mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-29 13:05:46 +00:00
6e33d2da2b
I added util/winutil/LookupPseudoUser, which essentially consists of the bits that I am in the process of adding to Go's standard library. We check the provided SID for "S-1-5-x" where 17 <= x <= 20 (which are the known pseudo-users) and then manually populate a os/user.User struct with the correct information. Fixes https://github.com/tailscale/tailscale/issues/869 Fixes https://github.com/tailscale/tailscale/issues/2894 Signed-off-by: Aaron Klotz <aaron@tailscale.com>
79 lines
3.1 KiB
Go
79 lines
3.1 KiB
Go
// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
// Package winutil contains misc Windows/Win32 helper functions.
|
|
package winutil
|
|
|
|
import (
|
|
"os/user"
|
|
)
|
|
|
|
// RegBase is the registry path inside HKEY_LOCAL_MACHINE where registry settings
|
|
// are stored. This constant is a non-empty string only when GOOS=windows.
|
|
const RegBase = regBase
|
|
|
|
// GetPolicyString looks up a registry value in the local machine's path for
|
|
// system policies, or returns the given default if it can't.
|
|
// Use this function to read values that may be set by sysadmins via the MSI
|
|
// installer or via GPO. For registry settings that you do *not* want to be
|
|
// visible to sysadmin tools, use GetRegString instead.
|
|
//
|
|
// This function will only work on GOOS=windows. Trying to run it on any other
|
|
// OS will always return the default value.
|
|
func GetPolicyString(name, defval string) string {
|
|
return getPolicyString(name, defval)
|
|
}
|
|
|
|
// GetPolicyInteger looks up a registry value in the local machine's path for
|
|
// system policies, or returns the given default if it can't.
|
|
// Use this function to read values that may be set by sysadmins via the MSI
|
|
// installer or via GPO. For registry settings that you do *not* want to be
|
|
// visible to sysadmin tools, use GetRegInteger instead.
|
|
//
|
|
// This function will only work on GOOS=windows. Trying to run it on any other
|
|
// OS will always return the default value.
|
|
func GetPolicyInteger(name string, defval uint64) uint64 {
|
|
return getPolicyInteger(name, defval)
|
|
}
|
|
|
|
// GetRegString looks up a registry path in the local machine path, or returns
|
|
// the given default if it can't.
|
|
//
|
|
// This function will only work on GOOS=windows. Trying to run it on any other
|
|
// OS will always return the default value.
|
|
func GetRegString(name, defval string) string {
|
|
return getRegString(name, defval)
|
|
}
|
|
|
|
// GetRegInteger looks up a registry path in the local machine path, or returns
|
|
// the given default if it can't.
|
|
//
|
|
// This function will only work on GOOS=windows. Trying to run it on any other
|
|
// OS will always return the default value.
|
|
func GetRegInteger(name string, defval uint64) uint64 {
|
|
return getRegInteger(name, defval)
|
|
}
|
|
|
|
// IsSIDValidPrincipal determines whether the SID contained in uid represents a
|
|
// type that is a valid security principal under Windows. This check helps us
|
|
// work around a bug in the standard library's Windows implementation of
|
|
// LookupId in os/user.
|
|
// See https://github.com/tailscale/tailscale/issues/869
|
|
//
|
|
// This function will only work on GOOS=windows. Trying to run it on any other
|
|
// OS will always return false.
|
|
func IsSIDValidPrincipal(uid string) bool {
|
|
return isSIDValidPrincipal(uid)
|
|
}
|
|
|
|
// LookupPseudoUser attempts to resolve the user specified by uid by checking
|
|
// against well-known pseudo-users on Windows. This is a temporary workaround
|
|
// until https://github.com/golang/go/issues/49509 is resolved and shipped.
|
|
//
|
|
// This function will only work on GOOS=windows. Trying to run it on any other
|
|
// OS will always return an error.
|
|
func LookupPseudoUser(uid string) (*user.User, error) {
|
|
return lookupPseudoUser(uid)
|
|
}
|