mirror of
https://github.com/go-gitea/gitea
synced 2025-07-22 18:28:37 +00:00
techknowlogick
committed by
Lunny Xiao
Lunny Xiao
parent
b209531959
commit
33ad554800
235
vendor/golang.org/x/sys/windows/security_windows.go
generated
vendored
235
vendor/golang.org/x/sys/windows/security_windows.go
generated
vendored
@@ -170,15 +170,20 @@ const (
|
||||
//sys CopySid(destSidLen uint32, destSid *SID, srcSid *SID) (err error) = advapi32.CopySid
|
||||
//sys AllocateAndInitializeSid(identAuth *SidIdentifierAuthority, subAuth byte, subAuth0 uint32, subAuth1 uint32, subAuth2 uint32, subAuth3 uint32, subAuth4 uint32, subAuth5 uint32, subAuth6 uint32, subAuth7 uint32, sid **SID) (err error) = advapi32.AllocateAndInitializeSid
|
||||
//sys createWellKnownSid(sidType WELL_KNOWN_SID_TYPE, domainSid *SID, sid *SID, sizeSid *uint32) (err error) = advapi32.CreateWellKnownSid
|
||||
//sys isWellKnownSid(sid *SID, sidType WELL_KNOWN_SID_TYPE) (isWellKnown bool) = advapi32.IsWellKnownSid
|
||||
//sys FreeSid(sid *SID) (err error) [failretval!=0] = advapi32.FreeSid
|
||||
//sys EqualSid(sid1 *SID, sid2 *SID) (isEqual bool) = advapi32.EqualSid
|
||||
//sys getSidIdentifierAuthority(sid *SID) (authority *SidIdentifierAuthority) = advapi32.GetSidIdentifierAuthority
|
||||
//sys getSidSubAuthorityCount(sid *SID) (count *uint8) = advapi32.GetSidSubAuthorityCount
|
||||
//sys getSidSubAuthority(sid *SID, index uint32) (subAuthority *uint32) = advapi32.GetSidSubAuthority
|
||||
//sys isValidSid(sid *SID) (isValid bool) = advapi32.IsValidSid
|
||||
|
||||
// The security identifier (SID) structure is a variable-length
|
||||
// structure used to uniquely identify users or groups.
|
||||
type SID struct{}
|
||||
|
||||
// StringToSid converts a string-format security identifier
|
||||
// sid into a valid, functional sid.
|
||||
// SID into a valid, functional SID.
|
||||
func StringToSid(s string) (*SID, error) {
|
||||
var sid *SID
|
||||
p, e := UTF16PtrFromString(s)
|
||||
@@ -193,7 +198,7 @@ func StringToSid(s string) (*SID, error) {
|
||||
return sid.Copy()
|
||||
}
|
||||
|
||||
// LookupSID retrieves a security identifier sid for the account
|
||||
// LookupSID retrieves a security identifier SID for the account
|
||||
// and the name of the domain on which the account was found.
|
||||
// System specify target computer to search.
|
||||
func LookupSID(system, account string) (sid *SID, domain string, accType uint32, err error) {
|
||||
@@ -230,7 +235,7 @@ func LookupSID(system, account string) (sid *SID, domain string, accType uint32,
|
||||
}
|
||||
}
|
||||
|
||||
// String converts sid to a string format
|
||||
// String converts SID to a string format
|
||||
// suitable for display, storage, or transmission.
|
||||
func (sid *SID) String() (string, error) {
|
||||
var s *uint16
|
||||
@@ -242,12 +247,12 @@ func (sid *SID) String() (string, error) {
|
||||
return UTF16ToString((*[256]uint16)(unsafe.Pointer(s))[:]), nil
|
||||
}
|
||||
|
||||
// Len returns the length, in bytes, of a valid security identifier sid.
|
||||
// Len returns the length, in bytes, of a valid security identifier SID.
|
||||
func (sid *SID) Len() int {
|
||||
return int(GetLengthSid(sid))
|
||||
}
|
||||
|
||||
// Copy creates a duplicate of security identifier sid.
|
||||
// Copy creates a duplicate of security identifier SID.
