diff options
Diffstat (limited to 'tunnel/firewall/helpers.go')
-rw-r--r-- | tunnel/firewall/helpers.go | 23 |
1 files changed, 3 insertions, 20 deletions
diff --git a/tunnel/firewall/helpers.go b/tunnel/firewall/helpers.go index 91c6617e..46e43aa5 100644 --- a/tunnel/firewall/helpers.go +++ b/tunnel/firewall/helpers.go @@ -1,6 +1,6 @@ /* SPDX-License-Identifier: MIT * - * Copyright (C) 2019 WireGuard LLC. All Rights Reserved. + * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved. */ package firewall @@ -66,13 +66,11 @@ func wrapErr(err error) error { } _, file, line, ok := runtime.Caller(1) if !ok { - return fmt.Errorf("Firewall error at unknown location: %v", err) + return fmt.Errorf("Firewall error at unknown location: %w", err) } - return fmt.Errorf("Firewall error at %s:%d: %v", file, line, err) + return fmt.Errorf("Firewall error at %s:%d: %w", file, line, err) } -var ExemptBuiltinAdministrators = false - func getCurrentProcessSecurityDescriptor() (*windows.SECURITY_DESCRIPTOR, error) { var processToken windows.Token err := windows.OpenProcessToken(windows.CurrentProcess(), windows.TOKEN_QUERY, &processToken) @@ -111,21 +109,6 @@ func getCurrentProcessSecurityDescriptor() (*windows.SECURITY_DESCRIPTOR, error) TrusteeValue: windows.TrusteeValueFromSID(sid), }, }} - if ExemptBuiltinAdministrators { - builtinAdmins, err := windows.CreateWellKnownSid(windows.WinBuiltinAdministratorsSid) - if err != nil { - return nil, err - } - access = append(access, windows.EXPLICIT_ACCESS{ - AccessPermissions: cFWP_ACTRL_MATCH_FILTER, - AccessMode: windows.GRANT_ACCESS, - Trustee: windows.TRUSTEE{ - TrusteeForm: windows.TRUSTEE_IS_SID, - TrusteeType: windows.TRUSTEE_IS_GROUP, - TrusteeValue: windows.TrusteeValueFromSID(builtinAdmins), - }, - }) - } dacl, err := windows.ACLFromEntries(access, nil) if err != nil { return nil, wrapErr(err) |