github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/kbfs/dokan/winacl/winacl.go (about)

     1  // Copyright 2016 Keybase Inc. All rights reserved.
     2  // Use of this source code is governed by a BSD
     3  // license that can be found in the LICENSE file.
     4  
     5  // Package winacl adds support for various Windows security APIs for Dokan.
     6  package winacl
     7  
     8  import (
     9  	"reflect"
    10  	"unsafe"
    11  )
    12  
    13  // CurrentProcessUserSid is a utility to get the
    14  // SID of the current user running the process.
    15  func CurrentProcessUserSid() (*SID, error) {
    16  	return currentProcessUserSid()
    17  }
    18  
    19  // CurrentProcessPrimaryGroupSid is a utility to get the
    20  // SID of the primary group of current user running the process.
    21  func CurrentProcessPrimaryGroupSid() (*SID, error) {
    22  	return currentProcessPrimaryGroupSid()
    23  }
    24  
    25  // NewSecurityDescriptorWithBuffer creates a new self-referential
    26  // security descriptor in the buffer provided.
    27  func NewSecurityDescriptorWithBuffer(bs []byte) *SecurityDescriptor {
    28  	for i := range bs {
    29  		bs[i] = 0
    30  	}
    31  	var sd = SecurityDescriptor{bytes: bs,
    32  		curOffset: int(unsafe.Sizeof(selfRelativeSecurityDescriptor{}))}
    33  	if len(bs) >= sd.curOffset {
    34  		sd.ptr = (*selfRelativeSecurityDescriptor)(unsafe.Pointer(&bs[0]))
    35  		sd.ptr.Revision = 1
    36  		sd.ptr.Control = seSelfRelative | seOwnerDefaulted | seGroupDefaulted
    37  	}
    38  	return &sd
    39  }
    40  
    41  // SecurityDescriptor is the type for security descriptors.
    42  // Note that items have to be set in the following order:
    43  // 1) owner, 2) group, 3) sacl, 4) dacl. Some of them may
    44  // be omitted.
    45  type SecurityDescriptor struct {
    46  	bytes     []byte
    47  	ptr       *selfRelativeSecurityDescriptor
    48  	curOffset int
    49  }
    50  
    51  // Size returns the size of the security descriptor. If the buffer is too
    52  // small then it is the size that would be needed to store this
    53  // SecurityDescriptor.
    54  func (sd *SecurityDescriptor) Size() int {
    55  	return sd.curOffset
    56  }
    57  
    58  // HasOverflowed returns whether this security descriptor is too large for
    59  // the provided buffer.
    60  func (sd *SecurityDescriptor) HasOverflowed() bool {
    61  	return sd.curOffset > len(sd.bytes)
    62  }
    63  
    64  type selfRelativeSecurityDescriptor struct {
    65  	Revision, Sbz1                                   byte
    66  	Control                                          uint16
    67  	OwnerOffset, GroupOffset, SaclOffset, DaclOffset int32
    68  }
    69  
    70  const (
    71  	seOwnerDefaulted = 0x1
    72  	seGroupDefaulted = 0x2
    73  	seDaclPresent    = 0x4
    74  	seSelfRelative   = 0x8000
    75  )
    76  
    77  // SetOwner sets the owner field of a SecurityDescriptor.
    78  func (sd *SecurityDescriptor) SetOwner(sid *SID) {
    79  	if off := sd.setSid(sid); off != 0 {
    80  		sd.ptr.OwnerOffset = int32(off)
    81  		sd.ptr.Control &^= seOwnerDefaulted
    82  	}
    83  }
    84  
    85  // SetGroup sets the owner field of a SecurityDescriptor.
    86  func (sd *SecurityDescriptor) SetGroup(sid *SID) {
    87  	if off := sd.setSid(sid); off != 0 {
    88  		sd.ptr.GroupOffset = int32(off)
    89  		sd.ptr.Control &^= seGroupDefaulted
    90  	}
    91  }
    92  
    93  // SetDacl sets a dacl in the security descriptor to the given ACL.
    94  func (sd *SecurityDescriptor) SetDacl(acl *ACL) {
    95  	bs := acl.bytes()
    96  	off := sd.curOffset
    97  	sd.curOffset += len(bs)
    98  	if sd.HasOverflowed() {
    99  		return
   100  	}
   101  	copy(sd.bytes[off:], bs)
   102  	sd.ptr.Control |= seDaclPresent
   103  	sd.ptr.DaclOffset = int32(off)
   104  }
   105  
   106  func (sd *SecurityDescriptor) setSid(sid *SID) int {
   107  	size := sidSize(sid)
   108  	off := sd.curOffset
   109  	sd.curOffset += size
   110  	if sd.HasOverflowed() {
   111  		return 0
   112  	}
   113  	copy(sd.bytes[off:], bufToSlice(unsafe.Pointer(sid), size))
   114  	return off
   115  }
   116  
   117  func sidSize(s *SID) int {
   118  	return 8 + 4*int(((*sidFixed)(unsafe.Pointer(s))).SubAuthorityCount)
   119  }
   120  
   121  type sidFixed struct {
   122  	Revision, SubAuthorityCount byte
   123  	IdentifierAuthority         [6]byte
   124  }
   125  
   126  // bufToSlice returns a byte slice aliasing the pointer and length given as arguments.
   127  func bufToSlice(ptr unsafe.Pointer, nbytes int) []byte {
   128  	if ptr == nil || nbytes == 0 {
   129  		return nil
   130  	}
   131  	return *(*[]byte)(unsafe.Pointer(&reflect.SliceHeader{
   132  		Data: uintptr(ptr),
   133  		Len:  nbytes,
   134  		Cap:  nbytes}))
   135  }