service: make the generated bindings do the type forcing

author: Jason A. Donenfeld <Jason@zx2c4.com> 2019-05-08 08:49:38 +0200
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2019-05-08 08:49:38 +0200
commit: 5fbe66f6037b457496e7206f54cee1fb879b3b9d (patch)
tree: 5999a61a5295014a7c9336ca5fccb83a62d2b3c1 /service/securityapi.go
parent: service: local system's token is a bit more locked down than elevated (diff)
download: wireguard-windows-5fbe66f6037b457496e7206f54cee1fb879b3b9d.tar.xz
wireguard-windows-5fbe66f6037b457496e7206f54cee1fb879b3b9d.zip
1 files changed, 21 insertions, 22 deletions
diff --git a/service/securityapi.go b/service/securityapi.go
index b0de8604..1124c497 100644
--- a/service/securityapi.go
+++ b/service/securityapi.go
@@ -102,16 +102,15 @@ type ACE_HEADER struct {
 }
 
 //sys getSecurityInfo(handle windows.Handle, objectType uint32, si uint32, owner *uintptr, group *uintptr, dacl *uintptr, sacl *uintptr, securityDescriptor *uintptr) (err error) [failretval!=0] = advapi32.GetSecurityInfo
-//sys getSecurityDescriptorLength(securityDescriptor uintptr) (len uint32) = advapi32.GetSecurityDescriptorLength
-//sys addAccessAllowedAce(acl uintptr, aceRevision uint32, accessmask uint32, sid *windows.SID) (err error) = advapi32.AddAccessAllowedAce
-//sys setSecurityDescriptorDacl(securityDescriptor uintptr, daclPresent bool, dacl uintptr, defaulted bool) (err error) = advapi32.SetSecurityDescriptorDacl
-//sys setSecurityDescriptorSacl(securityDescriptor uintptr, saclPresent bool, sacl uintptr, defaulted bool) (err error) = advapi32.SetSecurityDescriptorSacl
-//sys getAclInformation(acl uintptr, info unsafe.Pointer, len uint32, infoclass uint32) (err error) = advapi32.GetAclInformation
-//sys getAce(acl uintptr, index uint32, ace *uintptr) (err error) = advapi32.GetAce
-//sys addAce(acl uintptr, revision uint32, index uint32, ace uintptr, lenAce uint32) (err error) = advapi32.AddAce
-//sys initializeAcl(acl uintptr, len uint32, revision uint32) (err error) = advapi32.InitializeAcl
-//sys makeAbsoluteSd(selfRelativeSecurityDescriptor uintptr, absoluteSecurityDescriptor uintptr, absoluteSecurityDescriptorSize *uint32, dacl uintptr, daclSize *uint32, sacl uintptr, saclSize *uint32, owner uintptr, ownerSize *uint32, primaryGroup uintptr, primaryGroupSize *uint32) (err error) = advapi32.MakeAbsoluteSD
-//sys makeSelfRelativeSd(absoluteSecurityDescriptor uintptr, relativeSecurityDescriptor uintptr, relativeSecurityDescriptorSize *uint32) (err error) = advapi32.MakeSelfRelativeSD
+//sys addAccessAllowedAce(acl *byte, aceRevision uint32, accessmask uint32, sid *windows.SID) (err error) = advapi32.AddAccessAllowedAce
+//sys setSecurityDescriptorDacl(securityDescriptor *byte, daclPresent bool, dacl *byte, defaulted bool) (err error) = advapi32.SetSecurityDescriptorDacl
+//sys setSecurityDescriptorSacl(securityDescriptor *byte, saclPresent bool, sacl *byte, defaulted bool) (err error) = advapi32.SetSecurityDescriptorSacl
+//sys getAclInformation(acl *byte, info *ACL_SIZE_INFORMATION, len uint32, infoclass uint32) (err error) = advapi32.GetAclInformation
