1
/* Copyright 2000-2005 The Apache Software Foundation or its licensors, as
4
* Licensed under the Apache License, Version 2.0 (the "License");
5
* you may not use this file except in compliance with the License.
6
* You may obtain a copy of the License at
8
* http://www.apache.org/licenses/LICENSE-2.0
10
* Unless required by applicable law or agreed to in writing, software
11
* distributed under the License is distributed on an "AS IS" BASIS,
12
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
* See the License for the specific language governing permissions and
14
* limitations under the License.
19
#include "apr_private.h"
20
#include "apr_arch_file_io.h"
21
#include "apr_file_io.h"
22
#include "apr_general.h"
23
#include "apr_strings.h"
24
#include "apr_errno.h"
27
#include "apr_arch_atime.h"
28
#include "apr_arch_misc.h"
30
/* We have to assure that the file name contains no '*'s, or other
31
* wildcards when using FindFirstFile to recover the true file name.
33
static apr_status_t test_safe_name(const char *name)
35
/* Only accept ':' in the second position of the filename,
36
* as the drive letter delimiter:
38
if (apr_isalpha(*name) && (name[1] == ':')) {
42
if (!IS_FNCHAR(*name) && (*name != '\\') && (*name != '/')) {
43
if (*name == '?' || *name == '*')
53
static apr_status_t free_localheap(void *heap) {
58
static apr_gid_t worldid = NULL;
60
static void free_world(void)
68
/* Left bit shifts from World scope to given scope */
69
typedef enum prot_scope_e {
75
static apr_fileperms_t convert_prot(ACCESS_MASK acc, prot_scope_e scope)
77
/* These choices are based on the single filesystem bit that controls
78
* the given behavior. They are -not- recommended for any set protection
79
* function, such a function should -set- use GENERIC_READ/WRITE/EXECUTE
81
apr_fileperms_t prot = 0;
82
if (acc & FILE_EXECUTE)
84
if (acc & FILE_WRITE_DATA)
86
if (acc & FILE_READ_DATA)
88
return (prot << scope);
91
static void resolve_prot(apr_finfo_t *finfo, apr_int32_t wanted, PACL dacl)
93
TRUSTEE_W ident = {NULL, NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_SID};
96
* This function is only invoked for WinNT,
97
* there is no reason for os_level testing here.
99
if ((wanted & APR_FINFO_WPROT) && !worldid) {
100
SID_IDENTIFIER_AUTHORITY SIDAuth = SECURITY_WORLD_SID_AUTHORITY;
101
if (AllocateAndInitializeSid(&SIDAuth, 1, SECURITY_WORLD_RID,
102
0, 0, 0, 0, 0, 0, 0, &worldid))
107
if ((wanted & APR_FINFO_UPROT) && (finfo->valid & APR_FINFO_USER)) {
108
ident.TrusteeType = TRUSTEE_IS_USER;
109
ident.ptstrName = finfo->user;
110
/* GetEffectiveRightsFromAcl isn't supported under Win9x,
111
* which shouldn't come as a surprize. Since we are passing
112
* TRUSTEE_IS_SID, always skip the A->W layer.
114
if (GetEffectiveRightsFromAclW(dacl, &ident, &acc) == ERROR_SUCCESS) {
115
finfo->protection |= convert_prot(acc, prot_scope_user);
116
finfo->valid |= APR_FINFO_UPROT;
119
/* Windows NT: did not return group rights.
120
* Windows 2000 returns group rights information.
121
* Since WinNT kernels don't follow the unix model of
122
* group associations, this all all pretty mute.
124
if ((wanted & APR_FINFO_GPROT) && (finfo->valid & APR_FINFO_GROUP)) {
125
ident.TrusteeType = TRUSTEE_IS_GROUP;
126
ident.ptstrName = finfo->group;
127
if (GetEffectiveRightsFromAclW(dacl, &ident, &acc) == ERROR_SUCCESS) {
128
finfo->protection |= convert_prot(acc, prot_scope_group);
129
finfo->valid |= APR_FINFO_GPROT;
132
if ((wanted & APR_FINFO_WPROT) && (worldid)) {
133
ident.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
134
ident.ptstrName = worldid;
135
if (GetEffectiveRightsFromAclW(dacl, &ident, &acc) == ERROR_SUCCESS) {
136
finfo->protection |= convert_prot(acc, prot_scope_world);
137
finfo->valid |= APR_FINFO_WPROT;
142
static apr_status_t resolve_ident(apr_finfo_t *finfo, const char *fname,
143
apr_int32_t wanted, apr_pool_t *pool)
145
apr_file_t *thefile = NULL;
148
* NT5 (W2K) only supports symlinks in the same manner as mount points.