|
||||
func (sid *SID) Copy() (*SID, error) {
|
||||
b := make([]byte, sid.Len())
|
||||
sid2 := (*SID)(unsafe.Pointer(&b[0]))
|
||||
@@ -258,8 +263,42 @@ func (sid *SID) Copy() (*SID, error) {
|
||||
return sid2, nil
|
||||
}
|
||||
|
||||
// LookupAccount retrieves the name of the account for this sid
|
||||
// and the name of the first domain on which this sid is found.
|
||||
// IdentifierAuthority returns the identifier authority of the SID.
|
||||
func (sid *SID) IdentifierAuthority() SidIdentifierAuthority {
|
||||
return *getSidIdentifierAuthority(sid)
|
||||
}
|
||||
|
||||
// SubAuthorityCount returns the number of sub-authorities in the SID.
|
||||
func (sid *SID) SubAuthorityCount() uint8 {
|
||||
return *getSidSubAuthorityCount(sid)
|
||||
}
|
||||
|
||||
// SubAuthority returns the sub-authority of the SID as specified by
|
||||
// the index, which must be less than sid.SubAuthorityCount().
|
||||
func (sid *SID) SubAuthority(idx uint32) uint32 {
|
||||
if idx >= uint32(sid.SubAuthorityCount()) {
|
||||
panic("sub-authority index out of range")
|
||||
}
|
||||
return *getSidSubAuthority(sid, idx)
|
||||
}
|
||||
|
||||
// IsValid returns whether the SID has a valid revision and length.
|
||||
func (sid *SID) IsValid() bool {
|
||||
return isValidSid(sid)
|
||||
}
|
||||
|
||||
// Equals compares two SIDs for equality.
|
||||
func (sid *SID) Equals(sid2 *SID) bool {
|
||||
return EqualSid(sid, sid2)
|
||||
}
|
||||
|
||||
// IsWellKnown determines whether the SID matches the well-known sidType.
|
||||
func (sid *SID) IsWellKnown(sidType WELL_KNOWN_SID_TYPE) bool {
|
||||
return isWellKnownSid(sid, sidType)
|
||||
}
|
||||
|
||||
// LookupAccount retrieves the name of the account for this SID
|
||||
// and the name of the first domain on which this SID is found.
|
||||
// System specify target computer to search for.
|
||||
func (sid *SID) LookupAccount(system string) (account, domain string, accType uint32, err error) {
|
||||
var sys *uint16
|
||||
@@ -287,7 +326,7 @@ func (sid *SID) LookupAccount(system string) (account, domain string, accType ui
|
||||
}
|
||||
}
|
||||
|
||||
// Various types of pre-specified sids that can be synthesized at runtime.
|
||||
// Various types of pre-specified SIDs that can be synthesized and compared at runtime.
|
||||
type WELL_KNOWN_SID_TYPE uint32
|
||||
|
||||
const (
|
||||
@@ -413,13 +452,13 @@ const (
|
||||
WinBuiltinDeviceOwnersSid = 119
|
||||
)
|
||||
|
||||
// Creates a sid for a well-known predefined alias, generally using the constants of the form
|
||||
// Creates a SID for a well-known predefined alias, generally using the constants of the form
|
||||
// Win*Sid, for the local machine.
|
||||
func CreateWellKnownSid(sidType WELL_KNOWN_SID_TYPE) (*SID, error) {
|
||||
return CreateWellKnownDomainSid(sidType, nil)
|
||||
}
|
||||
|
||||
// Creates a sid for a well-known predefined alias, generally using the constants of the form
|
||||
// Creates a SID for a well-known predefined alias, generally using the constants of the form
|
||||
// Win*Sid, for the domain specified by the domainSid parameter.
