There's no point in adding a function call to retrieve a constant, or
worse, a syscall to retrieve a constant. These are fixed and baked so
deep into NT they'll never change. So let's benefit from the obvious
optimization and make these constants. Go easily inlines the function
calls as well. We also take the opportunity to sunset
OpenCurrentProcessToken and restore its original behavior, since users
should be invoking this deliberately with the correct access mask.
Change-Id: I92f7de56c0fcf5b69b59f5a79d2828c7ddf3c8f6
Reviewed-on: https://go-review.googlesource.com/c/sys/+/196800
Run-TryBot: Jason A. Donenfeld <Jason@zx2c4.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
This function shouldn't return an error. Like other String() functions
everywhere in Golang, this should instead return empty or a token value
during an error, so that it can be passed to %v and similar. Also, allow
for SID strings of maximum size.
Change-Id: Ib6d8407f8ad0bdabcb22c31b8f387594f2ea7672
Reviewed-on: https://go-review.googlesource.com/c/sys/+/196799
Run-TryBot: Jason A. Donenfeld <Jason@zx2c4.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
GetCurrentProcess and GetCurrentThread return -1 and -2 respectively. We
could arguably hard code those values, but MSDN cautions not to; I'm
sure this advice is old now, given that the psuedo handles for tokens
(not processes/threads) are now implemented with inline functions in the
headers for Windows 8, but anyway, we'll follow Microsoft's advice.
However, regardless of that, these functions never ever return an error.
MSDN doesn't indicate that they do, reverse engineering the functions
doesn't indicate that they do, and checking against 0 is just plain
wrong, considering 0!=INVALID_HANDLE_VALUE; however
INVALID_HANDLE_VALUE==-1, so that's not correct either. In fact,
checking any value and returning any error does not make sense.
Incidently having to check code for the pseudo handle is more verbose
too.
In order to make this function do the correct thing and meet the spec,
remove the error value from the return.
Change-Id: If03c9dab001be3bf5a04999aef20dbfcf8a4f405
Reviewed-on: https://go-review.googlesource.com/c/sys/+/196798
Run-TryBot: Jason A. Donenfeld <Jason@zx2c4.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
The SECURITY_ATTRIBUTES struct always takes a SECURITY_DESCRIPTOR
pointer. Now that we've defined SECURITY_DESCRIPTOR, make
SECURITY_ATTRIBUTES properly specify the type. This eliminates the need
for terrible uintptr(unsafe.Pointer(...)) casts everywhere.
Change-Id: Ibbc85524cfe33589d43f963e10aa19d7f47686f2
Reviewed-on: https://go-review.googlesource.com/c/sys/+/196797
Run-TryBot: Jason A. Donenfeld <Jason@zx2c4.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
This adds the basic foundation for dealing with security descriptors and
access control lists. The basic creators and getters are included in
this patch. These are some of the most fundamental security objects on NT,
and any work with the security API is fairly limited without it. These
are "core" NT structures.
Change-Id: I9a6399cb6ee41a825de30d5364ab69102d5f6d57
Reviewed-on: https://go-review.googlesource.com/c/sys/+/195498
Run-TryBot: Jason A. Donenfeld <Jason@zx2c4.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
Asymmetric keyrings can require key payloads to be X.509 certificates
signed by a key in a different keyring. This can be helpful for rotating
keys on a live machines for subsystems like IMA while preventing local
tampering.
Tested locally by applying the "key_or_keyring:<id>" restriction to a
keyring.
Change-Id: Ia8dcb343abc5f405d374c357d5cac3d5181d7159
Reviewed-on: https://go-review.googlesource.com/c/sys/+/178400
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Windows type PBOOL is a pointer to a 4 byte value, where 0 means false
and not-0 means true. That means we should use uint32 here, not bool,
since Go bools can be 1 byte. This commit was re-generated using
mksyscall_windows.go from CL 196122.
