sd.go

Documentation: github.com/Microsoft/go-winio

     1  //go:build windows
     2  // +build windows
     3  
     4  package winio
     5  
     6  import (
     7  	"errors"
     8  	"syscall"
     9  	"unsafe"
    10  
    11  	"golang.org/x/sys/windows"
    12  )
    13  
    14  //sys lookupAccountName(systemName *uint16, accountName string, sid *byte, sidSize *uint32, refDomain *uint16, refDomainSize *uint32, sidNameUse *uint32) (err error) = advapi32.LookupAccountNameW
    15  //sys lookupAccountSid(systemName *uint16, sid *byte, name *uint16, nameSize *uint32, refDomain *uint16, refDomainSize *uint32, sidNameUse *uint32) (err error) = advapi32.LookupAccountSidW
    16  //sys convertSidToStringSid(sid *byte, str **uint16) (err error) = advapi32.ConvertSidToStringSidW
    17  //sys convertStringSidToSid(str *uint16, sid **byte) (err error) = advapi32.ConvertStringSidToSidW
    18  //sys convertStringSecurityDescriptorToSecurityDescriptor(str string, revision uint32, sd *uintptr, size *uint32) (err error) = advapi32.ConvertStringSecurityDescriptorToSecurityDescriptorW
    19  //sys convertSecurityDescriptorToStringSecurityDescriptor(sd *byte, revision uint32, secInfo uint32, sddl **uint16, sddlSize *uint32) (err error) = advapi32.ConvertSecurityDescriptorToStringSecurityDescriptorW
    20  //sys localFree(mem uintptr) = LocalFree
    21  //sys getSecurityDescriptorLength(sd uintptr) (len uint32) = advapi32.GetSecurityDescriptorLength
    22  
    23  type AccountLookupError struct {
    24  	Name string
    25  	Err  error
    26  }
    27  
    28  func (e *AccountLookupError) Error() string {
    29  	if e.Name == "" {
    30  		return "lookup account: empty account name specified"
    31  	}
    32  	var s string
    33  	switch {
    34  	case errors.Is(e.Err, windows.ERROR_INVALID_SID):
    35  		s = "the security ID structure is invalid"
    36  	case errors.Is(e.Err, windows.ERROR_NONE_MAPPED):
    37  		s = "not found"
    38  	default:
    39  		s = e.Err.Error()
    40  	}
    41  	return "lookup account " + e.Name + ": " + s
    42  }
    43  
    44  func (e *AccountLookupError) Unwrap() error { return e.Err }
    45  
    46  type SddlConversionError struct {
    47  	Sddl string
    48  	Err  error
    49  }
    50  
    51  func (e *SddlConversionError) Error() string {
    52  	return "convert " + e.Sddl + ": " + e.Err.Error()
    53  }
    54  
    55  func (e *SddlConversionError) Unwrap() error { return e.Err }
    56  
    57  // LookupSidByName looks up the SID of an account by name
    58  //
    59  //revive:disable-next-line:var-naming SID, not Sid
    60  func LookupSidByName(name string) (sid string, err error) {
    61  	if name == "" {
    62  		return "", &AccountLookupError{name, windows.ERROR_NONE_MAPPED}
    63  	}
    64  
    65  	var sidSize, sidNameUse, refDomainSize uint32
    66  	err = lookupAccountName(nil, name, nil, &sidSize, nil, &refDomainSize, &sidNameUse)
    67  	if err != nil && err != syscall.ERROR_INSUFFICIENT_BUFFER { //nolint:errorlint // err is Errno
    68  		return "", &AccountLookupError{name, err}
    69  	}
    70  	sidBuffer := make([]byte, sidSize)
    71  	refDomainBuffer := make([]uint16, refDomainSize)
    72  	err = lookupAccountName(nil, name, &sidBuffer[0], &sidSize, &refDomainBuffer[0], &refDomainSize, &sidNameUse)
    73  	if err != nil {
    74  		return "", &AccountLookupError{name, err}
    75  	}
    76  	var strBuffer *uint16
    77  	err = convertSidToStringSid(&sidBuffer[0], &strBuffer)
    78  	if err != nil {
    79  		return "", &AccountLookupError{name, err}
    80  	}
    81  	sid = syscall.UTF16ToString((*[0xffff]uint16)(unsafe.Pointer(strBuffer))[:])
    82  	localFree(uintptr(unsafe.Pointer(strBuffer)))
    83  	return sid, nil
    84  }
    85  
    86  // LookupNameBySid looks up the name of an account by SID
    87  //
    88  //revive:disable-next-line:var-naming SID, not Sid
    89  func LookupNameBySid(sid string) (name string, err error) {
    90  	if sid == "" {
    91  		return "", &AccountLookupError{sid, windows.ERROR_NONE_MAPPED}
    92  	}
    93  
    94  	sidBuffer, err := windows.UTF16PtrFromString(sid)
    95  	if err != nil {
    96  		return "", &AccountLookupError{sid, err}
    97  	}
    98  
    99  	var sidPtr *byte
   100  	if err = convertStringSidToSid(sidBuffer, &sidPtr); err != nil {
   101  		return "", &AccountLookupError{sid, err}
   102  	}
   103  	defer localFree(uintptr(unsafe.Pointer(sidPtr)))
   104  
   105  	var nameSize, refDomainSize, sidNameUse uint32
   106  	err = lookupAccountSid(nil, sidPtr, nil, &nameSize, nil, &refDomainSize, &sidNameUse)
   107  	if err != nil && err != windows.ERROR_INSUFFICIENT_BUFFER { //nolint:errorlint // err is Errno
   108  		return "", &AccountLookupError{sid, err}
   109  	}
   110  
   111  	nameBuffer := make([]uint16, nameSize)
   112  	refDomainBuffer := make([]uint16, refDomainSize)
   113  	err = lookupAccountSid(nil, sidPtr, &nameBuffer[0], &nameSize, &refDomainBuffer[0], &refDomainSize, &sidNameUse)
   114  	if err != nil {
   115  		return "", &AccountLookupError{sid, err}
   116  	}
   117  
   118  	name = windows.UTF16ToString(nameBuffer)
   119  	return name, nil
   120  }
   121  
   122  func SddlToSecurityDescriptor(sddl string) ([]byte, error) {
   123  	var sdBuffer uintptr
   124  	err := convertStringSecurityDescriptorToSecurityDescriptor(sddl, 1, &sdBuffer, nil)
   125  	if err != nil {
   126  		return nil, &SddlConversionError{sddl, err}
   127  	}
   128  	defer localFree(sdBuffer)
   129  	sd := make([]byte, getSecurityDescriptorLength(sdBuffer))
   130  	copy(sd, (*[0xffff]byte)(unsafe.Pointer(sdBuffer))[:len(sd)])
   131  	return sd, nil
   132  }
   133  
   134  func SecurityDescriptorToSddl(sd []byte) (string, error) {
   135  	var sddl *uint16
   136  	// The returned string length seems to include an arbitrary number of terminating NULs.
   137  	// Don't use it.
   138  	err := convertSecurityDescriptorToStringSecurityDescriptor(&sd[0], 1, 0xff, &sddl, nil)
   139  	if err != nil {
   140  		return "", err
   141  	}
   142  	defer localFree(uintptr(unsafe.Pointer(sddl)))
   143  	return syscall.UTF16ToString((*[0xffff]uint16)(unsafe.Pointer(sddl))[:]), nil
   144  }
   145
View as plain text