aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/service (follow)
Commit message (Collapse)AuthorAgeFilesLines
* global: change acronyms to uppercaseSimon Rozman2019-05-165-67/+67
| | | | Signed-off-by: Simon Rozman <simon@rozman.si>
* firewall: allow wireguard.exe to override other rulesJason A. Donenfeld2019-05-151-0/+1
|
* firewall: give sublayer heavy weightJason A. Donenfeld2019-05-151-0/+1
|
* firewall: correct type on 32bit structureJason A. Donenfeld2019-05-151-1/+1
|
* service: ip adapter might not be up yetJason A. Donenfeld2019-05-151-5/+19
| | | | I don't like polling, but windows is racey.
* ui: drop permissionsJason A. Donenfeld2019-05-152-2/+2
|
* service: move WTS upstreamJason A. Donenfeld2019-05-154-136/+12
|
* service: more apis ported upstreamJason A. Donenfeld2019-05-153-64/+10
|
* service: clean up token manglingJason A. Donenfeld2019-05-144-89/+21
|
* service: drop all privileges for tunnel serviceOdd Stranne2019-05-144-0/+108
| | | | Signed-off-by: Odd Stranne <odd@mullvad.net>
* service: replace GetIfEntry2Ex with GetIfEntry2Simon Rozman2019-05-141-1/+1
| | | | | | GetIfEntry2Ex is Windows 10+ only Signed-off-by: Simon Rozman <simon@rozman.si>
* service: winipcfg no longer returns a wrapped errorJason A. Donenfeld2019-05-141-2/+2
|
* service: skip routes for interfaces that aren't upJason A. Donenfeld2019-05-141-0/+5
|
* service: account for loggedon but disconnected sessionsJason A. Donenfeld2019-05-141-1/+1
|
* global: use tab after //sysJason A. Donenfeld2019-05-142-5/+5
|
* global: regroup all importsJason A. Donenfeld2019-05-1413-33/+46
|
* service: reuse golang.org/x/sys/windows address family constantsSimon Rozman2019-05-141-12/+13
| | | | Signed-off-by: Simon Rozman <simon@rozman.si>
* firewall: fix logic errorJason A. Donenfeld2019-05-131-1/+1
|
* firewall: only allow specified dns serversJason A. Donenfeld2019-05-133-49/+186
|
* service: use more standard naming scheme for syscallsJason A. Donenfeld2019-05-134-99/+95
|
* service: allow go to create correct environment blockJason A. Donenfeld2019-05-134-83/+10
|
* service: run UI with elevated tokenJason A. Donenfeld2019-05-123-375/+11
| | | | | There are too many attacks possible when starting this with a non-elevated token.
* service: run UI at high integrityJason A. Donenfeld2019-05-113-0/+34
|
* service: use LUID directlyJason A. Donenfeld2019-05-101-15/+5
| | | | InterfaceGuidToLuid fails if called soon after device creation.
* service: clean up addresses from stale interfacesJason A. Donenfeld2019-05-101-0/+51
| | | | Other VPN implementations leave trash laying around...
* service: fix user logoutJason A. Donenfeld2019-05-101-17/+50
|
* service: account for delete pending windows bug in tunneltrackerJason A. Donenfeld2019-05-092-12/+35
| | | | | | | | | | Sometimes deleting a service disables it and prepares it for being deleted, but doesn't actually mark it as pending deletion. Presumably this is due to a race condition in the service management code. Workaround this by polling for disabled services, so that we don't wind up sleeping forever. Reported-by: Thomas Gschwantner <tharre3@gmail.com>
* service: prevent against multiple routines per sessionJason A. Donenfeld2019-05-081-4/+18
|
* service: print in log after UI exitsJason A. Donenfeld2019-05-081-3/+10
|
* service: waste a page due to sheer incompetenceJason A. Donenfeld2019-05-081-1/+1
|
* service: require elevated tokenJason A. Donenfeld2019-05-081-0/+1
|
* service: make the generated bindings do the type forcingJason A. Donenfeld2019-05-082-64/+56
|
* service: local system's token is a bit more locked down than elevatedJason A. Donenfeld2019-05-081-2/+3
|
* service: give process elevated security attributes plus logon session ID with minimal permissionsJason A. Donenfeld2019-05-085-42/+311
|
* firewall: cleanupJason A. Donenfeld2019-05-086-58/+59
|
* firewall: implode recurring address definitionsOdd Stranne2019-05-081-14/+15
| | | | Signed-off-by: Odd Stranne <odd@mullvad.net>
* firewall: remove unused codeOdd Stranne2019-05-088-296/+44
| | | | Signed-off-by: Odd Stranne <odd@mullvad.net>
* firewall: add permitHyperV()Odd Stranne2019-05-083-0/+108
| | | | Signed-off-by: Odd Stranne <odd@mullvad.net>
* firewall: implement permitNdp()Odd Stranne2019-05-082-4/+222
| | | | Signed-off-by: Odd Stranne <odd@mullvad.net>
* service: delay restart for one secondJason A. Donenfeld2019-05-071-0/+5
| | | | | | This prevents a thundering herd. Also, we can now use the restart manager in the MSI because our walk fork handles the right window messages.
* ringlogger: export R/O handle for UI processJason A. Donenfeld2019-05-072-2/+3
|
* updater: move into managerJason A. Donenfeld2019-05-066-148/+386
|
* ui: syntax: implement trafic blocking semanticsJason A. Donenfeld2019-05-051-2/+8
| | | | This is our "auto kill switch".
* service: temporarily disable security attributesJason A. Donenfeld2019-05-041-1/+11
| | | | This must be reverted before we release! See big source code comment.
* firewall: do not add unused permit rules when !restrictAllJason A. Donenfeld2019-05-041-16/+18
|
* firewall: DNS is TCP and UDPJason A. Donenfeld2019-05-031-3/+22
|
* firewall: block dns before allowing localhostJason A. Donenfeld2019-05-033-38/+31
| | | | | This prevents DNS leaks from people who have a localhost resolver doing something funky.
* firewall: only use one listJason A. Donenfeld2019-05-032-230/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | Unless you use complicated rights veto rules, WFP's policy is that between sublayers, block always outweighs allow. It's easier, therefore, to simply weight a single sublayer correctly, with allow rules having heavier weight than block rules. This basically means that we have to be careful that DNS isn't a subset of some allow rule. One place where this would be a problem are the permitLan* rules, which we don't use anyway, and so this commit nukes them. Another place would be if somebody is using a localhost/loopback resolver for whatever reason. This is probably a "low risk" sort of thing, but we may want to fix this by ordering the dns block just in front of the loopback permit. The other place is in the wireguard.exe tunnel service itself, which does DNS lookups. Since right now we mostly enforce one-tunnel-at-a- time, this isn't really a problem. But later if we allow nested tunneling, it means that the DNS lookup in a second tunnel can potentially escape the DNS server of the first tunnel. We can address this problem later, perhaps with fancier security descriptors that we shuffle around depending on which state the tunnel is in. And on the bright side, this change allows people to run WireGuard over port 53 itself, which is generally a desirable thing.
* firewall: since DNS is a blacklist, we have to exclude our own interfaceJason A. Donenfeld2019-05-032-6/+18
|
* firewall: pass blob of security descriptor instead of raw, and give daclJason A. Donenfeld2019-05-035-30/+33
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.