Updates: golang/go#34364
Change-Id: I8e83b9a09c0b58d14ac9a7dee316553940ac6ee3
Reviewed-on: https://go-review.googlesource.com/c/sys/+/196123
Run-TryBot: Jason A. Donenfeld <Jason@zx2c4.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
The code generator produces -0x1 for (~0) from the tipc.h C header, but this
value is unusable in Go as a uint32. Undefine and replace this value with
the appropriate constant for TIPC_WAIT_FOREVER.
Fixesgolang/go#34310
Change-Id: Ic6ab0ddd14394e15868085e2123a9a97a841bc6d
Reviewed-on: https://go-review.googlesource.com/c/sys/+/195757
Run-TryBot: Matt Layher <mdlayher@gmail.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
There are a few functions to control the behavior of shutdown and
logout, both for what the current process does during shutdown, and also
whether or not the current process is running in an interactive session.
The below code is a port of the MSDN example code to Go using one of the
added new functions:
https://docs.microsoft.com/en-us/windows/win32/shutdown/how-to-shut-down-the-system
func shutdownLikeMSDNDoes() error {
seShutdownName, err := windows.UTF16PtrFromString("SeShutdownPrivilege")
if err != nil {
return err
}
var shutdownPriv windows.Tokenprivileges
err = windows.LookupPrivilegeValue(nil, seShutdownName, &shutdownPriv.Privileges[0].Luid)
if err != nil {
return err
}
shutdownPriv.Privileges[0].Attributes = windows.SE_PRIVILEGE_ENABLED
shutdownPriv.PrivilegeCount = 1
process, err := windows.GetCurrentProcess()
if err != nil {
return err
}
var token windows.Token
err = windows.OpenProcessToken(process, windows.TOKEN_ADJUST_PRIVILEGES | windows.TOKEN_QUERY, &token)
if err != nil {
return err
}
defer token.Close()
err = windows.AdjustTokenPrivileges(token, false, &shutdownPriv, 0, nil, nil)
if err != nil {
return err
}
err = windows.ExitWindowsEx(windows.EWX_SHUTDOWN | windows.EWX_FORCE,
windows.SHTDN_REASON_MAJOR_OPERATINGSYSTEM | windows.SHTDN_REASON_MINOR_UPGRADE | windows.SHTDN_REASON_FLAG_PLANNED)
if err != nil {
return err
}
return nil
}
Note, though, that this function doesn't set the token privs back to how
they were before, which isn't good. A more robust method than the MSDN
one above would be to duplicate&impersonate.
Fixes: golang/go#34271
Change-Id: Ibe55ddd35b709d9ab793cb9af47c39901c5e5c69
Reviewed-on: https://go-review.googlesource.com/c/sys/+/195497
Run-TryBot: Jason A. Donenfeld <Jason@zx2c4.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Bruce Downs <bruceadowns@gmail.com>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
It's unnecessarily heavy, bringing in reflect, etc.
I'd like for this package to become a leaf package with no
dependencies so we can use it from the Go runtime directly and remove
internal/cpu.
Change-Id: I1794854add9ad87cc13b685bae4a039e1449c22d
Reviewed-on: https://go-review.googlesource.com/c/sys/+/194646
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Martin Möhrmann <moehrmann@google.com>
Adds initial constants and types to use with SockaddrTIPC. For more
information on TIPC, see: http://tipc.sourceforge.net/.
Because the C struct sockaddr_tipc makes use of a union for its addr
field, I have created a wrapping layer in SockaddrTIPC that uses
an interface to determine which variant is in use.
Tests accompany this change due to the complexity of this code. There
is currently little test coverage in the Sockaddr-related code, but
perhaps this is something that could be picked up as a relatively
straightforward task for a new contributor.
Change-Id: I5033a0685cb7128d4b1a23d18aca71c202d0c0aa
Reviewed-on: https://go-review.googlesource.com/c/sys/+/187960
Run-TryBot: Matt Layher <mdlayher@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Add IoctlRetInt() for ioctls that use syscall's return value
as an output parameter. Add a unit test for Linux, and the
NS_GET_ defines that it requires (see ioctl_ns(2)).
