pkg/listeners/listeners_windows.go

package listeners

import (
	"crypto/tls"
	"fmt"
	"net"
	"strings"

	"github.com/Microsoft/go-winio"
	"github.com/docker/go-connections/sockets"
)

// Init creates new listeners for the server.
func Init(proto, addr, socketGroup string, tlsConfig *tls.Config) ([]net.Listener, error) {
	ls := []net.Listener{}

	switch proto {
	case "tcp":
		l, err := sockets.NewTCPSocket(addr, tlsConfig)
		if err != nil {
			return nil, err
		}
		ls = append(ls, l)

	case "npipe":
		// allow Administrators and SYSTEM, plus whatever additional users or groups were specified
		sddl := "D:P(A;;GA;;;BA)(A;;GA;;;SY)"
		if socketGroup != "" {
			for _, g := range strings.Split(socketGroup, ",") {
				sid, err := winio.LookupSidByName(g)
				if err != nil {
					return nil, err
				}
				sddl += fmt.Sprintf("(A;;GRGW;;;%s)", sid)
			}
		}
		c := winio.PipeConfig{
			SecurityDescriptor: sddl,
			MessageMode:        true,  // Use message mode so that CloseWrite() is supported
			InputBufferSize:    65536, // Use 64KB buffers to improve performance
			OutputBufferSize:   65536,
		}
		l, err := winio.ListenPipe(addr, &c)
		if err != nil {
			return nil, err
		}
		ls = append(ls, l)

	default:
		return nil, fmt.Errorf("invalid protocol format: windows only supports tcp and npipe")
	}

	return ls, nil
}
pkg: listeners: separate out the listeners package This code will be used in containerd and is quite useful in general to people who want a nice way of creating listeners from proto://address arguments (even supporting socket activation). Separate it out from docker/ so people can use it much more easily. Signed-off-by: Aleksa Sarai <asarai@suse.de> 2016-04-01 13:43:05 +00:00			`package listeners`

			`import (`
			`"crypto/tls"`
			`"fmt"`
			`"net"`
			`"strings"`

			`"github.com/Microsoft/go-winio"`
pkg: listeners: move Docker-specific semantics to docker/daemon* Since there are other users of pkg/listeners, it doesn't make sense to contain Docker-specific semantics and warnings inside it. To that end, move the scary warning about -tlsverify and the libnetwork port allocation code to CmdDaemon (where they belong). This helps massively reduce the dependency tree for users of pkg/listeners. Signed-off-by: Aleksa Sarai <asarai@suse.de> 2016-04-09 06:49:33 +00:00			`"github.com/docker/go-connections/sockets"`
pkg: listeners: separate out the listeners package This code will be used in containerd and is quite useful in general to people who want a nice way of creating listeners from proto://address arguments (even supporting socket activation). Separate it out from docker/ so people can use it much more easily. Signed-off-by: Aleksa Sarai <asarai@suse.de> 2016-04-01 13:43:05 +00:00			`)`

			`// Init creates new listeners for the server.`
pkg: listeners: move Docker-specific semantics to docker/daemon* Since there are other users of pkg/listeners, it doesn't make sense to contain Docker-specific semantics and warnings inside it. To that end, move the scary warning about -tlsverify and the libnetwork port allocation code to CmdDaemon (where they belong). This helps massively reduce the dependency tree for users of pkg/listeners. Signed-off-by: Aleksa Sarai <asarai@suse.de> 2016-04-09 06:49:33 +00:00			`func Init(proto, addr, socketGroup string, tlsConfig *tls.Config) ([]net.Listener, error) {`
			`ls := []net.Listener{}`

pkg: listeners: separate out the listeners package This code will be used in containerd and is quite useful in general to people who want a nice way of creating listeners from proto://address arguments (even supporting socket activation). Separate it out from docker/ so people can use it much more easily. Signed-off-by: Aleksa Sarai <asarai@suse.de> 2016-04-01 13:43:05 +00:00			`switch proto {`
			`case "tcp":`
pkg: listeners: move Docker-specific semantics to docker/daemon* Since there are other users of pkg/listeners, it doesn't make sense to contain Docker-specific semantics and warnings inside it. To that end, move the scary warning about -tlsverify and the libnetwork port allocation code to CmdDaemon (where they belong). This helps massively reduce the dependency tree for users of pkg/listeners. Signed-off-by: Aleksa Sarai <asarai@suse.de> 2016-04-09 06:49:33 +00:00			`l, err := sockets.NewTCPSocket(addr, tlsConfig)`
pkg: listeners: separate out the listeners package This code will be used in containerd and is quite useful in general to people who want a nice way of creating listeners from proto://address arguments (even supporting socket activation). Separate it out from docker/ so people can use it much more easily. Signed-off-by: Aleksa Sarai <asarai@suse.de> 2016-04-01 13:43:05 +00:00			`if err != nil {`
			`return nil, err`
			`}`
			`ls = append(ls, l)`

			`case "npipe":`
			`// allow Administrators and SYSTEM, plus whatever additional users or groups were specified`
			`sddl := "D:P(A;;GA;;;BA)(A;;GA;;;SY)"`
			`if socketGroup != "" {`
			`for _, g := range strings.Split(socketGroup, ",") {`
			`sid, err := winio.LookupSidByName(g)`
			`if err != nil {`
			`return nil, err`
			`}`
			`sddl += fmt.Sprintf("(A;;GRGW;;;%s)", sid)`
			`}`
			`}`
			`c := winio.PipeConfig{`
			`SecurityDescriptor: sddl,`
			`MessageMode: true, // Use message mode so that CloseWrite() is supported`
			`InputBufferSize: 65536, // Use 64KB buffers to improve performance`
			`OutputBufferSize: 65536,`
			`}`
			`l, err := winio.ListenPipe(addr, &c)`
			`if err != nil {`
			`return nil, err`
			`}`
			`ls = append(ls, l)`

			`default:`
pkg: listeners: clean up to act like a library Now that listeners is no longer an internal of the client, make it less Docker-specific (despite there still being some open questions as how to deal with some of the warnings that listeners has to emit). We should move as much of the Docker-specific stuff (especially the port allocation) to docker/ where it belongs (or maybe pass a check function). Signed-off-by: Aleksa Sarai <asarai@suse.de> 2016-04-01 13:51:29 +00:00			`return nil, fmt.Errorf("invalid protocol format: windows only supports tcp and npipe")`
pkg: listeners: separate out the listeners package This code will be used in containerd and is quite useful in general to people who want a nice way of creating listeners from proto://address arguments (even supporting socket activation). Separate it out from docker/ so people can use it much more easily. Signed-off-by: Aleksa Sarai <asarai@suse.de> 2016-04-01 13:43:05 +00:00			`}`

pkg: listeners: move Docker-specific semantics to docker/daemon* Since there are other users of pkg/listeners, it doesn't make sense to contain Docker-specific semantics and warnings inside it. To that end, move the scary warning about -tlsverify and the libnetwork port allocation code to CmdDaemon (where they belong). This helps massively reduce the dependency tree for users of pkg/listeners. Signed-off-by: Aleksa Sarai <asarai@suse.de> 2016-04-09 06:49:33 +00:00			`return ls, nil`
pkg: listeners: separate out the listeners package This code will be used in containerd and is quite useful in general to people who want a nice way of creating listeners from proto://address arguments (even supporting socket activation). Separate it out from docker/ so people can use it much more easily. Signed-off-by: Aleksa Sarai <asarai@suse.de> 2016-04-01 13:43:05 +00:00			`}`