These allow actual inspection of SIDs. For example, it might be
desirable to iterate through the group SIDs in order to find one set by
SERVICE_CONFIG_SERVICE_SID_INFO:
for _, g := range groups {
if g.Attributes != windows.SE_GROUP_ENABLED|windows.SE_GROUP_ENABLED_BY_DEFAULT|windows.SE_GROUP_OWNER {
continue
}
if !g.Sid.IsValid() {
continue
}
if g.Sid.IdentifierAuthority() != windows.SECURITY_NT_AUTHORITY {
continue
}
if g.Sid.SubAuthorityCount() < 6 || g.Sid.SubAuthority(0) != 80 {
continue
}
sid = g.Sid
break
}
Another usage of the APIs added would be to find if a user is in the
administrator group with either an elevated or unelevated token:
isAdmin := false
for _, g := range groups {
if g.Attributes&(windows.SE_GROUP_ENABLED|windows.SE_GROUP_USE_FOR_DENY_ONLY) == 0 {
continue
}
if !g.Sid.IsWellKnown(windows.WinBuiltinAdministratorsSid) {
continue
}
isAdmin = true
break
}
Change-Id: I8f8dc8d37b71ec58fd51e21ea1f1b3aada6d66b0
Reviewed-on: https://go-review.googlesource.com/c/sys/+/177841
Run-TryBot: Jason Donenfeld <Jason@zx2c4.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
The GetCurrent*Token variety of functions are actually implemented as
inline functions in the header files of the SDK. Attempting to call out
to these as library functions is an error. This commit also adds a test
to ensure that these work as expected.
Change-Id: I105f1ca1a8936114fe61bc22188200c31f240a23
Reviewed-on: https://go-review.googlesource.com/c/sys/+/177840
Run-TryBot: Jason Donenfeld <Jason@zx2c4.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
The svc package exposes svc.SessionChange, but it's impossible to do
anything with them without these structures, and without being able to
enumerate them prior to events, the events themselves aren't useful, so
we add the enumeration functions as well.
Change-Id: I14c932dfe97c6712fd4868c1b3a0e3a61a6a562c
Reviewed-on: https://go-review.googlesource.com/c/sys/+/176623
Run-TryBot: Jason Donenfeld <Jason@zx2c4.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
These are extremely useful functions and core to the Windows security
API. They are so useful, in fact, that most of these were taken right
out of the Go repo's internal/syscall/windows package.
Change-Id: I13e34b830dd60f59fcae8085ae2be189d9cc9282
Reviewed-on: https://go-review.googlesource.com/c/sys/+/176625
Reviewed-by: Matt Layher <mdlayher@gmail.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Matt Layher <mdlayher@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
The security API is already quite extensive, but for some strange
reason, this essential and useful function was left out of the initial
port. So, we add it here, along with the relevant constants and a test
case.
Change-Id: I99568703565addf15603480f11b0edafdfc1718f
Reviewed-on: https://go-review.googlesource.com/c/sys/+/167378
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
Run-TryBot: Alex Brainman <alex.brainman@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
The %WINDIR% variable is an odd choice and not even entirely reliable.
Since Windows 2000, there has been a specific function for determining
this information, so let's use it. It's also a useful function in its
own right for folks who want to launch system tools in a somewhat safe
way, like netsh.exe.
Updates golang/go#14959
Updates golang/go#30642
Change-Id: Ic24baf37d14f2daced0c1db2771b5a673d2c8852
Reviewed-on: https://go-review.googlesource.com/c/sys/+/165759
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
x/sys/unix is vendored into the standard library, and the commit hook
for the standard library requires files to be gofmt-clean.
Updates golang/go#26924
Change-Id: I22a994062bcdbebe8a1fe1ae0ed4606837f03079
Reviewed-on: https://go-review.googlesource.com/c/162990
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Follow CL 20022 and consistently use single space after a period in
documentation.
Generated with:
$ perl -i -npe 's,^(\s*// .+[a-z]\.) +([A-Z]),$1 $2,' $(git grep -l -E '^\s*//(.+\.) +([A-Z])')
Change-Id: Ia29ad823668f060e81293e848a79fc4b4857d94b
Reviewed-on: https://go-review.googlesource.com/73530
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
All consts in errors_windows.go (except APPLICATION_ERROR) were
"invented" at the start of windows port to have minimal impact on
existing Go packages. No point keeping them around.
Also remove Errno, since we will be using syscall.Errno everywhere anyway.
LGTM=r
R=golang-codereviews, r
CC=golang-codereviews
https://golang.org/cl/128290044
Semi-automatic migration from package syscall to package {plan9,windows,unix}.
No builds attempted yet, but this gets a lot of noise behind us so subsequent
CLs will be more concise and easier to follow.
Subsequent CLs will have semantic content.
LGTM=rsc
R=golang-codereviews, rsc
CC=golang-codereviews
https://golang.org/cl/121520043
This CL copies to each package of go.sys the files from syscall it will need.
Different directories have different files, but these:
mkall.sh
str.go
syscall.go
mksyscall.pl
race.go
race0.go
syscall_test.go
are copied to all three.
No changes yet, these are just copies. They are not ready to use yet:
package names are wrong, for starters. But this clean copy will make
it easier to follow the changes as the packages are enabled.
LGTM=rsc
R=golang-codereviews, rsc
CC=golang-codereviews
https://golang.org/cl/126960043
