| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
| |
It's not good to leave cruft around from the upgrade case when people
want to uninstall, so we remove wintun in the uninstaller manually
(without the help of wintun.dll, which we no longer ship). But also, so
that we can eventually drop that code, we also remove it
opportunistically when the manager starts.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
| |
Also remove Wintun driver on startup.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
| |
Requested-by: Bruno UT1 <bandry@ut1.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
| |
Go's standard library for this is buggy (PID races, handle races) and
requires passing NUL, which we don't really care about for Windows.
Simplify and speed up process creation by only passing exactly what we
need.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
If a service is installed already, it's a good idea to migrate its conf
argument when migrating the file name, so that these don't get out of
sync. We're already doing this when migrating from the legacy config
store, so this is also an opportunity to clean up that code a bit and
quit using regexes.
Reported-by: Станислав Мацак <smatsak@mail.ru>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This is a grotesque hack, and hopefully upstream Go will provide a nicer
way of doing this, but already it seems quite adept at catching panics.
See https://github.com/golang/go/issues/42888 for more info.
This requires us to rewrite the ringlogger path to avoid all
allocations.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Windows gives us notifications about writes to files in a directory, but
it does not give us notifications on when file handles are closed and
when we can expect to be able to grab a handle to it; this would be
racey at best. So, there always exists a race between the writer's last
call to WriteFile() and its eventual CloseHandle(). Work around this by
implementing a basic exponential back off of retrying the open call.
While we're at it, clean up the "file already exists" logic to remove a
basic toctou situation, and switch to using random temp file names in
order to handle better the case of saving a new file from two different
administrators at once.
Reported-by: Jim Salter <jim@jrs-s.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I still have serious security reservations about this, both conceptually
-- should users be allowed to do this stuff? -- and pratically -- there
are issues with this implementation that need some examination.
TODO:
- Is that registry key a secure path? Should we double check it?
- Are we leaking handles to the unpriv'd process from the manager? Audit
this too.
- IPC notifications are blocking. Should we move this to a go routine to
mitigate DoS potential?
- Is GOB deserialization secure? Can an NCO user crash or RCE the
manager?
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
| |
The administrator user may run `wireguard.exe /update`, which will check
for updates and install it if available. A log file may be written using
`wireguard.exe /update path\to\log\file.txt`.
Requested-by: Elliot Saba <staticfloat@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
| |
Otherwise we wind up in \Windows\System32 in the import dialog's default
directory.
Reported-by: Kai Haberzettl <khaberz@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
| |
By delaying this by 10 seconds, we ensure that we don't cause the locks
to be contended immediately on startup. Before, this added around 600ms
of latency to tunnel startup.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Simon Rozman <simon@rozman.si>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Simon Rozman <simon@rozman.si>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
Jason A. Donenfeld
Simon Rozman