Refactor extended attributes and security descriptor helpers to use go-winio (#5040)

* Refactor ea and sd helpers to use go-winio Import go-winio and instead of copying the functions to encode/decode extended attributes and enable process privileges for security descriptors, call the functions defined in go-winio.
2024-12-21 23:33:03 +00:00 · 2024-12-10 02:18:38 +05:30 · 2024-12-10 02:18:38 +05:30 · 6808004ad1
commit 6808004ad1
parent d7d9af4c9f
4 changed files with 23 additions and 389 deletions
--- a/go.mod
+++ b/go.mod
@ -6,6 +6,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0
 	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.5.0
 	github.com/Backblaze/blazer v0.7.1
 	github.com/Microsoft/go-winio v0.6.2
 	github.com/anacrolix/fuse v0.3.1
 	github.com/cenkalti/backoff/v4 v4.3.0
 	github.com/cespare/xxhash/v2 v2.3.0
--- a/go.sum
+++ b/go.sum
@ -33,6 +33,8 @@ github.com/Backblaze/blazer v0.7.1 h1:J43PbFj6hXLg1jvCNr+rQoAsxzKK0IP7ftl1ReCwpc
 github.com/Backblaze/blazer v0.7.1/go.mod h1:MhntL1nMpIuoqrPP6TnZu/xTydMgOAe/Xm6KongbjKs=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/Julusian/godocdown v0.0.0-20170816220326-6d19f8ff2df8/go.mod h1:INZr5t32rG59/5xeltqoCJoNY7e5x/3xoY9WSWVWg74=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
 github.com/anacrolix/envpprof v1.3.0 h1:WJt9bpuT7A/CDCxPOv/eeZqHWlle/Y0keJUvc6tcJDk=
 github.com/anacrolix/envpprof v1.3.0/go.mod h1:7QIG4CaX1uexQ3tqd5+BRa/9e2D02Wcertl6Yh0jCB0=
 github.com/anacrolix/fuse v0.3.1 h1:oT8s3B5HFkBdLe/WKJO5MNo9iIyEtc+BhvTZYp4jhDM=
--- a/internal/fs/ea_windows.go
+++ b/internal/fs/ea_windows.go
@ -4,17 +4,28 @@
 package fs
 import (
 	"bytes"
 	"encoding/binary"
 	"errors"
 	"fmt"
 	"syscall"
 	"unsafe"
 	"github.com/Microsoft/go-winio"
 	"golang.org/x/sys/windows"
 )
-// The code below was adapted from https://github.com/microsoft/go-winio under MIT license.
+// extendedAttribute is a type alias for winio.ExtendedAttribute
 type extendedAttribute = winio.ExtendedAttribute
 // encodeExtendedAttributes encodes the extended attributes to a byte slice.
 func encodeExtendedAttributes(attrs []extendedAttribute) ([]byte, error) {
 	return winio.EncodeExtendedAttributes(attrs)
 }
 // decodeExtendedAttributes decodes the extended attributes from a byte slice.
 func decodeExtendedAttributes(data []byte) ([]extendedAttribute, error) {
 	return winio.DecodeExtendedAttributes(data)
 }
 // The code below was copied over from https://github.com/microsoft/go-winio/blob/main/pipe.go under MIT license.
 // The MIT License (MIT)
@ -38,140 +49,6 @@ import (
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 // SOFTWARE.
 // The code below was copied over from https://github.com/microsoft/go-winio/blob/main/ea.go under MIT license.
 type fileFullEaInformation struct {
 	NextEntryOffset uint32
 	Flags           uint8
 	NameLength      uint8
 	ValueLength     uint16
 }
 var (
 	fileFullEaInformationSize = binary.Size(&fileFullEaInformation{})
 	errInvalidEaBuffer = errors.New("invalid extended attribute buffer")
 	errEaNameTooLarge  = errors.New("extended attribute name too large")
 	errEaValueTooLarge = errors.New("extended attribute value too large")
 )
 // extendedAttribute represents a single Windows EA.
