From ffa28be5eff6a109c8a6ae1ee6bd948ad794aee9 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Tue, 21 May 2019 13:13:32 +0200
Subject: firewall: use service-specific SID

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 manager/install.go | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'manager')

diff --git a/manager/install.go b/manager/install.go
index 4a570297..2eddbbbe 100644
--- a/manager/install.go
+++ b/manager/install.go
@@ -9,6 +9,7 @@ import (
 	"errors"
 	"os"
 	"time"
+	"unsafe"
 
 	"golang.org/x/sys/windows"
 	"golang.org/x/sys/windows/svc"
@@ -165,6 +166,14 @@ func InstallTunnel(configPath string) error {
 	if err != nil {
 		return err
 	}
+	sidType := uint32(windows.SERVICE_SID_TYPE_UNRESTRICTED)
+	err = windows.ChangeServiceConfig2(service.Handle, windows.SERVICE_CONFIG_SERVICE_SID_INFO, (*byte)(unsafe.Pointer(&sidType)))
+	if err != nil {
+		service.Delete()
+		service.Close()
+		return err
+	}
+
 	err = service.Start()
 	go trackTunnelService(name, service) // Pass off reference to handle.
 	return err
-- 
cgit v1.2.3-59-g8ed1b