(Windows) Checking: binary files have to be located in "Program Files…

…" folder
ivpn · Jan 19, 2021 · ffded41 · ffded41
1 parent 31745c2
commit ffded41
Show file tree

Hide file tree

Showing 8 changed files with 48 additions and 10 deletions.
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -13,7 +13,7 @@
             "env": {},
             "args": ["-logging"],
             //"buildFlags": "-tags debug"
-            "buildFlags": ""
+            //"buildFlags": ""
             //"buildFlags": "-tags nowifi"
         }
     ]

diff --git a/References/Windows/etc/servers.json b/References/Windows/etc/servers.json
diff --git a/service/platform/filerights/frigths_windows.go b/service/platform/filerights/frigths_windows.go
@@ -5,33 +5,59 @@ package filerights
 import (
 	"fmt"
 	"os"
+	"strings"
 )
 
+var envVarProgramFiles string
+var isDebug bool = false
+
+func init() {
+	envVarProgramFiles = strings.ToLower(os.Getenv("ProgramFiles"))
+	if len(envVarProgramFiles) == 0 {
+		fmt.Println("!!! ERROR !!! Unable to determine 'ProgramFiles' environment variable")
+	}
+}
+
 // DefaultFilePermissionsForConfig - returns default file permissions to save config files
 func DefaultFilePermissionsForConfig() os.FileMode { return 0600 }
 
 // CheckFileAccessRightsConfig ensures if given file has correct rights for mutable config file
 func CheckFileAccessRightsConfig(file string) error {
 	// No file rights check for Windows
 	// Application is installed to a '%PROGRAMFILES%' which is write-accessible only for admins
-	return isFileExists(file)
+	return isFileInProgramFiles(file)
 }
 
 // CheckFileAccessRightsStaticConfig ensures if given file has correct rights for unmutable config file
 func CheckFileAccessRightsStaticConfig(file string) error {
 	// No file rights check for Windows
 	// Application is installed to a '%PROGRAMFILES%' which is write-accessible only for admins
-	return isFileExists(file)
+	return isFileInProgramFiles(file)
 }
 
 // CheckFileAccessRightsExecutable checks if file has correct access-permission for executable
 // If file does not exist or it can be writable by someone else except root - return error
 func CheckFileAccessRightsExecutable(file string) error {
 	// No file rights check for Windows
 	// Application is installed to a '%PROGRAMFILES%' which is write-accessible only for admins
-	return isFileExists(file)
+	return isFileInProgramFiles(file)
 }
 
+func isFileInProgramFiles(file string) error {
+	if err := isFileExists(file); err != nil {
+		return err
+	}
+
+	if isDebug == false {
+		if len(envVarProgramFiles) == 0 {
+			return fmt.Errorf("the 'ProgramFiles' environment variable not initialized")
+		}
+		if strings.HasPrefix(strings.ToLower(strings.ReplaceAll(file, "/", "\\")), envVarProgramFiles) == false {
+			return fmt.Errorf("file '%s' is not in folder '%s'", file, envVarProgramFiles)
+		}
+	}
+	return nil
+}
 func isFileExists(file string) error {
 	stat, err := os.Stat(file)
 	if err != nil {

diff --git a/service/platform/filerights/frigths_windows_debug.go b/service/platform/filerights/frigths_windows_debug.go
@@ -0,0 +1,12 @@
+// +build windows,debug
+
+package filerights
+
+import (
+	"fmt"
+)
+
+func init() {
+	isDebug = true
+	fmt.Println("!!! DEBUG VERSION !!! (filerights) File access permissions are not checking in DEBUG mode")
+}
diff --git a/service/platform/platform_darwin_debug.go b/service/platform/platform_darwin_debug.go
@@ -69,7 +69,7 @@ func doOsInitForBuild() (warnings []string, errors []error) {
 	wgBinaryPath = path.Join(installDir, "References/macOS/_deps/wg_inst/wireguard-go")
 	wgToolBinaryPath = path.Join(installDir, "References/macOS/_deps/wg_inst/wg")
 
-	fmt.Println("!!!DEBUG!!! 'allowedClients' not defined for debug mode. Any client can connect to daemon")
+	fmt.Println("!!! DEBUG VERSION !!! 'allowedClients' not defined for debug mode. Any client can connect to daemon")
 
 	return nil, nil
 }

diff --git a/service/platform/platform_linux_debug.go b/service/platform/platform_linux_debug.go
@@ -60,7 +60,7 @@ func doOsInitForBuild() (warnings []string, errors []error) {
 	openvpnProxyAuthFile = path.Join(tmpDir, "proxyauth.txt")
 	wgConfigFilePath = path.Join(tmpDir, "wgivpn.conf")
 
-	fmt.Println("!!!DEBUG!!! 'allowedClients' not defined for debug mode. Any client can connect to daemon")
+	fmt.Println("!!! DEBUG VERSION !!! 'allowedClients' not defined for debug mode. Any client can connect to daemon")
 
 	return nil, nil
 }
diff --git a/service/platform/platform_windows.go b/service/platform/platform_windows.go
@@ -41,7 +41,7 @@ func doInitConstants() {
 		servicePortFile = path.Join(installDir, "etc/port.txt")
 	} else {
 		// debug version can have different port file value
-		fmt.Println("!!! WARNING!!! Non-standard service port file: ", servicePortFile)
+		fmt.Println("!!! WARNING !!! Non-standard service port file: ", servicePortFile)
 	}
 
 	logFile = path.Join(installDir, "log/IVPN Agent.log")
@@ -110,4 +110,4 @@ func WindowsWFPDllPath() string {
 // WindowsNativeHelpersDllPath - Path to Windows DLL with helper methods (native DNS implementation... etc.)
 func WindowsNativeHelpersDllPath() string {
 	return nativeHelpersDllPath
-}
+}
diff --git a/service/platform/platform_windows_debug.go b/service/platform/platform_windows_debug.go
@@ -58,7 +58,7 @@ func doOsInitForBuild() {
 	fmt.Printf("!!! DEBUG VERSION !!! servicePortFile       : '%s'\n", servicePortFile)
 	fmt.Println("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
 
-	fmt.Println("!!!DEBUG!!! 'allowedClients' not defined for debug mode. Any client can connect to daemon")
+	fmt.Println("!!! DEBUG VERSION !!! 'allowedClients' not defined for debug mode. Any client can connect to daemon")
 }
 
 func getInstallDir() string {