diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-08-30 10:31:27 -0600 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-08-30 11:03:21 -0600 |
commit | 950ca2ba8c026be809ced2438f89ec9146734cf7 (patch) | |
tree | e2cbd6166091290152824681d8099e76b6d258e4 | |
parent | df2bf34373467cadab4f37b1a3c67eee45e677b4 (diff) |
wintun: put mutex into private namespace
-rw-r--r-- | tun/wintun/namespace_windows.go | 99 | ||||
-rw-r--r-- | tun/wintun/ring_windows.go (renamed from tun/wintun/ring.go) | 0 | ||||
-rw-r--r-- | tun/wintun/wintun_windows.go | 26 |
3 files changed, 99 insertions, 26 deletions
diff --git a/tun/wintun/namespace_windows.go b/tun/wintun/namespace_windows.go new file mode 100644 index 0000000..21791ef --- /dev/null +++ b/tun/wintun/namespace_windows.go @@ -0,0 +1,99 @@ +/* SPDX-License-Identifier: MIT + * + * Copyright (C) 2019 WireGuard LLC. All Rights Reserved. + */ + +package wintun + +import ( + "encoding/hex" + "errors" + "fmt" + "sync" + "unsafe" + + "golang.org/x/crypto/blake2s" + "golang.org/x/sys/windows" + "golang.org/x/text/unicode/norm" + + "golang.zx2c4.com/wireguard/ipc/winpipe" + "golang.zx2c4.com/wireguard/tun/wintun/namespaceapi" +) + +var ( + wintunObjectSecurityAttributes *windows.SecurityAttributes + hasInitializedNamespace bool + initializingNamespace sync.Mutex +) + +func initializeNamespace() error { + initializingNamespace.Lock() + defer initializingNamespace.Unlock() + if hasInitializedNamespace { + return nil + } + sd, err := winpipe.SddlToSecurityDescriptor("O:SYD:P(A;;GA;;;SY)") + if err != nil { + return fmt.Errorf("SddlToSecurityDescriptor failed: %v", err) + } + wintunObjectSecurityAttributes = &windows.SecurityAttributes{ + Length: uint32(len(sd)), + SecurityDescriptor: uintptr(unsafe.Pointer(&sd[0])), + } + sid, err := windows.CreateWellKnownSid(windows.WinLocalSystemSid) + if err != nil { + return fmt.Errorf("CreateWellKnownSid(LOCAL_SYSTEM) failed: %v", err) + } + + boundary, err := namespaceapi.CreateBoundaryDescriptor("Wintun") + if err != nil { + return fmt.Errorf("CreateBoundaryDescriptor failed: %v", err) + } + err = boundary.AddSid(sid) + if err != nil { + return fmt.Errorf("AddSIDToBoundaryDescriptor failed: %v", err) + } + for { + _, err = namespaceapi.CreatePrivateNamespace(wintunObjectSecurityAttributes, boundary, "Wintun") + if err == windows.ERROR_ALREADY_EXISTS { + _, err = namespaceapi.OpenPrivateNamespace(boundary, "Wintun") + if err == windows.ERROR_PATH_NOT_FOUND { + continue + } + } + if err != nil { + return fmt.Errorf("Create/OpenPrivateNamespace failed: %v", err) + } + break + } + hasInitializedNamespace = true + return nil +} + +func (pool Pool) takeNameMutex() (windows.Handle, error) { + err := initializeNamespace() + if err != nil { + return 0, err + } + + const mutexLabel = "WireGuard Adapter Name Mutex Stable Suffix v1 jason@zx2c4.com" + b2, _ := blake2s.New256(nil) + b2.Write([]byte(mutexLabel)) + b2.Write(norm.NFC.Bytes([]byte(string(pool)))) + mutexName := `Wintun\Wintun-Name-Mutex-` + hex.EncodeToString(b2.Sum(nil)) + mutex, err := windows.CreateMutex(wintunObjectSecurityAttributes, false, windows.StringToUTF16Ptr(mutexName)) + if err != nil { + err = fmt.Errorf("Error creating name mutex: %v", err) + return 0, err + } + event, err := windows.WaitForSingleObject(mutex, windows.INFINITE) + if err != nil { + windows.CloseHandle(mutex) + return 0, fmt.Errorf("Error waiting on name mutex: %v", err) + } + if event != windows.WAIT_OBJECT_0 { + windows.CloseHandle(mutex) + return 0, errors.New("Error with event trigger of name mutex") + } + return mutex, nil +} diff --git a/tun/wintun/ring.go b/tun/wintun/ring_windows.go index 8f46bc9..8f46bc9 100644 --- a/tun/wintun/ring.go +++ b/tun/wintun/ring_windows.go diff --git a/tun/wintun/wintun_windows.go b/tun/wintun/wintun_windows.go index d6fa35f..c654b02 100644 --- a/tun/wintun/wintun_windows.go +++ b/tun/wintun/wintun_windows.go @@ -6,17 +6,14 @@ package wintun import ( - "encoding/hex" "errors" "fmt" "strings" "time" "unsafe" - "golang.org/x/crypto/blake2s" "golang.org/x/sys/windows" "golang.org/x/sys/windows/registry" - "golang.org/x/text/unicode/norm" "golang.zx2c4.com/wireguard/tun/wintun/iphlpapi" "golang.zx2c4.com/wireguard/tun/wintun/nci" @@ -758,26 +755,3 @@ func (wintun *Interface) GUID() windows.GUID { func (wintun *Interface) LUID() uint64 { return ((uint64(wintun.luidIndex) & ((1 << 24) - 1)) << 24) | ((uint64(wintun.ifType) & ((1 << 16) - 1)) << 48) } - -func (pool Pool) takeNameMutex() (windows.Handle, error) { - const mutexLabel = "WireGuard Adapter Name Mutex Stable Suffix v1 jason@zx2c4.com" - b2, _ := blake2s.New256(nil) - b2.Write([]byte(mutexLabel)) - b2.Write(norm.NFC.Bytes([]byte(string(pool)))) - mutexName := `Global\Wintun-Name-Mutex-` + hex.EncodeToString(b2.Sum(nil)) - mutex, err := windows.CreateMutex(nil, false, windows.StringToUTF16Ptr(mutexName)) - if err != nil { - err = fmt.Errorf("Error creating name mutex: %v", err) - return 0, err - } - event, err := windows.WaitForSingleObject(mutex, windows.INFINITE) - if err != nil { - windows.CloseHandle(mutex) - return 0, fmt.Errorf("Error waiting on name mutex: %v", err) - } - if event != windows.WAIT_OBJECT_0 { - windows.CloseHandle(mutex) - return 0, errors.New("Error with event trigger of name mutex") - } - return mutex, nil -}
\ No newline at end of file |