From 11a667c8decb4a2e7caee7aac7d4f1d7b82f5f21 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Fri, 19 Jul 2019 15:59:53 +0200
Subject: tunnel: extract owner of config file for pipe dacl

If the config file is unencrypted and its owner is not Local System,
then we allow the runtime named pipe to be accessed by that owner, since
generally the private key is already stored in the config file.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 conf/store.go | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'conf/store.go')

diff --git a/conf/store.go b/conf/store.go
index b5cdd1ef..504a0d01 100644
--- a/conf/store.go
+++ b/conf/store.go
@@ -148,6 +148,10 @@ func LoadFromPath(path string) (*Config, error) {
 	return FromWgQuickWithUnknownEncoding(string(bytes), name)
 }
 
+func PathIsEncrypted(path string) bool {
+	return strings.HasSuffix(filepath.Base(path), configFileSuffix)
+}
+
 func NameFromPath(path string) (string, error) {
 	name := filepath.Base(path)
 	if !((len(name) > len(configFileSuffix) && strings.HasSuffix(name, configFileSuffix)) ||
-- 
cgit v1.2.3-59-g8ed1b