diff options
Diffstat (limited to 'tun/wintun/namespace_windows.go')
-rw-r--r-- | tun/wintun/namespace_windows.go | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/tun/wintun/namespace_windows.go b/tun/wintun/namespace_windows.go new file mode 100644 index 0000000..21791ef --- /dev/null +++ b/tun/wintun/namespace_windows.go @@ -0,0 +1,99 @@ +/* SPDX-License-Identifier: MIT + * + * Copyright (C) 2019 WireGuard LLC. All Rights Reserved. + */ + +package wintun + +import ( + "encoding/hex" + "errors" + "fmt" + "sync" + "unsafe" + + "golang.org/x/crypto/blake2s" + "golang.org/x/sys/windows" + "golang.org/x/text/unicode/norm" + + "golang.zx2c4.com/wireguard/ipc/winpipe" + "golang.zx2c4.com/wireguard/tun/wintun/namespaceapi" +) + +var ( + wintunObjectSecurityAttributes *windows.SecurityAttributes + hasInitializedNamespace bool + initializingNamespace sync.Mutex +) + +func initializeNamespace() error { + initializingNamespace.Lock() + defer initializingNamespace.Unlock() + if hasInitializedNamespace { + return nil + } + sd, err := winpipe.SddlToSecurityDescriptor("O:SYD:P(A;;GA;;;SY)") + if err != nil { + return fmt.Errorf("SddlToSecurityDescriptor failed: %v", err) + } + wintunObjectSecurityAttributes = &windows.SecurityAttributes{ + Length: uint32(len(sd)), + SecurityDescriptor: uintptr(unsafe.Pointer(&sd[0])), + } + sid, err := windows.CreateWellKnownSid(windows.WinLocalSystemSid) + if err != nil { + return fmt.Errorf("CreateWellKnownSid(LOCAL_SYSTEM) failed: %v", err) + } + + boundary, err := namespaceapi.CreateBoundaryDescriptor("Wintun") + if err != nil { + return fmt.Errorf("CreateBoundaryDescriptor failed: %v", err) + } + err = boundary.AddSid(sid) + if err != nil { + return fmt.Errorf("AddSIDToBoundaryDescriptor failed: %v", err) + } + for { + _, err = namespaceapi.CreatePrivateNamespace(wintunObjectSecurityAttributes, boundary, "Wintun") + if err == windows.ERROR_ALREADY_EXISTS { + _, err = namespaceapi.OpenPrivateNamespace(boundary, "Wintun") + if err == windows.ERROR_PATH_NOT_FOUND { + continue + } + } + if err != nil { + return fmt.Errorf("Create/OpenPrivateNamespace failed: %v", err) + } + break + } + hasInitializedNamespace = true + return nil +} + +func (pool Pool) takeNameMutex() (windows.Handle, error) { + err := initializeNamespace() + if err != nil { + return 0, err + } + + const mutexLabel = "WireGuard Adapter Name Mutex Stable Suffix v1 jason@zx2c4.com" + b2, _ := blake2s.New256(nil) + b2.Write([]byte(mutexLabel)) + b2.Write(norm.NFC.Bytes([]byte(string(pool)))) + mutexName := `Wintun\Wintun-Name-Mutex-` + hex.EncodeToString(b2.Sum(nil)) + mutex, err := windows.CreateMutex(wintunObjectSecurityAttributes, false, windows.StringToUTF16Ptr(mutexName)) + if err != nil { + err = fmt.Errorf("Error creating name mutex: %v", err) + return 0, err + } + event, err := windows.WaitForSingleObject(mutex, windows.INFINITE) + if err != nil { + windows.CloseHandle(mutex) + return 0, fmt.Errorf("Error waiting on name mutex: %v", err) + } + if event != windows.WAIT_OBJECT_0 { + windows.CloseHandle(mutex) + return 0, errors.New("Error with event trigger of name mutex") + } + return mutex, nil +} |