pax_global_header00006660000000000000000000000064152126455160014521gustar00rootroot0000000000000052 comment=0aaf6c57054c1692f2c06d2efdaa4f81eb47424f hectane-go-acl-0aaf6c5/000077500000000000000000000000001521264551600147575ustar00rootroot00000000000000hectane-go-acl-0aaf6c5/.github/000077500000000000000000000000001521264551600163175ustar00rootroot00000000000000hectane-go-acl-0aaf6c5/.github/workflows/000077500000000000000000000000001521264551600203545ustar00rootroot00000000000000hectane-go-acl-0aaf6c5/.github/workflows/test.yml000066400000000000000000000004311521264551600220540ustar00rootroot00000000000000name: Test on: [push, pull_request] jobs: test: runs-on: windows-latest steps: - uses: actions/checkout@v6 - name: Setup Go uses: actions/setup-go@v6 with: go-version: stable - name: Run test suite run: go test -v ./...hectane-go-acl-0aaf6c5/LICENSE.txt000066400000000000000000000020671521264551600166070ustar00rootroot00000000000000The MIT License (MIT) Copyright (c) 2015 Nathan Osman Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. hectane-go-acl-0aaf6c5/README.md000066400000000000000000000036141521264551600162420ustar00rootroot00000000000000## go-acl [![Build Status](https://github.com/hectane/go-acl/actions/workflows/test.yml/badge.svg)](https://github.com/hectane/go-acl/actions/workflows/test.yml) [![GoDoc](https://pkg.go.dev/badge/github.com/hectane/go-acl.svg)](https://pkg.go.dev/github.com/hectane/go-acl) [![MIT License](http://img.shields.io/badge/license-MIT-9370d8.svg?style=flat)](http://opensource.org/licenses/MIT) Manipulating ACLs (Access Control Lists) on Windows is difficult. go-acl wraps the Windows API functions that control access to objects, simplifying the process. ### Using the Package To use the package add the following imports: import ( "github.com/hectane/go-acl" "golang.org/x/sys/windows" ) ### Examples Probably the most commonly used function in this package is `Chmod`: if err := acl.Chmod("C:\\path\\to\\file.txt", 0755); err != nil { panic(err) } To grant read access to user "Alice" and deny write access to user "Bob": if err := acl.Apply( "C:\\path\\to\\file.txt", false, false, acl.GrantName(windows.GENERIC_READ, "Alice"), acl.DenyName(windows.GENERIC_WRITE, "Bob"), ); err != nil { panic(err) } ### Using the API Directly go-acl's `api` package exposes the individual Windows API functions that are used to manipulate ACLs. For example, to retrieve the current owner of a file: import ( "github.com/hectane/go-acl/api" "golang.org/x/sys/windows" ) var ( owner *windows.SID secDesc windows.Handle ) err := api.GetNamedSecurityInfo( "C:\\path\\to\\file.txt", api.SE_FILE_OBJECT, api.OWNER_SECURITY_INFORMATION, &owner, nil, nil, nil, &secDesc, ) if err != nil { panic(err) } defer windows.LocalFree(secDesc) `owner` will then point to the SID for the owner of the file. hectane-go-acl-0aaf6c5/api/000077500000000000000000000000001521264551600155305ustar00rootroot00000000000000hectane-go-acl-0aaf6c5/api/acl.go000066400000000000000000000044061521264551600166220ustar00rootroot00000000000000//go:build windows package api import ( "golang.org/x/sys/windows" "unsafe" ) // https://msdn.microsoft.com/en-us/library/windows/desktop/aa379284.aspx const ( NO_MULTIPLE_TRUSTEE = iota TRUSTEE_IS_IMPERSONATE ) // https://msdn.microsoft.com/en-us/library/windows/desktop/aa379638.aspx const ( TRUSTEE_IS_SID = iota TRUSTEE_IS_NAME TRUSTEE_BAD_FORM TRUSTEE_IS_OBJECTS_AND_SID TRUSTEE_IS_OBJECTS_AND_NAME ) // https://msdn.microsoft.com/en-us/library/windows/desktop/aa379639.aspx const ( TRUSTEE_IS_UNKNOWN = iota TRUSTEE_IS_USER TRUSTEE_IS_GROUP TRUSTEE_IS_DOMAIN TRUSTEE_IS_ALIAS TRUSTEE_IS_WELL_KNOWN_GROUP TRUSTEE_IS_DELETED TRUSTEE_IS_INVALID TRUSTEE_IS_COMPUTER ) // https://msdn.microsoft.com/en-us/library/windows/desktop/aa374899.aspx const ( NOT_USED_ACCESS = iota GRANT_ACCESS SET_ACCESS DENY_ACCESS REVOKE_ACCESS SET_AUDIT_SUCCESS SET_AUDIT_FAILURE ) // https://msdn.microsoft.com/en-us/library/windows/desktop/aa446627.aspx const ( NO_INHERITANCE = 0x0 SUB_OBJECTS_ONLY_INHERIT = 0x1 SUB_CONTAINERS_ONLY_INHERIT = 0x2 SUB_CONTAINERS_AND_OBJECTS_INHERIT = 0x3 INHERIT_NO_PROPAGATE = 0x4 INHERIT_ONLY = 0x8 OBJECT_INHERIT_ACE = 0x1 CONTAINER_INHERIT_ACE = 0x2 NO_PROPAGATE_INHERIT_ACE = 0x4 INHERIT_ONLY_ACE = 0x8 ) var ( procSetEntriesInAclW = advapi32.MustFindProc("SetEntriesInAclW") ) // https://msdn.microsoft.com/en-us/library/windows/desktop/aa379636.aspx type Trustee struct { MultipleTrustee *Trustee MultipleTrusteeOperation int32 TrusteeForm int32 TrusteeType int32 Name *uint16 } // https://msdn.microsoft.com/en-us/library/windows/desktop/aa446627.aspx type ExplicitAccess struct { AccessPermissions uint32 AccessMode int32 Inheritance uint32 Trustee Trustee } // https://msdn.microsoft.com/en-us/library/windows/desktop/aa379576.aspx func SetEntriesInAcl(entries []ExplicitAccess, oldAcl windows.Handle, newAcl *windows.Handle) error { ret, _, _ := procSetEntriesInAclW.Call( uintptr(len(entries)), uintptr(unsafe.Pointer(&entries[0])), uintptr(oldAcl), uintptr(unsafe.Pointer(newAcl)), ) if ret != 0 { return windows.Errno(ret) } return nil } hectane-go-acl-0aaf6c5/api/acl_test.go000066400000000000000000000010661521264551600176600ustar00rootroot00000000000000//go:build windows package api import ( "golang.org/x/sys/windows" "testing" ) func TestSetEntriesInAcl(t *testing.T) { var ( entries = []ExplicitAccess{ { AccessPermissions: windows.GENERIC_READ, AccessMode: GRANT_ACCESS, Inheritance: NO_INHERITANCE, Trustee: Trustee{ TrusteeForm: TRUSTEE_IS_NAME, Name: windows.StringToUTF16Ptr("CURRENT_USER"), }, }, } acl windows.Handle ) if err := SetEntriesInAcl( entries, 0, &acl, ); err != nil { t.Fatal(err) } defer windows.LocalFree(acl) } hectane-go-acl-0aaf6c5/api/api.go000066400000000000000000000002541521264551600166310ustar00rootroot00000000000000//go:build windows // Windows API functions for manipulating ACLs. package api import ( "golang.org/x/sys/windows" ) var advapi32 = windows.MustLoadDLL("advapi32.dll") hectane-go-acl-0aaf6c5/api/posix.go000066400000000000000000000000411521264551600172140ustar00rootroot00000000000000//go:build !windows package api hectane-go-acl-0aaf6c5/api/secinfo.go000066400000000000000000000046601521264551600175130ustar00rootroot00000000000000//go:build windows package api import ( "golang.org/x/sys/windows" "unsafe" ) // https://msdn.microsoft.com/en-us/library/windows/desktop/aa379593.aspx const ( SE_UNKNOWN_OBJECT_TYPE = iota SE_FILE_OBJECT SE_SERVICE SE_PRINTER SE_REGISTRY_KEY SE_LMSHARE SE_KERNEL_OBJECT SE_WINDOW_OBJECT SE_DS_OBJECT SE_DS_OBJECT_ALL