Skip to content

Commit

Permalink
windows: add GetExplicitEntriesFromAcl
Browse files Browse the repository at this point in the history
  • Loading branch information
yjhmelody committed Sep 16, 2020
1 parent 50db343 commit 8ecd6fe
Show file tree
Hide file tree
Showing 3 changed files with 77 additions and 0 deletions.
24 changes: 24 additions & 0 deletions windows/security_windows.go
Original file line number Diff line number Diff line change
Expand Up @@ -1122,6 +1122,7 @@ type OBJECTS_AND_NAME struct {
//sys SetSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) = advapi32.SetSecurityInfo
//sys getNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner **SID, group **SID, dacl **ACL, sacl **ACL, sd **SECURITY_DESCRIPTOR) (ret error) = advapi32.GetNamedSecurityInfoW
//sys SetNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) (ret error) = advapi32.SetNamedSecurityInfoW
//sys getExplicitEntriesFromAclW(acl *ACL, countAccessEntries *uint32, accessEntries **EXPLICIT_ACCESS) (ret error) = advapi32.GetExplicitEntriesFromAclW

//sys buildSecurityDescriptor(owner *TRUSTEE, group *TRUSTEE, countAccessEntries uint32, accessEntries *EXPLICIT_ACCESS, countAuditEntries uint32, auditEntries *EXPLICIT_ACCESS, oldSecurityDescriptor *SECURITY_DESCRIPTOR, sizeNewSecurityDescriptor *uint32, newSecurityDescriptor **SECURITY_DESCRIPTOR) (ret error) = advapi32.BuildSecurityDescriptorW
//sys initializeSecurityDescriptor(absoluteSD *SECURITY_DESCRIPTOR, revision uint32) (err error) = advapi32.InitializeSecurityDescriptor
Expand Down Expand Up @@ -1374,6 +1375,29 @@ func GetNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, security
return winHeapSD.copySelfRelativeSecurityDescriptor(), nil
}

// GetExplicitEntriesFromAcl queries the explicit entries from a given ACL
func GetExplicitEntriesFromAcl(acl *ACL) ([]EXPLICIT_ACCESS, error) {
var entries *EXPLICIT_ACCESS
var size uint32
err := getExplicitEntriesFromAclW(
acl,
&size,
&entries,
)
if err != nil {
return nil, err
}

defer LocalFree(Handle(unsafe.Pointer(entries)))
var accesses []EXPLICIT_ACCESS
for i := 0; i < int(size); i++ {
accesses = append(accesses, *entries)
entries = (*EXPLICIT_ACCESS)(unsafe.Pointer((uintptr(unsafe.Pointer(entries)) + unsafe.Sizeof(*entries))))
}

return accesses, nil
}

// BuildSecurityDescriptor makes a new security descriptor using the input trustees, explicit access lists, and
// prior security descriptor to be merged, any of which can be nil, returning the self-relative security descriptor
// result on the Go heap.
Expand Down
44 changes: 44 additions & 0 deletions windows/syscall_windows_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,50 @@ import (
"golang.org/x/sys/windows"
)

func TestGetExplicitEntriesFromAcl(t *testing.T) {
fileObject := os.ExpandEnv("${SystemRoot}")

sd, err := windows.GetNamedSecurityInfo(
fileObject,
windows.SE_FILE_OBJECT,
windows.DACL_SECURITY_INFORMATION,
)

dacl, _, err := sd.DACL()
if err != nil {
t.Fatal(err)
}
accesses, err := windows.GetExplicitEntriesFromAcl(dacl)
if err != nil {
t.Fatal(err)
}

for _, access := range accesses {
_ = trusteeValueFrom(&access.Trustee)
}
}

func trusteeValueFrom(trustee *windows.TRUSTEE) interface{} {
var ret interface{}
switch trustee.TrusteeForm {
case windows.TRUSTEE_IS_SID:
ret = windows.TrusteeValueToSID(trustee.TrusteeValue).String()

case windows.TRUSTEE_IS_NAME:
ret = windows.TrusteeValueToString(trustee.TrusteeValue)

case windows.TRUSTEE_BAD_FORM:

case windows.TRUSTEE_IS_OBJECTS_AND_SID:
ret = windows.TrusteeValueToObjectsAndSid(trustee.TrusteeValue)

case windows.TRUSTEE_IS_OBJECTS_AND_NAME:
ret = windows.TrusteeValueToObjectsAndName(trustee.TrusteeValue)
}

return ret
}

func TestWin32finddata(t *testing.T) {
dir, err := ioutil.TempDir("", "go-build")
if err != nil {
Expand Down
9 changes: 9 additions & 0 deletions windows/zsyscall_windows.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 8ecd6fe

Please sign in to comment.