149
* This code should eventually take that into account, for now treat
150
* every reparse point as a symlink...
152
* We must open the file with READ_CONTROL if we plan to retrieve the
153
* user, group or permissions.
156
if ((rv = apr_file_open(&thefile, fname, APR_OPENINFO
157
| ((wanted & APR_FINFO_LINK) ? APR_OPENLINK : 0)
158
| ((wanted & (APR_FINFO_PROT | APR_FINFO_OWNER))
159
? APR_READCONTROL : 0),
160
APR_OS_DEFAULT, pool)) == APR_SUCCESS) {
161
rv = apr_file_info_get(finfo, wanted, thefile);
162
finfo->filehand = NULL;
163
apr_file_close(thefile);
165
else if (APR_STATUS_IS_EACCES(rv) && (wanted & (APR_FINFO_PROT
166
| APR_FINFO_OWNER))) {
167
/* We have a backup plan. Perhaps we couldn't grab READ_CONTROL?
168
* proceed without asking for that permission...
170
if ((rv = apr_file_open(&thefile, fname, APR_OPENINFO
171
| ((wanted & APR_FINFO_LINK) ? APR_OPENLINK : 0),
172
APR_OS_DEFAULT, pool)) == APR_SUCCESS) {
173
rv = apr_file_info_get(finfo, wanted & ~(APR_FINFO_PROT
176
finfo->filehand = NULL;
177
apr_file_close(thefile);
181
if (rv != APR_SUCCESS && rv != APR_INCOMPLETE)
184
/* We picked up this case above and had opened the link's properties */
185
if (wanted & APR_FINFO_LINK)
186
finfo->valid |= APR_FINFO_LINK;
191
static void guess_protection_bits(apr_finfo_t *finfo)
193
/* Read, write execute for owner. In the Win9x environment, any
194
* readable file is executable (well, not entirely 100% true, but
195
* still looking for some cheap logic that would help us here.)
196
* The same holds on NT if a file doesn't have a DACL (e.g., on FAT)
198
if (finfo->protection & APR_FREADONLY) {
199
finfo->protection |= APR_WREAD | APR_WEXECUTE;
202
finfo->protection |= APR_WREAD | APR_WEXECUTE | APR_WWRITE;
204
finfo->protection |= (finfo->protection << prot_scope_group)
205
| (finfo->protection << prot_scope_user);
207
finfo->valid |= APR_FINFO_UPROT | APR_FINFO_GPROT | APR_FINFO_WPROT;
210
apr_status_t more_finfo(apr_finfo_t *finfo, const void *ufile,
211
apr_int32_t wanted, int whatfile)
213
PSID user = NULL, grp = NULL;
217
if (apr_os_level < APR_WIN_NT)
218
guess_protection_bits(finfo);
219
else if (wanted & (APR_FINFO_PROT | APR_FINFO_OWNER))
221
/* On NT this request is incredibly expensive, but accurate.
222
* Since the WinNT-only functions below are protected by the
223
* (apr_os_level < APR_WIN_NT) case above, we need no extra
224
* tests, but remember GetNamedSecurityInfo & GetSecurityInfo
225
* are not supported on 9x.