SE_PROVIDER_DEFINED_OBJECT SE_WMIGUID_OBJECT SE_REGISTRY_WOW64_32KEY ) // https://msdn.microsoft.com/en-us/library/windows/desktop/aa379573.aspx const ( OWNER_SECURITY_INFORMATION = 0x00001 GROUP_SECURITY_INFORMATION = 0x00002 DACL_SECURITY_INFORMATION = 0x00004 SACL_SECURITY_INFORMATION = 0x00008 LABEL_SECURITY_INFORMATION = 0x00010 ATTRIBUTE_SECURITY_INFORMATION = 0x00020 SCOPE_SECURITY_INFORMATION = 0x00040 PROCESS_TRUST_LABEL_SECURITY_INFORMATION = 0x00080 BACKUP_SECURITY_INFORMATION = 0x10000 PROTECTED_DACL_SECURITY_INFORMATION = 0x80000000 PROTECTED_SACL_SECURITY_INFORMATION = 0x40000000 UNPROTECTED_DACL_SECURITY_INFORMATION = 0x20000000 UNPROTECTED_SACL_SECURITY_INFORMATION = 0x10000000 ) var ( procGetNamedSecurityInfoW = advapi32.MustFindProc("GetNamedSecurityInfoW") procSetNamedSecurityInfoW = advapi32.MustFindProc("SetNamedSecurityInfoW") ) // https://msdn.microsoft.com/en-us/library/windows/desktop/aa446645.aspx func GetNamedSecurityInfo(objectName string, objectType int32, secInfo uint32, owner, group **windows.SID, dacl, sacl, secDesc *windows.Handle) error { ret, _, _ := procGetNamedSecurityInfoW.Call( uintptr(unsafe.Pointer(windows.StringToUTF16Ptr(objectName))), uintptr(objectType), uintptr(secInfo), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), uintptr(unsafe.Pointer(secDesc)), ) if ret != 0 { return windows.Errno(ret) } return nil } // https://msdn.microsoft.com/en-us/library/windows/desktop/aa379579.aspx func SetNamedSecurityInfo(objectName string, objectType int32, secInfo uint32, owner, group *windows.SID, dacl, sacl windows.Handle) error { ret, _, _ := procSetNamedSecurityInfoW.Call( uintptr(unsafe.Pointer(windows.StringToUTF16Ptr(objectName))), uintptr(objectType), uintptr(secInfo), uintptr(unsafe.Pointer(owner)), uintptr(unsafe.Pointer(group)), uintptr(dacl), uintptr(sacl), ) if ret != 0 { return windows.Errno(ret) } return nil } hectane-go-acl-0aaf6c5/api/secinfo_test.go000066400000000000000000000013671521264551600205530ustar00rootroot00000000000000//go:build windows package api import ( "golang.org/x/sys/windows" "os" "testing" ) func TestGetNamedSecurityInfo(t *testing.T) { f, err := os.CreateTemp(os.TempDir(), "") if err != nil { t.Fatal(err) } defer os.Remove(f.Name()) var ( secDesc windows.Handle ) if err = GetNamedSecurityInfo( f.Name(), SE_FILE_OBJECT, 0, nil, nil, nil, nil, &secDesc, ); err != nil { t.Fatal(err) } defer windows.LocalFree(secDesc) } func TestSetNamedSecurityInfo(t *testing.T) { f, err := os.CreateTemp(os.TempDir(), "") if err != nil { t.Fatal(err) } defer os.Remove(f.Name()) if err = SetNamedSecurityInfo( f.Name(), SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, nil, nil, 0, 0, ); err != nil { t.Fatal(err) } } hectane-go-acl-0aaf6c5/api/sid.go000066400000000000000000000125551521264551600166460ustar00rootroot00000000000000//go:build windows package api import ( "golang.org/x/sys/windows" "unsafe" ) // https://msdn.microsoft.com/en-us/library/windows/desktop/ee207397.aspx const ( SECURITY_MAX_SID_SIZE = 68 ) // https://msdn.microsoft.com/en-us/library/windows/desktop/aa379650.aspx const ( WinNullSid = 0 WinWorldSid = 1 WinLocalSid = 2 WinCreatorOwnerSid = 3 WinCreatorGroupSid = 4 WinCreatorOwnerServerSid = 5 WinCreatorGroupServerSid = 6 WinNtAuthoritySid = 7 WinDialupSid = 8 WinNetworkSid = 9 WinBatchSid = 10 WinInteractiveSid = 11 WinServiceSid = 12 WinAnonymousSid = 13 WinProxySid = 14 WinEnterpriseControllersSid = 15 WinSelfSid = 16 WinAuthenticatedUserSid = 17 WinRestrictedCodeSid = 18 WinTerminalServerSid = 19 WinRemoteLogonIdSid = 20 WinLogonIdsSid = 21 WinLocalSystemSid = 22 WinLocalServiceSid = 23 WinNetworkServiceSid = 24 WinBuiltinDomainSid = 25 WinBuiltinAdministratorsSid = 26 WinBuiltinUsersSid = 27 WinBuiltinGuestsSid = 28 WinBuiltinPowerUsersSid = 29 WinBuiltinAccountOperatorsSid = 30 WinBuiltinSystemOperatorsSid = 31 WinBuiltinPrintOperatorsSid = 32 WinBuiltinBackupOperatorsSid = 33 WinBuiltinReplicatorSid = 34 WinBuiltinPreWindows2000CompatibleAccessSid = 35 WinBuiltinRemoteDesktopUsersSid = 36 WinBuiltinNetworkConfigurationOperatorsSid = 37 WinAccountAdministratorSid = 38 WinAccountGuestSid = 39 WinAccountKrbtgtSid = 40 WinAccountDomainAdminsSid = 41 WinAccountDomainUsersSid = 42 WinAccountDomainGuestsSid = 43 WinAccountComputersSid = 44 WinAccountControllersSid = 45 WinAccountCertAdminsSid = 46 WinAccountSchemaAdminsSid = 47 WinAccountEnterpriseAdminsSid = 48 WinAccountPolicyAdminsSid = 49 WinAccountRasAndIasServersSid = 50 WinNTLMAuthenticationSid = 51 WinDigestAuthenticationSid = 52 WinSChannelAuthenticationSid = 53 WinThisOrganizationSid = 54 WinOtherOrganizationSid = 55 WinBuiltinIncomingForestTrustBuildersSid = 56 WinBuiltinPerfMonitoringUsersSid = 57 WinBuiltinPerfLoggingUsersSid = 58 WinBuiltinAuthorizationAccessSid = 59 WinBuiltinTerminalServerLicenseServersSid = 60 WinBuiltinDCOMUsersSid = 61 WinBuiltinIUsersSid = 62 WinIUserSid = 63 WinBuiltinCryptoOperatorsSid = 64 WinUntrustedLabelSid = 65 WinLowLabelSid = 66 WinMediumLabelSid = 67 WinHighLabelSid = 68 WinSystemLabelSid = 69 WinWriteRestrictedCodeSid = 70 WinCreatorOwnerRightsSid = 71 WinCacheablePrincipalsGroupSid = 72 WinNonCacheablePrincipalsGroupSid = 73 WinEnterpriseReadonlyControllersSid = 74 WinAccountReadonlyControllersSid = 75 WinBuiltinEventLogReadersGroup = 76 WinNewEnterpriseReadonlyControllersSid = 77 WinBuiltinCertSvcDComAccessGroup = 78 WinMediumPlusLabelSid = 79 WinLocalLogonSid = 80 WinConsoleLogonSid = 81 WinThisOrganizationCertificateSid = 82 WinApplicationPackageAuthoritySid = 83 WinBuiltinAnyPackageSid = 84 WinCapabilityInternetClientSid = 85 WinCapabilityInternetClientServerSid = 86 WinCapabilityPrivateNetworkClientServerSid = 87 WinCapabilityPicturesLibrarySid = 88 WinCapabilityVideosLibrarySid = 89 WinCapabilityMusicLibrarySid = 90 WinCapabilityDocumentsLibrarySid = 91 WinCapabilitySharedUserCertificatesSid = 92 WinCapabilityEnterpriseAuthenticationSid = 93 WinCapabilityRemovableStorageSid = 94 ) var ( procCreateWellKnownSid = advapi32.MustFindProc("CreateWellKnownSid") ) // https://msdn.microsoft.com/en-us/library/windows/desktop/aa446585.aspx func CreateWellKnownSid(sidType int32, sidDomain, sid *windows.SID, sidLen *uint32) error { ret, _, err := procCreateWellKnownSid.Call( uintptr(sidType), uintptr(unsafe.Pointer(sidDomain)), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(sidLen)), ) if ret == 0 { return err } return nil } hectane-go-acl-0aaf6c5/api/sid_test.go000066400000000000000000000005601521264551600176760ustar00rootroot00000000000000//go:build windows package api import ( "golang.org/x/sys/windows" "testing" "unsafe" ) func TestSIDLookup(t *testing.T) { var ( sid = make([]byte, SECURITY_MAX_SID_SIZE) sidLen = uint32(unsafe.Sizeof(sid)) ) if err := CreateWellKnownSid( WinNullSid, nil, (*windows.SID)(unsafe.Pointer(&sid[0])), &sidLen, ); err != nil { t.Fatal(err) } } hectane-go-acl-0aaf6c5/apply.go000066400000000000000000000021671521264551600164410ustar00rootroot00000000000000//go:build windows package acl import ( "github.com/hectane/go-acl/api" "golang.org/x/sys/windows" "unsafe" ) // Apply the provided access control entries to a file. If the replace // parameter is true, existing entries will be overwritten. If the inherit // parameter is true, the file will inherit ACEs from its parent. func Apply(name string, replace, inherit bool, entries ...api.ExplicitAccess) error { var oldAcl windows.Handle if !replace { var secDesc windows.Handle api.GetNamedSecurityInfo( name, api.SE_FILE_OBJECT, api.DACL_SECURITY_INFORMATION, nil, nil, &oldAcl, nil, &secDesc, ) defer windows.LocalFree(secDesc) } var acl windows.Handle if err := api.SetEntriesInAcl( entries, oldAcl, &acl, ); err != nil { return err } defer windows.LocalFree((windows.Handle)(unsafe.Pointer(acl))) var secInfo uint32 if !inherit { secInfo = api.PROTECTED_DACL_SECURITY_INFORMATION } else { secInfo = api.UNPROTECTED_DACL_SECURITY_INFORMATION } return api.SetNamedSecurityInfo( name, api.SE_FILE_OBJECT, api.DACL_SECURITY_INFORMATION|secInfo, nil, nil, acl, 0, ) } hectane-go-acl-0aaf6c5/apply_test.go000066400000000000000000000017021521264551600174720ustar00rootroot00000000000000//go:build windows package acl import ( "golang.org/x/sys/windows" "errors" "os" "testing" ) func TestApply(t *testing.T) { f, err := os.CreateTemp(os.TempDir(), "") if err != nil { t.Fatal(err) } defer os.Remove(f.Name()) if err := Apply( f.Name(), true, true, DenyName(windows.GENERIC_ALL, "CREATOR OWNER"), ); err != nil { t.Fatal(err) } r, err := os.Open(f.Name()) if err == nil { r.Close() t.Fatal("owner able to access file") } } func TestError(t *testing.T) { if _, err := os.Stat(`C:\Folder\That\Doesnt\Exist`); !os.IsNotExist(err) { t.Skip(`Oh come on - C:\Folder\That\Doesnt\Exist exists`) } err := Apply( `C:\Folder\That\Doesnt\Exist`, true, true, DenyName(windows.GENERIC_ALL, "CREATOR OWNER"), ) if err == nil { t.Fatal("Error expected, none received") } t.Log(err) if !errors.Is(err, os.ErrNotExist) { t.Fatalf("Expected to receive an error that \"Is\" ErrNotExist, received %s", err) } } hectane-go-acl-0aaf6c5/chmod.go000066400000000000000000000017251521264551600164050ustar00rootroot00000000000000//go:build windows package acl import ( "os" "golang.org/x/sys/windows" ) // Change the permissions of the specified file. Only the nine // least-significant bytes are used, allowing access by the file's owner, the // file's group, and everyone else to be explicitly controlled. func Chmod(name string, fileMode os.FileMode) error { // https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems creatorOwnerSID, err := windows.StringToSid("S-1-3-0") if err != nil { return err } creatorGroupSID, err := windows.StringToSid("S-1-3-1") if err != nil { return err } everyoneSID, err := windows.StringToSid("S-1-1-0") if err != nil { return err } mode := uint32(fileMode) return