diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2020-11-22 21:37:41 +0100 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2020-11-22 22:00:33 +0100 |
| commit | 9f60678e039e7c51d83712df95b7b2396c12e00f (patch) | |
| tree | 1347217b3deda9a4ce5599d2a6916da78ca7c155 | |
| parent | build: use newer version of go in makefile (diff) | |
| download | wireguard-windows-9f60678e039e7c51d83712df95b7b2396c12e00f.tar.xz wireguard-windows-9f60678e039e7c51d83712df95b7b2396c12e00f.zip | |
tunnel: set %WIREGUARD_INTERFACE_NAME% instead of expanding %i
While this diverges from wg-quick(8), it's also much more
Windows-friendly, considering that % is the prefix for expanding
environment variables in cmd.exe.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| -rw-r--r-- | adminregistry.md | 4 | ||||
| -rw-r--r-- | tunnel/scriptrunner.go | 3 |
2 files changed, 4 insertions, 3 deletions
diff --git a/adminregistry.md b/adminregistry.md index 8d7bc105..513c1c48 100644 --- a/adminregistry.md +++ b/adminregistry.md @@ -25,7 +25,9 @@ specified in the `PreUp`, `PostUp`, `PreDown`, and `PostDown` options of a tunnel configuration. Note that this execution is done as the Local System user, which runs with the highest permissions on the operating system, and is therefore a real target of malware. Therefore, you should enable this option only with the -utmost trepidation. +utmost trepidation. Rather than use `%i`, WireGuard for Windows instead sets the +environment variable `WIREGUARD_TUNNEL_NAME` to the name of the tunnel when +executing these scripts. #### `HKLM\Software\WireGuard\MultipleSimultaneousTunnels` diff --git a/tunnel/scriptrunner.go b/tunnel/scriptrunner.go index ba6aec9b..670bb2a1 100644 --- a/tunnel/scriptrunner.go +++ b/tunnel/scriptrunner.go @@ -11,7 +11,6 @@ import ( "log" "os" "path/filepath" - "strings" "syscall" "golang.org/x/sys/windows" @@ -27,7 +26,6 @@ func runScriptCommand(command, interfaceName string) error { log.Printf("Skipping execution of script, because dangerous script execution is safely disabled: %#q", command) return nil } - command = strings.ReplaceAll(command, "%i", interfaceName) log.Printf("Executing: %#q", command) comspec, _ := os.LookupEnv("COMSPEC") if len(comspec) == 0 { @@ -49,6 +47,7 @@ func runScriptCommand(command, interfaceName string) error { } process, err := os.StartProcess(comspec, nil /* CmdLine below */, &os.ProcAttr{ Files: []*os.File{devNull, writer, writer}, + Env: append(os.Environ(), "WIREGUARD_TUNNEL_NAME="+interfaceName), Sys: &syscall.SysProcAttr{ HideWindow: true, CmdLine: fmt.Sprintf("cmd /c %s", command), |