227
SECURITY_INFORMATION sinf = 0;
228
PSECURITY_DESCRIPTOR pdesc = NULL;
229
if (wanted & (APR_FINFO_USER | APR_FINFO_UPROT))
230
sinf |= OWNER_SECURITY_INFORMATION;
231
if (wanted & (APR_FINFO_GROUP | APR_FINFO_GPROT))
232
sinf |= GROUP_SECURITY_INFORMATION;
233
if (wanted & APR_FINFO_PROT)
234
sinf |= DACL_SECURITY_INFORMATION;
235
if (whatfile == MORE_OF_WFSPEC) {
236
apr_wchar_t *wfile = (apr_wchar_t*) ufile;
238
if (wcsncmp(wfile, L"\\\\?\\", 4) == 0) {
240
if (wcsncmp(wfile + fix, L"UNC\\", 4) == 0)
241
wfile[6] = L'\\', fix = 6;
243
rv = GetNamedSecurityInfoW(wfile + fix,
244
SE_FILE_OBJECT, sinf,
245
((wanted & APR_FINFO_USER) ? &user : NULL),
246
((wanted & APR_FINFO_GROUP) ? &grp : NULL),
247
((wanted & APR_FINFO_PROT) ? &dacl : NULL),
252
else if (whatfile == MORE_OF_FSPEC)
253
rv = GetNamedSecurityInfoA((char*)ufile,
254
SE_FILE_OBJECT, sinf,
255
((wanted & APR_FINFO_USER) ? &user : NULL),
256
((wanted & APR_FINFO_GROUP) ? &grp : NULL),
257
((wanted & APR_FINFO_PROT) ? &dacl : NULL),
259
else if (whatfile == MORE_OF_HANDLE)
260
rv = GetSecurityInfo((HANDLE)ufile,
261
SE_FILE_OBJECT, sinf,
262
((wanted & APR_FINFO_USER) ? &user : NULL),
263
((wanted & APR_FINFO_GROUP) ? &grp : NULL),
264
((wanted & APR_FINFO_PROT) ? &dacl : NULL),
267
return APR_INCOMPLETE;
268
if (rv == ERROR_SUCCESS)
269
apr_pool_cleanup_register(finfo->pool, pdesc, free_localheap,
270
apr_pool_cleanup_null);
272
user = grp = dacl = NULL;
276
finfo->valid |= APR_FINFO_USER;
281
finfo->valid |= APR_FINFO_GROUP;
285
/* Retrieved the discresionary access list */
286
resolve_prot(finfo, wanted, dacl);
288
else if (wanted & APR_FINFO_PROT)
289
guess_protection_bits(finfo);
292
return ((wanted & ~finfo->valid) ? APR_INCOMPLETE : APR_SUCCESS);
296
/* This generic fillin depends upon byhandle to be passed as 0 when
297
* a WIN32_FILE_ATTRIBUTE_DATA or either WIN32_FIND_DATA [A or W] is
298
* passed for wininfo. When the BY_HANDLE_FILE_INFORMATION structure
299
* is passed for wininfo, byhandle is passed as 1 to offset the one
300
* dword discrepancy in offset of the High/Low size structure members.
302
* The generic fillin returns 1 if the caller should further inquire
303
* if this is a CHR filetype. If it's reasonably certain it can't be,
304
* then the function returns 0.
306
int fillin_fileinfo(apr_finfo_t *finfo,
307
WIN32_FILE_ATTRIBUTE_DATA *wininfo,
308
int byhandle, apr_int32_t wanted)
310
DWORD *sizes = &wininfo->nFileSizeHigh + byhandle;
313
memset(finfo, '\0', sizeof(*finfo));
315
FileTimeToAprTime(&finfo->atime, &wininfo->ftLastAccessTime);
316
FileTimeToAprTime(&finfo->ctime, &wininfo->ftCreationTime);
317
FileTimeToAprTime(&finfo->mtime, &wininfo->ftLastWriteTime);
319
#if APR_HAS_LARGE_FILES
320
finfo->size = (apr_off_t)sizes[1]
321
| ((apr_off_t)sizes[0] << 32);
323
finfo->size = (apr_off_t)sizes[1];
324
if (finfo->size < 0 || sizes[0])
325
finfo->size = 0x7fffffff;
328
if (wanted & APR_FINFO_LINK &&
329
wininfo->dwFileAttributes & FILE_ATTRIBUTE_REPARSE_POINT) {
330
finfo->filetype = APR_LNK;
332
else if (wininfo->dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) {
333
finfo->filetype = APR_DIR;
335
else if (wininfo->dwFileAttributes & FILE_ATTRIBUTE_DEVICE) {
336
/* Warning: This test only succeeds on Win9x, on NT these files
337
* (con, aux, nul, lpt#, com# etc) escape early detection!
