ensureStateDirPerms = func(string) error { return nil } +) // DefaultTailscaledStateFile returns the default path to the // tailscaled state file, or the empty string if there's no reasonable @@ -67,6 +74,16 @@ func MkStateDir(dirPath string) error { if err := os.MkdirAll(dirPath, 0700); err != nil { return err } - return ensureStateDirPerms(dirPath) } + +// LegacyStateFilePath returns the legacy path to the state file when +// it was stored under the current user's %LocalAppData%. +// +// It is only called on Windows. +func LegacyStateFilePath() string { + if runtime.GOOS == "windows" { + return filepath.Join(os.Getenv("LocalAppData"), "Tailscale", "server-state.conf") + } + return "" +} diff --git a/paths/paths_unix.go b/paths/paths_unix.go index a8e22e7b6..6a5b8c1cf 100644 --- a/paths/paths_unix.go +++ b/paths/paths_unix.go @@ -1,7 +1,7 @@ // Copyright (c) Tailscale Inc & AUTHORS // SPDX-License-Identifier: BSD-3-Clause -//go:build !windows && !js && !wasip1 +//go:build !windows && !wasm && !plan9 package paths @@ -17,6 +17,7 @@ import ( func init() { stateFileFunc = stateFileUnix + ensureStateDirPerms = ensureStateDirPermsUnix } func statePath() string { @@ -65,7 +66,7 @@ func xdgDataHome() string { return filepath.Join(os.Getenv("HOME"), ".local/share") } -func ensureStateDirPerms(dir string) error { +func ensureStateDirPermsUnix(dir string) error { if filepath.Base(dir) != "tailscale" { return nil } @@ -83,8 +84,3 @@ func ensureStateDirPerms(dir string) error { } return os.Chmod(dir, perm) } - -// LegacyStateFilePath is not applicable to UNIX; it is just stubbed out. -func LegacyStateFilePath() string { - return "" -} diff --git a/paths/paths_wasm.go b/paths/paths_wasm.go deleted file mode 100644 index 81e9f1540..000000000 --- a/paths/paths_wasm.go +++ /dev/null @@ -1,10 +0,0 @@ -// Copyright (c) Tailscale Inc & AUTHORS -// SPDX-License-Identifier: BSD-3-Clause - -package paths - -func ensureStateDirPerms(dirPath string) error { - return nil -} - -func LegacyStateFilePath() string { return "" } diff --git a/paths/paths_windows.go b/paths/paths_windows.go index aa31e6f6e..470540065 100644 --- a/paths/paths_windows.go +++ b/paths/paths_windows.go @@ -12,7 +12,11 @@ import ( "tailscale.com/util/winutil" ) -// ensureStateDirPerms applies a restrictive ACL to the directory specified by dirPath. +func init() { + ensureStateDirPerms = ensureStateDirPermsWindows +} + +// ensureStateDirPermsWindows applies a restrictive ACL to the directory specified by dirPath. // It sets the following security attributes on the directory: // Owner: The user for the current process; // Primary Group: The primary group for the current process; @@ -26,7 +30,7 @@ import ( // // However, any directories and/or files created within this // directory *do* inherit the ACL that we are setting. -func ensureStateDirPerms(dirPath string) error { +func ensureStateDirPermsWindows(dirPath string) error { fi, err := os.Stat(dirPath) if err != nil { return err @@ -94,9 +98,3 @@ func ensureStateDirPerms(dirPath string) error { return windows.SetNamedSecurityInfo(dirPath, windows.SE_FILE_OBJECT, flags, sids.User, sids.PrimaryGroup, dacl, nil) } - -// LegacyStateFilePath returns the legacy path to the state file when it was stored under the -// current user's %LocalAppData%. -func LegacyStateFilePath() string { - return filepath.Join(os.Getenv("LocalAppData"), "Tailscale", "server-state.conf") -}