fix(systray): Use default named pipe security descriptor and small refactoring

The default named pipe security descriptor grants full access to LocalSystem account, administrators, and the creator owner.

Author: rabbitstack

cmd/systray/main_windows.go

@@ -34,7 +34,6 @@ import (
 	"io"
 	"net"
 	"os"
-	"os/user"
 	"path/filepath"
 	"unsafe"
 )
@@ -238,37 +237,30 @@ func main() {
 		os.Exit(1)
 	}
 	logrus.Info("starting systray server...")
-	usr, err := user.Current()
-	if err != nil {
-		logrus.Fatalf("failed to retrieve the current user: %v", err)
-	}
-	// Named pipe security and access rights.
-	// Give generic read/write access to the
-	// current user SID
-	descriptor := "D:P(A;;GA;;;" + usr.Uid + ")"
 	// spin up the named-pipe server
-	l, err := winio.ListenPipe(systrayPipe, &winio.PipeConfig{SecurityDescriptor: descriptor})
+	l, err := winio.ListenPipe(systrayPipe, nil)
 	if err != nil {
 		logrus.Fatalf("unable to listen on named pipe: %s: %v", systrayPipe, err)
 	}
 
-	// detach console
-	sys.FreeConsole()
-
 	tray, err := newSystray()
 	if err != nil {
 		logrus.Fatalf("unable to create systray: %v", err)
 	}
 
 	go func() {
 		<-tray.quit
+		logrus.Info("shutting down...")
 		l.Close()
 		err := tray.shutdown()
 		if err != nil {
 			logrus.Warnf("fail to shutdown: %v", err)
 		}
 	}()
 
+	// detach console
+	sys.FreeConsole()
+
 	// server loop
 	for {
 		conn, err := l.Accept()

pkg/alertsender/systray/systray.go

@@ -25,6 +25,7 @@ import (
 	"github.com/Microsoft/go-winio"
 	"github.com/cenkalti/backoff/v4"
 	"github.com/rabbitstack/fibratus/pkg/alertsender"
+	"github.com/rabbitstack/fibratus/pkg/kevent"
 	log "github.com/sirupsen/logrus"
 	"os"
 	"time"
@@ -111,26 +112,29 @@ func makeSender(config alertsender.Config) (alertsender.Sender, error) {
 		break
 	}
 
-	return s, s.writePipe(&Msg{Type: Conf, Data: c})
+	return s, s.send(&Msg{Type: Conf, Data: c})
 }
 
 func (s *systray) Send(alert alertsender.Alert) error {
-	return s.writePipe(&Msg{Type: Balloon, Data: alert})
+	// remove all events to avoid decoding errors on systray server end
+	alert.Events = make([]*kevent.Kevent, 0)
+	return s.send(&Msg{Type: Balloon, Data: alert})
 }
 
 func (*systray) Type() alertsender.Type { return alertsender.Systray }
 func (*systray) SupportsMarkdown() bool { return false }
 
 func (s *systray) Shutdown() error { return nil }
 
-func (s *systray) writePipe(m *Msg) error {
+func (s *systray) send(m *Msg) error {
 	ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
 	defer cancel()
 	conn, err := winio.DialPipeContext(ctx, systrayPipe)
 	if err != nil {
 		return fmt.Errorf("unable to dial %s pipe: %v", systrayPipe, err)
 	}
 	defer conn.Close()
+
 	b, err := m.encode()
 	if err != nil {
 		return err
@@ -141,10 +145,12 @@ func (s *systray) writePipe(m *Msg) error {
 	if _, err = conn.Write(b); err != nil {
 		return fmt.Errorf("unable to write systray pipe: %v", err)
 	}
+
 	return nil
 }
 
 func pipeExists() bool {
 	_, err := os.Stat(systrayPipe)
+	log.Warnf("pipe not found: %v", err)
 	return err == nil
 }