Skip to content

Commit

Permalink
Update to use upstream sddl/SecurityAttribute but retain old exported…
Browse files Browse the repository at this point in the history
… functions

Signed-off-by: Kathryn Baldauf <[email protected]>
  • Loading branch information
katiewasnothere committed Jun 2, 2020
1 parent 3fe6c52 commit 0a74186
Show file tree
Hide file tree
Showing 4 changed files with 23 additions and 15 deletions.
16 changes: 10 additions & 6 deletions backuptar/tar.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,11 @@ import (
"strings"
"syscall"
"time"
"unsafe"

"github.com/Microsoft/go-winio"
"github.com/Microsoft/go-winio/archive/tar" // until archive/tar supports pax extensions in its interface
"golang.org/x/sys/windows"
)

const (
Expand Down Expand Up @@ -317,32 +319,34 @@ func FileInfoFromHeader(hdr *tar.Header) (name string, size int64, fileInfo *win
// tar file that was not processed, or io.EOF is there are no more.
func WriteBackupStreamFromTarFile(w io.Writer, t *tar.Reader, hdr *tar.Header) (*tar.Header, error) {
bw := winio.NewBackupStreamWriter(w)
var sd []byte
var sd *windows.SECURITY_DESCRIPTOR
var err error
// Maintaining old SDDL-based behavior for backward compatibility. All new tar headers written
// by this library will have raw binary for the security descriptor.
if sddl, ok := hdr.Winheaders[hdrSecurityDescriptor]; ok {
sd, err = winio.SddlToSecurityDescriptor(sddl)
sd, err = windows.SecurityDescriptorFromString(sddl)
if err != nil {
return nil, err
}
}
if sdraw, ok := hdr.Winheaders[hdrRawSecurityDescriptor]; ok {
sd, err = base64.StdEncoding.DecodeString(sdraw)
sdbytes, err := base64.StdEncoding.DecodeString(sdraw)
sd = (*windows.SECURITY_DESCRIPTOR)(unsafe.Pointer(&sdbytes[0]))
if err != nil {
return nil, err
}
}
if len(sd) != 0 {
sdLen := sd.Length()
if sdLen != 0 {
bhdr := winio.BackupHeader{
Id: winio.BackupSecurity,
Size: int64(len(sd)),
Size: int64(sdLen),
}
err := bw.WriteHeader(&bhdr)
if err != nil {
return nil, err
}
_, err = bw.Write(sd)
_, err = bw.Write((*[0xffff]byte)(unsafe.Pointer(sd))[:sdLen])
if err != nil {
return nil, err
}
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -5,5 +5,5 @@ go 1.12
require (
github.com/pkg/errors v0.8.1
github.com/sirupsen/logrus v1.4.1
golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3
golang.org/x/sys v0.0.0-20200523222454-059865788121
)
2 changes: 2 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -16,3 +16,5 @@ golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b h1:ag/x1USPSsqHud38I9BAC88qd
golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3 h1:7TYNF4UdlohbFwpNH04CoPMp1cHUZgO1Ebq5r2hIjfo=
golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200523222454-059865788121 h1:rITEj+UZHYC927n8GT97eC3zrpzXdb/voyeOuVKS46o=
golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
18 changes: 10 additions & 8 deletions pipe.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ import (
"syscall"
"time"
"unsafe"

"golang.org/x/sys/windows"
)

//sys connectNamedPipe(pipe syscall.Handle, o *syscall.Overlapped) (err error) = ConnectNamedPipe
Expand Down Expand Up @@ -273,7 +275,7 @@ type win32PipeListener struct {
doneCh chan int
}

func makeServerPipeHandle(path string, sd []byte, c *PipeConfig, first bool) (syscall.Handle, error) {
func makeServerPipeHandle(path string, sd *windows.SECURITY_DESCRIPTOR, c *PipeConfig, first bool) (syscall.Handle, error) {
path16, err := syscall.UTF16FromString(path)
if err != nil {
return 0, &os.PathError{Op: "open", Path: path, Err: err}
Expand All @@ -286,24 +288,24 @@ func makeServerPipeHandle(path string, sd []byte, c *PipeConfig, first bool) (sy
if err := rtlDosPathNameToNtPathName(&path16[0], &ntPath, 0, 0).Err(); err != nil {
return 0, &os.PathError{Op: "open", Path: path, Err: err}
}
defer localFree(ntPath.Buffer)
defer windows.LocalFree(windows.Handle(ntPath.Buffer))
oa.ObjectName = &ntPath

// The security descriptor is only needed for the first pipe.
if first {
if sd != nil {
len := uint32(len(sd))
len := sd.Length()
sdb := localAlloc(0, len)
defer localFree(sdb)
copy((*[0xffff]byte)(unsafe.Pointer(sdb))[:], sd)
defer windows.LocalFree(windows.Handle(sdb))
copy((*[0xffff]byte)(unsafe.Pointer(sdb))[:len], (*[0xffff]byte)(unsafe.Pointer(sd))[:len])
oa.SecurityDescriptor = (*securityDescriptor)(unsafe.Pointer(sdb))
} else {
// Construct the default named pipe security descriptor.
var dacl uintptr
if err := rtlDefaultNpAcl(&dacl).Err(); err != nil {
return 0, fmt.Errorf("getting default named pipe ACL: %s", err)
}
defer localFree(dacl)
defer windows.LocalFree(windows.Handle(dacl))

sdb := &securityDescriptor{
Revision: 1,
Expand Down Expand Up @@ -440,14 +442,14 @@ type PipeConfig struct {
// The pipe must not already exist.
func ListenPipe(path string, c *PipeConfig) (net.Listener, error) {
var (
sd []byte
sd *windows.SECURITY_DESCRIPTOR
err error
)
if c == nil {
c = &PipeConfig{}
}
if c.SecurityDescriptor != "" {
sd, err = SddlToSecurityDescriptor(c.SecurityDescriptor)
sd, err = windows.SecurityDescriptorFromString(c.SecurityDescriptor)
if err != nil {
return nil, err
}
Expand Down

0 comments on commit 0a74186

Please sign in to comment.