Add support for backup/restore of security descriptors

This commit is contained in:
Aneesh Nireshwalia 2024-02-24 13:25:28 -07:00
parent e3e59fef24
commit 70cf8e3788
No known key found for this signature in database
GPG Key ID: 6F5A52831C046F44
2 changed files with 21 additions and 4 deletions

View File

@ -48,13 +48,15 @@ const (
TypeCreationTime GenericAttributeType = "windows.creation_time" TypeCreationTime GenericAttributeType = "windows.creation_time"
// TypeFileAttributes is the GenericAttributeType used for storing file attributes for windows files within the generic attributes map. // TypeFileAttributes is the GenericAttributeType used for storing file attributes for windows files within the generic attributes map.
TypeFileAttributes GenericAttributeType = "windows.file_attributes" TypeFileAttributes GenericAttributeType = "windows.file_attributes"
// TypeSecurityDescriptor is the GenericAttributeType used for storing security descriptors including owner, group, discretionary access control list (DACL), system access control list (SACL)) for windows files within the generic attributes map.
TypeSecurityDescriptor GenericAttributeType = "windows.security_descriptor"
// Generic Attributes for other OS types should be defined here. // Generic Attributes for other OS types should be defined here.
) )
// init is called when the package is initialized. Any new GenericAttributeTypes being created must be added here as well. // init is called when the package is initialized. Any new GenericAttributeTypes being created must be added here as well.
func init() { func init() {
storeGenericAttributeType(TypeCreationTime, TypeFileAttributes) storeGenericAttributeType(TypeCreationTime, TypeFileAttributes, TypeSecurityDescriptor)
} }
// genericAttributesForOS maintains a map of known genericAttributesForOS to the OSType // genericAttributesForOS maintains a map of known genericAttributesForOS to the OSType

View File

@ -23,6 +23,9 @@ type WindowsAttributes struct {
CreationTime *syscall.Filetime `generic:"creation_time"` CreationTime *syscall.Filetime `generic:"creation_time"`
// FileAttributes is used for storing file attributes for windows files. // FileAttributes is used for storing file attributes for windows files.
FileAttributes *uint32 `generic:"file_attributes"` FileAttributes *uint32 `generic:"file_attributes"`
// SecurityDescriptor is used for storing security descriptors which includes
// owner, group, discretionary access control list (DACL), system access control list (SACL))
SecurityDescriptor *[]byte `generic:"security_descriptor"`
} }
var ( var (
@ -114,7 +117,7 @@ func (s statT) mtim() syscall.Timespec {
func (s statT) ctim() syscall.Timespec { func (s statT) ctim() syscall.Timespec {
// Windows does not have the concept of a "change time" in the sense Unix uses it, so we're using the LastWriteTime here. // Windows does not have the concept of a "change time" in the sense Unix uses it, so we're using the LastWriteTime here.
return syscall.NsecToTimespec(s.LastWriteTime.Nanoseconds()) return s.mtim()
} }
// restoreGenericAttributes restores generic attributes for Windows // restoreGenericAttributes restores generic attributes for Windows
@ -137,6 +140,11 @@ func (node Node) restoreGenericAttributes(path string, warn func(msg string)) (e
errs = append(errs, fmt.Errorf("error restoring file attributes for: %s : %v", path, err)) errs = append(errs, fmt.Errorf("error restoring file attributes for: %s : %v", path, err))
} }
} }
if windowsAttributes.SecurityDescriptor != nil {
if err := fs.SetSecurityDescriptor(path, windowsAttributes.SecurityDescriptor); err != nil {
errs = append(errs, fmt.Errorf("error restoring security descriptor for: %s : %v", path, err))
}
}
HandleUnknownGenericAttributesFound(unknownAttribs, warn) HandleUnknownGenericAttributesFound(unknownAttribs, warn)
return errors.CombineErrors(errs...) return errors.CombineErrors(errs...)
@ -270,11 +278,18 @@ func (node *Node) fillGenericAttributes(path string, fi os.FileInfo, stat *statT
// Do not process file attributes and created time for windows directories like // Do not process file attributes and created time for windows directories like
// C:, D: // C:, D:
// Filepath.Clean(path) ends with '\' for Windows root drives only. // Filepath.Clean(path) ends with '\' for Windows root drives only.
var sd *[]byte
if node.Type == "file" || node.Type == "dir" {
if sd, err = fs.GetSecurityDescriptor(path); err != nil {
return true, err
}
}
// Add Windows attributes // Add Windows attributes
node.GenericAttributes, err = WindowsAttrsToGenericAttributes(WindowsAttributes{ node.GenericAttributes, err = WindowsAttrsToGenericAttributes(WindowsAttributes{
CreationTime: getCreationTime(fi, path), CreationTime: getCreationTime(fi, path),
FileAttributes: &stat.FileAttributes, FileAttributes: &stat.FileAttributes,
SecurityDescriptor: sd,
}) })
} }
return true, err return true, err