| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Also remove Wintun driver on startup.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On reading admin registry values, an on-demand auto creation of registry
key is not required side effect.
This restores openAdminKey() to original form, we will need anyway after
the WireGuardNT call-for-testing promotion is no longer required.
The GUI ExperimentalKernelDriver flipping also opened a caching
registry key handle issue: should user manually delete our registry key
while wireguard.exe is already running, any admin knob get fails. So,
the sooner we get rid of the GUI admin knob flipping, the better.
Signed-off-by: Simon Rozman <simon@rozman.si>
|
|
|
|
|
| |
Reported-by: Pablo <contact@donpablo.me>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
|
|
|
| |
I really, really hate visible knobs. But we need some way of getting
wider testing of this, and a lot of people who are interested in dare
devilish things might not to think to flip some registry knobs.
Hopefully this commit will be reverted as soon as possible.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
|
|
| |
Rather than having to set a registry knob to enable multiple tunnels, it
is now automatic. If an additional activated tunnel has the same route
subnets or interface IP addresses as a previous tunnel, that previous
one is stopped. But if there's no overlap, then they coexist.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
| |
Reported-by: Aelis Sagot <aelis.sagot@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
|
| |
This reverts commit 22be5b26d95f8d8c32e5bf7dbca214f799cbc103.
Fixed for wgnt 0.3.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
| |
Revert me for wgnt 0.3.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Simon Rozman <simon@rozman.si>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
|
| |
By ignoring unencrypted ones, the tunnel tracker would miss running
configurations at startup.
Reported-by: Станислав Мацак <smatsak@mail.ru>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
| |
This supports the familiar "Table = off" syntax as on Linux, and then
interprets other valid values as simply "on".
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
|
|
|
|
| |
If a service is installed already, it's a good idea to migrate its conf
argument when migrating the file name, so that these don't get out of
sync. We're already doing this when migrating from the legacy config
store, so this is also an opportunity to clean up that code a bit and
quit using regexes.
Reported-by: Станислав Мацак <smatsak@mail.ru>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
|
|
|
| |
We build Go from modified-source with a bootstrap version, rather than
shipping so many patches in this repo.
This commit also removes the previous WOW hacks, and goes back to
strictly forbidding WOW.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
| |
This avoids the somewhat expensive pipe setup.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
| |
It's almost useful to have this module not require windows.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
| |
This catches encoding gotchas earlier.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
|
|
| |
The reason we do the rename-in-place temporary file situation is to
allow reads to be complete once renamed. But the rename takes place
before the filehandle is closed, so make sure that the handle is opened
with read sharing, in case this races.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Windows gives us notifications about writes to files in a directory, but
it does not give us notifications on when file handles are closed and
when we can expect to be able to grab a handle to it; this would be
racey at best. So, there always exists a race between the writer's last
call to WriteFile() and its eventual CloseHandle(). Work around this by
implementing a basic exponential back off of retrying the open call.
While we're at it, clean up the "file already exists" logic to remove a
basic toctou situation, and switch to using random temp file names in
order to handle better the case of saving a new file from two different
administrators at once.
Reported-by: Jim Salter <jim@jrs-s.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
|
|
|
| |
We loosen the permissions a little bit while tightening the
restrictions on encrypted files. This should allow administrators to
easily drop unencrypted files into Data\Configurations\ and get them
encrypted and made read-only, while also allowing them to delete
unwanted configurations.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I still have serious security reservations about this, both conceptually
-- should users be allowed to do this stuff? -- and pratically -- there
are issues with this implementation that need some examination.
TODO:
- Is that registry key a secure path? Should we double check it?
- Are we leaking handles to the unpriv'd process from the manager? Audit
this too.
- IPC notifications are blocking. Should we move this to a go routine to
mitigate DoS potential?
- Is GOB deserialization secure? Can an NCO user crash or RCE the
manager?
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
| |
Otherwise Windows complains.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
| |
And insist that CreateFile regard directories.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
| |
It doesn't get wiped out on Windows upgrades.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Simon Rozman <simon@rozman.si>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|