safesocket: enable test to run on Windows unpriviliged

I manually tested that the code path that relaxes pipe permissions is
not executed when run with elevated priviliges, and the test also passes
in that case.

Updates #7876

Signed-off-by: James Tucker <jftucker@gmail.com>
pull/7935/head
James Tucker 2 years ago
parent cd35a79136
commit f844791e15

@ -10,10 +10,10 @@ import (
"testing" "testing"
) )
// downgradeSDDL is a no-op test helper on non-Windows systems.
var downgradeSDDL = func() func() { return func() {} }
func TestBasics(t *testing.T) { func TestBasics(t *testing.T) {
if runtime.GOOS == "windows" {
t.Skip("TODO(#7876): test regressed on windows while CI was broken")
}
// Make the socket in a temp dir rather than the cwd // Make the socket in a temp dir rather than the cwd
// so that the test can be run from a mounted filesystem (#2367). // so that the test can be run from a mounted filesystem (#2367).
dir := t.TempDir() dir := t.TempDir()
@ -22,6 +22,7 @@ func TestBasics(t *testing.T) {
sock = filepath.Join(dir, "test") sock = filepath.Join(dir, "test")
} else { } else {
sock = fmt.Sprintf(`\\.\pipe\tailscale-test`) sock = fmt.Sprintf(`\\.\pipe\tailscale-test`)
t.Cleanup(downgradeSDDL())
} }
l, err := Listen(sock) l, err := Listen(sock)

@ -24,7 +24,8 @@ func setFlags(network, address string, c syscall.RawConn) error {
// windowsSDDL is the Security Descriptor set on the namedpipe. // windowsSDDL is the Security Descriptor set on the namedpipe.
// It provides read/write access to all users and the local system. // It provides read/write access to all users and the local system.
const windowsSDDL = "O:BAG:BAD:PAI(A;OICI;GWGR;;;BU)(A;OICI;GWGR;;;SY)" // It is a var for testing, do not change this value.
var windowsSDDL = "O:BAG:BAD:PAI(A;OICI;GWGR;;;BU)(A;OICI;GWGR;;;SY)"
func listen(path string) (net.Listener, error) { func listen(path string) (net.Listener, error) {
lc, err := winio.ListenPipe( lc, err := winio.ListenPipe(

@ -0,0 +1,22 @@
// Copyright (c) Tailscale Inc & AUTHORS
// SPDX-License-Identifier: BSD-3-Clause
package safesocket
import "tailscale.com/util/winutil"
func init() {
// downgradeSDDL is a test helper that downgrades the windowsSDDL variable if
// the currently running user does not have sufficient priviliges to set the
// SDDL.
downgradeSDDL = func() (cleanup func()) {
// The current default descriptor can not be set by mere mortal users,
// so we need to undo that for executing tests as a regular user.
if !winutil.IsCurrentProcessElevated() {
var orig string
orig, windowsSDDL = windowsSDDL, ""
return func() { windowsSDDL = orig }
}
return func() {}
}
}
Loading…
Cancel
Save