aboutsummaryrefslogtreecommitdiffstatshomepage
Commit message (Collapse)AuthorAgeFilesLines
* mod: bumpJason A. Donenfeld2021-01-244-30/+25
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: move certain win32 APIs to x/sys/windowsJason A. Donenfeld2021-01-2416-592/+168
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* embeddable-dll-service: add more robust example for .NET 5Jason A. Donenfeld2021-01-2114-110/+530
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* locales: sync with crowdinJason A. Donenfeld2021-01-0411-1431/+4019
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* embeddable-dll-service: download gcc again, since clang does not work with cgoJason A. Donenfeld2021-01-041-1/+19
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* embeddable-dll-service: fix code block typesJason A. Donenfeld2021-01-042-22/+26
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* build: update to go 1.16 beta1Jason A. Donenfeld2021-01-0417-2357/+147
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: rename migration to migration_windowsJason A. Donenfeld2021-01-041-0/+0
| | | | | | It's almost useful to have this module not require windows. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: do not raise error if manager service is already startingJason A. Donenfeld2020-12-171-0/+6
| | | | | | | | | | If the service is in StartPending state, then it means that we were *just* started by something else, so return success here, assuming the other program starting this does the right thing. This can happen when, e.g., the updater relaunches the manager service and then invokes wireguard.exe to raise the UI. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* version: bumpv0.3.4Jason A. Donenfeld2020-12-171-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* build: bump to Wintun 0.10Jason A. Donenfeld2020-12-172-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: use explicit A functionJason A. Donenfeld2020-12-141-4/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* build: add manifest and resources to wg.exeJason A. Donenfeld2020-12-111-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ringlogger: hook into global panic writerJason A. Donenfeld2020-12-0921-45/+100
| | | | | | | | | | | This is a grotesque hack, and hopefully upstream Go will provide a nicer way of doing this, but already it seems quite adept at catching panics. See https://github.com/golang/go/issues/42888 for more info. This requires us to rewrite the ringlogger path to avoid all allocations. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: use service subscriptions on win 8+Jason A. Donenfeld2020-12-091-76/+164
| | | | | | | | Work in progress, but this should be more reliable than the older Win 7 code. It's still unclear what the role of checkForDisabled is to be for the Win 8+ path. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* mod: bumpJason A. Donenfeld2020-12-094-17/+20
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* version: bumpv0.3.3Jason A. Donenfeld2020-12-021-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* mod: bumpJason A. Donenfeld2020-12-022-7/+9
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* go-patches: add ARM TST fixJason A. Donenfeld2020-12-0215-12/+1289
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* version: use crypt32 instead of go x509 for cn extraction for file sizeJason A. Donenfeld2020-11-304-50/+207
| | | | | | Another attempt at trying to remove an asn1 parser. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* updater: another attempt at winhttpJason A. Donenfeld2020-11-308-28/+846
| | | | | | | This reverts commit fbc3ceba56df06a61346f0b873f1e1d85c5b05a9, while reworking it too. This saves 2M in the binary. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: enable HTTP/2.0 on systems that support itJason A. Donenfeld2020-11-291-1/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: do not respond to update state requests for non-elevatedJason A. Donenfeld2020-11-281-0/+3
| | | | | Reported-by: Simon Rozman <simon@rozman.si> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* go-patches: fix isAbort calculation on armJason A. Donenfeld2020-11-2712-11/+55
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* version: bumpv0.3.2Jason A. Donenfeld2020-11-271-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* build: bump wintun to 0.9.2Jason A. Donenfeld2020-11-272-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: make malleability checks work on big endianJason A. Donenfeld2020-11-271-2/+3
| | | | | | | Doesn't matter for us, but still probably a good idea. This has also been reported upstream. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: use sha512 from bcryptJason A. Donenfeld2020-11-272-165/+13
| | | | | | Saves 4k in the binary. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* winipcfg: cleanup netsh error reportingJason A. Donenfeld2020-11-271-7/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: separate out migration and print errorsJason A. Donenfeld2020-11-273-77/+90
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* main: restrict dll search pathJason A. Donenfeld2020-11-271-0/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* go-patches: force PIE mode on armJason A. Donenfeld2020-11-2711-10/+54
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* mod: bumpJason A. Donenfeld2020-11-272-14/+13
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: delay load anything with transitive dependencies outside of knowndllsJason A. Donenfeld2020-11-272-1/+4
| | | | | | | | | | | | | | | | It looks like advapi32.dll loads cryptbase.dll because RtlGenRandom is forwarded to it, and cryptbase.dll isn't in knowndlls. So, even though we haven't done anything wrong by importing advapi32.dll statically, the surprising forwarding behavior means that this is a disaster. At the same time, some UI-related system modules wind up calling loadlibraryex with default arguments, so again, even though linking to things like user32.dll and such statically is fine, microsoft is doing the wrong thing inside of them. Work around the first issue by loading advapi32.dll (and others, just for good measure) delayed, and work around the latter by gimping the dll search path. Reported-by: Stefan Kanthak <stefan.kanthak@nexgo.de> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: move legacy store from confJason A. Donenfeld2020-11-274-12/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: rework migration flows around a single Save()Jason A. Donenfeld2020-11-275-22/+15
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: when migrating, write out reserialized configJason A. Donenfeld2020-11-271-3/+4
| | | | | | This catches encoding gotchas earlier. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: open temporary file with read sharingJason A. Donenfeld2020-11-271-1/+1
| | | | | | | | | The reason we do the rename-in-place temporary file situation is to allow reads to be complete once renamed. But the rename takes place before the filehandle is closed, so make sure that the handle is opened with read sharing, in case this races. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: do exponential back off for sharing violation in hotfolderJason A. Donenfeld2020-11-274-13/+41
| | | | | | | | | | | | | | | | | Windows gives us notifications about writes to files in a directory, but it does not give us notifications on when file handles are closed and when we can expect to be able to grab a handle to it; this would be racey at best. So, there always exists a race between the writer's last call to WriteFile() and its eventual CloseHandle(). Work around this by implementing a basic exponential back off of retrying the open call. While we're at it, clean up the "file already exists" logic to remove a basic toctou situation, and switch to using random temp file names in order to handle better the case of saving a new file from two different administrators at once. Reported-by: Jim Salter <jim@jrs-s.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* docs: fix /0 -> /1 in netquirkJason A. Donenfeld2020-11-271-1/+1
| | | | | Reported-by: Jim Salter <jim@jrs-s.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: use formally verified cryptoJason A. Donenfeld2020-11-273-1042/+2257
| | | | | | Cleaner, better vetted, faster. Based on fiat. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* version: bumpv0.3.1Jason A. Donenfeld2020-11-231-1/+1
| | | | | | So early? Yes. The firewall issue was an unacceptable regression. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* firewall: add allow rule for tunnel service process even when no blocking is requiredJason A. Donenfeld2020-11-233-39/+43
| | | | | | | This is essential for allowing incoming connections. Reported-by: /u/Julien_Madagascar on Reddit Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* mod: bumpJason A. Donenfeld2020-11-232-4/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* docs: trim double backtick and header levelJason A. Donenfeld2020-11-232-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* version: bumpv0.3Jason A. Donenfeld2020-11-231-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* docs: mention that the uninstaller will nuke knobsJason A. Donenfeld2020-11-231-1/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* docs: clarify group membership search algorithmJason A. Donenfeld2020-11-231-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: styleJason A. Donenfeld2020-11-231-1/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: cleanup pipes on failureJason A. Donenfeld2020-11-231-0/+16
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.