|
||||
func CreateWellKnownDomainSid(sidType WELL_KNOWN_SID_TYPE, domainSid *SID) (*SID, error) {
|
||||
n := uint32(50)
|
||||
@@ -502,6 +541,53 @@ const (
|
||||
MaxTokenInfoClass
|
||||
)
|
||||
|
||||
// Group attributes inside of Tokengroups.Groups[i].Attributes
|
||||
const (
|
||||
SE_GROUP_MANDATORY = 0x00000001
|
||||
SE_GROUP_ENABLED_BY_DEFAULT = 0x00000002
|
||||
SE_GROUP_ENABLED = 0x00000004
|
||||
SE_GROUP_OWNER = 0x00000008
|
||||
SE_GROUP_USE_FOR_DENY_ONLY = 0x00000010
|
||||
SE_GROUP_INTEGRITY = 0x00000020
|
||||
SE_GROUP_INTEGRITY_ENABLED = 0x00000040
|
||||
SE_GROUP_LOGON_ID = 0xC0000000
|
||||
SE_GROUP_RESOURCE = 0x20000000
|
||||
SE_GROUP_VALID_ATTRIBUTES = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED | SE_GROUP_OWNER | SE_GROUP_USE_FOR_DENY_ONLY | SE_GROUP_LOGON_ID | SE_GROUP_RESOURCE | SE_GROUP_INTEGRITY | SE_GROUP_INTEGRITY_ENABLED
|
||||
)
|
||||
|
||||
// Privilege attributes
|
||||
const (
|
||||
SE_PRIVILEGE_ENABLED_BY_DEFAULT = 0x00000001
|
||||
SE_PRIVILEGE_ENABLED = 0x00000002
|
||||
SE_PRIVILEGE_REMOVED = 0x00000004
|
||||
SE_PRIVILEGE_USED_FOR_ACCESS = 0x80000000
|
||||
SE_PRIVILEGE_VALID_ATTRIBUTES = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_REMOVED | SE_PRIVILEGE_USED_FOR_ACCESS
|
||||
)
|
||||
|
||||
// Token types
|
||||
const (
|
||||
TokenPrimary = 1
|
||||
TokenImpersonation = 2
|
||||
)
|
||||
|
||||
// Impersonation levels
|
||||
const (
|
||||
SecurityAnonymous = 0
|
||||
SecurityIdentification = 1
|
||||
SecurityImpersonation = 2
|
||||
SecurityDelegation = 3
|
||||
)
|
||||
|
||||
type LUID struct {
|
||||
LowPart uint32
|
||||
HighPart int32
|
||||
}
|
||||
|
||||
type LUIDAndAttributes struct {
|
||||
Luid LUID
|
||||
Attributes uint32
|
||||
}
|
||||
|
||||
type SIDAndAttributes struct {
|
||||
Sid *SID
|
||||
Attributes uint32
|
||||
@@ -517,13 +603,45 @@ type Tokenprimarygroup struct {
|
||||
|
||||
type Tokengroups struct {
|
||||
GroupCount uint32
|
||||
Groups [1]SIDAndAttributes
|
||||
Groups [1]SIDAndAttributes // Use AllGroups() for iterating.
|
||||
}
|
||||
|
||||
// AllGroups returns a slice that can be used to iterate over the groups in g.
|
||||
func (g *Tokengroups) AllGroups() []SIDAndAttributes {
|
||||
return (*[(1 << 28) - 1]SIDAndAttributes)(unsafe.Pointer(&g.Groups[0]))[:g.GroupCount:g.GroupCount]
|
||||
}
|
||||
|
||||
type Tokenprivileges struct {
|
||||
PrivilegeCount uint32
|
||||
Privileges [1]LUIDAndAttributes // Use AllPrivileges() for iterating.
|
||||
}
|
||||
|
||||
// AllPrivileges returns a slice that can be used to iterate over the privileges in p.