+//sys getAce(acl *byte, index uint32, ace **ACE_HEADER) (err error) = advapi32.GetAce
+//sys addAce(acl *byte, revision uint32, index uint32, ace *ACE_HEADER, lenAce uint32) (err error) = advapi32.AddAce
+//sys initializeAcl(acl *byte, len uint32, revision uint32) (err error) = advapi32.InitializeAcl
+//sys makeAbsoluteSd(selfRelativeSecurityDescriptor uintptr, absoluteSecurityDescriptor *byte, absoluteSecurityDescriptorSize *uint32, dacl *byte, daclSize *uint32, sacl *byte, saclSize *uint32, owner *byte, ownerSize *uint32, primaryGroup *byte, primaryGroupSize *uint32) (err error) = advapi32.MakeAbsoluteSD
+//sys makeSelfRelativeSd(absoluteSecurityDescriptor *byte, relativeSecurityDescriptor *byte, relativeSecurityDescriptorSize *uint32) (err error) = advapi32.MakeSelfRelativeSD
 
 //sys createEnvironmentBlock(block *uintptr, token windows.Token, inheritExisting bool) (err error) = userenv.CreateEnvironmentBlock
 //sys destroyEnvironmentBlock(block uintptr) (err error) = userenv.DestroyEnvironmentBlock
@@ -226,7 +225,7 @@ func getSecurityAttributes(mainToken windows.Token, tokenThatHasLogonSession win
 		ownerSize                      uint32
 		primaryGroupSize               uint32
 	)
-	err = makeAbsoluteSd(originalSecurityDescriptor, 0, &absoluteSecurityDescriptorSize, 0, &daclSize, 0, &saclSize, 0, &ownerSize, 0, &primaryGroupSize)
+	err = makeAbsoluteSd(originalSecurityDescriptor, nil, &absoluteSecurityDescriptorSize, nil, &daclSize, nil, &saclSize, nil, &ownerSize, nil, &primaryGroupSize)
 	if err != windows.ERROR_INSUFFICIENT_BUFFER {
 		windows.LocalFree(windows.Handle(originalSecurityDescriptor))
 		return nil, fmt.Errorf("Expected insufficient buffer from MakeAbsoluteSd, but got: %v", err)
@@ -236,7 +235,7 @@ func getSecurityAttributes(mainToken windows.Token, tokenThatHasLogonSession win
 	sacl := make([]byte, saclSize)
 	owner := make([]byte, ownerSize)
 	primaryGroup := make([]byte, primaryGroupSize)
-	err = makeAbsoluteSd(originalSecurityDescriptor, uintptr(unsafe.Pointer(&absoluteSecurityDescriptor[0])), &absoluteSecurityDescriptorSize, uintptr(unsafe.Pointer(&dacl[0])), &daclSize, uintptr(unsafe.Pointer(&sacl[0])), &saclSize, uintptr(unsafe.Pointer(&owner[0])), &ownerSize, uintptr(unsafe.Pointer(&primaryGroup[0])), &primaryGroupSize)
+	err = makeAbsoluteSd(originalSecurityDescriptor, &absoluteSecurityDescriptor[0], &absoluteSecurityDescriptorSize, &dacl[0], &daclSize, &sacl[0], &saclSize, &owner[0], &ownerSize, &primaryGroup[0], &primaryGroupSize)
 	if err != nil {
 		windows.LocalFree(windows.Handle(originalSecurityDescriptor))
 		return nil, err
@@ -244,48 +243,48 @@ func getSecurityAttributes(mainToken windows.Token, tokenThatHasLogonSession win
 	windows.LocalFree(windows.Handle(originalSecurityDescriptor))
 
 	var daclInfo ACL_SIZE_INFORMATION
-	err = getAclInformation(uintptr(unsafe.Pointer(&dacl[0])), unsafe.Pointer(&daclInfo), uint32(unsafe.Sizeof(daclInfo)), AclSizeInformation)
+	err = getAclInformation(&dacl[0], &daclInfo, uint32(unsafe.Sizeof(daclInfo)), AclSizeInformation)
 	if err != nil {
