From cef79225560bd454cb5c49d8d2b0cfac869de8d3 Mon Sep 17 00:00:00 2001 From: Simon Rozman Date: Mon, 8 Mar 2021 13:48:29 +0100 Subject: [PATCH] api: elevate to SYSTEM in WintunEnumAdapters() The WintunEnumAdapters() requires namespace mutex. However, NamespaceTakePoolMutex() works as SYSTEM user only. WireGuard is using the WintunEnumAdapters() in its manager service to cleanup stale adapters. As the WireGuard manager service is running as SYSTEM, this requirement was not apparent before. This commit also extends the example project to list its existing adapters at start. Signed-off-by: Simon Rozman --- api/adapter.c | 13 ++++++++++--- example/example.c | 11 +++++++++++ 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/api/adapter.c b/api/adapter.c index 984af03..8fc757e 100644 --- a/api/adapter.c +++ b/api/adapter.c @@ -1983,13 +1983,18 @@ cleanupToken: _Return_type_success_(return != FALSE) BOOL WINAPI WintunEnumAdapters(_In_z_ const WCHAR *Pool, _In_ WINTUN_ENUM_CALLBACK Func, _In_ LPARAM Param) { - HANDLE Mutex = NamespaceTakePoolMutex(Pool); - if (!Mutex) + if (!ElevateToSystem()) { - LOG(WINTUN_LOG_ERR, L"Failed to take %s pool mutex", Pool); + LOG(WINTUN_LOG_ERR, L"Failed to impersonate SYSTEM user"); return FALSE; } DWORD LastError = ERROR_SUCCESS; + HANDLE Mutex = NamespaceTakePoolMutex(Pool); + if (!Mutex) + { + LastError = LOG(WINTUN_LOG_ERR, L"Failed to take %s pool mutex", Pool); + goto cleanupToken; + } HDEVINFO DevInfo = SetupDiGetClassDevsExW(&GUID_DEVCLASS_NET, NULL, NULL, DIGCF_PRESENT, NULL, NULL, NULL); if (DevInfo == INVALID_HANDLE_VALUE) { @@ -2022,5 +2027,7 @@ _Return_type_success_(return != FALSE) BOOL WINAPI SetupDiDestroyDeviceInfoList(DevInfo); cleanupMutex: NamespaceReleaseMutex(Mutex); +cleanupToken: + RevertToSelf(); return RET_ERROR(TRUE, LastError); } diff --git a/example/example.c b/example/example.c index d36c2d4..9e5f2e8 100644 --- a/example/example.c +++ b/example/example.c @@ -293,6 +293,16 @@ SendPackets(_Inout_ DWORD_PTR SessionPtr) return ERROR_SUCCESS; } +static BOOL CALLBACK +PrintAdapter(_In_ WINTUN_ADAPTER_HANDLE Adapter, _In_ LPARAM Param) +{ + UNREFERENCED_PARAMETER(Param); + WCHAR szAdapterName[MAX_ADAPTER_NAME]; + if (WintunGetAdapterName(Adapter, szAdapterName)) + Log(WINTUN_LOG_INFO, L"Existing Wintun adapter: %s", szAdapterName); + return TRUE; +} + int main(void) { @@ -301,6 +311,7 @@ main(void) return LogError(L"Failed to initialize Wintun", GetLastError()); WintunSetLogger(ConsoleLogger); Log(WINTUN_LOG_INFO, L"Wintun library loaded"); + WintunEnumAdapters(L"Example", PrintAdapter, 0); DWORD LastError; HaveQuit = FALSE;