github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/monitor/server/pipe_windows.go (about) 1 // +build windows 2 3 package server 4 5 import ( 6 "fmt" 7 "net" 8 "os/user" 9 "strings" 10 11 winio "github.com/Microsoft/go-winio" 12 zap "go.uber.org/zap" 13 ) 14 15 const pipePrefix = `\\.\pipe\` 16 17 func cleanupPipe(address string) error { 18 return nil 19 } 20 21 func makePipe(address string) (net.Listener, error) { 22 var pipeListener net.Listener 23 var err error 24 25 pipeName := address 26 if !strings.HasPrefix(pipeName, pipePrefix) { 27 pipeName = pipePrefix + pipeName 28 } 29 30 pipeCfg := &winio.PipeConfig{} 31 32 current, err := user.Current() 33 if err != nil { 34 zap.L().Error("Unable to get the current user", zap.String("address", address), zap.Error(err)) 35 return nil, err 36 } 37 38 // A discretionary access control list (DACL) identifies the trustees that are allowed or denied access to a securable object. 39 // D:P(A;;GA;;;SY)(A;;GA;;;BA) = DACL allowing (A) General all access (GA) for SYSTEM (SY), Admin (BA) and current user. 40 // This library is creating the pipe using undocumented kernel functions instead of using the win32 functions. 41 // So if the code is running as the administrator, then the security descriptor works just fine, but 42 // if you are running as a non admin even if you are in the administrator's group, then you don't get access to the pipe, 43 // and that is why the code is also granting access to the current user. Normally you would not need to do this. 44 45 pipeCfg.SecurityDescriptor = fmt.Sprintf("D:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;GA;;;%s)", current.Uid) 46 47 pipeListener, err = winio.ListenPipe(pipeName, pipeCfg) 48 49 if err != nil { 50 zap.L().Error("Unable to start the listener", zap.String("address", address), zap.Error(err)) 51 return nil, err 52 } 53 return pipeListener, nil 54 }