|
||||
func (p *Tokenprivileges) AllPrivileges() []LUIDAndAttributes {
|
||||
return (*[(1 << 27) - 1]LUIDAndAttributes)(unsafe.Pointer(&p.Privileges[0]))[:p.PrivilegeCount:p.PrivilegeCount]
|
||||
}
|
||||
|
||||
type Tokenmandatorylabel struct {
|
||||
Label SIDAndAttributes
|
||||
}
|
||||
|
||||
func (tml *Tokenmandatorylabel) Size() uint32 {
|
||||
return uint32(unsafe.Sizeof(Tokenmandatorylabel{})) + GetLengthSid(tml.Label.Sid)
|
||||
}
|
||||
|
||||
// Authorization Functions
|
||||
//sys checkTokenMembership(tokenHandle Token, sidToCheck *SID, isMember *int32) (err error) = advapi32.CheckTokenMembership
|
||||
//sys OpenProcessToken(h Handle, access uint32, token *Token) (err error) = advapi32.OpenProcessToken
|
||||
//sys GetTokenInformation(t Token, infoClass uint32, info *byte, infoLen uint32, returnedLen *uint32) (err error) = advapi32.GetTokenInformation
|
||||
//sys checkTokenMembership(tokenHandle Token, sidToCheck *SID, isMember *int32) (err error) = advapi32.CheckTokenMembership
|
||||
//sys OpenProcessToken(process Handle, access uint32, token *Token) (err error) = advapi32.OpenProcessToken
|
||||
//sys OpenThreadToken(thread Handle, access uint32, openAsSelf bool, token *Token) (err error) = advapi32.OpenThreadToken
|
||||
//sys ImpersonateSelf(impersonationlevel uint32) (err error) = advapi32.ImpersonateSelf
|
||||
//sys RevertToSelf() (err error) = advapi32.RevertToSelf
|
||||
//sys SetThreadToken(thread *Handle, token Token) (err error) = advapi32.SetThreadToken
|
||||
//sys LookupPrivilegeValue(systemname *uint16, name *uint16, luid *LUID) (err error) = advapi32.LookupPrivilegeValueW
|
||||
//sys AdjustTokenPrivileges(token Token, disableAllPrivileges bool, newstate *Tokenprivileges, buflen uint32, prevstate *Tokenprivileges, returnlen *uint32) (err error) = advapi32.AdjustTokenPrivileges
|
||||
//sys AdjustTokenGroups(token Token, resetToDefault bool, newstate *Tokengroups, buflen uint32, prevstate *Tokengroups, returnlen *uint32) (err error) = advapi32.AdjustTokenGroups
|
||||
//sys GetTokenInformation(token Token, infoClass uint32, info *byte, infoLen uint32, returnedLen *uint32) (err error) = advapi32.GetTokenInformation
|
||||
//sys SetTokenInformation(token Token, infoClass uint32, info *byte, infoLen uint32) (err error) = advapi32.SetTokenInformation
|
||||
//sys DuplicateTokenEx(existingToken Token, desiredAccess uint32, tokenAttributes *SecurityAttributes, impersonationLevel uint32, tokenType uint32, newToken *Token) (err error) = advapi32.DuplicateTokenEx
|
||||
//sys GetUserProfileDirectory(t Token, dir *uint16, dirLen *uint32) (err error) = userenv.GetUserProfileDirectoryW
|
||||
//sys getSystemDirectory(dir *uint16, dirLen uint32) (len uint32, err error) = kernel32.GetSystemDirectoryW
|
||||
|
||||
@@ -537,7 +655,9 @@ type Tokengroups struct {
|
||||
type Token Handle
|
||||
|
||||
// OpenCurrentProcessToken opens the access token
|
||||
// associated with current process.
|
||||
// associated with current process. It is a real
|
||||
// token that needs to be closed, unlike
|
||||
// GetCurrentProcessToken.
|
||||
func OpenCurrentProcessToken() (Token, error) {
|
||||
p, e := GetCurrentProcess()
|
||||
if e != nil {
|
||||
@@ -551,6 +671,27 @@ func OpenCurrentProcessToken() (Token, error) {
|
||||
return t, nil
|
||||
}
|
||||
|
||||
// GetCurrentProcessToken returns the access token associated with
|
||||
// the current process. It is a pseudo token that does not need
|
||||
// to be closed.
|
||||
func GetCurrentProcessToken() Token {
|
||||
return Token(^uintptr(4 - 1))
|
||||
}
|
||||
|
||||
// GetCurrentThreadToken return the access token associated with
|
||||
// the current thread. It is a pseudo token that does not need
|
||||
// to be closed.
|
||||
func GetCurrentThreadToken() Token {
|
||||
return Token(^uintptr(5 - 1))
|
||||
}
|
||||
|
||||
// GetCurrentThreadEffectiveToken returns the effective access token
|
||||
// associated with the current thread. It is a pseudo token that does
|
||||
// not need to be closed.
