github.com/crowdsecurity/crowdsec@v1.6.1/pkg/database/file_utils_windows.go

github.com/crowdsecurity/crowdsec@v1.6.1/pkg/database/file_utils_windows.go (about)

     1  package database
     2  
     3  import (
     4  	"fmt"
     5  	"io/fs"
     6  
     7  	log "github.com/sirupsen/logrus"
     8  	"golang.org/x/sys/windows"
     9  )
    10  
    11  func setFilePerm(path string, mode fs.FileMode) error {
    12  	//On windows, we don't care about the mode, just make sure the file is only readable/writable by the owner and group
    13  
    14  	sd, err := windows.GetNamedSecurityInfo(path, windows.SE_FILE_OBJECT, windows.OWNER_SECURITY_INFORMATION)
    15  	if err != nil {
    16  		return fmt.Errorf("while getting security info: %w", err)
    17  	}
    18  
    19  	currentOwner, defaulted, err := sd.Owner()
    20  
    21  	if err != nil {
    22  		return fmt.Errorf("while getting owner: %w", err)
    23  	}
    24  
    25  	log.Debugf("current owner is %s (%v) (defaulted: %v)", currentOwner.String(), currentOwner, defaulted)
    26  
    27  	currentGroup, defaulted, err := sd.Group()
    28  
    29  	if err != nil {
    30  		return fmt.Errorf("while getting group: %w", err)
    31  	}
    32  
    33  	if currentGroup == nil {
    34  		log.Debugf("current group is nil (defaulted: %v), using builtin admin instead", defaulted)
    35  		currentGroup, err = windows.CreateWellKnownSid(windows.WinBuiltinAdministratorsSid)
    36  		if err != nil {
    37  			return fmt.Errorf("while creating admin SID: %w", err)
    38  		}
    39  	}
    40  
    41  	log.Debugf("current group is %s (%v) (defaulted: %v)", currentGroup.String(), currentGroup, defaulted)
    42  
    43  	dacl, err := windows.ACLFromEntries(
    44  		[]windows.EXPLICIT_ACCESS{
    45  			{
    46  				AccessPermissions: windows.GENERIC_ALL,
    47  				AccessMode:        windows.GRANT_ACCESS,
    48  				Inheritance:       windows.NO_INHERITANCE,
    49  				Trustee: windows.TRUSTEE{
    50  					MultipleTrusteeOperation: windows.NO_MULTIPLE_TRUSTEE,
    51  					TrusteeForm:              windows.TRUSTEE_IS_SID,
    52  					TrusteeType:              windows.TRUSTEE_IS_USER,
    53  					TrusteeValue:             windows.TrusteeValueFromSID(currentOwner),
    54  				},
    55  			},
    56  			{
    57  				AccessPermissions: windows.GENERIC_ALL,
    58  				AccessMode:        windows.GRANT_ACCESS,
    59  				Inheritance:       windows.NO_INHERITANCE,
    60  				Trustee: windows.TRUSTEE{
    61  					MultipleTrusteeOperation: windows.NO_MULTIPLE_TRUSTEE,
    62  					TrusteeForm:              windows.TRUSTEE_IS_SID,
    63  					TrusteeType:              windows.TRUSTEE_IS_GROUP,
    64  					TrusteeValue:             windows.TrusteeValueFromSID(currentGroup),
    65  				},
    66  			},
    67  		}, nil)
    68  
    69  	if err != nil {
    70  		return fmt.Errorf("while creating ACL: %w", err)
    71  	}
    72  
    73  	err = windows.SetNamedSecurityInfo(path, windows.SE_FILE_OBJECT, windows.DACL_SECURITY_INFORMATION|windows.PROTECTED_DACL_SECURITY_INFORMATION, nil, nil, dacl, nil)
    74  
    75  	if err != nil {
    76  		return fmt.Errorf("while setting security info: %w", err)
    77  	}
    78  	return nil
    79  }