ext/standard/tests/file/windows_acls/common.inc


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170

<?php
error_reporting(E_ALL);
define('PHPT_ACL_READ',  1 << 1);
define('PHPT_ACL_WRITE', 1 << 2);
define('PHPT_ACL_EXEC',  1 << 3);
define('PHPT_ACL_NONE',  1 << 4);
define('PHPT_ACL_FULL',  1 << 5);

define('PHPT_ACL_GRANT',  1);
define('PHPT_ACL_DENY',  2);

function skipif() {
	if(substr(PHP_OS, 0, 3) != 'WIN' ) {
		die('skip windows only test');
	}
	if(stripos(php_uname(), 'XP') !== FALSE) {
		die('skip windows 2003 or newer only test');
	}
}

function get_username(){
	$user = getenv('USERNAME');

	if (!$user) {
		$user = get_current_user();
	}

	if (!$user) {
		$user =  exec('echo %USERNAME%');
	}

	return $user;
}

function get_domainname()
{
	$domain = getenv('USERDOMAIN');

	return $domain;
}

function get_icacls()
{
	$sysroot = exec('echo %SYSTEMROOT%');

	return "$sysroot\\System32\\icacls.exe";
}

function fix_acls() {
	$user = get_username();
	/* Current user needs to be owner of the test files. As well
	   all the other users having acls on the files must loose them.
	   The following fixes this just partially, as dynamically reading
	   all the users having acls on a file could be sophisticated. */
	exec(get_icacls() . ' ' . __DIR__ . ' /setowner ' . escapeshellarg($user) . ' /T /L /Q /C > nul 2>&1');
	exec(get_icacls() . ' ' . __DIR__ . ' /remove:g Administrators /T /L /Q /C > nul 2>&1');
}

function icacls_set($path, $mode, $perm) {
	$icacls = get_icacls();
	$user = get_username();
	$path_escaped =  '"' . $path . '"';
	$perm_entry = array();

	if ($perm & PHPT_ACL_READ) $perm_entry[]  = 'R';
	if ($perm & PHPT_ACL_WRITE) $perm_entry[] = 'W';
	if ($perm & PHPT_ACL_EXEC) $perm_entry[]  = 'RX';
	if ($perm & PHPT_ACL_FULL) $perm_entry[]  = 'F';

	// Deny all
	$cmd = $icacls . ' ' . $path_escaped . ' /inheritance:r /deny ' . $user . ':(F,M,R,RX,W)';
	exec($cmd);

	if ($perm & PHPT_ACL_NONE) {
		/*
		 This is required to remove all the previously denied
		 permission for the USER. Just granting permission doesn't
		 remove the previously denied permission.
		*/
		$cmd = $icacls . ' ' . $path_escaped . ' /remove:d ' . $user;
		exec($cmd);
		$cmd = $icacls . ' ' . $path_escaped . ' /remove:g ' . $user;
		exec($cmd);
		return;
	}

	if ($mode == PHPT_ACL_GRANT) {
		$mode = 'grant';
	} else {
		$mode = 'deny';
	}


	// Deny all
	$cmd = $icacls . ' ' . $path_escaped . ' /deny ' . $user . ':(F,M,R,RX,W)';
	exec($cmd);

	/*
	 This is required to remove all the previously denied
	 permission for the USER. Just granting permission doesn't
	 remove the previously denied permission.
	*/
	$cmd = $icacls . ' ' . $path_escaped . ' /remove:d ' . $user;
	exec($cmd);
	$cmd = $icacls . ' ' . $path_escaped . ' /remove:g ' . $user;
	exec($cmd);


	/*
	 Required to set no permission and check that is_readable()
	 returns false. If the $perm_entry contains 'N' skip this step.
	 This will make the file/dir with NO aceess.
	*/
	if (!in_array('N', $perm_entry)) {
		/*
		 This is required to remove all the previously denied
		 permission for the USER. Just granting permission doesn't
		 remove the previously denied permission.
		*/
		$cmd = $icacls . ' ' . $path_escaped . ' /remove:d ' . $user;
		exec($cmd);
		$cmd = $icacls . ' ' . $path_escaped . ' /remove:g ' . $user;
		exec($cmd);

		$cmd = $icacls . ' ' . $path_escaped . ' /' . $mode . ' ' . $user;
		$cmd .= ':' . '(' . implode(',', $perm_entry) . ')';
		exec($cmd);
	}
}

function create_dir($name, $perms) {
	if (empty($name)) {
		echo "create_dir: Empty name is not allowed\n";
		return;
	}

	mkdir($name);
	$dst = realpath($name);
	icacls_set($name, PHPT_ACL_GRANT, $perms);
}

function create_file($name, $perms) {
	if (empty($name)) {
		echo "create_file: Empty name is not allowed\n";
		return;
	}

	touch($name);
	icacls_set($name, PHPT_ACL_GRANT, $perms);
}

function delete_file($path) {
	icacls_set($path, PHPT_ACL_GRANT, PHPT_ACL_FULL);
	if (is_file($path)) {
		unlink($path);
	} else {
		echo "delete_file: '$path' is not a file\n";
		return;
	}
}

function delete_dir($path) {
	if (is_dir($path)) {
		icacls_set($path, PHPT_ACL_GRANT, PHPT_ACL_FULL);
		rmdir($path);
	} else {
		echo "delete_dir: '$path' is not a directory\n";
		return;
	}
}