diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-06-24 12:12:13 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-06-25 16:18:03 +0200 |
commit | ed2f5cc225365268acd36eab1562ab02a1c3e89d (patch) | |
tree | fa0a92e406954ab8cd07dc242555339b0ae3b65d /api/adapter.c | |
parent | driver: hard code security descriptor bytes (diff) | |
download | wintun-ed2f5cc225365268acd36eab1562ab02a1c3e89d.tar.xz wintun-ed2f5cc225365268acd36eab1562ab02a1c3e89d.zip |
api: don't auto-elevate
There's no longer a need to do this for every API call. This only exists
now for the pnp guid reuse workaround hack.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'api/adapter.c')
-rw-r--r-- | api/adapter.c | 57 |
1 files changed, 13 insertions, 44 deletions
diff --git a/api/adapter.c b/api/adapter.c index c15a420..3134b6d 100644 --- a/api/adapter.c +++ b/api/adapter.c @@ -668,18 +668,13 @@ WintunFreeAdapter(_In_ WINTUN_ADAPTER *Adapter) _Return_type_success_(return != NULL) WINTUN_ADAPTER *WINAPI WintunOpenAdapter(_In_z_ const WCHAR *Pool, _In_z_ const WCHAR *Name) { - if (!ElevateToSystem()) - { - LOG(WINTUN_LOG_ERR, L"Failed to impersonate SYSTEM user"); - return NULL; - } DWORD LastError; WINTUN_ADAPTER *Adapter = NULL; HANDLE Mutex = NamespaceTakePoolMutex(Pool); if (!Mutex) { LastError = LOG(WINTUN_LOG_ERR, L"Failed to take %s pool mutex", Pool); - goto cleanupToken; + goto cleanup; } HDEVINFO DevInfo = SetupDiGetClassDevsExW(&GUID_DEVCLASS_NET, NULL, NULL, DIGCF_PRESENT, NULL, NULL, NULL); @@ -759,8 +754,7 @@ cleanupDevInfo: SetupDiDestroyDeviceInfoList(DevInfo); cleanupMutex: NamespaceReleaseMutex(Mutex); -cleanupToken: - RevertToSelf(); +cleanup: SetLastError(LastError); return Adapter; } @@ -1840,11 +1834,6 @@ _Return_type_success_(return != NULL) WINTUN_ADAPTER *WINAPI WintunCreateAdapter _In_opt_ const GUID *RequestedGUID, _Out_opt_ BOOL *RebootRequired) { - if (!ElevateToSystem()) - { - LOG(WINTUN_LOG_ERR, L"Failed to impersonate SYSTEM user"); - return NULL; - } BOOL DummyRebootRequired; if (!RebootRequired) RebootRequired = &DummyRebootRequired; @@ -1855,12 +1844,11 @@ _Return_type_success_(return != NULL) WINTUN_ADAPTER *WINAPI WintunCreateAdapter { Adapter = CreateAdapterViaRundll32(Pool, Name, RequestedGUID, RebootRequired); LastError = Adapter ? ERROR_SUCCESS : GetLastError(); - goto cleanupToken; + goto cleanup; } Adapter = CreateAdapter(Pool, Name, RequestedGUID, RebootRequired); LastError = Adapter ? ERROR_SUCCESS : GetLastError(); -cleanupToken: - RevertToSelf(); +cleanup: return RET_ERROR(Adapter, LastError); } @@ -1869,11 +1857,6 @@ _Return_type_success_(return != FALSE) BOOL WINAPI WintunDeleteAdapter( _In_ BOOL ForceCloseSessions, _Out_opt_ BOOL *RebootRequired) { - if (!ElevateToSystem()) - { - LOG(WINTUN_LOG_ERR, L"Failed to impersonate SYSTEM user"); - return FALSE; - } BOOL DummyRebootRequired; if (!RebootRequired) RebootRequired = &DummyRebootRequired; @@ -1883,14 +1866,14 @@ _Return_type_success_(return != FALSE) BOOL WINAPI WintunDeleteAdapter( { LastError = DeleteAdapterViaRundll32(Adapter, ForceCloseSessions, RebootRequired) ? ERROR_SUCCESS : GetLastError(); - goto cleanupToken; + goto cleanup; } HANDLE Mutex = NamespaceTakePoolMutex(Adapter->Pool); if (!Mutex) { LastError = LOG(WINTUN_LOG_ERR, L"Failed to take %s pool mutex", Adapter->Pool); - goto cleanupToken; + goto cleanup; } HDEVINFO DevInfo; @@ -1930,8 +1913,7 @@ cleanupDevInfo: SetupDiDestroyDeviceInfoList(DevInfo); cleanupMutex: NamespaceReleaseMutex(Mutex); -cleanupToken: - RevertToSelf(); +cleanup: return RET_ERROR(TRUE, LastError); } @@ -1990,12 +1972,6 @@ cleanupMutex: _Return_type_success_(return != FALSE) BOOL WINAPI WintunDeletePoolDriver(_In_z_ const WCHAR *Pool, _Out_opt_ BOOL *RebootRequired) { - if (!ElevateToSystem()) - { - LOG(WINTUN_LOG_ERR, L"Failed to impersonate SYSTEM user"); - return FALSE; - } - BOOL DummyRebootRequired; if (!RebootRequired) RebootRequired = &DummyRebootRequired; @@ -2005,20 +1981,20 @@ _Return_type_success_(return != FALSE) BOOL WINAPI if (MAYBE_WOW64 && NativeMachine != IMAGE_FILE_PROCESS) { LastError = DeletePoolDriverViaRundll32(Pool, RebootRequired) ? ERROR_SUCCESS : GetLastError(); - goto cleanupToken; + goto cleanup; } if (!DeleteAllOurAdapters(Pool, RebootRequired)) { LastError = GetLastError(); - goto cleanupToken; + goto cleanup; } HANDLE DriverInstallationLock = NamespaceTakeDriverInstallationMutex(); if (!DriverInstallationLock) { LastError = LOG(WINTUN_LOG_ERR, L"Failed to take driver installation mutex"); - goto cleanupToken; + goto cleanup; } HDEVINFO DeviceInfoSet = SetupDiGetClassDevsW(&GUID_DEVCLASS_NET, NULL, NULL, 0); if (!DeviceInfoSet) @@ -2060,25 +2036,19 @@ cleanupDeviceInfoSet: SetupDiDestroyDeviceInfoList(DeviceInfoSet); cleanupDriverInstallationLock: NamespaceReleaseMutex(DriverInstallationLock); -cleanupToken: - RevertToSelf(); +cleanup: return RET_ERROR(TRUE, LastError); } _Return_type_success_(return != FALSE) BOOL WINAPI WintunEnumAdapters(_In_z_ const WCHAR *Pool, _In_ WINTUN_ENUM_CALLBACK Func, _In_ LPARAM Param) { - if (!ElevateToSystem()) - { - LOG(WINTUN_LOG_ERR, L"Failed to impersonate SYSTEM user"); - return FALSE; - } DWORD LastError = ERROR_SUCCESS; HANDLE Mutex = NamespaceTakePoolMutex(Pool); if (!Mutex) { LastError = LOG(WINTUN_LOG_ERR, L"Failed to take %s pool mutex", Pool); - goto cleanupToken; + goto cleanup; } HDEVINFO DevInfo = SetupDiGetClassDevsExW(&GUID_DEVCLASS_NET, NULL, NULL, DIGCF_PRESENT, NULL, NULL, NULL); if (DevInfo == INVALID_HANDLE_VALUE) @@ -2112,7 +2082,6 @@ _Return_type_success_(return != FALSE) BOOL WINAPI SetupDiDestroyDeviceInfoList(DevInfo); cleanupMutex: NamespaceReleaseMutex(Mutex); -cleanupToken: - RevertToSelf(); +cleanup: return RET_ERROR(TRUE, LastError); } |