Motivation:
Currently, x/sys/unix provides a few functions to deal with ioctls.
In particular, IoctlGetInt(), which "performs an ioctl operation
which gets an integer value". It does that by passing a pointer
to an integer to a syscall and returning that integer. The value
returned from syscall is treated as success/failure flag
(0 means success, -1 means failure, and in such case errno
is used to figure out the underlying error).
It appears that there are a few ioctls in Linux and at least one
in Solaris, which do not use the above way to return an int, instead
they use the syscall's return value (in case it's not negative).
As Linux ioctl(2) man page says,
> RETURN VALUE
> Usually, on success zero is returned. A few ioctl() requests
> use the return value as an output parameter and return
> a nonnegative value on success. On error, -1 is returned,
> and errno is set appropriately.
Currently I am aware of at least 6 Linux ioctls that do that
(return the value directly):
* LOOP_CTL_* ioctls on /dev/loop-control (all 3 of them). Source: loop(4)
* NS_* ioctls (3 out of 4) on /proc/PID/ns/*. Source: ioctl_ns(2)
And one in Solaris:
* I_FIND ioctl, source: streamio(7i).
There might be some more ioctls like the ones above, but since
ioctls are scarcely documented, it is hard to say how many more.
Obviously, using IoctlGetInt() for such ioctls would be a big
mistake, as 0 will always be returned. For example, there was
a bug in Docker's pkg/loopback (moby/moby#39801).
[v6: make it linux-specific for now]
Fixesgolang/go#33966
Change-Id: Ie64f72fd84101b955ba14519a357e06a66d685d0
Reviewed-on: https://go-review.googlesource.com/c/sys/+/192780
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
A usual thing to ask is, "Is my current token in group X?" The right way
of doing such a thing is:
processToken, err := windows.OpenCurrentProcessToken()
if err != nil {
return false, err
}
defer processToken.Close()
var checkableToken windows.Token
err = windows.DuplicateTokenEx(token, windows.TOKEN_QUERY | windows.TOKEN_IMPERSONATE, nil, windows.SecurityIdentification, windows.TokenImpersonation, &checkableToken)
if err != nil {
return false, err
}
defer checkableToken.Close()
isMember, err := checkableToken.IsMember(someSID)
return isMember && err == nil, nil
This is the same flow that's used by, for example, shell32's internal
_LUAIsTokenAdmin function.
However, this all fails unless the original token is opened with
duplicate access. So this commit adjusts OpenCurrentProcessToken to do
the right thing.
Change-Id: I18efdfde43097ea9d10758018b0df132fba819f5
Reviewed-on: https://go-review.googlesource.com/c/sys/+/192337
Run-TryBot: Jason A. Donenfeld <Jason@zx2c4.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Simon Rozman <simon@rozman.si>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
Indeed Go has mutexes of its own, but these are considerably
different from the native Windows ones, that can work across processes
and be put in various namespaces. They're an essential part of Windows
systems programming and important for interfacing with various external
interfaces.
Change-Id: I03987800ed1c134442321678c2c7d7aa359ecb36
Reviewed-on: https://go-review.googlesource.com/c/sys/+/192497
Run-TryBot: Jason A. Donenfeld <Jason@zx2c4.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
The local copy of bits.OnesCount64 was added for compatibility with Go
1.8 and earlier in CL 86477. Go 1.8 is no longer supported and go.mod
requires Go 1.12, so drop the local copy and use bits.OnesCount64.
Change-Id: Ieb77f0cef5f8f206b74ca737449efdcfe1949d44
Reviewed-on: https://go-review.googlesource.com/c/sys/+/192357
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Daniel Martí <mvdan@mvdan.cc>
The Go runtime disables priority boosting because it interferes with the
scheduler timer threads in some cases. But some apps might want to
re-enable it for specific reasons, so this commit adds the function to
do so.
