-
Notifications
You must be signed in to change notification settings - Fork 184
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update to use upstream sddl/SecurityAttribute but retain old exported functions #172
base: main
Are you sure you want to change the base?
Update to use upstream sddl/SecurityAttribute but retain old exported functions #172
Conversation
pipe.go
Outdated
defer localFree(sdb) | ||
copy((*[0xffff]byte)(unsafe.Pointer(sdb))[:], sd) | ||
defer windows.LocalFree(windows.Handle(sdb)) | ||
copy((*[0xffff]byte)(unsafe.Pointer(sdb))[:len], (*[0xffff]byte)(unsafe.Pointer(sd))[:len]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks like we are copying the security descriptor into a new buffer and then casting that buffer to be a security descriptor as well. Should we just change objectAttributes
to take a windows.SECURITY_DESCRIPTOR
instead?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We're fairly inconsistent about following the Go requirements around the use of Go pointers in FFI calls--would we face any possible object lifetime issues by doing this?
What does this change actually solve? |
This really just moves the repo passed the breaking changes made to x/sys/windows. Not super critical. |
backuptar/tar.go
Outdated
} | ||
err := bw.WriteHeader(&bhdr) | ||
if err != nil { | ||
return nil, err | ||
} | ||
_, err = bw.Write(sd) | ||
_, err = bw.Write((*[0xffff]byte)(unsafe.Pointer(sd))[:sdLen]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this needs a comment to explain where 0xffff
comes from
go.sum
Outdated
@@ -16,3 +16,5 @@ golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b h1:ag/x1USPSsqHud38I9BAC88qd | |||
golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= | |||
golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3 h1:7TYNF4UdlohbFwpNH04CoPMp1cHUZgO1Ebq5r2hIjfo= | |||
golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= | |||
golang.org/x/sys v0.0.0-20200523222454-059865788121 h1:rITEj+UZHYC927n8GT97eC3zrpzXdb/voyeOuVKS46o= | |||
golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
did you run go mod tidy
?
@katiewasnothere looks like this needs a rebase now that #175 was merged |
A quick look suggests the conflicts with #175 are just adjacent-line changes in |
… functions Signed-off-by: Kathryn Baldauf <[email protected]>
0a74186
to
f1eb81f
Compare
//sys openVirtualDisk(virtualStorageType *VirtualStorageType, path string, virtualDiskAccessMask uint32, openVirtualDiskFlags uint32, parameters *OpenVirtualDiskParameters, handle *syscall.Handle) (err error) [failretval != 0] = virtdisk.OpenVirtualDisk | ||
//sys attachVirtualDisk(handle syscall.Handle, securityDescriptor *uintptr, attachVirtualDiskFlag uint32, providerSpecificFlags uint32, parameters *AttachVirtualDiskParameters, overlapped *syscall.Overlapped) (err error) [failretval != 0] = virtdisk.AttachVirtualDisk | ||
//sys attachVirtualDisk(handle syscall.Handle, securityDescriptor *windows.SECURITY_DESCRIPTOR, attachVirtualDiskFlag uint32, providerSpecificFlags uint32, parameters *AttachVirtualDiskParameters, overlapped *syscall.Overlapped) (err error) [failretval != 0] = virtdisk.AttachVirtualDisk |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@TBBle The signature for these is changing in this PR anyways so let's make sure we get in the other /x/sys/windows'ify PR shortly after and we can cut a release.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good. I did a quick review previously, and the conflicts are textual-only. i.e. on this line I changed the type of handle
and overlapped
only.
So assuming this lands first, rebasing #197 should only take a few minutes, mostly compile-checking everything.
|
||
sdb := &securityDescriptor{ | ||
Revision: 1, | ||
Control: cSE_DACL_PRESENT, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't want to set windows.SE_DACL_PRESENT
anymore?
} | ||
err := bw.WriteHeader(&bhdr) | ||
if err != nil { | ||
return nil, err | ||
} | ||
_, err = bw.Write(sd) | ||
_, err = bw.Write((*[(1 << 31) - 1]byte)(unsafe.Pointer(sd))[:sdLen]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This idiom fails -gcflags=all=-d=checkptr
as of Go 1.14. In this case, it's just being moved from elsewhere, so it's not an objection to this change, but a reminder that we need to do a pass over the code-base with checkptr
(or race
enabled, which includes it) with Go 1.15 or later, and fix occurrences of this.
The fix itself is pretty simple, I did the same pass for hcsshim in microsoft/hcsshim#926, see Uint16BufferToSlice
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This idiom fails -gcflags=all=-d=checkptr as of Go 1.14. In this case
Oh! It just occurred to me now that there's no CI running in this repository (other than the license/cla
check); should we add a basic github-action?
@katiewasnothere looks like this needs a rebase because #220 was merged |
This PR moves go-winio passed breaking changes from /x/sys/windows for dealing with Security Descriptors.
Added test to validate flow change to use windows.SECURITY_DESCRIPTOR.
Signed-off-by: Kathryn Baldauf [email protected]