sys: create SecurityAttribute only once (Windows)

The same attribute was generated for each path that was created, but always the same, so instead of generating it in each iteration, generate it once, and pass it to our mkdirall() implementation. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-10-14 16:51:00 +02:00 · 2022-10-14 16:51:00 +02:00 · 063c5f9804
commit 063c5f9804
parent a983599e2b
1 changed files with 27 additions and 21 deletions
--- a/sys/filesys_windows.go
+++ b/sys/filesys_windows.go
@ -37,19 +37,23 @@ var volumePath = regexp.MustCompile(`^\\\\\?\\Volume{[a-z0-9-]+}\\?$`)
 // so that it is both volume path aware, and to create a directory
 // an appropriate SDDL defined ACL for Builtin Administrators and Local System.
 func MkdirAllWithACL(path string, _ os.FileMode) error {
-	return mkdirall(path, true)
+	sa, err := makeSecurityAttributes(SddlAdministratorsLocalSystem)
+	if err != nil {
+		return &os.PathError{Op: "mkdirall", Path: path, Err: err}
+	}
+	return mkdirall(path, sa)
 }

 // MkdirAll is a custom version of os.MkdirAll that is volume path aware for
 // Windows. It can be used as a drop-in replacement for os.MkdirAll.
 func MkdirAll(path string, _ os.FileMode) error {
-	return mkdirall(path, false)
+	return mkdirall(path, nil)
 }

 // mkdirall is a custom version of os.MkdirAll modified for use on Windows
 // so that it is both volume path aware, and can create a directory with
 // a DACL.
-func mkdirall(path string, adminAndLocalSystem bool) error {
+func mkdirall(path string, perm *windows.SecurityAttributes) error {
 	if volumePath.MatchString(path) {
 		return nil
 	}
@ -83,19 +87,14 @@ func mkdirall(path string, adminAndLocalSystem bool) error {

 	if j > 1 {
 		// Create parent
-		err = mkdirall(path[0:j-1], adminAndLocalSystem)
+		err = mkdirall(path[0:j-1], perm)
 		if err != nil {
 			return err
 		}
 	}

 	// Parent now exists; invoke os.Mkdir or mkdirWithACL and use its result.
-	if adminAndLocalSystem {
-		err = mkdirWithACL(path)
-	} else {
-		err = os.Mkdir(path, 0)
-	}
-
+	err = mkdirWithACL(path, perm)
 	if err != nil {
 		// Handle arguments like "foo/." by
 		// double-checking that directory doesn't exist.
@ -115,24 +114,31 @@ func mkdirall(path string, adminAndLocalSystem bool) error {
 // in golang to cater for creating a directory am ACL permitting full
 // access, with inheritance, to any subfolder/file for Built-in Administrators
 // and Local System.
-func mkdirWithACL(name string) error {
-	sa := windows.SecurityAttributes{Length: 0}
-	sd, err := windows.SecurityDescriptorFromString(SddlAdministratorsLocalSystem)
-	if err != nil {
-		return &os.PathError{Op: "mkdir", Path: name, Err: err}
+func mkdirWithACL(name string, sa *windows.SecurityAttributes) error {
+	if sa == nil {
+		return os.Mkdir(name, 0)
 	}
-	sa.Length = uint32(unsafe.Sizeof(sa))
-	sa.InheritHandle = 1
-	sa.SecurityDescriptor = sd

 	namep, err := windows.UTF16PtrFromString(name)
 	if err != nil {
 		return &os.PathError{Op: "mkdir", Path: name, Err: err}
 	}

-	e := windows.CreateDirectory(namep, &sa)
-	if e != nil {
-		return &os.PathError{Op: "mkdir", Path: name, Err: e}
+	err = windows.CreateDirectory(namep, sa)
+	if err != nil {
+		return &os.PathError{Op: "mkdir", Path: name, Err: err}
 	}
 	return nil
 }
+
+func makeSecurityAttributes(sddl string) (*windows.SecurityAttributes, error) {
+	var sa windows.SecurityAttributes
+	sa.Length = uint32(unsafe.Sizeof(sa))
+	sa.InheritHandle = 1
+	var err error
+	sa.SecurityDescriptor, err = windows.SecurityDescriptorFromString(sddl)
+	if err != nil {
+		return nil, err
+	}
+	return &sa, nil
+}