pkg/system/syscall_windows.go - third_party/github.com/docker/docker - Git at Google

 package system // import "github.com/docker/docker/pkg/system"

 import (
 	"fmt"
 	"syscall"
 	"unsafe"

 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/windows"
 )

 const (
 	OWNER_SECURITY_INFORMATION               = 0x00000001
 	GROUP_SECURITY_INFORMATION               = 0x00000002
 	DACL_SECURITY_INFORMATION                = 0x00000004
 	SACL_SECURITY_INFORMATION                = 0x00000008
 	LABEL_SECURITY_INFORMATION               = 0x00000010
 	ATTRIBUTE_SECURITY_INFORMATION           = 0x00000020
 	SCOPE_SECURITY_INFORMATION               = 0x00000040
 	PROCESS_TRUST_LABEL_SECURITY_INFORMATION = 0x00000080
 	ACCESS_FILTER_SECURITY_INFORMATION       = 0x00000100
 	BACKUP_SECURITY_INFORMATION              = 0x00010000
 	PROTECTED_DACL_SECURITY_INFORMATION      = 0x80000000
 	PROTECTED_SACL_SECURITY_INFORMATION      = 0x40000000
 	UNPROTECTED_DACL_SECURITY_INFORMATION    = 0x20000000
 	UNPROTECTED_SACL_SECURITY_INFORMATION    = 0x10000000
 )

 const (
 	SE_UNKNOWN_OBJECT_TYPE = iota
 	SE_FILE_OBJECT
 	SE_SERVICE
 	SE_PRINTER
 	SE_REGISTRY_KEY
 	SE_LMSHARE
 	SE_KERNEL_OBJECT
 	SE_WINDOW_OBJECT
 	SE_DS_OBJECT
 	SE_DS_OBJECT_ALL
 	SE_PROVIDER_DEFINED_OBJECT
 	SE_WMIGUID_OBJECT
 	SE_REGISTRY_WOW64_32KEY
 )

 const (
 	SeTakeOwnershipPrivilege = "SeTakeOwnershipPrivilege"
 )

 const (
 	ContainerAdministratorSidString = "S-1-5-93-2-1"
 	ContainerUserSidString          = "S-1-5-93-2-2"
 )

 var (
 	ntuserApiset                  = windows.NewLazyDLL("ext-ms-win-ntuser-window-l1-1-0")
 	modadvapi32                   = windows.NewLazySystemDLL("advapi32.dll")
 	procGetVersionExW             = modkernel32.NewProc("GetVersionExW")
 	procGetProductInfo            = modkernel32.NewProc("GetProductInfo")
 	procSetNamedSecurityInfo      = modadvapi32.NewProc("SetNamedSecurityInfoW")
 	procGetSecurityDescriptorDacl = modadvapi32.NewProc("GetSecurityDescriptorDacl")
 )

 // OSVersion is a wrapper for Windows version information
 // https://msdn.microsoft.com/en-us/library/windows/desktop/ms724439(v=vs.85).aspx
 type OSVersion struct {
 	Version      uint32
 	MajorVersion uint8
 	MinorVersion uint8
 	Build        uint16
 }

 // https://msdn.microsoft.com/en-us/library/windows/desktop/ms724833(v=vs.85).aspx
 type osVersionInfoEx struct {
 	OSVersionInfoSize uint32
 	MajorVersion      uint32
 	MinorVersion      uint32
 	BuildNumber       uint32
 	PlatformID        uint32
 	CSDVersion        [128]uint16
 	ServicePackMajor  uint16
 	ServicePackMinor  uint16
 	SuiteMask         uint16
 	ProductType       byte
 	Reserve           byte
 }

