diff --git a/dnscrypt-proxy/sources_test.go b/dnscrypt-proxy/sources_test.go index 2ff50ccc..b1e9f777 100644 --- a/dnscrypt-proxy/sources_test.go +++ b/dnscrypt-proxy/sources_test.go @@ -13,8 +13,10 @@ import ( "testing" "time" - "github.com/jedisct1/go-minisign" + "github.com/hectane/go-acl" "github.com/powerman/check" + + "github.com/jedisct1/go-minisign" ) type SourceFixture struct { @@ -84,6 +86,9 @@ func writeSourceCache(t *testing.T, basePath string, fixtures []SourceFixture) { if err := ioutil.WriteFile(path, f.content, perms); err != nil { t.Fatalf("Unable to write cache file %s: %v", path, err) } + if err := acl.Chmod(path, perms); err != nil { + t.Fatalf("Unable to set permissions on cache file %s: %v", path, err) + } if f.mtime.IsZero() { continue } @@ -96,7 +101,7 @@ func writeSourceCache(t *testing.T, basePath string, fixtures []SourceFixture) { func checkSourceCache(c *check.C, basePath string, fixtures []SourceFixture) { for _, f := range fixtures { path := basePath + f.suffix - _ = os.Chmod(path, 0644) // don't worry if this fails, reading it will catch the same problem + _ = acl.Chmod(path, 0644) // don't worry if this fails, reading it will catch the same problem got, err := ioutil.ReadFile(path) c.DeepEqual(got, f.content, "Cache file '%s', err %v", path, err) } @@ -269,10 +274,8 @@ func prepSourceTestCache(t *testing.T, d *SourceTestData, e *SourceTestExpect, s e.Source.in = e.cache[0].content case TestStatePartial, TestStatePartialSig: e.err = "signature" - case TestStateMissing, TestStateMissingSig: + case TestStateMissing, TestStateMissingSig, TestStateOpenErr, TestStateOpenSigErr: e.err = "open" - case TestStateOpenErr, TestStateOpenSigErr: - e.err = os.ErrPermission.Error() } writeSourceCache(t, e.cachePath, e.cache) } diff --git a/go.mod b/go.mod index a788c080..fc3fabd7 100644 --- a/go.mod +++ b/go.mod @@ -11,6 +11,7 @@ require ( github.com/facebookgo/pidfile v0.0.0-20150612191647-f242e2999868 github.com/hashicorp/go-immutable-radix v1.1.0 github.com/hashicorp/golang-lru v0.5.3 + github.com/hectane/go-acl v0.0.0-20190604041725-da78bae5fc95 github.com/jedisct1/dlog v0.0.0-20190909160351-692385b00b84 github.com/jedisct1/go-clocksmith v0.0.0-20190707124905-73e087c7979c github.com/jedisct1/go-dnsstamps v0.0.0-20191014084838-3e6e00f2b602 diff --git a/go.sum b/go.sum index 64b572e9..26152bf6 100644 --- a/go.sum +++ b/go.sum @@ -28,6 +28,8 @@ github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/b github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.3 h1:YPkqC67at8FYaadspW/6uE0COsBxS2656RLEr8Bppgk= github.com/hashicorp/golang-lru v0.5.3/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= +github.com/hectane/go-acl v0.0.0-20190604041725-da78bae5fc95 h1:S4qyfL2sEm5Budr4KVMyEniCy+PbS55651I/a+Kn/NQ= +github.com/hectane/go-acl v0.0.0-20190604041725-da78bae5fc95/go.mod h1:QiyDdbZLaJ/mZP4Zwc9g2QsfaEA4o7XvvgZegSci5/E= github.com/jedisct1/dlog v0.0.0-20190909160351-692385b00b84 h1:7Q8p5MNx7fMvIRFirdWQpqPEtoSMyskdyOjdi6x4pLc= github.com/jedisct1/dlog v0.0.0-20190909160351-692385b00b84/go.mod h1:YXh1b5j+lwirsCCtTJW19DrbpaL9/5UzwNjI78Cvrg8= github.com/jedisct1/go-clocksmith v0.0.0-20190707124905-73e087c7979c h1:a/NQUT7AXkEfhaZ+nb7Uzqijo1Qc7C7SZpRrv+6UQDA= @@ -74,6 +76,7 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sys v0.0.0-20190204203706-41f3e6584952/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190529164535-6a60838ec259/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190909082730-f460065e899a h1:mIzbOulag9/gXacgxKlFVwpCOWSfBT3/pDyyCwGA9as= golang.org/x/sys v0.0.0-20190909082730-f460065e899a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/vendor/github.com/hectane/go-acl/LICENSE.txt b/vendor/github.com/hectane/go-acl/LICENSE.txt new file mode 100644 index 00000000..fb72c83a --- /dev/null +++ b/vendor/github.com/hectane/go-acl/LICENSE.txt @@ -0,0 +1,9 @@ +The MIT License (MIT) + +Copyright (c) 2015 Nathan Osman + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/vendor/github.com/hectane/go-acl/README.md b/vendor/github.com/hectane/go-acl/README.md new file mode 100644 index 00000000..58adf976 --- /dev/null +++ b/vendor/github.com/hectane/go-acl/README.md @@ -0,0 +1,66 @@ +## go-acl + +[![Build status](https://ci.appveyor.com/api/projects/status/rbdyu7c39o2j0ru9?svg=true)](https://ci.appveyor.com/project/nathan-osman/go-acl) +[![GoDoc](https://godoc.org/github.com/hectane/go-acl?status.svg)](https://godoc.org/github.com/hectane/go-acl) +[![MIT License](http://img.shields.io/badge/license-MIT-9370d8.svg?style=flat)](http://opensource.org/licenses/MIT) + +Manipulating ACLs (Access Control Lists) on Windows is difficult. go-acl wraps the Windows API functions that control access to objects, simplifying the process. + +### Using the Package + +To use the package add the following imports: + + import ( + "github.com/hectane/go-acl" + "golang.org/x/sys/windows" + ) + +### Examples + +Probably the most commonly used function in this package is `Chmod`: + + if err := acl.Chmod("C:\\path\\to\\file.txt", 0755); err != nil { + panic(err) + } + +To grant read access to user "Alice" and deny write access to user "Bob": + + if err := acl.Apply( + "C:\\path\\to\\file.txt", + false, + false, + acl.GrantName(windows.GENERIC_READ, "Alice"), + acl.DenyName(windows.GENERIC_WRITE, "Bob"), + ); err != nil { + panic(err) + } + +### Using the API Directly + +go-acl's `api` package exposes the individual Windows API functions that are used to manipulate ACLs. For example, to retrieve the current owner of a file: + + import ( + "github.com/hectane/go-acl/api" + "golang.org/x/sys/windows" + ) + + var ( + owner *windows.SID + secDesc windows.Handle + ) + err := api.GetNamedSecurityInfo( + "C:\\path\\to\\file.txt", + api.SE_FILE_OBJECT, + api.OWNER_SECURITY_INFORMATION, + &owner, + nil, + nil, + nil, + &secDesc, + ) + if err != nil { + panic(err) + } + defer windows.LocalFree(secDesc) + +`owner` will then point to the SID for the owner of the file. diff --git a/vendor/github.com/hectane/go-acl/api/acl.go b/vendor/github.com/hectane/go-acl/api/acl.go new file mode 100644 index 00000000..756f56ad --- /dev/null +++ b/vendor/github.com/hectane/go-acl/api/acl.go @@ -0,0 +1,98 @@ +//+build windows + +package api + +import ( + "golang.org/x/sys/windows" + + "unsafe" +) + +// https://msdn.microsoft.com/en-us/library/windows/desktop/aa379284.aspx +const ( + NO_MULTIPLE_TRUSTEE = iota + TRUSTEE_IS_IMPERSONATE +) + +// https://msdn.microsoft.com/en-us/library/windows/desktop/aa379638.aspx +const ( + TRUSTEE_IS_SID = iota + TRUSTEE_IS_NAME + TRUSTEE_BAD_FORM + TRUSTEE_IS_OBJECTS_AND_SID + TRUSTEE_IS_OBJECTS_AND_NAME +) + +// https://msdn.microsoft.com/en-us/library/windows/desktop/aa379639.aspx +const ( + TRUSTEE_IS_UNKNOWN = iota + TRUSTEE_IS_USER + TRUSTEE_IS_GROUP + TRUSTEE_IS_DOMAIN + TRUSTEE_IS_ALIAS + TRUSTEE_IS_WELL_KNOWN_GROUP + TRUSTEE_IS_DELETED + TRUSTEE_IS_INVALID + TRUSTEE_IS_COMPUTER +) + +// https://msdn.microsoft.com/en-us/library/windows/desktop/aa374899.aspx +const ( + NOT_USED_ACCESS = iota + GRANT_ACCESS + SET_ACCESS + DENY_ACCESS + REVOKE_ACCESS + SET_AUDIT_SUCCESS + SET_AUDIT_FAILURE +) + +// https://msdn.microsoft.com/en-us/library/windows/desktop/aa446627.aspx +const ( + NO_INHERITANCE = 0x0 + SUB_OBJECTS_ONLY_INHERIT = 0x1 + SUB_CONTAINERS_ONLY_INHERIT = 0x2 + SUB_CONTAINERS_AND_OBJECTS_INHERIT = 0x3 + INHERIT_NO_PROPAGATE = 0x4 + INHERIT_ONLY = 0x8 + + OBJECT_INHERIT_ACE = 0x1 + CONTAINER_INHERIT_ACE = 0x2 + NO_PROPAGATE_INHERIT_ACE = 0x4 + INHERIT_ONLY_ACE = 0x8 +) + +var ( + procSetEntriesInAclW = advapi32.MustFindProc("SetEntriesInAclW") +) + +// https://msdn.microsoft.com/en-us/library/windows/desktop/aa379636.aspx +type Trustee struct { + MultipleTrustee *Trustee + MultipleTrusteeOperation int32 + TrusteeForm int32 + TrusteeType int32 + Name *uint16 +} + +// https://msdn.microsoft.com/en-us/library/windows/desktop/aa446627.aspx +type ExplicitAccess struct { + AccessPermissions uint32 + AccessMode int32 + Inheritance uint32 + Trustee Trustee +} + +// https://msdn.microsoft.com/en-us/library/windows/desktop/aa379576.aspx +func SetEntriesInAcl(entries []ExplicitAccess, oldAcl windows.Handle, newAcl *windows.Handle) error { + ret, _, err := procSetEntriesInAclW.Call( + uintptr(len(entries)), + uintptr(unsafe.Pointer(&entries[0])), + uintptr(oldAcl), + uintptr(unsafe.Pointer(newAcl)), + ) + if ret != 0 { + return err + } + return nil +} diff --git a/vendor/github.com/hectane/go-acl/api/api.go b/vendor/github.com/hectane/go-acl/api/api.go new file mode 100644 index 00000000..371dd2d8 --- /dev/null +++ b/vendor/github.com/hectane/go-acl/api/api.go @@ -0,0 +1,10 @@ +//+build windows + +// Windows API functions for manipulating ACLs. +package api + +import ( + "golang.org/x/sys/windows" +) + +var advapi32 = windows.MustLoadDLL("advapi32.dll") diff --git a/vendor/github.com/hectane/go-acl/api/posix.go b/vendor/github.com/hectane/go-acl/api/posix.go new file mode 100644 index 00000000..2c199fd8 --- /dev/null +++ b/vendor/github.com/hectane/go-acl/api/posix.go @@ -0,0 +1,3 @@ +//+build !windows + +package api diff --git a/vendor/github.com/hectane/go-acl/api/secinfo.go b/vendor/github.com/hectane/go-acl/api/secinfo.go new file mode 100644 index 00000000..6b3c4410 --- /dev/null +++ b/vendor/github.com/hectane/go-acl/api/secinfo.go @@ -0,0 +1,84 @@ +//+build windows + +package api + +import ( + "golang.org/x/sys/windows" + + "unsafe" +) + +// https://msdn.microsoft.com/en-us/library/windows/desktop/aa379593.aspx +const ( + SE_UNKNOWN_OBJECT_TYPE = iota + SE_FILE_OBJECT + SE_SERVICE + SE_PRINTER + SE_REGISTRY_KEY + SE_LMSHARE + SE_KERNEL_OBJECT + SE_WINDOW_OBJECT + SE_DS_OBJECT + SE_DS_OBJECT_ALL + SE_PROVIDER_DEFINED_OBJECT + SE_WMIGUID_OBJECT + SE_REGISTRY_WOW64_32KEY +) + +// https://msdn.microsoft.com/en-us/library/windows/desktop/aa379573.aspx +const ( + OWNER_SECURITY_INFORMATION = 0x00001 + GROUP_SECURITY_INFORMATION = 0x00002 + DACL_SECURITY_INFORMATION = 0x00004 + SACL_SECURITY_INFORMATION = 0x00008 + LABEL_SECURITY_INFORMATION = 0x00010 + ATTRIBUTE_SECURITY_INFORMATION = 0x00020 + SCOPE_SECURITY_INFORMATION = 0x00040 + PROCESS_TRUST_LABEL_SECURITY_INFORMATION = 0x00080 + BACKUP_SECURITY_INFORMATION = 0x10000 + + PROTECTED_DACL_SECURITY_INFORMATION = 0x80000000 + PROTECTED_SACL_SECURITY_INFORMATION = 0x40000000 + UNPROTECTED_DACL_SECURITY_INFORMATION = 0x20000000 + UNPROTECTED_SACL_SECURITY_INFORMATION = 0x10000000 +) + +var ( + procGetNamedSecurityInfoW = advapi32.MustFindProc("GetNamedSecurityInfoW") + procSetNamedSecurityInfoW = advapi32.MustFindProc("SetNamedSecurityInfoW") +) + +// https://msdn.microsoft.com/en-us/library/windows/desktop/aa446645.aspx +func GetNamedSecurityInfo(objectName string, objectType int32, secInfo uint32, owner, group **windows.SID, dacl, sacl, secDesc *windows.Handle) error { + ret, _, err := procGetNamedSecurityInfoW.Call( + uintptr(unsafe.Pointer(windows.StringToUTF16Ptr(objectName))), + uintptr(objectType), + uintptr(secInfo), + uintptr(unsafe.Pointer(owner)), + uintptr(unsafe.Pointer(group)), + uintptr(unsafe.Pointer(dacl)), + uintptr(unsafe.Pointer(sacl)), + uintptr(unsafe.Pointer(secDesc)), + ) + if ret != 0 { + return err + } + return nil +} + +// https://msdn.microsoft.com/en-us/library/windows/desktop/aa379579.aspx +func SetNamedSecurityInfo(objectName string, objectType int32, secInfo uint32, owner, group *windows.SID, dacl, sacl windows.Handle) error { + ret, _, err := procSetNamedSecurityInfoW.Call( + uintptr(unsafe.Pointer(windows.StringToUTF16Ptr(objectName))), + uintptr(objectType), + uintptr(secInfo), + uintptr(unsafe.Pointer(owner)), + uintptr(unsafe.Pointer(group)), + uintptr(dacl), + uintptr(sacl), + ) + if ret != 0 { + return err + } + return nil +} diff --git a/vendor/github.com/hectane/go-acl/api/sid.go b/vendor/github.com/hectane/go-acl/api/sid.go new file mode 100644 index 00000000..4ecc0869 --- /dev/null +++ b/vendor/github.com/hectane/go-acl/api/sid.go @@ -0,0 +1,131 @@ +//+build windows + +package api + +import ( + "golang.org/x/sys/windows" + + "unsafe" +) + +// https://msdn.microsoft.com/en-us/library/windows/desktop/ee207397.aspx +const ( + SECURITY_MAX_SID_SIZE = 68 +) + +// https://msdn.microsoft.com/en-us/library/windows/desktop/aa379650.aspx +const ( + WinNullSid = 0 + WinWorldSid = 1 + WinLocalSid = 2 + WinCreatorOwnerSid = 3 + WinCreatorGroupSid = 4 + WinCreatorOwnerServerSid = 5 + WinCreatorGroupServerSid = 6 + WinNtAuthoritySid = 7 + WinDialupSid = 8 + WinNetworkSid = 9 + WinBatchSid = 10 + WinInteractiveSid = 11 + WinServiceSid = 12 + WinAnonymousSid = 13 + WinProxySid = 14 + WinEnterpriseControllersSid = 15 + WinSelfSid = 16 + WinAuthenticatedUserSid = 17 + WinRestrictedCodeSid = 18 + WinTerminalServerSid = 19 + WinRemoteLogonIdSid = 20 + WinLogonIdsSid = 21 + WinLocalSystemSid = 22 + WinLocalServiceSid = 23 + WinNetworkServiceSid = 24 + WinBuiltinDomainSid = 25 + WinBuiltinAdministratorsSid = 26 + WinBuiltinUsersSid = 27 + WinBuiltinGuestsSid = 28 + WinBuiltinPowerUsersSid = 29 + WinBuiltinAccountOperatorsSid = 30 + WinBuiltinSystemOperatorsSid = 31 + WinBuiltinPrintOperatorsSid = 32 + WinBuiltinBackupOperatorsSid = 33 + WinBuiltinReplicatorSid = 34 + WinBuiltinPreWindows2000CompatibleAccessSid = 35 + WinBuiltinRemoteDesktopUsersSid = 36 + WinBuiltinNetworkConfigurationOperatorsSid = 37 + WinAccountAdministratorSid = 38 + WinAccountGuestSid = 39 + WinAccountKrbtgtSid = 40 + WinAccountDomainAdminsSid = 41 + WinAccountDomainUsersSid = 42 + WinAccountDomainGuestsSid = 43 + WinAccountComputersSid = 44 + WinAccountControllersSid = 45 + WinAccountCertAdminsSid = 46 + WinAccountSchemaAdminsSid = 47 + WinAccountEnterpriseAdminsSid = 48 + WinAccountPolicyAdminsSid = 49 + WinAccountRasAndIasServersSid = 50 + WinNTLMAuthenticationSid = 51 + WinDigestAuthenticationSid = 52 + WinSChannelAuthenticationSid = 53 + WinThisOrganizationSid = 54 + WinOtherOrganizationSid = 55 + WinBuiltinIncomingForestTrustBuildersSid = 56 + WinBuiltinPerfMonitoringUsersSid = 57 + WinBuiltinPerfLoggingUsersSid = 58 + WinBuiltinAuthorizationAccessSid = 59 + WinBuiltinTerminalServerLicenseServersSid = 60 + WinBuiltinDCOMUsersSid = 61 + WinBuiltinIUsersSid = 62 + WinIUserSid = 63 + WinBuiltinCryptoOperatorsSid = 64 + WinUntrustedLabelSid = 65 + WinLowLabelSid = 66 + WinMediumLabelSid = 67 + WinHighLabelSid = 68 + WinSystemLabelSid = 69 + WinWriteRestrictedCodeSid = 70 + WinCreatorOwnerRightsSid = 71 + WinCacheablePrincipalsGroupSid = 72 + WinNonCacheablePrincipalsGroupSid = 73 + WinEnterpriseReadonlyControllersSid = 74 + WinAccountReadonlyControllersSid = 75 + WinBuiltinEventLogReadersGroup = 76 + WinNewEnterpriseReadonlyControllersSid = 77 + WinBuiltinCertSvcDComAccessGroup = 78 + WinMediumPlusLabelSid = 79 + WinLocalLogonSid = 80 + WinConsoleLogonSid = 81 + WinThisOrganizationCertificateSid = 82 + WinApplicationPackageAuthoritySid = 83 + WinBuiltinAnyPackageSid = 84 + WinCapabilityInternetClientSid = 85 + WinCapabilityInternetClientServerSid = 86 + WinCapabilityPrivateNetworkClientServerSid = 87 + WinCapabilityPicturesLibrarySid = 88 + WinCapabilityVideosLibrarySid = 89 + WinCapabilityMusicLibrarySid = 90 + WinCapabilityDocumentsLibrarySid = 91 + WinCapabilitySharedUserCertificatesSid = 92 + WinCapabilityEnterpriseAuthenticationSid = 93 + WinCapabilityRemovableStorageSid = 94 +) + +var ( + procCreateWellKnownSid = advapi32.MustFindProc("CreateWellKnownSid") +) + +// https://msdn.microsoft.com/en-us/library/windows/desktop/aa446585.aspx +func CreateWellKnownSid(sidType int32, sidDomain, sid *windows.SID, sidLen *uint32) error { + ret, _, err := procCreateWellKnownSid.Call( + uintptr(sidType), + uintptr(unsafe.Pointer(sidDomain)), + uintptr(unsafe.Pointer(sid)), + uintptr(unsafe.Pointer(sidLen)), + ) + if ret == 0 { + return err + } + return nil +} diff --git a/vendor/github.com/hectane/go-acl/apply.go b/vendor/github.com/hectane/go-acl/apply.go new file mode 100644 index 00000000..6f4b55f6 --- /dev/null +++ b/vendor/github.com/hectane/go-acl/apply.go @@ -0,0 +1,55 @@ +//+build windows + +package acl + +import ( + "github.com/hectane/go-acl/api" + "golang.org/x/sys/windows" + + "unsafe" +) + +// Apply the provided access control entries to a file. If the replace +// parameter is true, existing entries will be overwritten. If the inherit +// parameter is true, the file will inherit ACEs from its parent. +func Apply(name string, replace, inherit bool, entries ...api.ExplicitAccess) error { + var oldAcl windows.Handle + if !replace { + var secDesc windows.Handle + api.GetNamedSecurityInfo( + name, + api.SE_FILE_OBJECT, + api.DACL_SECURITY_INFORMATION, + nil, + nil, + &oldAcl, + nil, + &secDesc, + ) + defer windows.LocalFree(secDesc) + } + var acl windows.Handle + if err := api.SetEntriesInAcl( + entries, + oldAcl, + &acl, + ); err != nil { + return err + } + defer windows.LocalFree((windows.Handle)(unsafe.Pointer(acl))) + var secInfo uint32 + if !inherit { + secInfo = api.PROTECTED_DACL_SECURITY_INFORMATION + } else { + secInfo = api.UNPROTECTED_DACL_SECURITY_INFORMATION + } + return api.SetNamedSecurityInfo( + name, + api.SE_FILE_OBJECT, + api.DACL_SECURITY_INFORMATION|secInfo, + nil, + nil, + acl, + 0, + ) +} diff --git a/vendor/github.com/hectane/go-acl/appveyor.yml b/vendor/github.com/hectane/go-acl/appveyor.yml new file mode 100644 index 00000000..068e7912 --- /dev/null +++ b/vendor/github.com/hectane/go-acl/appveyor.yml @@ -0,0 +1,16 @@ +version: '{build}' + +clone_folder: C:\gopath\src\github.com\hectane\go-acl + +environment: + GOPATH: C:\gopath + +install: + - go version + - go env + - go get -t -v ./... + +build: off + +test_script: + - go test -v ./... diff --git a/vendor/github.com/hectane/go-acl/chmod.go b/vendor/github.com/hectane/go-acl/chmod.go new file mode 100644 index 00000000..a0c9ad42 --- /dev/null +++ b/vendor/github.com/hectane/go-acl/chmod.go @@ -0,0 +1,38 @@ +//+build windows + +package acl + +import ( + "os" + + "golang.org/x/sys/windows" +) + +// Change the permissions of the specified file. Only the nine +// least-significant bytes are used, allowing access by the file's owner, the +// file's group, and everyone else to be explicitly controlled. +func Chmod(name string, fileMode os.FileMode) error { + // https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems + creatorOwnerSID, err := windows.StringToSid("S-1-3-0") + if err != nil { + return err + } + creatorGroupSID, err := windows.StringToSid("S-1-3-1") + if err != nil { + return err + } + everyoneSID, err := windows.StringToSid("S-1-1-0") + if err != nil { + return err + } + + mode := uint32(fileMode) + return Apply( + name, + true, + false, + GrantSid(((mode&0700)<<23)|((mode&0200)<<9), creatorOwnerSID), + GrantSid(((mode&0070)<<26)|((mode&0020)<<12), creatorGroupSID), + GrantSid(((mode&0007)<<29)|((mode&0002)<<15), everyoneSID), + ) +} diff --git a/vendor/github.com/hectane/go-acl/go.mod b/vendor/github.com/hectane/go-acl/go.mod new file mode 100644 index 00000000..f47398bf --- /dev/null +++ b/vendor/github.com/hectane/go-acl/go.mod @@ -0,0 +1,5 @@ +module github.com/hectane/go-acl + +go 1.12 + +require golang.org/x/sys v0.0.0-20190529164535-6a60838ec259 diff --git a/vendor/github.com/hectane/go-acl/go.sum b/vendor/github.com/hectane/go-acl/go.sum new file mode 100644 index 