github.com/docker/docker@v299999999.0.0-20200612211812-aaf470eca7b5+incompatible/pkg/system/syscall_windows.go (about) 1 package system // import "github.com/docker/docker/pkg/system" 2 3 import ( 4 "syscall" 5 "unsafe" 6 7 "github.com/Microsoft/hcsshim/osversion" 8 "github.com/sirupsen/logrus" 9 "golang.org/x/sys/windows" 10 ) 11 12 const ( 13 OWNER_SECURITY_INFORMATION = windows.OWNER_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.OWNER_SECURITY_INFORMATION 14 GROUP_SECURITY_INFORMATION = windows.GROUP_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.GROUP_SECURITY_INFORMATION 15 DACL_SECURITY_INFORMATION = windows.DACL_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.DACL_SECURITY_INFORMATION 16 SACL_SECURITY_INFORMATION = windows.SACL_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.SACL_SECURITY_INFORMATION 17 LABEL_SECURITY_INFORMATION = windows.LABEL_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.LABEL_SECURITY_INFORMATION 18 ATTRIBUTE_SECURITY_INFORMATION = windows.ATTRIBUTE_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.ATTRIBUTE_SECURITY_INFORMATION 19 SCOPE_SECURITY_INFORMATION = windows.SCOPE_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.SCOPE_SECURITY_INFORMATION 20 PROCESS_TRUST_LABEL_SECURITY_INFORMATION = 0x00000080 21 ACCESS_FILTER_SECURITY_INFORMATION = 0x00000100 22 BACKUP_SECURITY_INFORMATION = windows.BACKUP_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.BACKUP_SECURITY_INFORMATION 23 PROTECTED_DACL_SECURITY_INFORMATION = windows.PROTECTED_DACL_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.PROTECTED_DACL_SECURITY_INFORMATION 24 PROTECTED_SACL_SECURITY_INFORMATION = windows.PROTECTED_SACL_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.PROTECTED_SACL_SECURITY_INFORMATION 25 UNPROTECTED_DACL_SECURITY_INFORMATION = windows.UNPROTECTED_DACL_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.UNPROTECTED_DACL_SECURITY_INFORMATION 26 UNPROTECTED_SACL_SECURITY_INFORMATION = windows.UNPROTECTED_SACL_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.UNPROTECTED_SACL_SECURITY_INFORMATION 27 ) 28 29 const ( 30 SE_UNKNOWN_OBJECT_TYPE = windows.SE_UNKNOWN_OBJECT_TYPE // Deprecated: use golang.org/x/sys/windows.SE_UNKNOWN_OBJECT_TYPE 31 SE_FILE_OBJECT = windows.SE_FILE_OBJECT // Deprecated: use golang.org/x/sys/windows.SE_FILE_OBJECT 32 SE_SERVICE = windows.SE_SERVICE // Deprecated: use golang.org/x/sys/windows.SE_SERVICE 33 SE_PRINTER = windows.SE_PRINTER // Deprecated: use golang.org/x/sys/windows.SE_PRINTER 34 SE_REGISTRY_KEY = windows.SE_REGISTRY_KEY // Deprecated: use golang.org/x/sys/windows.SE_REGISTRY_KEY 35 SE_LMSHARE = windows.SE_LMSHARE // Deprecated: use golang.org/x/sys/windows.SE_LMSHARE 36 SE_KERNEL_OBJECT = windows.SE_KERNEL_OBJECT // Deprecated: use golang.org/x/sys/windows.SE_KERNEL_OBJECT 37 SE_WINDOW_OBJECT = windows.SE_WINDOW_OBJECT // Deprecated: use golang.org/x/sys/windows.SE_WINDOW_OBJECT 38 SE_DS_OBJECT = windows.SE_DS_OBJECT // Deprecated: use golang.org/x/sys/windows.SE_DS_OBJECT 39 SE_DS_OBJECT_ALL = windows.SE_DS_OBJECT_ALL // Deprecated: use golang.org/x/sys/windows.SE_DS_OBJECT_ALL 40 SE_PROVIDER_DEFINED_OBJECT = windows.SE_PROVIDER_DEFINED_OBJECT // Deprecated: use golang.org/x/sys/windows.SE_PROVIDER_DEFINED_OBJECT 41 SE_WMIGUID_OBJECT = windows.SE_WMIGUID_OBJECT // Deprecated: use golang.org/x/sys/windows.SE_WMIGUID_OBJECT 42 SE_REGISTRY_WOW64_32KEY = windows.SE_REGISTRY_WOW64_32KEY // Deprecated: use golang.org/x/sys/windows.SE_REGISTRY_WOW64_32KEY 43 ) 44 45 const ( 46 SeTakeOwnershipPrivilege = "SeTakeOwnershipPrivilege" 47 ) 48 49 const ( 50 ContainerAdministratorSidString = "S-1-5-93-2-1" 51 ContainerUserSidString = "S-1-5-93-2-2" 52 ) 53 54 var ( 55 ntuserApiset = windows.NewLazyDLL("ext-ms-win-ntuser-window-l1-1-0") 56 modadvapi32 = windows.NewLazySystemDLL("advapi32.dll") 57 procGetVersionExW = modkernel32.NewProc("GetVersionExW") 58 procSetNamedSecurityInfo = modadvapi32.NewProc("SetNamedSecurityInfoW") 59 procGetSecurityDescriptorDacl = modadvapi32.NewProc("GetSecurityDescriptorDacl") 60 ) 61 62 // OSVersion is a wrapper for Windows version information 63 // https://msdn.microsoft.com/en-us/library/windows/desktop/ms724439(v=vs.85).aspx 64 type OSVersion = osversion.OSVersion 65 66 // https://msdn.microsoft.com/en-us/library/windows/desktop/ms724833(v=vs.85).aspx 67 // TODO: use golang.org/x/sys/windows.OsVersionInfoEx (needs OSVersionInfoSize to be exported) 68 type osVersionInfoEx struct { 69 OSVersionInfoSize uint32 70 MajorVersion uint32 71 MinorVersion uint32 72 BuildNumber uint32 73 PlatformID uint32 74 CSDVersion [128]uint16 75 ServicePackMajor uint16 76 ServicePackMinor uint16 77 SuiteMask uint16 78 ProductType byte 79 Reserve byte 80 } 81 82 // GetOSVersion gets the operating system version on Windows. Note that 83 // dockerd.exe must be manifested to get the correct version information. 84 // Deprecated: use github.com/Microsoft/hcsshim/osversion.Get() instead 85 func GetOSVersion() OSVersion { 86 return osversion.Get() 87 } 88 89 // IsWindowsClient returns true if the SKU is client 90 func IsWindowsClient() bool { 91 osviex := &osVersionInfoEx{OSVersionInfoSize: 284} 92 r1, _, err := procGetVersionExW.Call(uintptr(unsafe.Pointer(osviex))) 93 if r1 == 0 { 94 logrus.Warnf("GetVersionExW failed - assuming server SKU: %v", err) 95 return false 96 } 97 const verNTWorkstation = 0x00000001 98 return osviex.ProductType == verNTWorkstation 99 } 100 101 // Unmount is a platform-specific helper function to call 102 // the unmount syscall. Not supported on Windows 103 func Unmount(_ string) error { 104 return nil 105 } 106 107 // HasWin32KSupport determines whether containers that depend on win32k can 108 // run on this machine. Win32k is the driver used to implement windowing. 109 func HasWin32KSupport() bool { 110 // For now, check for ntuser API support on the host. In the future, a host 111 // may support win32k in containers even if the host does not support ntuser 112 // APIs. 113 return ntuserApiset.Load() == nil 114 } 115 116 // Deprecated: use golang.org/x/sys/windows.SetNamedSecurityInfo() 117 func SetNamedSecurityInfo(objectName *uint16, objectType uint32, securityInformation uint32, sidOwner *windows.SID, sidGroup *windows.SID, dacl *byte, sacl *byte) (result error) { 118 r0, _, _ := syscall.Syscall9(procSetNamedSecurityInfo.Addr(), 7, uintptr(unsafe.Pointer(objectName)), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(sidOwner)), uintptr(unsafe.Pointer(sidGroup)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), 0, 0) 119 if r0 != 0 { 120 result = syscall.Errno(r0) 121 } 122 return 123 } 124 125 // Deprecated: uses golang.org/x/sys/windows.SecurityDescriptorFromString() and golang.org/x/sys/windows.SECURITY_DESCRIPTOR.DACL() 126 func GetSecurityDescriptorDacl(securityDescriptor *byte, daclPresent *uint32, dacl **byte, daclDefaulted *uint32) (result error) { 127 r1, _, e1 := syscall.Syscall6(procGetSecurityDescriptorDacl.Addr(), 4, uintptr(unsafe.Pointer(securityDescriptor)), uintptr(unsafe.Pointer(daclPresent)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(daclDefaulted)), 0, 0) 128 if r1 == 0 { 129 if e1 != 0 { 130 result = e1 131 } else { 132 result = syscall.EINVAL 133 } 134 } 135 return 136 }