 type extendedAttribute struct {
 	Name  string
 	Value []byte
 	Flags uint8
 }
 func parseEa(b []byte) (ea extendedAttribute, nb []byte, err error) {
 	var info fileFullEaInformation
 	err = binary.Read(bytes.NewReader(b), binary.LittleEndian, &info)
 	if err != nil {
 		err = errInvalidEaBuffer
 		return ea, nb, err
 	}
 	nameOffset := fileFullEaInformationSize
 	nameLen := int(info.NameLength)
 	valueOffset := nameOffset + int(info.NameLength) + 1
 	valueLen := int(info.ValueLength)
 	nextOffset := int(info.NextEntryOffset)
 	if valueLen+valueOffset > len(b) || nextOffset < 0 || nextOffset > len(b) {
 		err = errInvalidEaBuffer
 		return ea, nb, err
 	}
 	ea.Name = string(b[nameOffset : nameOffset+nameLen])
 	ea.Value = b[valueOffset : valueOffset+valueLen]
 	ea.Flags = info.Flags
 	if info.NextEntryOffset != 0 {
 		nb = b[info.NextEntryOffset:]
 	}
 	return ea, nb, err
 }
 // decodeExtendedAttributes decodes a list of EAs from a FILE_FULL_EA_INFORMATION
 // buffer retrieved from BackupRead, ZwQueryEaFile, etc.
 func decodeExtendedAttributes(b []byte) (eas []extendedAttribute, err error) {
 	for len(b) != 0 {
 		ea, nb, err := parseEa(b)
 		if err != nil {
 			return nil, err
 		}
 		eas = append(eas, ea)
 		b = nb
 	}
 	return eas, err
 }
 func writeEa(buf *bytes.Buffer, ea *extendedAttribute, last bool) error {
 	if int(uint8(len(ea.Name))) != len(ea.Name) {
 		return errEaNameTooLarge
 	}
 	if int(uint16(len(ea.Value))) != len(ea.Value) {
 		return errEaValueTooLarge
 	}
 	entrySize := uint32(fileFullEaInformationSize + len(ea.Name) + 1 + len(ea.Value))
 	withPadding := (entrySize + 3) &^ 3
 	nextOffset := uint32(0)
 	if !last {
 		nextOffset = withPadding
 	}
 	info := fileFullEaInformation{
 		NextEntryOffset: nextOffset,
 		Flags:           ea.Flags,
 		NameLength:      uint8(len(ea.Name)),
 		ValueLength:     uint16(len(ea.Value)),
 	}
 	err := binary.Write(buf, binary.LittleEndian, &info)
 	if err != nil {
 		return err
 	}
 	_, err = buf.Write([]byte(ea.Name))
 	if err != nil {
 		return err
 	}
 	err = buf.WriteByte(0)
 	if err != nil {
 		return err
 	}
 	_, err = buf.Write(ea.Value)
 	if err != nil {
 		return err
 	}
 	_, err = buf.Write([]byte{0, 0, 0}[0 : withPadding-entrySize])
 	if err != nil {
 		return err
 	}
 	return nil
 }
 // encodeExtendedAttributes encodes a list of EAs into a FILE_FULL_EA_INFORMATION
 // buffer for use with BackupWrite, ZwSetEaFile, etc.
 func encodeExtendedAttributes(eas []extendedAttribute) ([]byte, error) {
 	var buf bytes.Buffer
 	for i := range eas {
 		last := false
 		if i == len(eas)-1 {
 			last = true
 		}
 		err := writeEa(&buf, &eas[i], last)
 		if err != nil {
 			return nil, err
 		}
 	}
 	return buf.Bytes(), nil
 }
 // The code below was copied over from https://github.com/microsoft/go-winio/blob/main/pipe.go under MIT license.
 type ntStatus int32
 func (status ntStatus) Err() error {
--- a/internal/fs/sd_windows.go
+++ b/internal/fs/sd_windows.go
@ -1,15 +1,13 @@
 package fs
 import (
 	"bytes"
 	"encoding/binary"
 	"fmt"
 	"sync"
 	"sync/atomic"
 	"syscall"
 	"unicode/utf16"
 	"unsafe"
 	"github.com/Microsoft/go-winio"
 	"github.com/restic/restic/internal/debug"
 	"github.com/restic/restic/internal/errors"
 	"golang.org/x/sys/windows"
@ -161,6 +159,10 @@ func setNamedSecurityInfoLow(filePath string, dacl *windows.ACL) error {
 	return windows.SetNamedSecurityInfo(fixpath(filePath), windows.SE_FILE_OBJECT, lowRestoreSecurityFlags, nil, nil, dacl, nil)
 }
 func enableProcessPrivileges(privileges []string) error {
 	return winio.EnableProcessPrivileges(privileges)
 }
 // enableBackupPrivilege enables privilege for backing up security descriptors
 func enableBackupPrivilege() {
 	err := enableProcessPrivileges([]string{seBackupPrivilege})
@ -212,251 +214,3 @@ func securityDescriptorStructToBytes(sd *windows.SECURITY_DESCRIPTOR) ([]byte, e
 	b := unsafe.Slice((*byte)(unsafe.Pointer(sd)), sd.Length())
 	return b, nil
 }
 // The code below was adapted from
 // https://github.com/microsoft/go-winio/blob/3c9576c9346a1892dee136329e7e15309e82fb4f/privilege.go
 // under MIT license.
