aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/service/service_manager.go
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2019-05-16 13:06:58 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2019-05-16 13:06:58 +0200
commit7d8584727ad15bada4ed19a8277f0bc5b8fdca5f (patch)
treec9c412d2e082ebf0dbd946a023678b18fc1a56df /service/service_manager.go
parentui: react to DPI changes in syntax editor (diff)
downloadwireguard-windows-7d8584727ad15bada4ed19a8277f0bc5b8fdca5f.tar.xz
wireguard-windows-7d8584727ad15bada4ed19a8277f0bc5b8fdca5f.zip
service: token elevation stuff is upstream
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'service/service_manager.go')
-rw-r--r--service/service_manager.go21
1 files changed, 14 insertions, 7 deletions
diff --git a/service/service_manager.go b/service/service_manager.go
index dcc8a908..5ffd8615 100644
--- a/service/service_manager.go
+++ b/service/service_manager.go
@@ -111,14 +111,21 @@ func (service *managerService) Execute(args []string, r <-chan svc.ChangeRequest
userToken.Close()
return
}
- //TODO: The environment that Go gets from CreateEnvironmentBlock seems to have the same PATH as the userToken. Aren't there attacks?
- elevatedToken, err := getElevatedToken(userToken)
- if err != nil {
- log.Printf("Unable to elevate token: %v", err)
- return
- }
- if elevatedToken != userToken {
+ var elevatedToken windows.Token
+ if userToken.IsElevated() {
+ elevatedToken = userToken
+ } else {
+ elevatedToken, err = userToken.GetLinkedToken()
userToken.Close()
+ if err != nil {
+ log.Printf("Unable to elevate token: %v", err)
+ return
+ }
+ if !elevatedToken.IsElevated() {
+ elevatedToken.Close()
+ log.Println("Linked token is not elevated")
+ return
+ }
}
defer elevatedToken.Close()
userToken = 0