diff options
author | Pierre Joye <pajoye@php.net> | 2009-05-17 19:44:27 +0000 |
---|---|---|
committer | Pierre Joye <pajoye@php.net> | 2009-05-17 19:44:27 +0000 |
commit | 10ace3fe979eba2e440cb184f0ae53ecbba26465 (patch) | |
tree | 5f728f22c2df8ba03c3f0ae5a4ab10d68ce3e80a /TSRM | |
parent | 47f87a58aa6b2ff1c0e67225e884c7e3a788effb (diff) | |
download | php-git-10ace3fe979eba2e440cb184f0ae53ecbba26465.tar.gz |
- #44859, fixed support for windows ACL, drop win9x code
Diffstat (limited to 'TSRM')
-rw-r--r-- | TSRM/tsrm_win32.c | 85 | ||||
-rw-r--r-- | TSRM/tsrm_win32.h | 1 |
2 files changed, 75 insertions, 11 deletions
diff --git a/TSRM/tsrm_win32.c b/TSRM/tsrm_win32.c index 635bdf1c47..9e7ece0ed3 100644 --- a/TSRM/tsrm_win32.c +++ b/TSRM/tsrm_win32.c @@ -23,6 +23,7 @@ #include <io.h> #include <process.h> #include <time.h> +#include <errno.h> #define TSRM_INCLUDE_FULL_WINDOWS_HEADERS @@ -45,6 +46,7 @@ static void tsrm_win32_ctor(tsrm_win32_globals *globals TSRMLS_DC) globals->process_size = 0; globals->shm_size = 0; globals->comspec = _strdup((GetVersion()<0x80000000)?"cmd.exe":"command.com"); + globals->impersonation_token = NULL; } static void tsrm_win32_dtor(tsrm_win32_globals *globals TSRMLS_DC) @@ -86,21 +88,82 @@ TSRM_API void tsrm_win32_shutdown(void) TSRM_API int tsrm_win32_access(const char *pathname, int mode) { + SECURITY_INFORMATION sec_info = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION; + GENERIC_MAPPING gen_map = { FILE_GENERIC_READ, FILE_GENERIC_WRITE, FILE_GENERIC_EXECUTE, FILE_ALL_ACCESS }; + DWORD priv_set_length = sizeof(PRIVILEGE_SET); + + PRIVILEGE_SET privilege_set = {0}; + DWORD sec_desc_length = 0, desired_access = 0, granted_access = 0; + BYTE * psec_desc = NULL; + BOOL fAccess = FALSE; + HANDLE process_token = NULL; + TSRMLS_FETCH(); + if (mode == 1 /*X_OK*/) { -#if 1 - /* This code is not supported by Windows 98, - * but we don't support it anymore */ DWORD type; + return GetBinaryType(pathname, &type) ? 0 : -1; + } else { + if(access(pathname, mode)) { + return errno; + } - return GetBinaryType(pathname, &type)?0:-1; -#else - SHFILEINFO sfi; + /* Do a full access check because access() will only check read-only attribute */ + if(mode == 0 || mode > 6) { + desired_access = FILE_GENERIC_READ; + } else if(mode <= 2) { + desired_access = FILE_GENERIC_WRITE; + } else if(mode <= 4) { + desired_access = FILE_GENERIC_READ; + } else { // if(mode <= 6) + desired_access = FILE_GENERIC_READ | FILE_GENERIC_WRITE; + } - return access(pathname, 0) == 0 && - SHGetFileInfo(pathname, 0, &sfi, sizeof(SHFILEINFO), SHGFI_EXETYPE) != 0 ? 0 : -1; -#endif - } else { - return access(pathname, mode); + /* Get size of security buffer. Call is expected to fail */ + if(GetFileSecurity(pathname, sec_info, NULL, 0, &sec_desc_length)) { + goto Finished; + } + + psec_desc = (BYTE *)malloc(sec_desc_length); + if(psec_desc == NULL || + !GetFileSecurity(pathname, sec_info, (PSECURITY_DESCRIPTOR)psec_desc, sec_desc_length, &sec_desc_length)) { + goto Finished; + } + + if(TWG(impersonation_token) == NULL) { + + if(!OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE | TOKEN_QUERY, &process_token)) { + goto Finished; + } + + /* Access check requires impersonation token. Create a duplicate token. */ + if(!DuplicateToken(process_token, SecurityImpersonation, &TWG(impersonation_token))) { + goto Finished; + } + } + + if(!AccessCheck((PSECURITY_DESCRIPTOR)psec_desc, TWG(impersonation_token), desired_access, &gen_map, &privilege_set, &priv_set_length, &granted_access, &fAccess)) { + goto Finished; + } + +Finished: + + /* impersonation_token will be closed when the process dies */ + if(process_token != NULL) { + CloseHandle(process_token); + process_token = NULL; + } + + if(psec_desc != NULL) { + free(psec_desc); + psec_desc = NULL; + } + + if(fAccess == FALSE) { + errno = EACCES; + return errno; + } else { + return 0; + } } } diff --git a/TSRM/tsrm_win32.h b/TSRM/tsrm_win32.h index a83d6ed1c8..acd0e683a2 100644 --- a/TSRM/tsrm_win32.h +++ b/TSRM/tsrm_win32.h @@ -63,6 +63,7 @@ typedef struct { int process_size; int shm_size; char *comspec; + HANDLE impersonation_token; } tsrm_win32_globals; #ifdef ZTS |