1 files changed, 77 insertions, 0 deletions

diff --git a/tunnel/scriptrunner.go b/tunnel/scriptrunner.go
new file mode 100644
index 00000000..eb97d98d
--- /dev/null
+++ b/tunnel/scriptrunner.go
@@ -0,0 +1,77 @@
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
+ */
+
+package tunnel
+
+import (
+	"bufio"
+	"fmt"
+	"log"
+	"os"
+	"path/filepath"
+	"syscall"
+
+	"golang.org/x/sys/windows"
+
+	"golang.zx2c4.com/wireguard/windows/conf"
+)
+
+func runScriptCommand(command, interfaceName string) error {
+	if len(command) == 0 {
+		return nil
+	}
+	if !conf.AdminBool("DangerousScriptExecution") {
+		log.Printf("Skipping execution of script, because dangerous script execution is safely disabled: %#q", command)
+		return nil
+	}
+	log.Printf("Executing: %#q", command)
+	comspec, _ := os.LookupEnv("COMSPEC")
+	if len(comspec) == 0 {
+		system32, err := windows.GetSystemDirectory()
+		if err != nil {
+			return err
+		}
+		comspec = filepath.Join(system32, "cmd.exe")
+	}
+
+	devNull, err := os.OpenFile(os.DevNull, os.O_RDWR, 0)
+	if err != nil {
+		return err
+	}
+	defer devNull.Close()
+	reader, writer, err := os.Pipe()
+	if err != nil {
+		return err
+	}
+	process, err := os.StartProcess(comspec, nil /* CmdLine below */, &os.ProcAttr{
+		Files: []*os.File{devNull, writer, writer},
+		Env:   append(os.Environ(), "WIREGUARD_TUNNEL_NAME="+interfaceName),
+		Sys: &syscall.SysProcAttr{
+			HideWindow: true,
+			CmdLine:    fmt.Sprintf("cmd /c %s", command),
+		},
+	})
+	writer.Close()
+	if err != nil {
+		reader.Close()
+		return err
+	}
+	go func() {
+		scanner := bufio.NewScanner(reader)
+		for scanner.Scan() {
+			log.Printf("cmd> %s", scanner.Text())
+		}
+	}()
+	state, err := process.Wait()
+	reader.Close()
+	if err != nil {
+		return err
+	}
+	if state.ExitCode() == 0 {
+		return nil
+	}
+	log.Printf("Command error exit status: %d", state.ExitCode())
+	return windows.ERROR_GENERIC_COMMAND_FAILED
+}