diff options
| author |   Odd Stranne <odd@mullvad.net> | 2019-05-14 10:01:07 +0200 |
|---|---|---|
| committer | Odd Stranne <odd@mullvad.net> | 2019-05-14 15:29:22 +0200 |
| commit | b45e9763a5a9b4bf2dc10121afa5e2a643ec815b (patch) | |
| tree | 10bd24c20ce5da83f5225d09b017f5338ff6f0e5 /service/zsyscall_windows.go | |
| parent | service: replace GetIfEntry2Ex with GetIfEntry2 (diff) | |
| download | wireguard-windows-b45e9763a5a9b4bf2dc10121afa5e2a643ec815b.tar.xz wireguard-windows-b45e9763a5a9b4bf2dc10121afa5e2a643ec815b.zip | |
service: drop all privileges for tunnel service
Signed-off-by: Odd Stranne <odd@mullvad.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to '')
| -rw-r--r-- | service/zsyscall_windows.go | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/service/zsyscall_windows.go b/service/zsyscall_windows.go index cc40ddea..a269d3a8 100644 --- a/service/zsyscall_windows.go +++ b/service/zsyscall_windows.go @@ -44,6 +44,8 @@ var ( procWTSQueryUserToken = modwtsapi32.NewProc("WTSQueryUserToken") procWTSEnumerateSessionsW = modwtsapi32.NewProc("WTSEnumerateSessionsW") procWTSFreeMemory = modwtsapi32.NewProc("WTSFreeMemory") + procAdjustTokenPrivileges = modadvapi32.NewProc("AdjustTokenPrivileges") + procOpenProcessToken = modadvapi32.NewProc("OpenProcessToken") procNotifyServiceStatusChangeW = modadvapi32.NewProc("NotifyServiceStatusChangeW") procSleepEx = modkernel32.NewProc("SleepEx") ) @@ -77,6 +79,36 @@ func wtsFreeMemory(ptr uintptr) { return } +func adjustTokenPrivileges(token windows.Token, disableAllPrivileges bool, newstate *TOKEN_PRIVILEGES, buflen uint32, prevstate *TOKEN_PRIVILEGES, returnlen *uint32) (err error) { + var _p0 uint32 + if disableAllPrivileges { + _p0 = 1 + } else { + _p0 = 0 + } + r1, _, e1 := syscall.Syscall6(procAdjustTokenPrivileges.Addr(), 6, uintptr(token), uintptr(_p0), uintptr(unsafe.Pointer(newstate)), uintptr(buflen), uintptr(unsafe.Pointer(prevstate)), uintptr(unsafe.Pointer(returnlen))) + if r1 == 0 { + if e1 != 0 { + err = errnoErr(e1) + } else { + err = syscall.EINVAL + } + } + return +} + +func openProcessToken(processHandle windows.Handle, accessFlags uint32, token *windows.Token) (err error) { + r1, _, e1 := syscall.Syscall(procOpenProcessToken.Addr(), 3, uintptr(processHandle), uintptr(accessFlags), uintptr(unsafe.Pointer(token))) + if r1 == 0 { + if e1 != 0 { + err = errnoErr(e1) + } else { + err = syscall.EINVAL + } + } + return +} + func notifyServiceStatusChange(service windows.Handle, notifyMask uint32, notifier *SERVICE_NOTIFY) (ret error) { r0, _, _ := syscall.Syscall(procNotifyServiceStatusChangeW.Addr(), 3, uintptr(service), uintptr(notifyMask), uintptr(unsafe.Pointer(notifier))) if r0 != 0 { |