Skip to content

Commit

Permalink
sys/windows: add GetExplicitEntriesFromAcl
Browse files Browse the repository at this point in the history
  • Loading branch information
yjhmelody committed Sep 10, 2020
1 parent 50db343 commit a6c1fdf
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 0 deletions.
25 changes: 25 additions & 0 deletions windows/security_windows.go
Original file line number Diff line number Diff line change
Expand Up @@ -1122,6 +1122,7 @@ type OBJECTS_AND_NAME struct {
//sys SetSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) = advapi32.SetSecurityInfo
//sys getNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner **SID, group **SID, dacl **ACL, sacl **ACL, sd **SECURITY_DESCRIPTOR) (ret error) = advapi32.GetNamedSecurityInfoW
//sys SetNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION, owner *SID, group *SID, dacl *ACL, sacl *ACL) (ret error) = advapi32.SetNamedSecurityInfoW
//sys getExplicitEntriesFromAclW(acl *ACL, countAccessEntries uint32, accessEntries *EXPLICIT_ACCESS) (ret error) = advapi32.GetExplicitEntriesFromAclW

//sys buildSecurityDescriptor(owner *TRUSTEE, group *TRUSTEE, countAccessEntries uint32, accessEntries *EXPLICIT_ACCESS, countAuditEntries uint32, auditEntries *EXPLICIT_ACCESS, oldSecurityDescriptor *SECURITY_DESCRIPTOR, sizeNewSecurityDescriptor *uint32, newSecurityDescriptor **SECURITY_DESCRIPTOR) (ret error) = advapi32.BuildSecurityDescriptorW
//sys initializeSecurityDescriptor(absoluteSD *SECURITY_DESCRIPTOR, revision uint32) (err error) = advapi32.InitializeSecurityDescriptor
Expand Down Expand Up @@ -1374,6 +1375,30 @@ func GetNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, security
return winHeapSD.copySelfRelativeSecurityDescriptor(), nil
}

// GetExplicitEntriesFromAcl queries the explicit entries from a given ACL
func GetExplicitEntriesFromAcl(acl *ACL) ([]EXPLICIT_ACCESS, error) {
var entries *EXPLICIT_ACCESS
var size uint32
err := getExplicitEntriesFromAclW(
acl,
size,
entries,
)
if err != nil {
return nil, err
}

defer LocalFree((Handle)(unsafe.Pointer(entries)))

var accesses []EXPLICIT_ACCESS
for i := 0; i < int(size); i++ {
accesses = append(accesses, *entries)
entries = (*EXPLICIT_ACCESS)(unsafe.Pointer((uintptr(unsafe.Pointer(entries)) + unsafe.Sizeof(*entries))))
}

return accesses, nil
}

// BuildSecurityDescriptor makes a new security descriptor using the input trustees, explicit access lists, and
// prior security descriptor to be merged, any of which can be nil, returning the self-relative security descriptor
// result on the Go heap.
Expand Down
9 changes: 9 additions & 0 deletions windows/zsyscall_windows.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit a6c1fdf

Please sign in to comment.