 		return nil, err
 	}
 	newDacl := make([]byte, daclInfo.aclBytesInUse*2)
-	err = initializeAcl(uintptr(unsafe.Pointer(&newDacl[0])), uint32(len(newDacl)), ACL_REVISION)
+	err = initializeAcl(&newDacl[0], uint32(len(newDacl)), ACL_REVISION)
 	if err != nil {
 		return nil, err
 	}
-	var ace uintptr
+	var ace *ACE_HEADER
 	for i := uint32(0); i < daclInfo.aceCount; i++ {
-		err = getAce(uintptr(unsafe.Pointer(&dacl[0])), i, &ace)
+		err = getAce(&dacl[0], i, &ace)
 		if err != nil {
 			return nil, err
 		}
-		err = addAce(uintptr(unsafe.Pointer(&newDacl[0])), ACL_REVISION, ^uint32(0), ace, uint32(((*ACE_HEADER)(unsafe.Pointer(ace))).aceSize))
+		err = addAce(&newDacl[0], ACL_REVISION, ^uint32(0), ace, uint32(ace.aceSize))
 		if err != nil {
 			return nil, err
 		}
 	}
 	runtime.KeepAlive(dacl)
-	err = addAccessAllowedAce(uintptr(unsafe.Pointer(&newDacl[0])), ACL_REVISION, PROCESS_QUERY_LIMITED_INFORMATION, logonSid)
+	err = addAccessAllowedAce(&newDacl[0], ACL_REVISION, PROCESS_QUERY_LIMITED_INFORMATION, logonSid)
 	if err != nil {
 		return nil, err
 	}
 	runtime.KeepAlive(gs)
-	err = setSecurityDescriptorDacl(uintptr(unsafe.Pointer(&absoluteSecurityDescriptor[0])), true, uintptr(unsafe.Pointer(&newDacl[0])), false)
+	err = setSecurityDescriptorDacl(&absoluteSecurityDescriptor[0], true, &newDacl[0], false)
 	if err != nil {
 		return nil, err
 	}
 	//TODO: This should not be required!! But right now we can't give the process the high integrity SACL, which is unfortunate. So we unset it.
-	err = setSecurityDescriptorSacl(uintptr(unsafe.Pointer(&absoluteSecurityDescriptor[0])), false, 0, true)
+	err = setSecurityDescriptorSacl(&absoluteSecurityDescriptor[0], false, nil, true)
 	if err != nil {
 		return nil, err
 	}
 	var selfRelativeSecurityDescriptorSize uint32
-	err = makeSelfRelativeSd(uintptr(unsafe.Pointer(&absoluteSecurityDescriptor[0])), 0, &selfRelativeSecurityDescriptorSize)
+	err = makeSelfRelativeSd(&absoluteSecurityDescriptor[0], nil, &selfRelativeSecurityDescriptorSize)
 	if err != windows.ERROR_INSUFFICIENT_BUFFER {
 		return nil, fmt.Errorf("Expected insufficient buffer from MakeSelfRelativeSd, but got: %v", err)
 	}
 	relativeSecurityDescriptor := make([]byte, selfRelativeSecurityDescriptorSize)
-	err = makeSelfRelativeSd(uintptr(unsafe.Pointer(&absoluteSecurityDescriptor[0])), uintptr(unsafe.Pointer(&relativeSecurityDescriptor[0])), &selfRelativeSecurityDescriptorSize)
+	err = makeSelfRelativeSd(&absoluteSecurityDescriptor[0], &relativeSecurityDescriptor[0], &selfRelativeSecurityDescriptorSize)
 	if err != nil {
 		return nil, err
 	}
author	Jason A. Donenfeld <Jason@zx2c4.com>	2019-05-08 08:49:38 +0200
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2019-05-08 08:49:38 +0200
commit	5fbe66f6037b457496e7206f54cee1fb879b3b9d (patch)
tree	5999a61a5295014a7c9336ca5fccb83a62d2b3c1 /service/securityapi.go
parent	service: local system's token is a bit more locked down than elevated (diff)
download	wireguard-windows-5fbe66f6037b457496e7206f54cee1fb879b3b9d.tar.xz wireguard-windows-5fbe66f6037b457496e7206f54cee1fb879b3b9d.zip