80 lines
2.4 KiB
Go
80 lines
2.4 KiB
Go
|
package database
|
||
|
|
||
|
import (
|
||
|
"fmt"
|
||
|
"io/fs"
|
||
|
|
||
|
log "github.com/sirupsen/logrus"
|
||
|
"golang.org/x/sys/windows"
|
||
|
)
|
||
|
|
||
|
func setFilePerm(path string, mode fs.FileMode) error {
|
||
|
//On windows, we don't care about the mode, just make sure the file is only readable/writable by the owner and group
|
||
|
|
||
|
sd, err := windows.GetNamedSecurityInfo(path, windows.SE_FILE_OBJECT, windows.OWNER_SECURITY_INFORMATION)
|
||
|
if err != nil {
|
||
|
return fmt.Errorf("while getting security info: %w", err)
|
||
|
}
|
||
|
|
||
|
currentOwner, defaulted, err := sd.Owner()
|
||
|
|
||
|
if err != nil {
|
||
|
return fmt.Errorf("while getting owner: %w", err)
|
||
|
}
|
||
|
|
||
|
log.Debugf("current owner is %s (%v) (defaulted: %v)", currentOwner.String(), currentOwner, defaulted)
|
||
|
|
||
|
currentGroup, defaulted, err := sd.Group()
|
||
|
|
||
|
if err != nil {
|
||
|
return fmt.Errorf("while getting group: %w", err)
|
||
|
}
|
||
|
|
||
|
if currentGroup == nil {
|
||
|
log.Debugf("current group is nil (defaulted: %v), using builtin admin instead", defaulted)
|
||
|
currentGroup, err = windows.CreateWellKnownSid(windows.WinBuiltinAdministratorsSid)
|
||
|
if err != nil {
|
||
|
return fmt.Errorf("while creating admin SID: %w", err)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
log.Debugf("current group is %s (%v) (defaulted: %v)", currentGroup.String(), currentGroup, defaulted)
|
||
|
|
||
|
dacl, err := windows.ACLFromEntries(
|
||
|
[]windows.EXPLICIT_ACCESS{
|
||
|
{
|
||
|
AccessPermissions: windows.GENERIC_ALL,
|
||
|
AccessMode: windows.GRANT_ACCESS,
|
||
|
Inheritance: windows.NO_INHERITANCE,
|
||
|
Trustee: windows.TRUSTEE{
|
||
|
MultipleTrusteeOperation: windows.NO_MULTIPLE_TRUSTEE,
|
||
|
TrusteeForm: windows.TRUSTEE_IS_SID,
|
||
|
TrusteeType: windows.TRUSTEE_IS_USER,
|
||
|
TrusteeValue: windows.TrusteeValueFromSID(currentOwner),
|
||
|
},
|
||
|
},
|
||
|
{
|
||
|
AccessPermissions: windows.GENERIC_ALL,
|
||
|
AccessMode: windows.GRANT_ACCESS,
|
||
|
Inheritance: windows.NO_INHERITANCE,
|
||
|
Trustee: windows.TRUSTEE{
|
||
|
MultipleTrusteeOperation: windows.NO_MULTIPLE_TRUSTEE,
|
||
|
TrusteeForm: windows.TRUSTEE_IS_SID,
|
||
|
TrusteeType: windows.TRUSTEE_IS_GROUP,
|
||
|
TrusteeValue: windows.TrusteeValueFromSID(currentGroup),
|
||
|
},
|
||
|
},
|
||
|
}, nil)
|
||
|
|
||
|
if err != nil {
|
||
|
return fmt.Errorf("while creating ACL: %w", err)
|
||
|
}
|
||
|
|
||
|
err = windows.SetNamedSecurityInfo(path, windows.SE_FILE_OBJECT, windows.DACL_SECURITY_INFORMATION|windows.PROTECTED_DACL_SECURITY_INFORMATION, nil, nil, dacl, nil)
|
||
|
|
||
|
if err != nil {
|
||
|
return fmt.Errorf("while setting security info: %w", err)
|
||
|
}
|
||
|
return nil
|
||
|
}
|