diff options
Diffstat (limited to 'tunnel/ipcpermissions.go')
-rw-r--r-- | tunnel/ipcpermissions.go | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/tunnel/ipcpermissions.go b/tunnel/ipcpermissions.go new file mode 100644 index 00000000..48f21f1f --- /dev/null +++ b/tunnel/ipcpermissions.go @@ -0,0 +1,55 @@ +/* SPDX-License-Identifier: MIT + * + * Copyright (C) 2019 WireGuard LLC. All Rights Reserved. + */ + +package tunnel + +import ( + "fmt" + "unsafe" + + "golang.org/x/sys/windows" + "golang.zx2c4.com/wireguard/ipc" + + "golang.zx2c4.com/wireguard/windows/conf" +) + +func CopyConfigOwnerToIPCSecurityDescriptor(filename string) error { + if conf.PathIsEncrypted(filename) { + return nil + } + handle, err := windows.CreateFile(windows.StringToUTF16Ptr(filename), windows.STANDARD_RIGHTS_READ, windows.FILE_SHARE_READ | windows.FILE_SHARE_WRITE, nil, windows.OPEN_EXISTING, 0, 0) + if err != nil { + return err + } + defer windows.CloseHandle(handle) + var sid *windows.SID + var sd windows.Handle + //TODO: Move into x/sys/windows + const SE_FILE_OBJECT = 1 + const OWNER_SECURITY_INFORMATION = 1 + r, _, _ := windows.NewLazySystemDLL("advapi32.dll").NewProc("GetSecurityInfo").Call( + uintptr(handle), + SE_FILE_OBJECT, + OWNER_SECURITY_INFORMATION, + uintptr(unsafe.Pointer(&sid)), + 0, + 0, + 0, + uintptr(unsafe.Pointer(&sd)), + ) + if r != uintptr(windows.ERROR_SUCCESS) { + return windows.Errno(r) + } + defer windows.LocalFree(sd) + if sid.IsWellKnown(windows.WinLocalSystemSid) { + return nil + } + sidString, err := sid.String() + if err != nil { + return err + } + ipc.UAPISecurityDescriptor += fmt.Sprintf("(A;;GA;;;%s)", sidString) + return nil +} |