Merge pull request PelicanPlatform#152 from joereuss12/fix-key-issues…

…-windows-branch Fixed Generate Private Key Problems in Windows
joereuss12 · Sep 27, 2023 · fdc827d · fdc827d
2 parents a6fc00c + 6970eda
commit fdc827d
Show file tree

Hide file tree

Showing 2 changed files with 68 additions and 24 deletions.
diff --git a/config/init_server_creds.go b/config/init_server_creds.go
@@ -28,7 +28,9 @@ import (
 	"fmt"
 	"math/big"
 	"os"
+	"os/exec"
 	"path/filepath"
+	"runtime"
 	"sync/atomic"
 	"time"
 
@@ -194,6 +196,10 @@ func GeneratePrivateKey(keyLocation string, curve elliptic.Curve) error {
 	if err != nil {
 		return err
 	}
+	user, err := GetDaemonUser()
+	if err != nil {
+		return err
+	}
 	groupname, err := GetDaemonGroup()
 	if err != nil {
 		return err
@@ -219,9 +225,20 @@ func GeneratePrivateKey(keyLocation string, curve elliptic.Curve) error {
 	if err != nil {
 		return err
 	}
-	if err = os.Chown(keyLocation, uid, gid); err != nil {
-		return errors.Wrapf(err, "Failed to chown generated key %v to daemon group %v",
-			keyLocation, groupname)
+	// Windows does not have "chown", has to work differently
+	currentOS := runtime.GOOS
+	if currentOS == "windows" {
+		cmd := exec.Command("icacls", keyLocation, "/grant", user+":F")
+		output, err := cmd.CombinedOutput()
+		if err != nil {
+			return errors.Wrapf(err, "Failed to chown generated key %v to daemon group %v: %s",
+				keyLocation, groupname, string(output))
+		}
+	} else { // Else we are running on linux/mac
+		if err = os.Chown(keyLocation, uid, gid); err != nil {
+			return errors.Wrapf(err, "Failed to chown generated key %v to daemon group %v",
+				keyLocation, groupname)
+		}
 	}
 
 	bytes, err := x509.MarshalPKCS8PrivateKey(priv)

diff --git a/config/privs.go b/config/privs.go
@@ -20,7 +20,9 @@ package config
 
 import (
 	"os/user"
+	"runtime"
 	"strconv"
+	"strings"
 
 	"github.com/pkg/errors"
 )
@@ -30,11 +32,13 @@ var (
 
 	uidErr      error
 	gidErr      error
+	sidErr      error
 	usernameErr error
 	groupErr    error
 
 	uid      int
 	gid      int
+	sid      string
 	username string
 	group    string
 )
@@ -45,9 +49,11 @@ func init() {
 
 	uid = -1
 	gid = -1
+	sid = ""
 	if err != nil {
 		uidErr = err
 		gidErr = err
+		sidErr = err
 		usernameErr = err
 		groupErr = err
 		return
@@ -66,29 +72,46 @@ func init() {
 			return
 		}
 	}
-	username = desiredUsername
-	uid, err = strconv.Atoi(userObj.Uid)
-	if err != nil {
-		uid = -1
-		uidErr = err
-	}
-	gid, err = strconv.Atoi(userObj.Gid)
-	if err != nil {
-		gid = -1
-		gidErr = err
-	}
-	groupObj, err := user.LookupGroupId(userObj.Gid)
-	if err == nil {
-		group = groupObj.Name
-	} else {
-		// Fall back to using the GID as the group name.  This is done because,
-		// currently, the group name is just for logging strings.  The group name
-		// lookup often fails because we've disabled CGO and only CGO will use the
-		// full glibc stack to resolve information via SSSD.
-		//
-		// This decision should be revisited if we ever enable CGO.
+	//Windows has userId's different from mac and linux, need to parse to get it
+	currentOS := runtime.GOOS
+	if currentOS == "windows" {
+		//Get the user ID from the SID
+		sidParts := strings.Split(userObj.Uid, "-")
+		uidString := sidParts[len(sidParts)-1]
+		uid, err = strconv.Atoi(uidString)
+		if err != nil {
+			uid = -1
+			uidErr = err
+		}
+		sid = userObj.Gid
+		//group is just the whole SID
 		group = userObj.Gid
+	} else { //Mac and linux have similar enough uid's so can group them here
+		uid, err = strconv.Atoi(userObj.Uid)
+		if err != nil {
+			uid = -1
+			uidErr = err
+		}
+		gid, err = strconv.Atoi(userObj.Gid)
+		if err != nil {
+			gid = -1
+			gidErr = err
+		}
+		groupObj, err := user.LookupGroupId(userObj.Gid)
+		if err == nil {
+			group = groupObj.Name
+		} else {
+			// Fall back to using the GID as the group name.  This is done because,
+			// currently, the group name is just for logging strings.  The group name
+			// lookup often fails because we've disabled CGO and only CGO will use the
+			// full glibc stack to resolve information via SSSD.
+			//
+			// This decision should be revisited if we ever enable CGO.
+			group = userObj.Gid
+		}
 	}
+	// username same for both windows, linux, and mac
+	username = desiredUsername
 }
 
 func IsRootExecution() bool {
@@ -107,6 +130,10 @@ func GetDaemonGID() (int, error) {
 	return gid, gidErr
 }
 
+func GetDaemonSID() (string, error) {
+	return sid, sidErr
+}
+
 func GetDaemonGroup() (string, error) {
 	return group, groupErr
 }