dotcloud/docker

View on GitHub
pkg/system/filesys_windows.go

Summary

Maintainability
A
45 mins
Test Coverage
package system // import "github.com/docker/docker/pkg/system"

import (
    "os"
    "regexp"
    "syscall"
    "unsafe"

    "golang.org/x/sys/windows"
)

// SddlAdministratorsLocalSystem is local administrators plus NT AUTHORITY\System.
const SddlAdministratorsLocalSystem = "D:P(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)"

// volumePath is a regular expression to check if a path is a Windows
// volume path (e.g., "\\?\Volume{4c1b02c1-d990-11dc-99ae-806e6f6e6963}"
// or "\\?\Volume{4c1b02c1-d990-11dc-99ae-806e6f6e6963}\").
var volumePath = regexp.MustCompile(`^\\\\\?\\Volume{[a-z0-9-]+}\\?$`)

// MkdirAllWithACL is a custom version of os.MkdirAll modified for use on Windows
// so that it is both volume path aware, and can create a directory with
// an appropriate SDDL defined ACL.
func MkdirAllWithACL(path string, _ os.FileMode, sddl string) error {
    sa, err := makeSecurityAttributes(sddl)
    if err != nil {
        return &os.PathError{Op: "mkdirall", Path: path, Err: err}
    }
    return mkdirall(path, sa)
}

// MkdirAll is a custom version of os.MkdirAll that is volume path aware for
// Windows. It can be used as a drop-in replacement for os.MkdirAll.
func MkdirAll(path string, _ os.FileMode) error {
    return mkdirall(path, nil)
}

// mkdirall is a custom version of os.MkdirAll modified for use on Windows
// so that it is both volume path aware, and can create a directory with
// a DACL.
func mkdirall(path string, perm *windows.SecurityAttributes) error {
    if volumePath.MatchString(path) {
        return nil
    }

    // The rest of this method is largely copied from os.MkdirAll and should be kept
    // as-is to ensure compatibility.

    // Fast path: if we can tell whether path is a directory or file, stop with success or error.
    dir, err := os.Stat(path)
    if err == nil {
        if dir.IsDir() {
            return nil
        }
        return &os.PathError{Op: "mkdir", Path: path, Err: syscall.ENOTDIR}
    }

    // Slow path: make sure parent exists and then call Mkdir for path.
    i := len(path)
    for i > 0 && os.IsPathSeparator(path[i-1]) { // Skip trailing path separator.
        i--
    }

    j := i
    for j > 0 && !os.IsPathSeparator(path[j-1]) { // Scan backward over element.
        j--
    }

    if j > 1 {
        // Create parent.
        err = mkdirall(fixRootDirectory(path[:j-1]), perm)
        if err != nil {
            return err
        }
    }

    // Parent now exists; invoke Mkdir and use its result.
    err = mkdirWithACL(path, perm)
    if err != nil {
        // Handle arguments like "foo/." by
        // double-checking that directory doesn't exist.
        dir, err1 := os.Lstat(path)
        if err1 == nil && dir.IsDir() {
            return nil
        }
        return err
    }
    return nil
}

// mkdirWithACL creates a new directory. If there is an error, it will be of
// type *PathError. .
//
// This is a modified and combined version of os.Mkdir and windows.Mkdir
// in golang to cater for creating a directory am ACL permitting full
// access, with inheritance, to any subfolder/file for Built-in Administrators
// and Local System.
func mkdirWithACL(name string, sa *windows.SecurityAttributes) error {
    if sa == nil {
        return os.Mkdir(name, 0)
    }

    namep, err := windows.UTF16PtrFromString(name)
    if err != nil {
        return &os.PathError{Op: "mkdir", Path: name, Err: err}
    }

    err = windows.CreateDirectory(namep, sa)
    if err != nil {
        return &os.PathError{Op: "mkdir", Path: name, Err: err}
    }
    return nil
}

// fixRootDirectory fixes a reference to a drive's root directory to
// have the required trailing slash.
func fixRootDirectory(p string) string {
    if len(p) == len(`\\?\c:`) {
        if os.IsPathSeparator(p[0]) && os.IsPathSeparator(p[1]) && p[2] == '?' && os.IsPathSeparator(p[3]) && p[5] == ':' {
            return p + `\`
        }
    }
    return p
}

func makeSecurityAttributes(sddl string) (*windows.SecurityAttributes, error) {
    var sa windows.SecurityAttributes
    sa.Length = uint32(unsafe.Sizeof(sa))
    sa.InheritHandle = 1
    var err error
    sa.SecurityDescriptor, err = windows.SecurityDescriptorFromString(sddl)
    if err != nil {
        return nil, err
    }
    return &sa, nil
}