Implement GetProcCredName in gosigar to address elastic/beats#590 ela…

…stic/topbeat#36 in windows
eonarheim · Jan 20, 2016 · a473715 · a473715
1 parent fab699f
commit a473715
Show file tree

Hide file tree

Showing 3 changed files with 61 additions and 0 deletions.
diff --git a/sigar_interface.go b/sigar_interface.go
@@ -106,6 +106,7 @@ const (
 
 type ProcState struct {
 	Name      string
+	Username  string
 	State     RunState
 	Ppid      int
 	Tty       int

diff --git a/sigar_windows.go b/sigar_windows.go
@@ -278,6 +278,12 @@ func (self *ProcState) Get(pid int) error {
 	if err != nil {
 		return err
 	}
+
+	self.Username, err = GetProcCredName(pid)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
 
@@ -306,6 +312,47 @@ func GetProcName(pid int) (string, error) {
 
 }
 
+func GetProcCredName(pid int) (string, error) {
+	var err error
+
+	handle, err := syscall.OpenProcess(syscall.PROCESS_QUERY_INFORMATION, false, uint32(pid))
+
+	if err != nil {
+		return "", fmt.Errorf("OpenProcess fails with %v", err)
+	}
+
+	defer syscall.CloseHandle(handle)
+
+	var token syscall.Token
+
+	// Find process token via win32
+	err = syscall.OpenProcessToken(handle, syscall.TOKEN_QUERY, &token)
+
+	if err != nil {
+		return "", fmt.Errorf("Error opening process token %v", err)
+	}
+
+	// Find the token user
+	tokenUser, err := token.GetTokenUser()
+	if err != nil {
+		return "", fmt.Errorf("Error getting token user %v", err)
+	}
+
+	// Close token to prevent handle leaks
+	err = token.Close()
+	if err != nil {
+		return "", fmt.Errorf("Error failed to closed process token")
+	}
+
+	// look up domain account by sid
+	account, domain, _, err := tokenUser.User.Sid.LookupAccount("localhost")
+	if err != nil {
+		return "", fmt.Errorf("Error looking up sid %v", err)
+	}
+
+	return fmt.Sprintf("%s\\%s", domain, account), nil
+}
+
 func GetProcStatus(pid int) (RunState, error) {
 
 	handle, err := syscall.OpenProcess(syscall.PROCESS_QUERY_INFORMATION, false, uint32(pid))

diff --git a/sigar_windows_test.go b/sigar_windows_test.go
@@ -3,6 +3,7 @@ package sigar_test
 import (
 	"math"
 	"os"
+	"os/user"
 	"strings"
 	"testing"
 
@@ -32,6 +33,18 @@ var _ = Describe("SigarWindows", func() {
 			Ω(usage.Total).Should(BeNumerically(">", 0))
 		})
 	})
+
+	Describe("Process", func() {
+		It("gets the current process user name", func() {
+			proc := sigar.ProcState{}
+			err := proc.Get(os.Getpid())
+			user, usererr := user.Current()
+
+			Ω(err).ShouldNot(HaveOccurred())
+			Ω(usererr).ShouldNot(HaveOccurred())
+			Ω(proc.Username).Should(Equal(user.Username))
+		})
+	})
 })
 
 func TestProcArgs(t *testing.T) {