339
finfo->filetype = APR_CHR;
342
/* Warning: Short of opening the handle to the file, the 'FileType'
343
* appears to be unknowable (in any trustworthy or consistent sense)
344
* on WinNT/2K as far as PIPE, CHR, etc are concerned.
346
if (!wininfo->ftLastWriteTime.dwLowDateTime
347
&& !wininfo->ftLastWriteTime.dwHighDateTime
350
finfo->filetype = APR_REG;
353
/* The following flags are [for this moment] private to Win32.
354
* That's the only excuse for not toggling valid bits to reflect them.
356
if (wininfo->dwFileAttributes & FILE_ATTRIBUTE_READONLY)
357
finfo->protection = APR_FREADONLY;
359
finfo->valid = APR_FINFO_ATIME | APR_FINFO_CTIME | APR_FINFO_MTIME
360
| APR_FINFO_SIZE | APR_FINFO_TYPE; /* == APR_FINFO_MIN */
362
/* Only byhandle optionally tests link targets, so tell that caller
363
* what it wants to hear, otherwise the byattributes is never
364
* reporting anything but the link.
366
if (!byhandle || (wanted & APR_FINFO_LINK))
367
finfo->valid |= APR_FINFO_LINK;
372
APR_DECLARE(apr_status_t) apr_file_info_get(apr_finfo_t *finfo, apr_int32_t wanted,
375
BY_HANDLE_FILE_INFORMATION FileInfo;
377
if (thefile->buffered) {
378
/* XXX: flush here is not mutex protected */
379
apr_status_t rv = apr_file_flush(thefile);
380
if (rv != APR_SUCCESS)
384
if (!GetFileInformationByHandle(thefile->filehand, &FileInfo)) {
385
return apr_get_os_error();
388
fillin_fileinfo(finfo, (WIN32_FILE_ATTRIBUTE_DATA *) &FileInfo, 1, wanted);
390
if (finfo->filetype == APR_REG)
392
/* Go the extra mile to be -certain- that we have a real, regular
393
* file, since the attribute bits aren't a certain thing. Even
394
* though fillin should have hinted if we *must* do this, we
395
* don't need to take chances while the handle is already open.
398
if (FileType = GetFileType(thefile->filehand)) {
399
if (FileType == FILE_TYPE_CHAR) {
400
finfo->filetype = APR_CHR;
402
else if (FileType == FILE_TYPE_PIPE) {
403
finfo->filetype = APR_PIPE;
405
/* Otherwise leave the original conclusion alone
410
finfo->pool = thefile->pool;
412
/* ### The finfo lifetime may exceed the lifetime of thefile->pool
413
* but finfo's aren't managed in pools, so where on earth would
414
* we pstrdup the fname into???
416
finfo->fname = thefile->fname;
418
/* Extra goodies known only by GetFileInformationByHandle() */
419
finfo->inode = (apr_ino_t)FileInfo.nFileIndexLow
420
| ((apr_ino_t)FileInfo.nFileIndexHigh << 32);
421
finfo->device = FileInfo.dwVolumeSerialNumber;
422
finfo->nlink = FileInfo.nNumberOfLinks;
424
finfo->valid |= APR_FINFO_IDENT | APR_FINFO_NLINK;
426
/* If we still want something more (besides the name) go get it!
428
if ((wanted &= ~finfo->valid) & ~APR_FINFO_NAME) {
429
return more_finfo(finfo, thefile->filehand, wanted, MORE_OF_HANDLE);
435
APR_DECLARE(apr_status_t) apr_file_perms_set(const char *fname,
436
apr_fileperms_t perms)
441
APR_DECLARE(apr_status_t) apr_stat(apr_finfo_t *finfo, const char *fname,
442
apr_int32_t wanted, apr_pool_t *pool)
444
/* XXX: is constant - needs testing - which requires a lighter-weight root test fn */
446
apr_status_t ident_rv = 0;
448
#if APR_HAS_UNICODE_FS
449
apr_wchar_t wfname[APR_PATH_MAX];
452
char *filename = NULL;
453
/* These all share a common subset of this structure */
457
WIN32_FILE_ATTRIBUTE_DATA i;
460
/* Catch fname length == MAX_PATH since GetFileAttributesEx fails
461
* with PATH_NOT_FOUND. We would rather indicate length error than
464
if (strlen(fname) >= APR_PATH_MAX) {
465
return APR_ENAMETOOLONG;
468
#if APR_HAS_UNICODE_FS
471
if ((wanted & (APR_FINFO_IDENT | APR_FINFO_NLINK))
472
|| (~wanted & APR_FINFO_LINK)) {
473
/* FindFirstFile and GetFileAttributesEx can't figure the inode,
474
* device or number of links, so we need to resolve with an open
475
* file handle. If the user has asked for these fields, fall over
476
* to the get file info by handle method. If we fail, or the user
477
* also asks for the file name, continue by our usual means.