 // The MIT License (MIT)
 // Copyright (c) 2015 Microsoft
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
 // in the Software without restriction, including without limitation the rights
 // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 // copies of the Software, and to permit persons to whom the Software is
 // furnished to do so, subject to the following conditions:
 // The above copyright notice and this permission notice shall be included in all
 // copies or substantial portions of the Software.
 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 // SOFTWARE.
 var (
 	modadvapi32 = windows.NewLazySystemDLL("advapi32.dll")
 	procLookupPrivilegeValueW       = modadvapi32.NewProc("LookupPrivilegeValueW")
 	procAdjustTokenPrivileges       = modadvapi32.NewProc("AdjustTokenPrivileges")
 	procLookupPrivilegeDisplayNameW = modadvapi32.NewProc("LookupPrivilegeDisplayNameW")
 	procLookupPrivilegeNameW        = modadvapi32.NewProc("LookupPrivilegeNameW")
 )
 // Do the interface allocations only once for common
 // Errno values.
 const (
 	errnoErrorIOPending = 997
 	//revive:disable-next-line:var-naming ALL_CAPS
 	SE_PRIVILEGE_ENABLED = windows.SE_PRIVILEGE_ENABLED
 	//revive:disable-next-line:var-naming ALL_CAPS
 	ERROR_NOT_ALL_ASSIGNED windows.Errno = windows.ERROR_NOT_ALL_ASSIGNED
 )
 var (
 	errErrorIOPending error = syscall.Errno(errnoErrorIOPending)
 	errErrorEinval    error = syscall.EINVAL
 	privNames     = make(map[string]uint64)
 	privNameMutex sync.Mutex
 )
 // privilegeError represents an error enabling privileges.
 type privilegeError struct {
 	privileges []uint64
 }
 // Error returns the string message for the error.
 func (e *privilegeError) Error() string {
 	s := "Could not enable privilege "
 	if len(e.privileges) > 1 {
 		s = "Could not enable privileges "
 	}
 	for i, p := range e.privileges {
 		if i != 0 {
 			s += ", "
 		}
 		s += `"`
 		s += getPrivilegeName(p)
 		s += `"`
 	}
 	return s
 }
 func mapPrivileges(names []string) ([]uint64, error) {
 	privileges := make([]uint64, 0, len(names))
 	privNameMutex.Lock()
 	defer privNameMutex.Unlock()
 	for _, name := range names {
 		p, ok := privNames[name]
 		if !ok {
 			err := lookupPrivilegeValue("", name, &p)
 			if err != nil {
 				return nil, err
 			}
 			privNames[name] = p
 		}
 		privileges = append(privileges, p)
 	}
 	return privileges, nil
 }
 // enableProcessPrivileges enables privileges globally for the process.
 func enableProcessPrivileges(names []string) error {
 	return enableDisableProcessPrivilege(names, SE_PRIVILEGE_ENABLED)
 }
 func enableDisableProcessPrivilege(names []string, action uint32) error {
 	privileges, err := mapPrivileges(names)
 	if err != nil {
 		return err
 	}
 	p := windows.CurrentProcess()
 	var token windows.Token
 	err = windows.OpenProcessToken(p, windows.TOKEN_ADJUST_PRIVILEGES|windows.TOKEN_QUERY, &token)
 	if err != nil {
 		return err
 	}
 	defer func() {
 		_ = token.Close()
 	}()
 	return adjustPrivileges(token, privileges, action)
 }
 func adjustPrivileges(token windows.Token, privileges []uint64, action uint32) error {
 	var b bytes.Buffer
 	_ = binary.Write(&b, binary.LittleEndian, uint32(len(privileges)))
 	for _, p := range privileges {
 		_ = binary.Write(&b, binary.LittleEndian, p)
 		_ = binary.Write(&b, binary.LittleEndian, action)
 	}
 	prevState := make([]byte, b.Len())
 	reqSize := uint32(0)
 	success, err := adjustTokenPrivileges(token, false, &b.Bytes()[0], uint32(len(prevState)), &prevState[0], &reqSize)
 	if !success {
 		return err
 	}
 	if err == ERROR_NOT_ALL_ASSIGNED { //nolint:errorlint // err is Errno
 		debug.Log("Not all requested privileges were fully set: %v. AdjustTokenPrivileges returned warning: %v", privileges, err)
 	}
 	return nil
 }
 func getPrivilegeName(luid uint64) string {
 	var nameBuffer [256]uint16
 	bufSize := uint32(len(nameBuffer))
 	err := lookupPrivilegeName("", &luid, &nameBuffer[0], &bufSize)
 	if err != nil {
 		return fmt.Sprintf("<unknown privilege %d>", luid)
 	}
 	var displayNameBuffer [256]uint16
 	displayBufSize := uint32(len(displayNameBuffer))
 	var langID uint32
 	err = lookupPrivilegeDisplayName("", &nameBuffer[0], &displayNameBuffer[0], &displayBufSize, &langID)
 	if err != nil {
 		return fmt.Sprintf("<unknown privilege %s>", string(utf16.Decode(nameBuffer[:bufSize])))
 	}
 	return string(utf16.Decode(displayNameBuffer[:displayBufSize]))
 }
 // The functions below are copied over from https://github.com/microsoft/go-winio/blob/main/zsyscall_windows.go under MIT license.
