1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
/* SPDX-License-Identifier: MIT
*
* Copyright (C) 2019 WireGuard LLC. All Rights Reserved.
*/
package conf
import (
"errors"
"log"
"os"
"path/filepath"
"strings"
"unsafe"
"golang.org/x/sys/windows"
)
//sys coTaskMemFree(pointer uintptr) = ole32.CoTaskMemFree
//sys shGetKnownFolderPath(id *windows.GUID, flags uint32, token windows.Handle, path **uint16) (ret error) = shell32.SHGetKnownFolderPath
//sys getFileSecurity(fileName *uint16, securityInformation uint32, securityDescriptor *byte, descriptorLen uint32, requestedLen *uint32) (err error) = advapi32.GetFileSecurityW
//sys getSecurityDescriptorOwner(securityDescriptor *byte, sid **windows.SID, ownerDefaulted *bool) (err error) = advapi32.GetSecurityDescriptorOwner
var folderIDLocalAppData = windows.GUID{0xf1b32785, 0x6fba, 0x4fcf, [8]byte{0x9d, 0x55, 0x7b, 0x8e, 0x7f, 0x15, 0x70, 0x91}}
const kfFlagCreate = 0x00008000
const ownerSecurityInformation = 0x00000001
var cachedConfigFileDir string
var cachedRootDir string
func maybeMigrate(c string) {
vol := filepath.VolumeName(c)
withoutVol := strings.TrimPrefix(c, vol)
oldRoot := filepath.Join(vol, "\\windows.old")
oldC := filepath.Join(oldRoot, withoutVol)
var err error
var sd []byte
reqLen := uint32(128)
for {
sd = make([]byte, reqLen)
//XXX: Since this takes a file path, it's technically a TOCTOU.
err = getFileSecurity(windows.StringToUTF16Ptr(oldRoot), ownerSecurityInformation, &sd[0], uint32(len(sd)), &reqLen)
if err != windows.ERROR_INSUFFICIENT_BUFFER {
break
}
}
if err == windows.ERROR_PATH_NOT_FOUND {
return
}
if err != nil {
log.Printf("Not migrating configuration from '%s' due to GetFileSecurity error: %v", oldRoot, err)
return
}
var defaulted bool
var sid *windows.SID
err = getSecurityDescriptorOwner(&sd[0], &sid, &defaulted)
if err != nil {
log.Printf("Not migrating configuration from '%s' due to GetSecurityDescriptorOwner error: %v", oldRoot, err)
return
}
if defaulted || !sid.IsWellKnown(windows.WinLocalSystemSid) {
sidStr, _ := sid.String()
log.Printf("Not migrating configuration from '%s' it is not explicitly owned by SYSTEM, but rather '%s'", oldRoot, sidStr)
return
}
err = windows.MoveFileEx(windows.StringToUTF16Ptr(oldC), windows.StringToUTF16Ptr(c), windows.MOVEFILE_COPY_ALLOWED)
if err != nil {
if err != windows.ERROR_FILE_NOT_FOUND && err != windows.ERROR_ALREADY_EXISTS {
log.Printf("Not migrating configuration from '%s' due to error when moving files: %v", oldRoot, err)
}
return
}
log.Printf("Migrated configuration from '%s'", oldRoot)
}
func tunnelConfigurationsDirectory() (string, error) {
if cachedConfigFileDir != "" {
return cachedConfigFileDir, nil
}
root, err := RootDirectory()
if err != nil {
return "", err
}
c := filepath.Join(root, "Configurations")
maybeMigrate(c)
err = os.MkdirAll(c, os.ModeDir|0700)
if err != nil {
return "", err
}
cachedConfigFileDir = c
return cachedConfigFileDir, nil
}
func RootDirectory() (string, error) {
if cachedRootDir != "" {
return cachedRootDir, nil
}
var path *uint16
err := shGetKnownFolderPath(&folderIDLocalAppData, kfFlagCreate, 0, &path)
if err != nil {
return "", err
}
defer coTaskMemFree(uintptr(unsafe.Pointer(path)))
root := windows.UTF16ToString((*[windows.MAX_LONG_PATH + 1]uint16)(unsafe.Pointer(path))[:])
if len(root) == 0 {
return "", errors.New("Unable to determine configuration directory")
}
c := filepath.Join(root, "WireGuard")
err = os.MkdirAll(c, os.ModeDir|0700)
if err != nil {
return "", err
}
cachedRootDir = c
return cachedRootDir, nil
}
|
