pkg/trace/api: allow setting security descriptor and have a default

DataDog · Nov 23, 2020 · b37d15a · b37d15a
1 parent 0a419c9
commit b37d15a
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 6 deletions.
diff --git a/pkg/config/apm.go b/pkg/config/apm.go
@@ -43,7 +43,8 @@ func setupAPM(config Config) {
 	}
 
 	config.BindEnvAndSetDefault("apm_config.receiver_port", 8126, "DD_APM_RECEIVER_PORT", "DD_RECEIVER_PORT")
-	config.BindEnvAndSetDefault("apm_config.windows_pipe_buffer_size", 1_000_000, "DD_APM_WINDOWS_PIPE_BUFFER_SIZE") //nolint:errcheck
+	config.BindEnvAndSetDefault("apm_config.windows_pipe_buffer_size", 1_000_000, "DD_APM_WINDOWS_PIPE_BUFFER_SIZE")                          //nolint:errcheck
+	config.BindEnvAndSetDefault("apm_config.windows_pipe_security_descriptor", "D:AI(A;;GA;;;WD)", "DD_APM_WINDOWS_PIPE_SECURITY_DESCRIPTOR") //nolint:errcheck
 
 	config.BindEnv("apm_config.receiver_timeout", "DD_APM_RECEIVER_TIMEOUT")                             //nolint:errcheck
 	config.BindEnv("apm_config.max_payload_size", "DD_APM_MAX_PAYLOAD_SIZE")                             //nolint:errcheck

diff --git a/pkg/trace/api/api.go b/pkg/trace/api/api.go
@@ -141,7 +141,8 @@ func (r *HTTPReceiver) Start() {
 	if path := mainconfig.Datadog.GetString("apm_config.windows_pipe_name"); path != "" {
 		pipepath := `\\.\pipe\` + path
 		bufferSize := mainconfig.Datadog.GetInt("apm_config.windows_pipe_buffer_size")
-		ln, err := listenPipe(pipepath, bufferSize)
+		secdec := mainconfig.Datadog.GetString("apm_config.windows_pipe_security_descriptor")
+		ln, err := listenPipe(pipepath, secdec, bufferSize)
 		if err != nil {
 			killProcess("Error creating %q named pipe: %v", pipepath, err)
 		}
@@ -150,7 +151,7 @@ func (r *HTTPReceiver) Start() {
 			r.server.Serve(ln)
 			ln.Close()
 		}()
-		log.Infof("Listening for traces on Windowes pipe %s", pipepath)
+		log.Infof("Listening for traces on Windowes pipe %q. Security descriptor is %q", pipepath, secdec)
 	}
 
 	go r.RateLimiter.Run()

diff --git a/pkg/trace/api/pipe.go b/pkg/trace/api/pipe.go
@@ -13,8 +13,9 @@ import (
 	"github.com/Microsoft/go-winio"
 )
 
-func listenPipe(path string, bufferSize int) (net.Listener, error) {
+func listenPipe(path string, secdec string, bufferSize int) (net.Listener, error) {
 	return winio.ListenPipe(path, &winio.PipeConfig{
-		InputBufferSize: int32(bufferSize),
+		SecurityDescriptor: secdec,
+		InputBufferSize:    int32(bufferSize),
 	})
 }
diff --git a/pkg/trace/api/pipe_off.go b/pkg/trace/api/pipe_off.go
@@ -12,6 +12,6 @@ import (
 	"net"
 )
 
-func listenPipe(path string, bufferSize int) (net.Listener, error) {
+func listenPipe(_, _ string, _ int) (net.Listener, error) {
 	return nil, errors.New("Windows named pipes are only supported on Windows operating systems")
 }