479
* We also must use this method for a 'true' stat, that resolves
480
* a symlink (NTFS Junction) target. This is because all fileinfo
481
* on a Junction always returns the junction, opening the target
482
* is the only way to resolve the target's attributes.
484
if ((ident_rv = resolve_ident(finfo, fname, wanted, pool))
487
else if (ident_rv == APR_INCOMPLETE)
488
wanted &= ~finfo->valid;
491
if (rv = utf8_to_unicode_path(wfname, sizeof(wfname)
492
/ sizeof(apr_wchar_t), fname))
494
if (!(wanted & APR_FINFO_NAME)) {
495
if (!GetFileAttributesExW(wfname, GetFileExInfoStandard,
497
return apr_get_os_error();
500
/* Guard against bogus wildcards and retrieve by name
501
* since we want the true name, and set aside a long
502
* enough string to handle the longest file name.
504
char tmpname[APR_FILE_MAX * 3 + 1];
506
if ((rv = test_safe_name(fname)) != APR_SUCCESS) {
509
hFind = FindFirstFileW(wfname, &FileInfo.w);
510
if (hFind == INVALID_HANDLE_VALUE)
511
return apr_get_os_error();
513
if (unicode_to_utf8_path(tmpname, sizeof(tmpname),
514
FileInfo.w.cFileName)) {
515
return APR_ENAMETOOLONG;
517
filename = apr_pstrdup(pool, tmpname);
525
const char *test = fname;
526
rv = apr_filepath_root(&root, &test, APR_FILEPATH_NATIVE, pool);
527
isroot = (root && *root && !(*test));
529
if ((apr_os_level >= APR_WIN_98) && (!(wanted & APR_FINFO_NAME) || isroot))
531
/* cannot use FindFile on a Win98 root, it returns \*
532
* GetFileAttributesExA is not available on Win95
534
if (!GetFileAttributesExA(fname, GetFileExInfoStandard,
536
return apr_get_os_error();
540
/* This is Win95 and we are trying to stat a root. Lie.
542
if (GetDriveType(fname) != DRIVE_UNKNOWN)
546
finfo->mtime = apr_time_now();
547
finfo->protection |= APR_WREAD | APR_WEXECUTE | APR_WWRITE;
548
finfo->protection |= (finfo->protection << prot_scope_group)
549
| (finfo->protection << prot_scope_user);
550
finfo->valid |= APR_FINFO_TYPE | APR_FINFO_PROT
552
| (wanted & APR_FINFO_LINK);
553
return (wanted &= ~finfo->valid) ? APR_INCOMPLETE
557
return APR_FROM_OS_ERROR(ERROR_PATH_NOT_FOUND);
560
/* Guard against bogus wildcards and retrieve by name
561
* since we want the true name, or are stuck in Win95,
562
* or are looking for the root of a Win98 drive.
565
if ((rv = test_safe_name(fname)) != APR_SUCCESS) {
568
hFind = FindFirstFileA(fname, &FileInfo.n);
569
if (hFind == INVALID_HANDLE_VALUE) {
570
return apr_get_os_error();
573
filename = apr_pstrdup(pool, FileInfo.n.cFileName);
578
if (ident_rv != APR_INCOMPLETE) {
579
if (fillin_fileinfo(finfo, (WIN32_FILE_ATTRIBUTE_DATA *) &FileInfo,
582
/* Go the extra mile to assure we have a file. WinNT/2000 seems
583
* to reliably translate char devices to the path '\\.\device'
584
* so go ask for the full path.
