mirror of
https://gitea.com/Lydanne/buildx.git
synced 2025-07-18 17:28:04 +08:00
config: fix file/folder ownership
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
This commit is contained in:
CrazyMax
103
vendor/github.com/tonistiigi/fsutil/copy/mkdir_windows.go
generated
vendored
Normal file
103
vendor/github.com/tonistiigi/fsutil/copy/mkdir_windows.go
generated
vendored
Normal file
@@ -0,0 +1,103 @@
|
||||
//go:build windows
|
||||
// +build windows
|
||||
|
||||
package fs
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"syscall"
|
||||
"time"
|
||||
|
||||
"github.com/Microsoft/go-winio"
|
||||
"github.com/pkg/errors"
|
||||
"golang.org/x/sys/windows"
|
||||
)
|
||||
|
||||
const (
|
||||
containerAdministratorSidString = "S-1-5-93-2-1"
|
||||
)
|
||||
|
||||
func fixRootDirectory(p string) string {
|
||||
if len(p) == len(`\\?\c:`) {
|
||||
if os.IsPathSeparator(p[0]) && os.IsPathSeparator(p[1]) && p[2] == '?' && os.IsPathSeparator(p[3]) && p[5] == ':' {
|
||||
return p + `\`
|
||||
}
|
||||
}
|
||||
return p
|
||||
}
|
||||
|
||||
func Utimes(p string, tm *time.Time) error {
|
||||
info, err := os.Lstat(p)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "fetching file info")
|
||||
}
|
||||
if tm != nil && info.Mode()&os.ModeSymlink == 0 {
|
||||
if err := os.Chtimes(p, *tm, *tm); err != nil {
|
||||
return errors.Wrap(err, "changing times")
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func Chown(p string, old *User, fn Chowner) error {
|
||||
if fn == nil {
|
||||
return nil
|
||||
}
|
||||
user, err := fn(old)
|
||||
if err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
var userSIDstring string
|
||||
if user != nil && user.SID != "" {
|
||||
userSIDstring = user.SID
|
||||
}
|
||||
if userSIDstring == "" {
|
||||
userSIDstring = containerAdministratorSidString
|
||||
|
||||
}
|
||||
|
||||
sidPtr, err := syscall.UTF16PtrFromString(userSIDstring)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "converting to utf16 ptr")
|
||||
}
|
||||
var userSID *windows.SID
|
||||
if err := windows.ConvertStringSidToSid(sidPtr, &userSID); err != nil {
|
||||
return errors.Wrap(err, "converting to windows SID")
|
||||
}
|
||||
var dacl *windows.ACL
|
||||
newEntries := []windows.EXPLICIT_ACCESS{
|
||||
{
|
||||
AccessPermissions: windows.GENERIC_ALL,
|
||||
AccessMode: windows.GRANT_ACCESS,
|
||||
Inheritance: windows.SUB_CONTAINERS_AND_OBJECTS_INHERIT,
|
||||
Trustee: windows.TRUSTEE{
|
||||
TrusteeForm: windows.TRUSTEE_IS_SID,
|
||||
TrusteeValue: windows.TrusteeValueFromSID(userSID),
|
||||
},
|
||||
},
|
||||
}
|
||||
newAcl, err := windows.ACLFromEntries(newEntries, dacl)
|
||||
if err != nil {
|
||||
return fmt.Errorf("adding acls: %w", err)
|
||||
}
|
||||
|
||||
// Copy file ownership and ACL
|
||||
// We need SeRestorePrivilege and SeTakeOwnershipPrivilege in order
|
||||
// to restore security info on a file, especially if we're trying to
|
||||
// apply security info which includes SIDs not necessarily present on
|
||||
// the host.
|
||||
privileges := []string{winio.SeRestorePrivilege, seTakeOwnershipPrivilege}
|
||||
err = winio.RunWithPrivileges(privileges, func() error {
|
||||
if err := windows.SetNamedSecurityInfo(
|
||||
p, windows.SE_FILE_OBJECT,
|
||||
windows.OWNER_SECURITY_INFORMATION|windows.DACL_SECURITY_INFORMATION,
|
||||
userSID, nil, newAcl, nil); err != nil {
|
||||
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
})
|
||||
|
||||
return err
|
||||
}
|
||||
Reference in New Issue
Block a user