Apply( name, true, false, GrantSid(((mode&0700)<<23)|((mode&0200)<<9), creatorOwnerSID), GrantSid(((mode&0070)<<26)|((mode&0020)<<12), creatorGroupSID), GrantSid(((mode&0007)<<29)|((mode&0002)<<15), everyoneSID), ) } hectane-go-acl-0aaf6c5/chmod_test.go000066400000000000000000000010311521264551600174320ustar00rootroot00000000000000//go:build windows package acl import ( "os" "testing" ) func TestChmod(t *testing.T) { f, err := os.CreateTemp(os.TempDir(), "") if err != nil { t.Fatal(err) } defer os.Remove(f.Name()) if err := Chmod(f.Name(), 0); err != nil { t.Fatal(err) } r, err := os.Open(f.Name()) if err == nil { r.Close() t.Fatal("owner able to access file", f.Name()) } if err := Chmod(f.Name(), 0400); err != nil { t.Fatal(err) } r, err = os.Open(f.Name()) if err != nil { t.Fatal("owner unable to access file") } r.Close() } hectane-go-acl-0aaf6c5/go.mod000066400000000000000000000001161521264551600160630ustar00rootroot00000000000000module github.com/hectane/go-acl go 1.25.0 require golang.org/x/sys v0.46.0 hectane-go-acl-0aaf6c5/go.sum000066400000000000000000000002311521264551600161060ustar00rootroot00000000000000golang.org/x/sys v0.46.0 h1:noSf2Fq6F8DBgS+LysIkx7rIExoNHJsxOAtPp4rthXw= golang.org/x/sys v0.46.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= hectane-go-acl-0aaf6c5/posix.go000066400000000000000000000001371521264551600164510ustar00rootroot00000000000000//go:build !windows package acl import ( "os" ) // Chmod is os.Chmod. var Chmod = os.Chmod hectane-go-acl-0aaf6c5/util.go000066400000000000000000000035361521264551600162720ustar00rootroot00000000000000//go:build windows package acl import ( "github.com/hectane/go-acl/api" "golang.org/x/sys/windows" "unsafe" ) // Create an ExplicitAccess instance granting permissions to the provided SID. func GrantSid(accessPermissions uint32, sid *windows.SID) api.ExplicitAccess { return api.ExplicitAccess{ AccessPermissions: accessPermissions, AccessMode: api.GRANT_ACCESS, Inheritance: api.SUB_CONTAINERS_AND_OBJECTS_INHERIT, Trustee: api.Trustee{ TrusteeForm: api.TRUSTEE_IS_SID, Name: (*uint16)(unsafe.Pointer(sid)), }, } } // Create an ExplicitAccess instance granting permissions to the provided name. func GrantName(accessPermissions uint32, name string) api.ExplicitAccess { return api.ExplicitAccess{ AccessPermissions: accessPermissions, AccessMode: api.GRANT_ACCESS, Inheritance: api.SUB_CONTAINERS_AND_OBJECTS_INHERIT, Trustee: api.Trustee{ TrusteeForm: api.TRUSTEE_IS_NAME, Name: windows.StringToUTF16Ptr(name), }, } } // Create an ExplicitAccess instance denying permissions to the provided SID. func DenySid(accessPermissions uint32, sid *windows.SID) api.ExplicitAccess { return api.ExplicitAccess{ AccessPermissions: accessPermissions, AccessMode: api.DENY_ACCESS, Inheritance: api.SUB_CONTAINERS_AND_OBJECTS_INHERIT, Trustee: api.Trustee{ TrusteeForm: api.TRUSTEE_IS_SID, Name: (*uint16)(unsafe.Pointer(sid)), }, } } // Create an ExplicitAccess instance denying permissions to the provided name. func DenyName(accessPermissions uint32, name string) api.ExplicitAccess { return api.ExplicitAccess{ AccessPermissions: accessPermissions, AccessMode: api.DENY_ACCESS, Inheritance: api.SUB_CONTAINERS_AND_OBJECTS_INHERIT, Trustee: api.Trustee{ TrusteeForm: api.TRUSTEE_IS_NAME, Name: windows.StringToUTF16Ptr(name), }, } }