00000000..456e8b3b --- /dev/null +++ b/vendor/github.com/hectane/go-acl/go.sum @@ -0,0 +1,2 @@ +golang.org/x/sys v0.0.0-20190529164535-6a60838ec259 h1:so6Hr/LodwSZ5UQDu/7PmQiDeS112WwtLvU3lpSPZTU= +golang.org/x/sys v0.0.0-20190529164535-6a60838ec259/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/vendor/github.com/hectane/go-acl/posix.go b/vendor/github.com/hectane/go-acl/posix.go new file mode 100644 index 00000000..c45a3600 --- /dev/null +++ b/vendor/github.com/hectane/go-acl/posix.go @@ -0,0 +1,8 @@ +//+build !windows + +package acl + +import "os" + +// Chmod is os.Chmod. +var Chmod = os.Chmod diff --git a/vendor/github.com/hectane/go-acl/util.go b/vendor/github.com/hectane/go-acl/util.go new file mode 100644 index 00000000..fc02c5e7 --- /dev/null +++ b/vendor/github.com/hectane/go-acl/util.go @@ -0,0 +1,62 @@ +//+build windows + +package acl + +import ( + "github.com/hectane/go-acl/api" + "golang.org/x/sys/windows" + + "unsafe" +) + +// Create an ExplicitAccess instance granting permissions to the provided SID. +func GrantSid(accessPermissions uint32, sid *windows.SID) api.ExplicitAccess { + return api.ExplicitAccess{ + AccessPermissions: accessPermissions, + AccessMode: api.GRANT_ACCESS, + Inheritance: api.SUB_CONTAINERS_AND_OBJECTS_INHERIT, + Trustee: api.Trustee{ + TrusteeForm: api.TRUSTEE_IS_SID, + Name: (*uint16)(unsafe.Pointer(sid)), + }, + } +} + +// Create an ExplicitAccess instance granting permissions to the provided name. +func GrantName(accessPermissions uint32, name string) api.ExplicitAccess { + return api.ExplicitAccess{ + AccessPermissions: accessPermissions, + AccessMode: api.GRANT_ACCESS, + Inheritance: api.SUB_CONTAINERS_AND_OBJECTS_INHERIT, + Trustee: api.Trustee{ + TrusteeForm: api.TRUSTEE_IS_NAME, + Name: windows.StringToUTF16Ptr(name), + }, + } +} + +// Create an ExplicitAccess instance denying permissions to the provided SID. +func DenySid(accessPermissions uint32, sid *windows.SID) api.ExplicitAccess { + return api.ExplicitAccess{ + AccessPermissions: accessPermissions, + AccessMode: api.DENY_ACCESS, + Inheritance: api.SUB_CONTAINERS_AND_OBJECTS_INHERIT, + Trustee: api.Trustee{ + TrusteeForm: api.TRUSTEE_IS_SID, + Name: (*uint16)(unsafe.Pointer(sid)), + }, + } +} + +// Create an ExplicitAccess instance denying permissions to the provided name. +func DenyName(accessPermissions uint32, name string) api.ExplicitAccess { + return api.ExplicitAccess{ + AccessPermissions: accessPermissions, + AccessMode: api.DENY_ACCESS, + Inheritance: api.SUB_CONTAINERS_AND_OBJECTS_INHERIT, + Trustee: api.Trustee{ + TrusteeForm: api.TRUSTEE_IS_NAME, + Name: windows.StringToUTF16Ptr(name), + }, + } +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 84c960ec..7c507b66 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -24,6 +24,9 @@ github.com/hashicorp/go-syslog # github.com/hashicorp/golang-lru v0.5.3 github.com/hashicorp/golang-lru github.com/hashicorp/golang-lru/simplelru +# github.com/hectane/go-acl v0.0.0-20190604041725-da78bae5fc95 +github.com/hectane/go-acl +github.com/hectane/go-acl/api # github.com/jedisct1/dlog v0.0.0-20190909160351-692385b00b84 github.com/jedisct1/dlog # github.com/jedisct1/go-clocksmith v0.0.0-20190707124905-73e087c7979c