aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/service/service_manager.go
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2019-05-07 20:47:56 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2019-05-08 08:31:00 +0200
commit6e667722e9d24bec9056838a8aec857c690e845c (patch)
tree679994c0ea07db140c6db8295317fa7968a02044 /service/service_manager.go
parentservice: give process elevated security attributes plus logon session ID with minimal permissions (diff)
downloadwireguard-windows-6e667722e9d24bec9056838a8aec857c690e845c.tar.xz
wireguard-windows-6e667722e9d24bec9056838a8aec857c690e845c.zip
service: local system's token is a bit more locked down than elevated
Diffstat (limited to 'service/service_manager.go')
-rw-r--r--service/service_manager.go5
1 files changed, 3 insertions, 2 deletions
diff --git a/service/service_manager.go b/service/service_manager.go
index 2862c729..722f954d 100644
--- a/service/service_manager.go
+++ b/service/service_manager.go
@@ -118,9 +118,10 @@ func (service *managerService) Execute(args []string, r <-chan svc.ChangeRequest
log.Printf("Unable to determine elevated environment: %v", err)
return
}
- securityAttributes, err := getSecurityAttributes(userTokenInfo.elevatedToken, userToken)
+ currentProcess, _ := windows.GetCurrentProcess()
+ securityAttributes, err := getSecurityAttributes(windows.Token(currentProcess), userToken)
if err != nil {
- log.Printf("Unable to extract security attributes from elevated token and combine them with SID from user token: %v", err)
+ log.Printf("Unable to extract security attributes from manager token and combine them with SID from user token: %v", err)
return
}
for {