manager: allow S-1-5-32-556 users to launch a limited UI

I still have serious security reservations about this, both conceptually
-- should users be allowed to do this stuff? -- and pratically -- there
are issues with this implementation that need some examination.

TODO:
- Is that registry key a secure path? Should we double check it?
- Are we leaking handles to the unpriv'd process from the manager? Audit
  this too.
- IPC notifications are blocking. Should we move this to a go routine to
  mitigate DoS potential?
- Is GOB deserialization secure? Can an NCO user crash or RCE the
  manager?

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

1 files changed, 36 insertions, 0 deletions

diff --git a/conf/admin_windows.go b/conf/admin_windows.go
new file mode 100644
index 00000000..2f97f4da
--- /dev/null
+++ b/conf/admin_windows.go
@@ -0,0 +1,36 @@
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2020 WireGuard LLC. All Rights Reserved.
+ */
+
+package conf
+
+import "golang.org/x/sys/windows/registry"
+
+const adminRegKey = `Software\WireGuard`
+
+var adminKey registry.Key
+
+func openAdminKey() (registry.Key, error) {
+	if adminKey != 0 {
+		return adminKey, nil
+	}
+	var err error
+	adminKey, err = registry.OpenKey(registry.LOCAL_MACHINE, adminRegKey, registry.QUERY_VALUE)
+	if err != nil {
+		return 0, err
+	}
+	return adminKey, nil
+}
+
+func AdminBool(name string) bool {
+	key, err := openAdminKey()
+	if err != nil {
+		return false
+	}
+	val, _, err := key.GetIntegerValue(name)
+	if err != nil {
+		return false
+	}
+	return val != 0
+}