Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | service: winipcfg no longer returns a wrapped error | Jason A. Donenfeld | 2019-05-14 | 1 | -2/+2 |
| | |||||
* | service: skip routes for interfaces that aren't up | Jason A. Donenfeld | 2019-05-14 | 1 | -0/+5 |
| | |||||
* | service: account for loggedon but disconnected sessions | Jason A. Donenfeld | 2019-05-14 | 1 | -1/+1 |
| | |||||
* | global: use tab after //sys | Jason A. Donenfeld | 2019-05-14 | 2 | -5/+5 |
| | |||||
* | global: regroup all imports | Jason A. Donenfeld | 2019-05-14 | 13 | -33/+46 |
| | |||||
* | service: reuse golang.org/x/sys/windows address family constants | Simon Rozman | 2019-05-14 | 1 | -12/+13 |
| | | | | Signed-off-by: Simon Rozman <simon@rozman.si> | ||||
* | firewall: fix logic error | Jason A. Donenfeld | 2019-05-13 | 1 | -1/+1 |
| | |||||
* | firewall: only allow specified dns servers | Jason A. Donenfeld | 2019-05-13 | 3 | -49/+186 |
| | |||||
* | service: use more standard naming scheme for syscalls | Jason A. Donenfeld | 2019-05-13 | 4 | -99/+95 |
| | |||||
* | service: allow go to create correct environment block | Jason A. Donenfeld | 2019-05-13 | 4 | -83/+10 |
| | |||||
* | service: run UI with elevated token | Jason A. Donenfeld | 2019-05-12 | 3 | -375/+11 |
| | | | | | There are too many attacks possible when starting this with a non-elevated token. | ||||
* | service: run UI at high integrity | Jason A. Donenfeld | 2019-05-11 | 3 | -0/+34 |
| | |||||
* | service: use LUID directly | Jason A. Donenfeld | 2019-05-10 | 1 | -15/+5 |
| | | | | InterfaceGuidToLuid fails if called soon after device creation. | ||||
* | service: clean up addresses from stale interfaces | Jason A. Donenfeld | 2019-05-10 | 1 | -0/+51 |
| | | | | Other VPN implementations leave trash laying around... | ||||
* | service: fix user logout | Jason A. Donenfeld | 2019-05-10 | 1 | -17/+50 |
| | |||||
* | service: account for delete pending windows bug in tunneltracker | Jason A. Donenfeld | 2019-05-09 | 2 | -12/+35 |
| | | | | | | | | | | Sometimes deleting a service disables it and prepares it for being deleted, but doesn't actually mark it as pending deletion. Presumably this is due to a race condition in the service management code. Workaround this by polling for disabled services, so that we don't wind up sleeping forever. Reported-by: Thomas Gschwantner <tharre3@gmail.com> | ||||
* | service: prevent against multiple routines per session | Jason A. Donenfeld | 2019-05-08 | 1 | -4/+18 |
| | |||||
* | service: print in log after UI exits | Jason A. Donenfeld | 2019-05-08 | 1 | -3/+10 |
| | |||||
* | service: waste a page due to sheer incompetence | Jason A. Donenfeld | 2019-05-08 | 1 | -1/+1 |
| | |||||
* | service: require elevated token | Jason A. Donenfeld | 2019-05-08 | 1 | -0/+1 |
| | |||||
* | service: make the generated bindings do the type forcing | Jason A. Donenfeld | 2019-05-08 | 2 | -64/+56 |
| | |||||
* | service: local system's token is a bit more locked down than elevated | Jason A. Donenfeld | 2019-05-08 | 1 | -2/+3 |
| | |||||
* | service: give process elevated security attributes plus logon session ID with minimal permissions | Jason A. Donenfeld | 2019-05-08 | 5 | -42/+311 |
| | |||||
* | firewall: cleanup | Jason A. Donenfeld | 2019-05-08 | 6 | -58/+59 |
| | |||||
* | firewall: implode recurring address definitions | Odd Stranne | 2019-05-08 | 1 | -14/+15 |
| | | | | Signed-off-by: Odd Stranne <odd@mullvad.net> | ||||
* | firewall: remove unused code | Odd Stranne | 2019-05-08 | 8 | -296/+44 |
| | | | | Signed-off-by: Odd Stranne <odd@mullvad.net> | ||||
* | firewall: add permitHyperV() | Odd Stranne | 2019-05-08 | 3 | -0/+108 |
| | | | | Signed-off-by: Odd Stranne <odd@mullvad.net> | ||||
* | firewall: implement permitNdp() | Odd Stranne | 2019-05-08 | 2 | -4/+222 |
| | | | | Signed-off-by: Odd Stranne <odd@mullvad.net> | ||||
* | service: delay restart for one second | Jason A. Donenfeld | 2019-05-07 | 1 | -0/+5 |
| | | | | | | This prevents a thundering herd. Also, we can now use the restart manager in the MSI because our walk fork handles the right window messages. | ||||
