package listeners import ( "crypto/tls" "fmt" "net" "strings" "github.com/Microsoft/go-winio" "github.com/docker/go-connections/sockets" ) // Init creates new listeners for the server. func Init(proto, addr, socketGroup string, tlsConfig *tls.Config) ([]net.Listener, error) { ls := []net.Listener{} switch proto { case "tcp": l, err := sockets.NewTCPSocket(addr, tlsConfig) if err != nil { return nil, err } ls = append(ls, l) case "npipe": // allow Administrators and SYSTEM, plus whatever additional users or groups were specified sddl := "D:P(A;;GA;;;BA)(A;;GA;;;SY)" if socketGroup != "" { for _, g := range strings.Split(socketGroup, ",") { sid, err := winio.LookupSidByName(g) if err != nil { return nil, err } sddl += fmt.Sprintf("(A;;GRGW;;;%s)", sid) } } c := winio.PipeConfig{ SecurityDescriptor: sddl, MessageMode: true, // Use message mode so that CloseWrite() is supported InputBufferSize: 65536, // Use 64KB buffers to improve performance OutputBufferSize: 65536, } l, err := winio.ListenPipe(addr, &c) if err != nil { return nil, err } ls = append(ls, l) default: return nil, fmt.Errorf("invalid protocol format: windows only supports tcp and npipe") } return ls, nil }