 // GetOSVersion gets the operating system version on Windows. Note that
 // docker.exe must be manifested to get the correct version information.
 func GetOSVersion() OSVersion {
 	var err error
 	osv := OSVersion{}
 	osv.Version, err = windows.GetVersion()
 	if err != nil {
 		// GetVersion never fails.
 		panic(err)
 	}
 	osv.MajorVersion = uint8(osv.Version & 0xFF)
 	osv.MinorVersion = uint8(osv.Version >> 8 & 0xFF)
 	osv.Build = uint16(osv.Version >> 16)
 	return osv
 }

 func (osv OSVersion) ToString() string {
 	return fmt.Sprintf("%d.%d.%d", osv.MajorVersion, osv.MinorVersion, osv.Build)
 }

 // IsWindowsClient returns true if the SKU is client
 // @engine maintainers - this function should not be removed or modified as it
 // is used to enforce licensing restrictions on Windows.
 func IsWindowsClient() bool {
 	osviex := &osVersionInfoEx{OSVersionInfoSize: 284}
 	r1, _, err := procGetVersionExW.Call(uintptr(unsafe.Pointer(osviex)))
 	if r1 == 0 {
 		logrus.Warnf("GetVersionExW failed - assuming server SKU: %v", err)
 		return false
 	}
 	const verNTWorkstation = 0x00000001
 	return osviex.ProductType == verNTWorkstation
 }

 // IsIoTCore returns true if the currently running image is based off of
 // Windows 10 IoT Core.
 // @engine maintainers - this function should not be removed or modified as it
 // is used to enforce licensing restrictions on Windows.
 func IsIoTCore() bool {
 	var returnedProductType uint32
 	r1, _, err := procGetProductInfo.Call(6, 1, 0, 0, uintptr(unsafe.Pointer(&returnedProductType)))
 	if r1 == 0 {
 		logrus.Warnf("GetProductInfo failed - assuming this is not IoT: %v", err)
 		return false
 	}
 	const productIoTUAP = 0x0000007B
 	const productIoTUAPCommercial = 0x00000083
 	return returnedProductType == productIoTUAP || returnedProductType == productIoTUAPCommercial
 }

 // Unmount is a platform-specific helper function to call
 // the unmount syscall. Not supported on Windows
 func Unmount(dest string) error {
 	return nil
 }

 // CommandLineToArgv wraps the Windows syscall to turn a commandline into an argument array.
 func CommandLineToArgv(commandLine string) ([]string, error) {
 	var argc int32

 	argsPtr, err := windows.UTF16PtrFromString(commandLine)
 	if err != nil {
 		return nil, err
 	}

 	argv, err := windows.CommandLineToArgv(argsPtr, &argc)
 	if err != nil {
 		return nil, err
 	}
 	defer windows.LocalFree(windows.Handle(uintptr(unsafe.Pointer(argv))))

 	newArgs := make([]string, argc)
 	for i, v := range (*argv)[:argc] {
 		newArgs[i] = string(windows.UTF16ToString((*v)[:]))
 	}

 	return newArgs, nil
 }

 // HasWin32KSupport determines whether containers that depend on win32k can
 // run on this machine. Win32k is the driver used to implement windowing.
 func HasWin32KSupport() bool {
 	// For now, check for ntuser API support on the host. In the future, a host
 	// may support win32k in containers even if the host does not support ntuser
 	// APIs.
 	return ntuserApiset.Load() == nil
 }

 func SetNamedSecurityInfo(objectName *uint16, objectType uint32, securityInformation uint32, sidOwner *windows.SID, sidGroup *windows.SID, dacl *byte, sacl *byte) (result error) {
 	r0, _, _ := syscall.Syscall9(procSetNamedSecurityInfo.Addr(), 7, uintptr(unsafe.Pointer(objectName)), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(sidOwner)), uintptr(unsafe.Pointer(sidGroup)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), 0, 0)
 	if r0 != 0 {
 		result = syscall.Errno(r0)
 	}
 	return
 }

 func GetSecurityDescriptorDacl(securityDescriptor *byte, daclPresent *uint32, dacl **byte, daclDefaulted *uint32) (result error) {
 	r1, _, e1 := syscall.Syscall6(procGetSecurityDescriptorDacl.Addr(), 4, uintptr(unsafe.Pointer(securityDescriptor)), uintptr(unsafe.Pointer(daclPresent)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(daclDefaulted)), 0, 0)
 	if r1 == 0 {
 		if e1 != 0 {
 			result = syscall.Errno(e1)
 		} else {
 			result = syscall.EINVAL
 		}
 	}
 	return
 }
	package system // import "github.com/docker/docker/pkg/system"

	import (
	"fmt"
	"syscall"
	"unsafe"

