Completely remove the usage of POSIX functions from Acs. I've discovered the hard way that most things POSIX on Windows is a complete disaster.

With this we're now using native functions and all unit tests pass.

The code used in Check() is still a proof of concept and will probably be rewritten as issues are exposed.

Originally committed to SVN as r4354.
This commit is contained in:
Amar Takhar 2010-05-23 20:39:14 +00:00
parent 69ae630488
commit 25497cf87d

View file

@ -19,25 +19,14 @@
/// @ingroup libaegisub windows /// @ingroup libaegisub windows
#ifndef LAGI_PRE #ifndef LAGI_PRE
#include <sys/stat.h> #include <windows.h>
#include <io.h>
#include <errno.h>
#include <iostream> #include <iostream>
#include <fstream> #include <fstream>
#endif #endif
#ifndef R_OK
#define R_OK 04
#endif
#ifndef W_OK
#define W_OK 02
#endif
#pragma warning(disable: 4996)
#include "libaegisub/util.h" #include "libaegisub/util.h"
#include "libaegisub/util_win.h"
namespace agi { namespace agi {
namespace acs { namespace acs {
@ -61,24 +50,43 @@ void CheckDirWrite(const std::string &dir) {
Check(dir, acs::DirWrite); Check(dir, acs::DirWrite);
} }
/*
This function is still a proof of concept, it's probably rife with bugs, below
is a short (and incomplete) todo
* "Basic" checks (Read/Write/File/Dir) checks for FAT32 filesystems which
requires detecting the filesystem being used.
*/
void Check(const std::string &file, acs::Type type) { void Check(const std::string &file, acs::Type type) {
struct stat file_stat; std::wstring wfile;
int file_status; wfile.assign(file.begin(), file.end());
file_status = stat(file.c_str(), &file_stat); SECURITY_DESCRIPTOR* sd;
DWORD len = 0;
SECURITY_INFORMATION info = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION;
HANDLE client_token;
PRIVILEGE_SET priv_set;
DWORD priv_set_size = sizeof(PRIVILEGE_SET);
BOOL access_ok;
GENERIC_MAPPING generic_mapping;
DWORD access_check;
DWORD access;
DWORD file_attr;
if (file_status != 0) { file_attr = GetFileAttributes(wfile.c_str());
switch (errno) {
case ENOENT: if ((file_attr & INVALID_FILE_ATTRIBUTES) == INVALID_FILE_ATTRIBUTES) {
switch (GetLastError()) {
case ERROR_FILE_NOT_FOUND:
case ERROR_PATH_NOT_FOUND:
throw AcsNotFound("File or path not found."); throw AcsNotFound("File or path not found.");
break; break;
case EACCES: case ERROR_ACCESS_DENIED:
throw AcsAccess("Access Denied to file, path or path component."); throw AcsAccess("Access denied to file or path component");
break; break;
case EIO: default:
throw AcsFatal("Fatal I/O error occurred."); throw AcsFatal("Fatal I/O error occurred.");
break; break;
} }
@ -86,33 +94,71 @@ void Check(const std::string &file, acs::Type type) {
switch (type) { switch (type) {
case FileRead: case FileRead:
case FileWrite: case FileWrite: {
if ((file_stat.st_mode & S_IFREG) == 0) if ((file_attr & FILE_ATTRIBUTE_DIRECTORY) == FILE_ATTRIBUTE_DIRECTORY)
throw AcsNotAFile("Not a file."); throw AcsNotAFile("Not a file.");
break; break;
}
case DirRead: case DirRead:
case DirWrite: case DirWrite: {
if ((file_stat.st_mode & S_IFDIR) == 0) if ((file_attr & FILE_ATTRIBUTE_DIRECTORY) != FILE_ATTRIBUTE_DIRECTORY)
throw AcsNotADirectory("Not a directory."); throw AcsNotADirectory("Not a directory.");
break; break;
}
}
GetFileSecurity(wfile.c_str(), info, NULL, 0, &len);
if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
std::cout << "GetFileSecurity: fatal: " << util::ErrorString(GetLastError()) << std::endl;
}
sd = (SECURITY_DESCRIPTOR *)malloc(len);
if (sd == NULL) {
std::cout << "GetFileSecurity: insufficient memory" << std::endl;
} else {
if (!GetFileSecurity(wfile.c_str(), info, sd, len, &len)) {
std::cout << "GetFileSecurity failed: " << util::ErrorString(GetLastError()) << std::endl;
free(sd);
}
}
ImpersonateSelf(SecurityImpersonation);
if (!OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS, TRUE, &client_token)) {
std::cout << "OpenThreadToken failed: " << util::ErrorString(GetLastError()) << std::endl;
} }
switch (type) { switch (type) {
case DirRead: case DirRead:
case FileRead: case FileRead: {
file_status = access(file.c_str(), R_OK); access_check = FILE_READ_DATA;
if (file_status != 0) MapGenericMask(&access_check, &generic_mapping);
if(!AccessCheck(sd, client_token, access_check, &generic_mapping, &priv_set, &priv_set_size, &access, &access_ok)) {
std::cout << "AccessCheck failed: " << util::ErrorString(GetLastError()) << std::endl;
}
free(sd);
if (!access)
throw AcsRead("File or directory is not readable."); throw AcsRead("File or directory is not readable.");
break; break;
}
case DirWrite: case DirWrite:
case FileWrite: case FileWrite: {
file_status = access(file.c_str(), W_OK); access_check = FILE_APPEND_DATA | FILE_WRITE_DATA;
if (file_status != 0) MapGenericMask(&access_check, &generic_mapping);
if(!AccessCheck(sd, client_token, access_check, &generic_mapping, &priv_set, &priv_set_size, &access, &access_ok)) {
std::cout << "AccessCheck failed: " << util::ErrorString(GetLastError()) << std::endl;
}
free(sd);
if (!access)
throw AcsWrite("File or directory is not writable."); throw AcsWrite("File or directory is not writable.");
break; break;
} }
} default: {
std::cout << "Warning: type not handled" << std::endl;
free(sd);
}
} }
} }
} // namespace Access
} // namespace agi