 // This windows api always returns an error even in case of success, warnings (partial success) and error cases.
 //
 // Full success - When we call this with admin permissions, it returns DNS_ERROR_RCODE_NO_ERROR (0).
 // This gets translated to errErrorEinval and ultimately in adjustTokenPrivileges, it gets ignored.
 //
 // Partial success - If we call this api without admin privileges, privileges related to SACLs do not get set and
 // though the api returns success, it returns an error - golang.org/x/sys/windows.ERROR_NOT_ALL_ASSIGNED (1300)
 func adjustTokenPrivileges(token windows.Token, releaseAll bool, input *byte, outputSize uint32, output *byte, requiredSize *uint32) (success bool, err error) {
 	var _p0 uint32
 	if releaseAll {
 		_p0 = 1
 	}
 	r0, _, e1 := syscall.SyscallN(procAdjustTokenPrivileges.Addr(), uintptr(token), uintptr(_p0), uintptr(unsafe.Pointer(input)), uintptr(outputSize), uintptr(unsafe.Pointer(output)), uintptr(unsafe.Pointer(requiredSize)))
 	success = r0 != 0
 	if true {
 		err = errnoErr(e1)
 	}
 	return
 }
 func lookupPrivilegeDisplayName(systemName string, name *uint16, buffer *uint16, size *uint32, languageID *uint32) (err error) {
 	var _p0 *uint16
 	_p0, err = syscall.UTF16PtrFromString(systemName)
 	if err != nil {
 		return
 	}
 	return _lookupPrivilegeDisplayName(_p0, name, buffer, size, languageID)
 }
 func _lookupPrivilegeDisplayName(systemName *uint16, name *uint16, buffer *uint16, size *uint32, languageID *uint32) (err error) {
 	r1, _, e1 := syscall.SyscallN(procLookupPrivilegeDisplayNameW.Addr(), uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(buffer)), uintptr(unsafe.Pointer(size)), uintptr(unsafe.Pointer(languageID)))
 	if r1 == 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 func lookupPrivilegeName(systemName string, luid *uint64, buffer *uint16, size *uint32) (err error) {
 	var _p0 *uint16
 	_p0, err = syscall.UTF16PtrFromString(systemName)
 	if err != nil {
 		return
 	}
 	return _lookupPrivilegeName(_p0, luid, buffer, size)
 }
 func _lookupPrivilegeName(systemName *uint16, luid *uint64, buffer *uint16, size *uint32) (err error) {
 	r1, _, e1 := syscall.SyscallN(procLookupPrivilegeNameW.Addr(), uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(luid)), uintptr(unsafe.Pointer(buffer)), uintptr(unsafe.Pointer(size)))
 	if r1 == 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 func lookupPrivilegeValue(systemName string, name string, luid *uint64) (err error) {
 	var _p0 *uint16
 	_p0, err = syscall.UTF16PtrFromString(systemName)
 	if err != nil {
 		return
 	}
 	var _p1 *uint16
 	_p1, err = syscall.UTF16PtrFromString(name)
 	if err != nil {
 		return
 	}
 	return _lookupPrivilegeValue(_p0, _p1, luid)
 }
 func _lookupPrivilegeValue(systemName *uint16, name *uint16, luid *uint64) (err error) {
 	r1, _, e1 := syscall.SyscallN(procLookupPrivilegeValueW.Addr(), uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(luid)))
 	if r1 == 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 // The code below was copied from https://github.com/microsoft/go-winio/blob/main/tools/mkwinsyscall/mkwinsyscall.go under MIT license.
 // errnoErr returns common boxed Errno values, to prevent
 // allocations at runtime.
 func errnoErr(e syscall.Errno) error {
 	switch e {
 	case 0:
 		return errErrorEinval
 	case errnoErrorIOPending:
 		return errErrorIOPending
 	}
 	return e
 }