firewall: use service-specific SID

author: Jason A. Donenfeld <Jason@zx2c4.com> 2019-05-21 13:13:32 +0200
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2019-05-22 15:26:54 +0200
commit: d41f190c7f164d2141d1c26eff3ffb8feda04618 (patch)
tree: 25fa246ec63edfc6380239aae3a925905e984982 /tunnel/firewall/syscall_windows.go
parent: README: avoid confusion about downloads (diff)
download: wireguard-windows-d41f190c7f164d2141d1c26eff3ffb8feda04618.tar.xz
wireguard-windows-d41f190c7f164d2141d1c26eff3ffb8feda04618.zip
1 files changed, 12 insertions, 4 deletions
diff --git a/tunnel/firewall/syscall_windows.go b/tunnel/firewall/syscall_windows.go
index 5ec41b0b..0f247d85 100644
--- a/tunnel/firewall/syscall_windows.go
+++ b/tunnel/firewall/syscall_windows.go
@@ -35,8 +35,16 @@ package firewall
 // https://docs.microsoft.com/en-us/windows/desktop/api/fwpmu/nf-fwpmu-fwpmprovideradd0
 //sys	fwpmProviderAdd0(engineHandle uintptr, provider *wtFwpmProvider0, sd uintptr) (err error) [failretval!=0] = fwpuclnt.FwpmProviderAdd0
 
-// https://docs.microsoft.com/sv-se/windows/desktop/api/aclapi/nf-aclapi-getsecurityinfo
-//sys	getSecurityInfo(handle windows.Handle, objectType wtObjectType, si uint32, sidOwner *windows.SID, sidGroup *windows.SID, dacl *uintptr, sacl *uintptr, securityDescriptor *uintptr) (err error) [failretval!=0] = advapi32.GetSecurityInfo
+//TODO: Add these to x/sys/windows:
 
-// https://docs.microsoft.com/en-us/windows/desktop/api/securitybaseapi/nf-securitybaseapi-getsecuritydescriptorlength
-//sys	getSecurityDescriptorLength(securityDescriptor uintptr) (len uint32) = advapi32.GetSecurityDescriptorLength
+// https://docs.microsoft.com/en-us/windows/desktop/api/securitybaseapi/nf-securitybaseapi-getsididentifierauthority
+//sys	getSidIdentifierAuthority(sid *windows.SID) (authority *windows.SidIdentifierAuthority) = advapi32.GetSidIdentifierAuthority
+
+// https://docs.microsoft.com/en-us/windows/desktop/api/securitybaseapi/nf-securitybaseapi-getsidsubauthoritycount
+//sys	getSidSubAuthorityCount(sid *windows.SID) (count *uint8) = advapi32.GetSidSubAuthorityCount
+
+// https://docs.microsoft.com/en-us/windows/desktop/api/securitybaseapi/nf-securitybaseapi-getsidsubauthority
+//sys	getSidSubAuthority(sid *windows.SID, index uint32) (subAuthority *uint32) = advapi32.GetSidSubAuthority
+
+// https://docs.microsoft.com/en-us/windows/desktop/api/aclapi/nf-aclapi-buildsecuritydescriptorw
+//sys	buildSecurityDescriptor(owner *wtTrustee, group *wtTrustee, countAccessEntries uint32, accessEntries *wtExplicitAccess, countAuditEntries uint32, auditEntries *wtExplicitAccess, oldSd **byte, sizeNewSd *uint32, newSd **byte) (ret error) = advapi32.BuildSecurityDescriptorW
author	Jason A. Donenfeld <Jason@zx2c4.com>	2019-05-21 13:13:32 +0200
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2019-05-22 15:26:54 +0200
commit	d41f190c7f164d2141d1c26eff3ffb8feda04618 (patch)
tree	25fa246ec63edfc6380239aae3a925905e984982 /tunnel/firewall/syscall_windows.go
parent	README: avoid confusion about downloads (diff)
download	wireguard-windows-d41f190c7f164d2141d1c26eff3ffb8feda04618.tar.xz wireguard-windows-d41f190c7f164d2141d1c26eff3ffb8feda04618.zip