586
if (apr_os_level >= APR_WIN_NT)
588
#if APR_HAS_UNICODE_FS
589
apr_wchar_t tmpname[APR_FILE_MAX];
590
apr_wchar_t *tmpoff = NULL;
591
if (GetFullPathNameW(wfname, sizeof(tmpname) / sizeof(apr_wchar_t),
594
if (!wcsncmp(tmpname, L"\\\\.\\", 4)) {
596
/* Same initial logic as above, but
597
* only for WinNT/non-UTF-8 builds of APR:
599
char tmpname[APR_FILE_MAX];
601
if (GetFullPathName(fname, sizeof(tmpname), tmpname, &tmpoff))
603
if (!strncmp(tmpname, "\\\\.\\", 4)) {
605
if (tmpoff == tmpname + 4) {
606
finfo->filetype = APR_CHR;
608
/* For WHATEVER reason, CHR devices such as \\.\con
609
* or \\.\lpt1 *may*not* update tmpoff; in fact the
610
* resulting tmpoff is set to NULL. Guard against
613
* This code is identical for wide and narrow chars...
616
tmpoff = tmpname + 4;
618
if (*tmpoff == '\\' || *tmpoff == '/') {
624
finfo->filetype = APR_CHR;
630
finfo->valid &= ~APR_FINFO_TYPE;
635
finfo->valid &= ~APR_FINFO_TYPE;
641
if (filename && !isroot) {
642
finfo->name = filename;
643
finfo->valid |= APR_FINFO_NAME;
646
if (wanted &= ~finfo->valid) {
647
/* Caller wants more than APR_FINFO_MIN | APR_FINFO_NAME */
648
#if APR_HAS_UNICODE_FS
649
if (apr_os_level >= APR_WIN_NT)
650
return more_finfo(finfo, wfname, wanted, MORE_OF_WFSPEC);
652
return more_finfo(finfo, fname, wanted, MORE_OF_FSPEC);
658
APR_DECLARE(apr_status_t) apr_file_attrs_set(const char *fname,
659
apr_fileattrs_t attributes,
660
apr_fileattrs_t attr_mask,
665
#if APR_HAS_UNICODE_FS
666
apr_wchar_t wfname[APR_PATH_MAX];
669
/* Don't do anything if we can't handle the requested attributes */
670
if (!(attr_mask & (APR_FILE_ATTR_READONLY
671
| APR_FILE_ATTR_HIDDEN)))
674
#if APR_HAS_UNICODE_FS
677
if (rv = utf8_to_unicode_path(wfname,
678
sizeof(wfname) / sizeof(wfname[0]),
681
flags = GetFileAttributesW(wfname);
687
flags = GetFileAttributesA(fname);
691
if (flags == 0xFFFFFFFF)
692
return apr_get_os_error();
694
if (attr_mask & APR_FILE_ATTR_READONLY)
696
if (attributes & APR_FILE_ATTR_READONLY)
697
flags |= FILE_ATTRIBUTE_READONLY;
699
flags &= ~FILE_ATTRIBUTE_READONLY;
702
if (attr_mask & APR_FILE_ATTR_HIDDEN)
704
if (attributes & APR_FILE_ATTR_HIDDEN)
705
flags |= FILE_ATTRIBUTE_HIDDEN;
707
flags &= ~FILE_ATTRIBUTE_HIDDEN;
710
#if APR_HAS_UNICODE_FS
713
rv = SetFileAttributesW(wfname, flags);
719
rv = SetFileAttributesA(fname, flags);
724
return apr_get_os_error();
730
APR_DECLARE(apr_status_t) apr_file_mtime_set(const char *fname,
737
rv = apr_file_open(&thefile, fname,
738
APR_READ | APR_WRITEATTRS,
739
APR_OS_DEFAULT, pool);
746
if (!GetFileTime(thefile->filehand,
747
&file_ctime, &file_atime, &file_mtime))
748
rv = apr_get_os_error();
751
AprTimeToFileTime(&file_mtime, mtime);
752
if (!SetFileTime(thefile->filehand,
753
&file_ctime, &file_atime, &file_mtime))
754
rv = apr_get_os_error();
757
apr_file_close(thefile);