diff options
author | Simon Rozman <simon@rozman.si> | 2021-03-08 13:48:29 +0100 |
---|---|---|
committer | Simon Rozman <simon@rozman.si> | 2021-03-08 13:48:29 +0100 |
commit | cef79225560bd454cb5c49d8d2b0cfac869de8d3 (patch) | |
tree | 9196e23668f0ae06498442b73a6797f7d4fe52d8 /api/adapter.c | |
parent | api: upgrade logging (diff) | |
download | wintun-cef79225560bd454cb5c49d8d2b0cfac869de8d3.tar.xz wintun-cef79225560bd454cb5c49d8d2b0cfac869de8d3.zip |
api: elevate to SYSTEM in WintunEnumAdapters()
The WintunEnumAdapters() requires namespace mutex. However,
NamespaceTakePoolMutex() works as SYSTEM user only.
WireGuard is using the WintunEnumAdapters() in its manager service to
cleanup stale adapters. As the WireGuard manager service is running as
SYSTEM, this requirement was not apparent before.
This commit also extends the example project to list its existing
adapters at start.
Signed-off-by: Simon Rozman <simon@rozman.si>
Diffstat (limited to 'api/adapter.c')
-rw-r--r-- | api/adapter.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/api/adapter.c b/api/adapter.c index 984af03..8fc757e 100644 --- a/api/adapter.c +++ b/api/adapter.c @@ -1983,13 +1983,18 @@ cleanupToken: _Return_type_success_(return != FALSE) BOOL WINAPI WintunEnumAdapters(_In_z_ const WCHAR *Pool, _In_ WINTUN_ENUM_CALLBACK Func, _In_ LPARAM Param) { - HANDLE Mutex = NamespaceTakePoolMutex(Pool); - if (!Mutex) + if (!ElevateToSystem()) { - LOG(WINTUN_LOG_ERR, L"Failed to take %s pool mutex", Pool); + LOG(WINTUN_LOG_ERR, L"Failed to impersonate SYSTEM user"); return FALSE; } DWORD LastError = ERROR_SUCCESS; + HANDLE Mutex = NamespaceTakePoolMutex(Pool); + if (!Mutex) + { + LastError = LOG(WINTUN_LOG_ERR, L"Failed to take %s pool mutex", Pool); + goto cleanupToken; + } HDEVINFO DevInfo = SetupDiGetClassDevsExW(&GUID_DEVCLASS_NET, NULL, NULL, DIGCF_PRESENT, NULL, NULL, NULL); if (DevInfo == INVALID_HANDLE_VALUE) { @@ -2022,5 +2027,7 @@ _Return_type_success_(return != FALSE) BOOL WINAPI SetupDiDestroyDeviceInfoList(DevInfo); cleanupMutex: NamespaceReleaseMutex(Mutex); +cleanupToken: + RevertToSelf(); return RET_ERROR(TRUE, LastError); } |