	"github.com/sirupsen/logrus"
	"golang.org/x/sys/windows"
	)

	const (
	OWNER_SECURITY_INFORMATION = 0x00000001
	GROUP_SECURITY_INFORMATION = 0x00000002
	DACL_SECURITY_INFORMATION = 0x00000004
	SACL_SECURITY_INFORMATION = 0x00000008
	LABEL_SECURITY_INFORMATION = 0x00000010
	ATTRIBUTE_SECURITY_INFORMATION = 0x00000020
	SCOPE_SECURITY_INFORMATION = 0x00000040
	PROCESS_TRUST_LABEL_SECURITY_INFORMATION = 0x00000080
	ACCESS_FILTER_SECURITY_INFORMATION = 0x00000100
	BACKUP_SECURITY_INFORMATION = 0x00010000
	PROTECTED_DACL_SECURITY_INFORMATION = 0x80000000
	PROTECTED_SACL_SECURITY_INFORMATION = 0x40000000
	UNPROTECTED_DACL_SECURITY_INFORMATION = 0x20000000
	UNPROTECTED_SACL_SECURITY_INFORMATION = 0x10000000
	)

	const (
	SE_UNKNOWN_OBJECT_TYPE = iota
	SE_FILE_OBJECT
	SE_SERVICE
	SE_PRINTER
	SE_REGISTRY_KEY
	SE_LMSHARE
	SE_KERNEL_OBJECT
	SE_WINDOW_OBJECT
	SE_DS_OBJECT
	SE_DS_OBJECT_ALL
	SE_PROVIDER_DEFINED_OBJECT
	SE_WMIGUID_OBJECT
	SE_REGISTRY_WOW64_32KEY
	)

	const (
	SeTakeOwnershipPrivilege = "SeTakeOwnershipPrivilege"
	)

	const (
	ContainerAdministratorSidString = "S-1-5-93-2-1"
	ContainerUserSidString = "S-1-5-93-2-2"
	)

	var (
	ntuserApiset = windows.NewLazyDLL("ext-ms-win-ntuser-window-l1-1-0")
	modadvapi32 = windows.NewLazySystemDLL("advapi32.dll")
	procGetVersionExW = modkernel32.NewProc("GetVersionExW")
	procGetProductInfo = modkernel32.NewProc("GetProductInfo")
	procSetNamedSecurityInfo = modadvapi32.NewProc("SetNamedSecurityInfoW")
	procGetSecurityDescriptorDacl = modadvapi32.NewProc("GetSecurityDescriptorDacl")
	)

	// OSVersion is a wrapper for Windows version information
	// https://msdn.microsoft.com/en-us/library/windows/desktop/ms724439(v=vs.85).aspx
	type OSVersion struct {
	Version uint32
	MajorVersion uint8
	MinorVersion uint8
	Build uint16
	}

	// https://msdn.microsoft.com/en-us/library/windows/desktop/ms724833(v=vs.85).aspx
	type osVersionInfoEx struct {
	OSVersionInfoSize uint32
	MajorVersion uint32
	MinorVersion uint32
	BuildNumber uint32
	PlatformID uint32
	CSDVersion [128]uint16
	ServicePackMajor uint16
	ServicePackMinor uint16
	SuiteMask uint16
	ProductType byte
	Reserve byte
	}

	// GetOSVersion gets the operating system version on Windows. Note that
	// docker.exe must be manifested to get the correct version information.
	func GetOSVersion() OSVersion {
	var err error
	osv := OSVersion{}
	osv.Version, err = windows.GetVersion()
	if err != nil {
	// GetVersion never fails.
	panic(err)
	}
	osv.MajorVersion = uint8(osv.Version & 0xFF)
	osv.MinorVersion = uint8(osv.Version >> 8 & 0xFF)
	osv.Build = uint16(osv.Version >> 16)
	return osv
	}

	func (osv OSVersion) ToString() string {
	return fmt.Sprintf("%d.%d.%d", osv.MajorVersion, osv.MinorVersion, osv.Build)
	}