Change-Id: Ida68b9f2b188560b46c322197461dd06453329e2
Reviewed-on: https://go-review.googlesource.com/c/sys/+/191839
Run-TryBot: Jason A. Donenfeld <Jason@zx2c4.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
While RtlGetVersion was added so that users can get the Windows version
that isn't affected by manifesting, RtlGetVersion is still stubbed out
by the application compatibility layer (aclayers.dll and apphelp.dll)
for certain processes, such as msiexec.exe, rendering these functions
useless for actually determining the underlying operating system. This
matters in the case of msiexec.exe using a custom action DLL to install
a kernel driver, which of course is version specific. This is also
useful, it turns out, for the C runtime library, in which Microsoft uses
this function too. It's existed as a stable interface since Windows XP,
has Wine support, and is used in a decent amount of software.
Change-Id: If391e43bc6d798eff6803d5a7aa6a179f2b31d88
Reviewed-on: https://go-review.googlesource.com/c/sys/+/188119
Run-TryBot: Jason A. Donenfeld <Jason@zx2c4.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
Although CL 128110043 had deleted nacl from x/sys/unix, CL 38758
accidentially introduced its build tag in dirent.go when copying
over stdlib syscall code, which this CL removes.
Fixesgolang/go#33391.
Change-Id: Iad6fe9818e38f14548eecdc078392865a60e4685
Reviewed-on: https://go-review.googlesource.com/c/sys/+/188361
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Resolves a number of issues, except for the clen function being
unused on Linux, as that would require a larger refactor which
probably isn't strictly necessary.
$ staticcheck .
affinity_linux.go:94:8: const m3 is unused (U1000)
affinity_linux.go:95:8: const m4 is unused (U1000)
sendfile_test.go:41:2: the goroutine calls T.Fatal, which must be called in the same goroutine as the test (SA2002)
sendfile_test.go:47:6: this value of err is never used (SA4006)
syscall_linux_test.go:519:21: should use time.Since instead of time.Now().Sub (S1012)
syscall_linux_test.go:530:21: should use time.Since instead of time.Now().Sub (S1012)
syscall_test.go:66:2: this value of ts is never used (SA4006)
syscall_test.go:67:2: this value of ts is never used (SA4006)
syscall_unix.go:88:6: func clen is unused (U1000)
Change-Id: I2611b4559339cea758b5da27ea1f36fb8cc2df3f
Reviewed-on: https://go-review.googlesource.com/c/sys/+/188037
Run-TryBot: Matt Layher <mdlayher@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Implement ParseDirent in x/sys/unix instead of calling
syscall.ParseDirent. The latter uses offsets into syscall.Dirent which
might not be matching unix.Dirent depending on Go version. This is e.g.
the case with of FreeBSD whose Dirent structure was updated for Go 1.12.
This fixes TestDirent and TestGetdirentries on freebsd with Go 1.11
Reverts CL 88475
Change-Id: I04318f59c6fbf148c75ce3667255a0c0428288e2
Reviewed-on: https://go-review.googlesource.com/c/sys/+/183897
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Benny Siegert <bsiegert@gmail.com>
Use ParseDirent to get the directory entries instead of manually parsing
them. This fixes the test on dragonfly where type Dirent doesn't have a
Reclen member.
Manually tested on darwin, dragonfly and freebsd.
Change-Id: I234c6aff78243fec8bba8784c1d4948fbbb4d027
Reviewed-on: https://go-review.googlesource.com/c/sys/+/183226
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Benny Siegert <bsiegert@gmail.com>
Provide common implementation for ReadDirent based on Getdents for
aix, *bsd and linux.
Add Getdents on aix as a wrapper around getdirent.
Keep the implementation for ReadDirent based on Getdirentries for
darwin and dragonfly.
Change-Id: I09094156a1452118ba48af4f14dfe44b1ab745d3
Reviewed-on: https://go-review.googlesource.com/c/sys/+/182321
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Benny Siegert <bsiegert@gmail.com>
