From ad5a3ed3593f5456d2799be613277dc5e4c2c2ef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Hellmann?= <hellmann@vshosting.cz>
Date: Tue, 30 Apr 2024 15:40:34 +0200
Subject: [PATCH] fix: (windows) wireguard command permission elevation

---
 .gitignore        |  1 +
 src/wg/windows.go | 28 ++++++++++++++++++++++++++--
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 495c7004..329c2449 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
 .idea
+.sandbox
 include/
 .sandbox/
 .tool-versions
diff --git a/src/wg/windows.go b/src/wg/windows.go
index efc6b72c..db0c065a 100644
--- a/src/wg/windows.go
+++ b/src/wg/windows.go
@@ -7,6 +7,7 @@ import (
 	"context"
 	"io"
 	"os/exec"
+	"strings"
 	"text/template"
 
 	"github.com/pkg/errors"
@@ -34,11 +35,23 @@ func GenerateConfig(f io.Writer, privateKey wgtypes.Key, vpnSettings output.Proj
 }
 
 func UpCmd(ctx context.Context, filePath string) (err *exec.Cmd) {
-	return exec.CommandContext(ctx, "wireguard", "/installtunnelservice", filePath)
+	return exec.CommandContext(ctx,
+		"powershell",
+		"-Command",
+		"Start-Process", "wireguard",
+		"-Verb", "RunAs",
+		"-ArgumentList "+formatArgumentList("/installtunnelservice", filePath),
+	)
 }
 
 func DownCmd(ctx context.Context, _, interfaceName string) (err *exec.Cmd) {
-	return exec.CommandContext(ctx, "wireguard", "/uninstalltunnelservice", interfaceName)
+	return exec.CommandContext(ctx,
+		"powershell",
+		"-Command",
+		"Start-Process", "wireguard",
+		"-Verb", "RunAs",
+		"-ArgumentList "+formatArgumentList("/uninstalltunnelservice", interfaceName),
+	)
 }
 
 var vpnTmpl = `
@@ -60,3 +73,14 @@ Endpoint = {{.ProjectIpv4SharedEndpoint}}
 
 PersistentKeepalive = 5
 `
+
+func formatArgumentList(args ...string) string {
+	for i, a := range args {
+		args[i] = quote(a)
+	}
+	return strings.Join(args, ", ")
+}
+
+func quote(in string) string {
+	return `"` + in + `"`
+}