tunnel: extract owner of config file for pipe dacl

If the config file is unencrypted and its owner is not Local System, then we allow the runtime named pipe to be accessed by that owner, since generally the private key is already stored in the config file. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2019-07-19 15:59:53 +0200
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2019-07-19 15:59:53 +0200
commit: 11a667c8decb4a2e7caee7aac7d4f1d7b82f5f21 (patch)
tree: 8346fd7c7ecaeb7260a8c80ee9df5942a100797b /conf
parent: ringlogger: windows only (diff)
download: wireguard-windows-11a667c8decb4a2e7caee7aac7d4f1d7b82f5f21.tar.xz
wireguard-windows-11a667c8decb4a2e7caee7aac7d4f1d7b82f5f21.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/conf/store.go b/conf/store.go
index b5cdd1ef..504a0d01 100644
--- a/conf/store.go
+++ b/conf/store.go
@@ -148,6 +148,10 @@ func LoadFromPath(path string) (*Config, error) {
 	return FromWgQuickWithUnknownEncoding(string(bytes), name)
 }
 
+func PathIsEncrypted(path string) bool {
+	return strings.HasSuffix(filepath.Base(path), configFileSuffix)
+}
+
 func NameFromPath(path string) (string, error) {
 	name := filepath.Base(path)
 	if !((len(name) > len(configFileSuffix) && strings.HasSuffix(name, configFileSuffix)) ||
author	Jason A. Donenfeld <Jason@zx2c4.com>	2019-07-19 15:59:53 +0200
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2019-07-19 15:59:53 +0200
commit	11a667c8decb4a2e7caee7aac7d4f1d7b82f5f21 (patch)
tree	8346fd7c7ecaeb7260a8c80ee9df5942a100797b /conf
parent	ringlogger: windows only (diff)
download	wireguard-windows-11a667c8decb4a2e7caee7aac7d4f1d7b82f5f21.tar.xz wireguard-windows-11a667c8decb4a2e7caee7aac7d4f1d7b82f5f21.zip