net: lookup_windows.go uses APIs that are no longer in Nano Server #21867
Comments
odeke-em
changed the title
|
\cc @alexbrainman. I have almost zero knowledge of Windows. |
SGTM. We have couple of functions in syscall with name that starts with Load (for example syscall.LoadCancelIoEx). These were created because some versions of Windows did not have those functions - so we used syscall.Load... functions in standard library to program around that limitation. You can do something similar. If you cannot replace the functionality netapi.dll provides, it is OK to just return error / skip tests. I suspect Nano Server users do not expect that functionality anyway. Alex |
|
This can be reproduced in a microsoft/nanoserver-insider image with this example code: package main
import (
"fmt"
"os/user"
)
func main() {
fmt.Println("Hello")
currentuser, err := user.Current()
if err == nil {
fmt.Println("Current user", currentuser)
} else {
fmt.Println("Error", err)
}
}Running the binary crashes |
Thank you @StefanScherer Alex |
|
Any updates? I found so far class swarm.exe, Traefik reverse proxy and Prometheus that need the netapi32.dll to work correctly in NanoServer 1709 image. |
What exactly do these programs require? What netapi32.dll functionality do these programs use? Alex |
swarmSwarm has vendored glog which uses traefikThe vendored Kubernetes package prometheusAlso prometheus uses glog :-) |
|
@StefanScherer thank you
That uses user.Current().Username. Maybe we can get current username without netapi32.dll? @taylorb-microsoft can we do that? How? Thank you. Alex |
|
@StefanScherer I think the quickest and easiest way to fix swarm.exe, Traefik reverse proxy and Prometheus is to fix glog package. I looked at the code you have pointed to: and glog uses os/user package just to fetch current user name. Is there a way to get current user name on NanoServer without calling netapi32.dll ? Can we get current user name by reading %USERNAME% environment variable or something? If yes, we can change glog code to do that if os/user.Current fails. Alex |
|
Thanks @alexbrainman, I don't know if this would be accepted in glog package. |
Why would not they. If they want their package work on NanoServer, they will make it work somehow. I did not look at their code, but I don't see how they package could not work without knowing current user name.
Can you list all environment variables. Maybe user name is there. Then you could use that environment variable in glog package. Also maybe you have some contacts from Microsoft - they would tell you how to get current user name in NanoServer. Alex |
|
Output of So Listing all environments: We have So something like this? package main
import (
"fmt"
"os"
"os/user"
)
func currentUsernameFromEnv() string {
return fmt.Sprintf("%s\\%s", os.Getenv("USERDOMAIN"), os.Getenv("USERNAME"))
}
func currentUsername() (me string) {
defer func() {
if r := recover(); r != nil {
fmt.Println("Recovered!")
me = currentUsernameFromEnv()
}
}()
current, err := user.Current()
if err == nil {
me = current.Username
} else {
me = currentUsernameFromEnv()
}
return
}
func main() {
fmt.Println("Hello")
fmt.Printf("Current user %s\n", currentUsername())
}When run on the host or in a microsoft/nanoserver:sac2016 container it works without panic/recover When run in microsoft/nanoserver:1709 container it shows |
Sounds good to me. I would change your code to always use USERDOMAIN and USERNAME environment variables on Windows ( if runtime.GOOS == "windows" then ... else ... ) then you won't need to recover from panic. I looked at https://github.com/golang/glog and it says: "Send bug reports to golang-nuts@googlegroups.com.". But I would create new issue here on https://github.com/golang/go/issues explaining the problem, and suggested solution. Perhaps someone will submit your change. If that change is submitted, I am not sure how to update vendor folder in warm.exe, Traefik reverse proxy and Prometheus. I suppose you could always create an issue there too. Alex |
ianlancetaylor
added
the
NeedsInvestigation
|
@taylorb-microsoft any suggestions which API can be used instead of NetGetJoinInformation on nanoserver? Environment variables works for solving user name but not for solve domain join status. |
|
@olljanat - in the case you are looking for domain join that would mean you are using GMSA (https://github.com/MicrosoftDocs/Virtualization-Documentation/tree/live/windows-server-container-tools/ServiceAccounts) correct? @rpsqrd is there a regkey/env variable that we already publish in? |
|
can't we make user.Current return error instead of panic for this case? |
The fall release of Nano Server removed a number of APIs with the effort of reducing the size of Nano Server. One of the DLLs removed was
NetApi32.dll. Currently there are a few places that lookup_windows.go calls APIs in NetApi32.dll - specifically isDomainJoined(..); lookupFullNameDomain(..) which is in turn called by newUser(..).It may be possible to refactor a bit to remove this dependency - I will think about it but I wanted to get this logged.
Examples:
go/src/os/user/lookup_windows.go
Lines 18 to 27 in 3098cf0
go/src/syscall/zsyscall_windows.go
Lines 179 to 181 in 3098cf0
EDITED by @odeke-em to use permalinks and format the target examples
The text was updated successfully, but these errors were encountered: