diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-09-16 23:36:49 -0600 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-09-23 15:29:18 +0200 |
commit | 5878d9a6b2251e5a0c464cb427a5eac7d1ada6e5 (patch) | |
tree | 1f123998f801c375674326ba7946da568be32df0 /tunnel/firewall/helpers.go | |
parent | updater: use correct length for security attributes (diff) | |
download | wireguard-windows-5878d9a6b2251e5a0c464cb427a5eac7d1ada6e5.tar.xz wireguard-windows-5878d9a6b2251e5a0c464cb427a5eac7d1ada6e5.zip |
global: use SECURITY_DESCRIPTOR apis from x/sys/windows
Diffstat (limited to 'tunnel/firewall/helpers.go')
-rw-r--r-- | tunnel/firewall/helpers.go | 36 |
1 files changed, 24 insertions, 12 deletions
diff --git a/tunnel/firewall/helpers.go b/tunnel/firewall/helpers.go index abb2684c..04e5c664 100644 --- a/tunnel/firewall/helpers.go +++ b/tunnel/firewall/helpers.go @@ -71,8 +71,9 @@ func wrapErr(err error) error { return fmt.Errorf("Firewall error at %s:%d: %v", file, line, err) } -func getCurrentProcessSecurityDescriptor() (*wtFwpByteBlob, error) { - processToken, err := windows.OpenCurrentProcessToken() +func getCurrentProcessSecurityDescriptor() (*windows.SECURITY_DESCRIPTOR, error) { + var processToken windows.Token + err := windows.OpenProcessToken(windows.GetCurrentProcess(), windows.TOKEN_QUERY, &processToken) if err != nil { return nil, wrapErr(err) } @@ -99,21 +100,32 @@ func getCurrentProcessSecurityDescriptor() (*wtFwpByteBlob, error) { return nil, wrapErr(windows.ERROR_NO_SUCH_GROUP) } - access := &wtExplicitAccess{ - accessPermissions: cFWP_ACTRL_MATCH_FILTER, - accessMode: cGRANT_ACCESS, - trustee: wtTrustee{ - trusteeForm: cTRUSTEE_IS_SID, - trusteeType: cTRUSTEE_IS_GROUP, - sid: sid, + access := []windows.EXPLICIT_ACCESS{{ + AccessPermissions: cFWP_ACTRL_MATCH_FILTER, + AccessMode: windows.GRANT_ACCESS, + Trustee: windows.TRUSTEE{ + TrusteeForm: windows.TRUSTEE_IS_SID, + TrusteeType: windows.TRUSTEE_IS_GROUP, + TrusteeValue: windows.TrusteeValueFromSID(sid), }, + }} + dacl, err := windows.ACLFromEntries(access, nil) + if err != nil { + return nil, wrapErr(err) + } + sd, err := windows.NewSecurityDescriptor() + if err != nil { + return nil, wrapErr(err) + } + err = sd.SetDACL(dacl, true, false) + if err != nil { + return nil, wrapErr(err) } - blob := &wtFwpByteBlob{} - err = buildSecurityDescriptor(nil, nil, 1, access, 0, nil, nil, &blob.size, &blob.data) + sd, err = sd.ToSelfRelative() if err != nil { return nil, wrapErr(err) } - return blob, nil + return sd, nil } func getCurrentProcessAppID() (*wtFwpByteBlob, error) { |