* | ringlogger: export R/O handle for UI process | Jason A. Donenfeld | 2019-05-07 | 2 | -2/+3 |
| | |||||
* | updater: move into manager | Jason A. Donenfeld | 2019-05-06 | 6 | -148/+386 |
| | |||||
* | ui: syntax: implement trafic blocking semantics | Jason A. Donenfeld | 2019-05-05 | 1 | -2/+8 |
| | | | | This is our "auto kill switch". | ||||
* | service: temporarily disable security attributes | Jason A. Donenfeld | 2019-05-04 | 1 | -1/+11 |
| | | | | This must be reverted before we release! See big source code comment. | ||||
* | firewall: do not add unused permit rules when !restrictAll | Jason A. Donenfeld | 2019-05-04 | 1 | -16/+18 |
| | |||||
* | firewall: DNS is TCP and UDP | Jason A. Donenfeld | 2019-05-03 | 1 | -3/+22 |
| | |||||
* | firewall: block dns before allowing localhost | Jason A. Donenfeld | 2019-05-03 | 3 | -38/+31 |
| | | | | | This prevents DNS leaks from people who have a localhost resolver doing something funky. | ||||
* | firewall: only use one list | Jason A. Donenfeld | 2019-05-03 | 2 | -230/+22 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Unless you use complicated rights veto rules, WFP's policy is that between sublayers, block always outweighs allow. It's easier, therefore, to simply weight a single sublayer correctly, with allow rules having heavier weight than block rules. This basically means that we have to be careful that DNS isn't a subset of some allow rule. One place where this would be a problem are the permitLan* rules, which we don't use anyway, and so this commit nukes them. Another place would be if somebody is using a localhost/loopback resolver for whatever reason. This is probably a "low risk" sort of thing, but we may want to fix this by ordering the dns block just in front of the loopback permit. The other place is in the wireguard.exe tunnel service itself, which does DNS lookups. Since right now we mostly enforce one-tunnel-at-a- time, this isn't really a problem. But later if we allow nested tunneling, it means that the DNS lookup in a second tunnel can potentially escape the DNS server of the first tunnel. We can address this problem later, perhaps with fancier security descriptors that we shuffle around depending on which state the tunnel is in. And on the bright side, this change allows people to run WireGuard over port 53 itself, which is generally a desirable thing. | ||||
* | firewall: since DNS is a blacklist, we have to exclude our own interface | Jason A. Donenfeld | 2019-05-03 | 2 | -6/+18 |
| | |||||
* | firewall: pass blob of security descriptor instead of raw, and give dacl | Jason A. Donenfeld | 2019-05-03 | 5 | -30/+33 |
| | |||||
* | firewall: wrap errors because there are lots of syscalls | Jason A. Donenfeld | 2019-05-03 | 3 | -88/+102 |
| | |||||
* | service: wire up firewall | Jason A. Donenfeld | 2019-05-03 | 4 | -18/+57 |
| | |||||
* | firewall: introduce incomplete untested prototype | Odd Stranne | 2019-05-03 | 10 | -0/+2857 |
| | | | | | | | | | | This doesn't support NDP yet, and some major things are still left to be decided, but this is the beginning of something that can be debugged into shape. Signed-off-by: Odd Stranne <odd@mullvad.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Aleksandar Pesic <peske.nis@gmail.com> | ||||
* | service: lock OS thread before making inheritable handles | Jason A. Donenfeld | 2019-05-02 | 1 | -0/+7 |
| | |||||
* | service: wtf->wts | Jason A. Donenfeld | 2019-05-02 | 2 | -3/+3 |
| | |||||
* | service: set security attributes on new process | Jason A. Donenfeld | 2019-05-02 | 3 | -9/+60 |
| | |||||
* | service: correct sid bounds | Jason A. Donenfeld | 2019-05-02 | 1 | -2/+1 |
| | |||||
* | service: fix ooo | Jason A. Donenfeld | 2019-05-02 | 1 | -1/+1 |
| | |||||
* | ui: fix log closure variable | Jason A. Donenfeld | 2019-04-30 | 1 | -3/+3 |
| | |||||
* | service: inform UIs it is time to quit so they can kill tray | Jason A. Donenfeld | 2019-04-30 | 3 | -0/+30 |
| | |||||
* | ui: fix quoting in error strings | Jason A. Donenfeld | 2019-04-30 | 1 | -1/+1 |
| |