	// IsWindowsClient returns true if the SKU is client
	// @engine maintainers - this function should not be removed or modified as it
	// is used to enforce licensing restrictions on Windows.
	func IsWindowsClient() bool {
	osviex := &osVersionInfoEx{OSVersionInfoSize: 284}
	r1, _, err := procGetVersionExW.Call(uintptr(unsafe.Pointer(osviex)))
	if r1 == 0 {
	logrus.Warnf("GetVersionExW failed - assuming server SKU: %v", err)
	return false
	}
	const verNTWorkstation = 0x00000001
	return osviex.ProductType == verNTWorkstation
	}

	// IsIoTCore returns true if the currently running image is based off of
	// Windows 10 IoT Core.
	// @engine maintainers - this function should not be removed or modified as it
	// is used to enforce licensing restrictions on Windows.
	func IsIoTCore() bool {
	var returnedProductType uint32
	r1, _, err := procGetProductInfo.Call(6, 1, 0, 0, uintptr(unsafe.Pointer(&returnedProductType)))
	if r1 == 0 {
	logrus.Warnf("GetProductInfo failed - assuming this is not IoT: %v", err)
	return false
	}
	const productIoTUAP = 0x0000007B
	const productIoTUAPCommercial = 0x00000083
	return returnedProductType == productIoTUAP \|\| returnedProductType == productIoTUAPCommercial
	}

	// Unmount is a platform-specific helper function to call
	// the unmount syscall. Not supported on Windows
	func Unmount(dest string) error {
	return nil
	}

	// CommandLineToArgv wraps the Windows syscall to turn a commandline into an argument array.
	func CommandLineToArgv(commandLine string) ([]string, error) {
	var argc int32

	argsPtr, err := windows.UTF16PtrFromString(commandLine)
	if err != nil {
	return nil, err
	}

	argv, err := windows.CommandLineToArgv(argsPtr, &argc)
	if err != nil {
	return nil, err
	}
	defer windows.LocalFree(windows.Handle(uintptr(unsafe.Pointer(argv))))

	newArgs := make([]string, argc)
	for i, v := range (*argv)[:argc] {
	newArgs[i] = string(windows.UTF16ToString((*v)[:]))
	}

	return newArgs, nil
	}

	// HasWin32KSupport determines whether containers that depend on win32k can
	// run on this machine. Win32k is the driver used to implement windowing.
	func HasWin32KSupport() bool {
	// For now, check for ntuser API support on the host. In the future, a host
	// may support win32k in containers even if the host does not support ntuser
	// APIs.
	return ntuserApiset.Load() == nil
	}

	func SetNamedSecurityInfo(objectName uint16, objectType uint32, securityInformation uint32, sidOwner windows.SID, sidGroup windows.SID, dacl byte, sacl *byte) (result error) {
	r0, _, _ := syscall.Syscall9(procSetNamedSecurityInfo.Addr(), 7, uintptr(unsafe.Pointer(objectName)), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(sidOwner)), uintptr(unsafe.Pointer(sidGroup)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), 0, 0)
	if r0 != 0 {
	result = syscall.Errno(r0)
	}
	return
	}

	func GetSecurityDescriptorDacl(securityDescriptor byte, daclPresent uint32, dacl *byte, daclDefaulted uint32) (result error) {
	r1, _, e1 := syscall.Syscall6(procGetSecurityDescriptorDacl.Addr(), 4, uintptr(unsafe.Pointer(securityDescriptor)), uintptr(unsafe.Pointer(daclPresent)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(daclDefaulted)), 0, 0)
	if r1 == 0 {
	if e1 != 0 {
	result = syscall.Errno(e1)
	} else {
	result = syscall.EINVAL
	}
	}
	return
	}