From 0b6a71326e249f0923e389aa1f6f164b02802a24 Mon Sep 17 00:00:00 2001 From: Eugene Burkov Date: Fri, 29 Nov 2024 17:16:24 +0300 Subject: [PATCH] permcheck: imp code --- internal/permcheck/security_unix.go | 8 ++++---- internal/permcheck/security_windows.go | 14 +++++++------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/internal/permcheck/security_unix.go b/internal/permcheck/security_unix.go index 437feab9..57a6eb95 100644 --- a/internal/permcheck/security_unix.go +++ b/internal/permcheck/security_unix.go @@ -21,7 +21,7 @@ type entity = container.KeyValue[string, bool] // entities returns a list of filesystem entities that need to be ranged over. func entities(workDir, dataDir, statsDir, querylogDir, confFilePath string) (ents []entity) { - ents = container.KeyValues[string, bool]{{ + ents = []entity{{ Key: workDir, Value: true, }, { @@ -47,13 +47,13 @@ func entities(workDir, dataDir, statsDir, querylogDir, confFilePath string) (ent Value: true, }) } - ents = append(ents, []entity{{ + ents = append(ents, entity{ Key: filepath.Join(querylogDir, "querylog.json"), Value: false, - }, { + }, entity{ Key: filepath.Join(querylogDir, "querylog.json.1"), Value: false, - }}...) + }) if dataDir != statsDir { ents = append(ents, entity{ diff --git a/internal/permcheck/security_windows.go b/internal/permcheck/security_windows.go index 25334279..8174a4af 100644 --- a/internal/permcheck/security_windows.go +++ b/internal/permcheck/security_windows.go @@ -10,12 +10,6 @@ import ( "golang.org/x/sys/windows" ) -// desiredSecInfo defines the parts of a security descriptor to retrieve. -const desiredSecInfo windows.SECURITY_INFORMATION = windows.OWNER_SECURITY_INFORMATION | - windows.DACL_SECURITY_INFORMATION | - windows.PROTECTED_DACL_SECURITY_INFORMATION | - windows.UNPROTECTED_DACL_SECURITY_INFORMATION - // objectType is the type of the object for directories in context of security // API. const objectType windows.SE_OBJECT_TYPE = windows.SE_FILE_OBJECT @@ -103,7 +97,7 @@ func setSecurityInfo(fname string, owner *windows.SID, ents []windows.EXPLICIT_A return fmt.Errorf("creating access control list: %w", err) } - err = windows.SetNamedSecurityInfo(fname, objectType, desiredSecInfo, owner, nil, acl, nil) + err = windows.SetNamedSecurityInfo(fname, objectType, secInfo, owner, nil, acl, nil) if err != nil { return fmt.Errorf("setting security info: %w", err) } @@ -113,6 +107,12 @@ func setSecurityInfo(fname string, owner *windows.SID, ents []windows.EXPLICIT_A // getSecurityInfo retrieves the security information for the specified file. func getSecurityInfo(fname string) (dacl *windows.ACL, owner *windows.SID, err error) { + // desiredSecInfo defines the parts of a security descriptor to retrieve. + const desiredSecInfo windows.SECURITY_INFORMATION = windows.OWNER_SECURITY_INFORMATION | + windows.DACL_SECURITY_INFORMATION | + windows.PROTECTED_DACL_SECURITY_INFORMATION | + windows.UNPROTECTED_DACL_SECURITY_INFORMATION + sd, err := windows.GetNamedSecurityInfo(fname, objectType, desiredSecInfo) if err != nil { return nil, nil, fmt.Errorf("getting security descriptor: %w", err)