aboutsummaryrefslogtreecommitdiffstats
path: root/conf
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2019-09-16 23:36:49 -0600
committerJason A. Donenfeld <Jason@zx2c4.com>2019-09-23 15:29:18 +0200
commit5878d9a6b2251e5a0c464cb427a5eac7d1ada6e5 (patch)
tree1f123998f801c375674326ba7946da568be32df0 /conf
parentupdater: use correct length for security attributes (diff)
downloadwireguard-windows-5878d9a6b2251e5a0c464cb427a5eac7d1ada6e5.tar.xz
wireguard-windows-5878d9a6b2251e5a0c464cb427a5eac7d1ada6e5.zip
global: use SECURITY_DESCRIPTOR apis from x/sys/windows
Diffstat (limited to 'conf')
-rw-r--r--conf/migration_windows.go27
-rw-r--r--conf/zsyscall_windows.go27
2 files changed, 5 insertions, 49 deletions
diff --git a/conf/migration_windows.go b/conf/migration_windows.go
index 4b7ffe30..d8d349f5 100644
--- a/conf/migration_windows.go
+++ b/conf/migration_windows.go
@@ -13,44 +13,27 @@ import (
"golang.org/x/sys/windows"
)
-//sys getFileSecurity(fileName *uint16, securityInformation uint32, securityDescriptor *byte, descriptorLen uint32, requestedLen *uint32) (err error) = advapi32.GetFileSecurityW
-//sys getSecurityDescriptorOwner(securityDescriptor *byte, sid **windows.SID, ownerDefaulted *bool) (err error) = advapi32.GetSecurityDescriptorOwner
-const ownerSecurityInformation = 0x00000001
-
func maybeMigrate(c string) {
vol := filepath.VolumeName(c)
withoutVol := strings.TrimPrefix(c, vol)
oldRoot := filepath.Join(vol, "\\windows.old")
oldC := filepath.Join(oldRoot, withoutVol)
- var err error
- var sd []byte
- reqLen := uint32(128)
- for {
- sd = make([]byte, reqLen)
- //XXX: Since this takes a file path, it's technically a TOCTOU.
- err = getFileSecurity(windows.StringToUTF16Ptr(oldRoot), ownerSecurityInformation, &sd[0], uint32(len(sd)), &reqLen)
- if err != windows.ERROR_INSUFFICIENT_BUFFER {
- break
- }
- }
+ sd, err := windows.GetNamedSecurityInfo(oldRoot, windows.SE_FILE_OBJECT, windows.OWNER_SECURITY_INFORMATION)
if err == windows.ERROR_PATH_NOT_FOUND || err == windows.ERROR_FILE_NOT_FOUND {
return
}
if err != nil {
- log.Printf("Not migrating configuration from ‘%s’ due to GetFileSecurity error: %v", oldRoot, err)
+ log.Printf("Not migrating configuration from ‘%s’ due to GetNamedSecurityInfo error: %v", oldRoot, err)
return
}
- var defaulted bool
- var sid *windows.SID
- err = getSecurityDescriptorOwner(&sd[0], &sid, &defaulted)
+ owner, defaulted, err := sd.Owner()
if err != nil {
log.Printf("Not migrating configuration from ‘%s’ due to GetSecurityDescriptorOwner error: %v", oldRoot, err)
return
}
- if defaulted || !sid.IsWellKnown(windows.WinLocalSystemSid) {
- sidStr, _ := sid.String()
- log.Printf("Not migrating configuration from ‘%s’, as it is not explicitly owned by SYSTEM, but rather ‘%s’", oldRoot, sidStr)
+ if defaulted || !owner.IsWellKnown(windows.WinLocalSystemSid) {
+ log.Printf("Not migrating configuration from ‘%s’, as it is not explicitly owned by SYSTEM, but rather ‘%v’", oldRoot, owner)
return
}
err = windows.MoveFileEx(windows.StringToUTF16Ptr(oldC), windows.StringToUTF16Ptr(c), windows.MOVEFILE_COPY_ALLOWED)
diff --git a/conf/zsyscall_windows.go b/conf/zsyscall_windows.go
index ec63bc3d..9dcf68fe 100644
--- a/conf/zsyscall_windows.go
+++ b/conf/zsyscall_windows.go
@@ -38,12 +38,9 @@ func errnoErr(e syscall.Errno) error {
var (
modwininet = windows.NewLazySystemDLL("wininet.dll")
- modadvapi32 = windows.NewLazySystemDLL("advapi32.dll")
modkernel32 = windows.NewLazySystemDLL("kernel32.dll")
procInternetGetConnectedState = modwininet.NewProc("InternetGetConnectedState")
- procGetFileSecurityW = modadvapi32.NewProc("GetFileSecurityW")
- procGetSecurityDescriptorOwner = modadvapi32.NewProc("GetSecurityDescriptorOwner")
procFindFirstChangeNotificationW = modkernel32.NewProc("FindFirstChangeNotificationW")
procFindNextChangeNotification = modkernel32.NewProc("FindNextChangeNotification")
)
@@ -54,30 +51,6 @@ func internetGetConnectedState(flags *uint32, reserved uint32) (connected bool)
return
}
-func getFileSecurity(fileName *uint16, securityInformation uint32, securityDescriptor *byte, descriptorLen uint32, requestedLen *uint32) (err error) {
- r1, _, e1 := syscall.Syscall6(procGetFileSecurityW.Addr(), 5, uintptr(unsafe.Pointer(fileName)), uintptr(securityInformation), uintptr(unsafe.Pointer(securityDescriptor)), uintptr(descriptorLen), uintptr(unsafe.Pointer(requestedLen)), 0)
- if r1 == 0 {
- if e1 != 0 {
- err = errnoErr(e1)
- } else {
- err = syscall.EINVAL
- }
- }
- return
-}
-
-func getSecurityDescriptorOwner(securityDescriptor *byte, sid **windows.SID, ownerDefaulted *bool) (err error) {
- r1, _, e1 := syscall.Syscall(procGetSecurityDescriptorOwner.Addr(), 3, uintptr(unsafe.Pointer(securityDescriptor)), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(ownerDefaulted)))
- if r1 == 0 {
- if e1 != 0 {
- err = errnoErr(e1)
- } else {
- err = syscall.EINVAL
- }
- }
- return
-}
-
func findFirstChangeNotification(path *uint16, watchSubtree bool, filter uint32) (handle windows.Handle, err error) {
var _p0 uint32
if watchSubtree {