fix: (windows) wireguard command permission elevation

zeropsio · May 4, 2024 · ad5a3ed · ad5a3ed
1 parent f799087
commit ad5a3ed
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 2 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,5 @@
 .idea
+.sandbox
 include/
 .sandbox/
 .tool-versions

diff --git a/src/wg/windows.go b/src/wg/windows.go
@@ -7,6 +7,7 @@ import (
 	"context"
 	"io"
 	"os/exec"
+	"strings"
 	"text/template"
 
 	"github.com/pkg/errors"
@@ -34,11 +35,23 @@ func GenerateConfig(f io.Writer, privateKey wgtypes.Key, vpnSettings output.Proj
 }
 
 func UpCmd(ctx context.Context, filePath string) (err *exec.Cmd) {
-	return exec.CommandContext(ctx, "wireguard", "/installtunnelservice", filePath)
+	return exec.CommandContext(ctx,
+		"powershell",
+		"-Command",
+		"Start-Process", "wireguard",
+		"-Verb", "RunAs",
+		"-ArgumentList "+formatArgumentList("/installtunnelservice", filePath),
+	)
 }
 
 func DownCmd(ctx context.Context, _, interfaceName string) (err *exec.Cmd) {
-	return exec.CommandContext(ctx, "wireguard", "/uninstalltunnelservice", interfaceName)
+	return exec.CommandContext(ctx,
+		"powershell",
+		"-Command",
+		"Start-Process", "wireguard",
+		"-Verb", "RunAs",
+		"-ArgumentList "+formatArgumentList("/uninstalltunnelservice", interfaceName),
+	)
 }
 
 var vpnTmpl = `
@@ -60,3 +73,14 @@ Endpoint = {{.ProjectIpv4SharedEndpoint}}
 
 PersistentKeepalive = 5
 `
+
+func formatArgumentList(args ...string) string {
+	for i, a := range args {
+		args[i] = quote(a)
+	}
+	return strings.Join(args, ", ")
+}
+
+func quote(in string) string {
+	return `"` + in + `"`
+}