wintun: put mutex into private namespace

2019-08-30 10:31:27 -06:00 · 2019-08-30 10:31:27 -06:00 · 950ca2ba8c
commit 950ca2ba8c
parent df2bf34373
3 changed files with 99 additions and 26 deletions
--- a/tun/wintun/namespace_windows.go
+++ b/tun/wintun/namespace_windows.go
@ -0,0 +1,99 @@
 /* SPDX-License-Identifier: MIT
 *
 * Copyright (C) 2019 WireGuard LLC. All Rights Reserved.
 */
 package wintun
 import (
 	"encoding/hex"
 	"errors"
 	"fmt"
 	"sync"
 	"unsafe"
 	"golang.org/x/crypto/blake2s"
 	"golang.org/x/sys/windows"
 	"golang.org/x/text/unicode/norm"
 	"golang.zx2c4.com/wireguard/ipc/winpipe"
 	"golang.zx2c4.com/wireguard/tun/wintun/namespaceapi"
 )
 var (
 	wintunObjectSecurityAttributes *windows.SecurityAttributes
 	hasInitializedNamespace        bool
 	initializingNamespace          sync.Mutex
 )
 func initializeNamespace() error {
 	initializingNamespace.Lock()
 	defer initializingNamespace.Unlock()
 	if hasInitializedNamespace {
 		return nil
 	}
 	sd, err := winpipe.SddlToSecurityDescriptor("O:SYD:P(A;;GA;;;SY)")
 	if err != nil {
 		return fmt.Errorf("SddlToSecurityDescriptor failed: %v", err)
 	}
 	wintunObjectSecurityAttributes = &windows.SecurityAttributes{
 		Length:             uint32(len(sd)),
 		SecurityDescriptor: uintptr(unsafe.Pointer(&sd[0])),
 	}
 	sid, err := windows.CreateWellKnownSid(windows.WinLocalSystemSid)
 	if err != nil {
 		return fmt.Errorf("CreateWellKnownSid(LOCAL_SYSTEM) failed: %v", err)
 	}
 	boundary, err := namespaceapi.CreateBoundaryDescriptor("Wintun")
 	if err != nil {
 		return fmt.Errorf("CreateBoundaryDescriptor failed: %v", err)
 	}
 	err = boundary.AddSid(sid)
 	if err != nil {
 		return fmt.Errorf("AddSIDToBoundaryDescriptor failed: %v", err)
 	}
 	for {
 		_, err = namespaceapi.CreatePrivateNamespace(wintunObjectSecurityAttributes, boundary, "Wintun")
 		if err == windows.ERROR_ALREADY_EXISTS {
 			_, err = namespaceapi.OpenPrivateNamespace(boundary, "Wintun")
 			if err == windows.ERROR_PATH_NOT_FOUND {
 				continue
 			}
 		}
 		if err != nil {
 			return fmt.Errorf("Create/OpenPrivateNamespace failed: %v", err)
 		}
 		break
 	}
 	hasInitializedNamespace = true
 	return nil
 }
 func (pool Pool) takeNameMutex() (windows.Handle, error) {
 	err := initializeNamespace()
 	if err != nil {
 		return 0, err
 	}
 	const mutexLabel = "WireGuard Adapter Name Mutex Stable Suffix v1 jason@zx2c4.com"
 	b2, _ := blake2s.New256(nil)
 	b2.Write([]byte(mutexLabel))
 	b2.Write(norm.NFC.Bytes([]byte(string(pool))))
 	mutexName := `Wintun\Wintun-Name-Mutex-` + hex.EncodeToString(b2.Sum(nil))
 	mutex, err := windows.CreateMutex(wintunObjectSecurityAttributes, false, windows.StringToUTF16Ptr(mutexName))
 	if err != nil {
 		err = fmt.Errorf("Error creating name mutex: %v", err)
 		return 0, err
 	}
 	event, err := windows.WaitForSingleObject(mutex, windows.INFINITE)
 	if err != nil {
 		windows.CloseHandle(mutex)
 		return 0, fmt.Errorf("Error waiting on name mutex: %v", err)
 	}
 	if event != windows.WAIT_OBJECT_0 {
 		windows.CloseHandle(mutex)
 		return 0, errors.New("Error with event trigger of name mutex")
 	}
 	return mutex, nil
 }
--- a/tun/wintun/ring_windows.go
+++ b/tun/wintun/ring_windows.go
--- a/tun/wintun/wintun_windows.go
+++ b/tun/wintun/wintun_windows.go
@ -6,17 +6,14 @@
 package wintun
 import (
 	"encoding/hex"
 	"errors"
 	"fmt"
 	"strings"
 	"time"
 	"unsafe"
 	"golang.org/x/crypto/blake2s"
 	"golang.org/x/sys/windows"
 	"golang.org/x/sys/windows/registry"
 	"golang.org/x/text/unicode/norm"
 	"golang.zx2c4.com/wireguard/tun/wintun/iphlpapi"
 	"golang.zx2c4.com/wireguard/tun/wintun/nci"
@ -758,26 +755,3 @@ func (wintun *Interface) GUID() windows.GUID {
 func (wintun *Interface) LUID() uint64 {
 	return ((uint64(wintun.luidIndex) & ((1 << 24) - 1)) << 24) | ((uint64(wintun.ifType) & ((1 << 16) - 1)) << 48)
 }
 func (pool Pool) takeNameMutex() (windows.Handle, error) {
 	const mutexLabel = "WireGuard Adapter Name Mutex Stable Suffix v1 jason@zx2c4.com"
 	b2, _ := blake2s.New256(nil)
 	b2.Write([]byte(mutexLabel))
 	b2.Write(norm.NFC.Bytes([]byte(string(pool))))
 	mutexName := `Global\Wintun-Name-Mutex-` + hex.EncodeToString(b2.Sum(nil))
 	mutex, err := windows.CreateMutex(nil, false, windows.StringToUTF16Ptr(mutexName))
 	if err != nil {
 		err = fmt.Errorf("Error creating name mutex: %v", err)
 		return 0, err
 	}
 	event, err := windows.WaitForSingleObject(mutex, windows.INFINITE)
 	if err != nil {
 		windows.CloseHandle(mutex)
 		return 0, fmt.Errorf("Error waiting on name mutex: %v", err)
 	}
 	if event != windows.WAIT_OBJECT_0 {
 		windows.CloseHandle(mutex)
 		return 0, errors.New("Error with event trigger of name mutex")
 	}
 	return mutex, nil
 }