diff options
Diffstat (limited to 'node')
| -rw-r--r-- | node/EthernetTap.cpp | 2 | ||||
| -rw-r--r-- | node/Node.cpp | 10 | ||||
| -rw-r--r-- | node/Topology.cpp | 10 | ||||
| -rw-r--r-- | node/Utils.cpp | 15 |
4 files changed, 24 insertions, 13 deletions
diff --git a/node/EthernetTap.cpp b/node/EthernetTap.cpp index 87482537..fce30b61 100644 --- a/node/EthernetTap.cpp +++ b/node/EthernetTap.cpp @@ -1465,7 +1465,7 @@ void EthernetTap::threadMain() for(;;) { if (!_run) break; - WaitForMultipleObjectsEx(3,wait4,FALSE,INFINITE,TRUE); + DWORD r = WaitForMultipleObjectsEx(writeInProgress ? 3 : 2,wait4,FALSE,INFINITE,TRUE); if (!_run) break; if (HasOverlappedIoCompleted(&_tapOvlRead)) { diff --git a/node/Node.cpp b/node/Node.cpp index d195b9f1..e55cad04 100644 --- a/node/Node.cpp +++ b/node/Node.cpp @@ -419,12 +419,16 @@ Node::ReasonForTermination Node::run() } Utils::lockDownFile(identitySecretPath.c_str(),false); - // Make sure networks.d exists + // Make sure networks.d exists and is secure + { + std::string networksDotD(_r->homePath + ZT_PATH_SEPARATOR_S + "networks.d"); #ifdef __WINDOWS__ - CreateDirectoryA((_r->homePath + ZT_PATH_SEPARATOR_S + "networks.d").c_str(),NULL); + CreateDirectoryA(networksDotD.c_str(),NULL); #else - mkdir((_r->homePath + ZT_PATH_SEPARATOR_S + "networks.d").c_str(),0700); + mkdir(networksDotD.c_str(),0700); #endif + Utils::lockDownFile(networksDotD.c_str(),true); + } // Load or generate config authentication secret std::string configAuthTokenPath(_r->homePath + ZT_PATH_SEPARATOR_S + "authtoken.secret"); diff --git a/node/Topology.cpp b/node/Topology.cpp index 6efde33e..b499063c 100644 --- a/node/Topology.cpp +++ b/node/Topology.cpp @@ -280,17 +280,13 @@ void Topology::_loadPeers() buf.setSize(buf.size() - ptr); } } while (rlen > 0); - fclose(pd); - } else { - fclose(pd); - Utils::rm(pdpath); } } catch ( ... ) { - // Membership cert dump file invalid. We'll re-learn them off the net. _activePeers.clear(); - fclose(pd); - Utils::rm(pdpath); } + + fclose(pd); + Utils::rm(pdpath); } } // namespace ZeroTier diff --git a/node/Utils.cpp b/node/Utils.cpp index 53a67179..e91cb6a1 100644 --- a/node/Utils.cpp +++ b/node/Utils.cpp @@ -251,8 +251,19 @@ void Utils::lockDownFile(const char *path,bool isDir) #ifdef __UNIX_LIKE__ chmod(path,isDir ? 0700 : 0600); #else -#ifdef _WIN32 - // TODO: windows ACL hell... +#ifdef __WINDOWS__ + { + STARTUPINFOA startupInfo; + startupInfo.cb = sizeof(startupInfo); + PROCESS_INFORMATION processInfo; + memset(&startupInfo,0,sizeof(STARTUPINFOA)); + memset(&processInfo,0,sizeof(PROCESS_INFORMATION)); + if (CreateProcessA(NULL,(LPSTR)(std::string("C:\\Windows\\System32\\cacls.exe \"") + path + "\" /E /R Users").c_str(),NULL,NULL,FALSE,0,NULL,NULL,&startupInfo,&processInfo)) { + WaitForSingleObject(processInfo.hProcess,INFINITE); + CloseHandle(processInfo.hProcess); + CloseHandle(processInfo.hThread); + } + } #endif #endif } |