diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-07-19 15:59:53 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-07-19 15:59:53 +0200 |
commit | 11a667c8decb4a2e7caee7aac7d4f1d7b82f5f21 (patch) | |
tree | 8346fd7c7ecaeb7260a8c80ee9df5942a100797b /conf | |
parent | ringlogger: windows only (diff) | |
download | wireguard-windows-11a667c8decb4a2e7caee7aac7d4f1d7b82f5f21.tar.xz wireguard-windows-11a667c8decb4a2e7caee7aac7d4f1d7b82f5f21.zip |
tunnel: extract owner of config file for pipe dacl
If the config file is unencrypted and its owner is not Local System,
then we allow the runtime named pipe to be accessed by that owner, since
generally the private key is already stored in the config file.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'conf')
-rw-r--r-- | conf/store.go | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/conf/store.go b/conf/store.go index b5cdd1ef..504a0d01 100644 --- a/conf/store.go +++ b/conf/store.go @@ -148,6 +148,10 @@ func LoadFromPath(path string) (*Config, error) { return FromWgQuickWithUnknownEncoding(string(bytes), name) } +func PathIsEncrypted(path string) bool { + return strings.HasSuffix(filepath.Base(path), configFileSuffix) +} + func NameFromPath(path string) (string, error) { name := filepath.Base(path) if !((len(name) > len(configFileSuffix) && strings.HasSuffix(name, configFileSuffix)) || |