aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/tunnel/ipcpermissions.go
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2019-09-16 23:36:49 -0600
committerJason A. Donenfeld <Jason@zx2c4.com>2019-09-23 15:29:18 +0200
commit6f66c7697d3bb6a259bf8d0261490cdee0ef8986 (patch)
tree1f123998f801c375674326ba7946da568be32df0 /tunnel/ipcpermissions.go
parentupdater: use correct length for security attributes (diff)
downloadwireguard-windows-6f66c7697d3bb6a259bf8d0261490cdee0ef8986.tar.xz
wireguard-windows-6f66c7697d3bb6a259bf8d0261490cdee0ef8986.zip
global: use SECURITY_DESCRIPTOR apis from x/sys/windows
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'tunnel/ipcpermissions.go')
-rw-r--r--tunnel/ipcpermissions.go62
1 files changed, 35 insertions, 27 deletions
diff --git a/tunnel/ipcpermissions.go b/tunnel/ipcpermissions.go
index 20af4257..613d0283 100644
--- a/tunnel/ipcpermissions.go
+++ b/tunnel/ipcpermissions.go
@@ -6,10 +6,8 @@
package tunnel
import (
- "fmt"
- "unsafe"
-
"golang.org/x/sys/windows"
+
"golang.zx2c4.com/wireguard/ipc"
"golang.zx2c4.com/wireguard/windows/conf"
@@ -19,37 +17,47 @@ func CopyConfigOwnerToIPCSecurityDescriptor(filename string) error {
if conf.PathIsEncrypted(filename) {
return nil
}
- handle, err := windows.CreateFile(windows.StringToUTF16Ptr(filename), windows.STANDARD_RIGHTS_READ, windows.FILE_SHARE_READ|windows.FILE_SHARE_WRITE, nil, windows.OPEN_EXISTING, 0, 0)
+
+ fileSd, err := windows.GetNamedSecurityInfo(filename, windows.SE_FILE_OBJECT, windows.OWNER_SECURITY_INFORMATION)
if err != nil {
return err
}
- defer windows.CloseHandle(handle)
- var sid *windows.SID
- var sd windows.Handle
- //TODO: Move into x/sys/windows
- const SE_FILE_OBJECT = 1
- const OWNER_SECURITY_INFORMATION = 1
- r, _, _ := windows.NewLazySystemDLL("advapi32.dll").NewProc("GetSecurityInfo").Call(
- uintptr(handle),
- SE_FILE_OBJECT,
- OWNER_SECURITY_INFORMATION,
- uintptr(unsafe.Pointer(&sid)),
- 0,
- 0,
- 0,
- uintptr(unsafe.Pointer(&sd)),
- )
- if r != uintptr(windows.ERROR_SUCCESS) {
- return windows.Errno(r)
- }
- defer windows.LocalFree(sd)
- if sid.IsWellKnown(windows.WinLocalSystemSid) {
+ fileOwner, _, err := fileSd.Owner()
+ if err != nil {
+ return err
+ }
+ if fileOwner.IsWellKnown(windows.WinLocalSystemSid) {
return nil
}
- sidString, err := sid.String()
+ additionalEntries := []windows.EXPLICIT_ACCESS{{
+ AccessPermissions: windows.GENERIC_ALL,
+ AccessMode: windows.GRANT_ACCESS,
+ Trustee: windows.TRUSTEE{
+ TrusteeForm: windows.TRUSTEE_IS_SID,
+ TrusteeType: windows.TRUSTEE_IS_USER,
+ TrusteeValue: windows.TrusteeValueFromSID(fileOwner),
+ },
+ }}
+
+ sd, err := ipc.UAPISecurityDescriptor.ToAbsolute()
+ if err != nil {
+ return err
+ }
+ dacl, defaulted, _ := sd.DACL()
+
+ newDacl, err := windows.ACLFromEntries(additionalEntries, dacl)
+ if err != nil {
+ return err
+ }
+ err = sd.SetDACL(newDacl, true, defaulted)
if err != nil {
return err
}
- ipc.UAPISecurityDescriptor += fmt.Sprintf("(A;;GA;;;%s)", sidString)
+ sd, err = sd.ToSelfRelative()
+ if err != nil {
+ return err
+ }
+ ipc.UAPISecurityDescriptor = sd
+
return nil
}