client/tailscale, cmd/tailscale/cli: plumb --socket through

Without this, `tailscale status` ignores the --socket flag on macOS and
always talks to the IPNExtension, even if you wanted it to inspect a
userspace tailscaled.

Signed-off-by: David Crawshaw <[email protected]>

client/tailscale/tailscale.go

@@ -16,10 +16,14 @@ import (
 	"strconv"
 
 	"tailscale.com/ipn/ipnstate"
+	"tailscale.com/paths"
 	"tailscale.com/safesocket"
 	"tailscale.com/tailcfg"
 )
 
+// TailscaledSocket is the tailscaled Unix socket.
+var TailscaledSocket = paths.DefaultTailscaledSocket()
+
 // tsClient does HTTP requests to the local Tailscale daemon.
 var tsClient = &http.Client{
 	Transport: &http.Transport{
@@ -27,14 +31,16 @@ var tsClient = &http.Client{
 			if addr != "local-tailscaled.sock:80" {
 				return nil, fmt.Errorf("unexpected URL address %q", addr)
 			}
-			// On macOS, when dialing from non-sandboxed program to sandboxed GUI running
-			// a TCP server on a random port, find the random port. For HTTP connections,
-			// we don't send the token. It gets added in an HTTP Basic-Auth header.
-			if port, _, err := safesocket.LocalTCPPortAndToken(); err == nil {
-				var d net.Dialer
-				return d.DialContext(ctx, "tcp", "localhost:"+strconv.Itoa(port))
+			if TailscaledSocket == paths.DefaultTailscaledSocket() {
+				// On macOS, when dialing from non-sandboxed program to sandboxed GUI running
+				// a TCP server on a random port, find the random port. For HTTP connections,
+				// we don't send the token. It gets added in an HTTP Basic-Auth header.
+				if port, _, err := safesocket.LocalTCPPortAndToken(); err == nil {
+					var d net.Dialer
+					return d.DialContext(ctx, "tcp", "localhost:"+strconv.Itoa(port))
+				}
 			}
-			return safesocket.ConnectDefault()
+			return safesocket.Connect(TailscaledSocket, 41112)
 		},
 	},
 }

cmd/tailscale/cli/cli.go

@@ -20,6 +20,7 @@ import (
 	"text/tabwriter"
 
 	"github.com/peterbourgon/ff/v2/ffcli"
+	"tailscale.com/client/tailscale"
 	"tailscale.com/ipn"
 	"tailscale.com/paths"
 	"tailscale.com/safesocket"
@@ -88,6 +89,8 @@ change in the future.
 		return err
 	}
 
+	tailscale.TailscaledSocket = rootArgs.socket
+
 	err := rootCmd.Run(context.Background())
 	if err == flag.ErrHelp {
 		return nil

safesocket/safesocket.go

@@ -10,8 +10,6 @@ import (
 	"errors"
 	"net"
 	"runtime"
-
-	"tailscale.com/paths"
 )
 
 type closeable interface {
@@ -31,11 +29,6 @@ func ConnCloseWrite(c net.Conn) error {
 	return c.(closeable).CloseWrite()
 }
 
-// ConnectDefault connects to the local Tailscale daemon.
-func ConnectDefault() (net.Conn, error) {
-	return Connect(paths.DefaultTailscaledSocket(), 41112)
-}
-
 // Connect connects to either path (on Unix) or the provided localhost port (on Windows).
 func Connect(path string, port uint16) (net.Conn, error) {
 	return connect(path, port)