|
||||
func GetCurrentThreadEffectiveToken() Token {
|
||||
return Token(^uintptr(6 - 1))
|
||||
}
|
||||
|
||||
// Close releases access to access token.
|
||||
func (t Token) Close() error {
|
||||
return CloseHandle(Handle(t))
|
||||
@@ -622,6 +763,28 @@ func (t Token) GetUserProfileDirectory() (string, error) {
|
||||
}
|
||||
}
|
||||
|
||||
// IsElevated returns whether the current token is elevated from a UAC perspective.
|
||||
func (token Token) IsElevated() bool {
|
||||
var isElevated uint32
|
||||
var outLen uint32
|
||||
err := GetTokenInformation(token, TokenElevation, (*byte)(unsafe.Pointer(&isElevated)), uint32(unsafe.Sizeof(isElevated)), &outLen)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
return outLen == uint32(unsafe.Sizeof(isElevated)) && isElevated != 0
|
||||
}
|
||||
|
||||
// GetLinkedToken returns the linked token, which may be an elevated UAC token.
|
||||
func (token Token) GetLinkedToken() (Token, error) {
|
||||
var linkedToken Token
|
||||
var outLen uint32
|
||||
err := GetTokenInformation(token, TokenLinkedToken, (*byte)(unsafe.Pointer(&linkedToken)), uint32(unsafe.Sizeof(linkedToken)), &outLen)
|
||||
if err != nil {
|
||||
return Token(0), err
|
||||
}
|
||||
return linkedToken, nil
|
||||
}
|
||||
|
||||
// GetSystemDirectory retrieves path to current location of the system
|
||||
// directory, which is typically, though not always, C:\Windows\System32.
|
||||
func GetSystemDirectory() (string, error) {
|
||||
@@ -647,3 +810,45 @@ func (t Token) IsMember(sid *SID) (bool, error) {
|
||||
}
|
||||
return b != 0, nil
|
||||
}
|
||||
|
||||
const (
|
||||
WTS_CONSOLE_CONNECT = 0x1
|
||||
WTS_CONSOLE_DISCONNECT = 0x2
|
||||
WTS_REMOTE_CONNECT = 0x3
|
||||
WTS_REMOTE_DISCONNECT = 0x4
|
||||
WTS_SESSION_LOGON = 0x5
|
||||
WTS_SESSION_LOGOFF = 0x6
|
||||
WTS_SESSION_LOCK = 0x7
|
||||
WTS_SESSION_UNLOCK = 0x8
|
||||
WTS_SESSION_REMOTE_CONTROL = 0x9
|
||||
WTS_SESSION_CREATE = 0xa
|
||||
WTS_SESSION_TERMINATE = 0xb
|
||||
)
|
||||
|
||||
const (
|
||||
WTSActive = 0
|
||||
WTSConnected = 1
|
||||
WTSConnectQuery = 2
|
||||
WTSShadow = 3
|
||||
WTSDisconnected = 4
|
||||
WTSIdle = 5
|
||||
WTSListen = 6
|
||||
WTSReset = 7
|
||||
WTSDown = 8
|
||||
WTSInit = 9
|
||||
)
|
||||
|
||||
type WTSSESSION_NOTIFICATION struct {
|
||||
Size uint32
|
||||
SessionID uint32
|
||||
}
|
||||
|
||||
type WTS_SESSION_INFO struct {
|
||||
SessionID uint32
|
||||
WindowStationName *uint16
|
||||
State uint32
|
||||
}
|
||||
|
||||
//sys WTSQueryUserToken(session uint32, token *Token) (err error) = wtsapi32.WTSQueryUserToken
|
||||
//sys WTSEnumerateSessions(handle Handle, reserved uint32, version uint32, sessions **WTS_SESSION_INFO, count *uint32) (err error) = wtsapi32.WTSEnumerateSessionsW
|
||||
//sys WTSFreeMemory(ptr uintptr) = wtsapi32.WTSFreeMemory
|
||||
|
||||
Reference in New Issue
Block a user