From 9b387e447c88e4c0ff36da2108903a7ed9cd1445 Mon Sep 17 00:00:00 2001
From: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
Date: Wed, 18 Jan 2023 06:28:03 -0800
Subject: [PATCH 1/2] Add get-user-info utility

This utility allows us to mount the buildkitd executable inside a
Windows container and fetch the SID of any existing user. This is to
work around the fact that the SAM hive data structures are undocumented
and there is no API to inspect an offline SAM hive to fetch the security
info of an existing user.

Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
---
 cmd/buildkitd/main_windows.go               |  1 +
 util/system/getuserinfo/userinfo_windows.go | 47 +++++++++++++++++++++
 2 files changed, 48 insertions(+)
 create mode 100644 util/system/getuserinfo/userinfo_windows.go

diff --git a/cmd/buildkitd/main_windows.go b/cmd/buildkitd/main_windows.go
index 196e4c6f7526..309cac0c0e35 100644
--- a/cmd/buildkitd/main_windows.go
+++ b/cmd/buildkitd/main_windows.go
@@ -8,6 +8,7 @@ import (
 	"net"
 
 	_ "github.com/moby/buildkit/solver/llbsolver/ops"
+	_ "github.com/moby/buildkit/util/system/getuserinfo"
 	"github.com/pkg/errors"
 )
 
diff --git a/util/system/getuserinfo/userinfo_windows.go b/util/system/getuserinfo/userinfo_windows.go
new file mode 100644
index 000000000000..bdb29260f669
--- /dev/null
+++ b/util/system/getuserinfo/userinfo_windows.go
@@ -0,0 +1,47 @@
+package getuserinfo
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"syscall"
+
+	"github.com/docker/docker/pkg/idtools"
+	"github.com/docker/docker/pkg/reexec"
+)
+
+const (
+	getUserInfoCmd = "get-user-info"
+)
+
+func init() {
+	reexec.Register(getUserInfoCmd, userInfoMain)
+}
+
+func userInfoMain() {
+	if len(os.Args) != 2 {
+		fmt.Println("Usage: get-user-info usernameOrGroup")
+		os.Exit(1)
+	}
+	username := os.Args[1]
+	sid, _, _, err := syscall.LookupSID("", username)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(3)
+	}
+
+	sidAsString, err := sid.String()
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(4)
+	}
+	ident := idtools.Identity{
+		SID: sidAsString,
+	}
+	asJson, err := json.Marshal(ident)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(5)
+	}
+	fmt.Fprintf(os.Stdout, "%s", string(asJson))
+}

From 24ceea7c248831609250cc40d1bd4aaa9213daf7 Mon Sep 17 00:00:00 2001
From: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
Date: Thu, 19 Jan 2023 13:20:12 -0800
Subject: [PATCH 2/2] Use golang.org/x/sys/windows instead of syscall

Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
---
 util/system/getuserinfo/userinfo_windows.go | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/util/system/getuserinfo/userinfo_windows.go b/util/system/getuserinfo/userinfo_windows.go
index bdb29260f669..13da39fdc9f0 100644
--- a/util/system/getuserinfo/userinfo_windows.go
+++ b/util/system/getuserinfo/userinfo_windows.go
@@ -4,7 +4,8 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
-	"syscall"
+
+	"golang.org/x/sys/windows"
 
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/reexec"
@@ -24,20 +25,16 @@ func userInfoMain() {
 		os.Exit(1)
 	}
 	username := os.Args[1]
-	sid, _, _, err := syscall.LookupSID("", username)
+	sid, _, _, err := windows.LookupSID("", username)
 	if err != nil {
 		fmt.Println(err)
 		os.Exit(3)
 	}
 
-	sidAsString, err := sid.String()
-	if err != nil {
-		fmt.Println(err)
-		os.Exit(4)
-	}
 	ident := idtools.Identity{
-		SID: sidAsString,
+		SID: sid.String(),
 	}
+
 	asJson, err := json.Marshal(ident)
 	if err != nil {
 		fmt.Println(err)