ref: 6bb619c8db2867ddd9cd19c0aec05065f5ee0cae
dir: /emu/Nt/devfs.c/
#define UNICODE #define Unknown win_Unknown #include <windows.h> #include <winbase.h> #undef Unknown #undef Sleep #include "dat.h" #include "fns.h" #include "error.h" #include "r16.h" #include <lm.h> /* TODO: try using / in place of \ in path names */ #ifndef SID_MAX_SUB_AUTHORITIES #define SID_MAX_SUB_AUTHORITIES 15 #endif enum { MAX_SID = sizeof(SID) + SID_MAX_SUB_AUTHORITIES*sizeof(DWORD), ACL_ROCK = sizeof(ACL) + 20*(sizeof(ACCESS_ALLOWED_ACE)+MAX_SID), SD_ROCK = SECURITY_DESCRIPTOR_MIN_LENGTH + MAX_SID + ACL_ROCK, MAXCOMP = 128, }; typedef struct User User; typedef struct Gmem Gmem; typedef struct Stat Stat; typedef struct Fsinfo Fsinfo; typedef WIN32_FIND_DATA Fsdir; #ifndef INVALID_SET_FILE_POINTER #define INVALID_SET_FILE_POINTER ((DWORD)-1) #endif struct Fsinfo { int uid; int gid; int mode; int fd; vlong offset; QLock oq; char* spec; Rune16* srv; Cname* name; /* Windows' idea of the file name */ ushort usesec; ushort checksec; Fsdir* de; /* non-nil for saved entry from last dirread at offset */ }; #define FS(c) ((Fsinfo*)(c)->aux) /* * info about a user or group * there are two ways to specify a user: * by sid, a unique identifier * by user and domain names * this structure is used to convert between the two, * as well as figure out which groups a users belongs to. * the user information never gets thrown away, * but the group information gets refreshed with each setid. */ struct User { QLock lk; /* locks the gotgroup and group fields */ SID *sid; Rune16 *name; Rune16 *dom; int type; /* the type of sid, ie SidTypeUser, SidTypeAlias, ... */ int gotgroup; /* tried to add group */ Gmem *group; /* global and local groups to which this user or group belongs. */ User *next; }; struct Gmem { User *user; Gmem *next; }; /* * intermediate stat information */ struct Stat { User *owner; User *group; ulong mode; }; /* * some "well-known" sids */ static SID *creatorowner; static SID *creatorgroup; static SID *everyone; static SID *ntignore; static SID *ntroot; /* user who is supposed to run emu as a server */ /* * all users we ever see end up in this table * users are never deleted, but we should update * group information for users sometime */ static struct { QLock lk; User *u; }users; /* * conversion from inferno permission modes to nt access masks * is this good enough? this is what nt sets, except for NOMODE */ #define NOMODE (READ_CONTROL|FILE_READ_EA|FILE_READ_ATTRIBUTES) #define RMODE (READ_CONTROL|SYNCHRONIZE\ |FILE_READ_DATA|FILE_READ_EA|FILE_READ_ATTRIBUTES) #define XMODE (READ_CONTROL|SYNCHRONIZE\ |FILE_EXECUTE|FILE_READ_ATTRIBUTES) #define WMODE (DELETE|READ_CONTROL|SYNCHRONIZE|WRITE_DAC|WRITE_OWNER\ |FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_WRITE_EA\ |FILE_DELETE_CHILD|FILE_WRITE_ATTRIBUTES) static int modetomask[] = { NOMODE, XMODE, WMODE, WMODE|XMODE, RMODE, RMODE|XMODE, RMODE|WMODE, RMODE|WMODE|XMODE, }; extern DWORD PlatformId; char rootdir[MAXROOT] = "\\inferno"; Rune16 rootname[] = L"inferno-server"; static Qid rootqid; static User *fsnone; static User *fsuser; static Rune16 *ntsrv; static int usesec; static int checksec; static int isserver; static int file_share_delete; static uchar isntfrog[256]; static void fsremove(Chan*); wchar_t *widen(char *s); char *narrowen(wchar_t *ws); int widebytes(wchar_t *ws); static char Etoolong[] = "file name too long"; extern int nth2fd(HANDLE); extern HANDLE ntfd2h(int); static int cnisroot(Cname*); static int fsisroot(Chan*); static int okelem(char*, int); static int fsexist(char*, Qid*); static char* fspath(Cname*, char*, char*, char*); static Cname* fswalkpath(Cname*, char*, int); static char* fslastelem(Cname*); static long fsdirread(Chan*, uchar*, int, vlong); static ulong fsqidpath(char*); static int fsomode(int); static int fsdirset(char*, int, WIN32_FIND_DATA*, char*, Chan*, int isdir); static int fsdirsize(WIN32_FIND_DATA*, char*, Chan*); static void fssettime(char*, long, long); static long unixtime(FILETIME); static FILETIME wintime(ulong); static void secinit(void); static int secstat(Dir*, char*, Rune16*); static int secsize(char*, Rune16*); static void seccheck(char*, ulong, Rune16*); static int sechasperm(char*, ulong, Rune16*); static SECURITY_DESCRIPTOR* secsd(char*, char[SD_ROCK]); static int secsdhasperm(SECURITY_DESCRIPTOR*, ulong, Rune16*); static int secsdstat(SECURITY_DESCRIPTOR*, Stat*, Rune16*); static SECURITY_DESCRIPTOR* secmksd(char[SD_ROCK], Stat*, ACL*, int); static SID *dupsid(SID*); static int ismembersid(Rune16*, User*, SID*); static int ismember(User*, User*); static User *sidtouser(Rune16*, SID*); static User *domnametouser(Rune16*, Rune16*, Rune16*); static User *nametouser(Rune16*, Rune16*); static User *unametouser(Rune16*, char*); static void addgroups(User*, int); static User *mkuser(SID*, int, Rune16*, Rune16*); static Rune16 *domsrv(Rune16 *, Rune16[MAX_PATH]); static Rune16 *filesrv(char*); static int fsacls(char*); static User *secuser(void); int winfilematch(char *path, WIN32_FIND_DATA *data) { char *p; wchar_t *wpath; int r; p = path+strlen(path); while(p > path && p[-1] != '\\') --p; wpath = widen(p); r = (data->cFileName[0] == '.' && runes16len(data->cFileName) == 1) || runes16cmp(data->cFileName, wpath) == 0; free(wpath); return r; } int winfileclash(char *path) { HANDLE h; WIN32_FIND_DATA data; wchar_t *wpath; wpath = widen(path); h = FindFirstFile(wpath, &data); free(wpath); if (h != INVALID_HANDLE_VALUE) { FindClose(h); return !winfilematch(path, &data); } return 0; } /* * this gets called to set up the environment when we switch users */ void setid(char *name, int owner) { User *u; if(owner && !iseve()) return; kstrdup(&up->env->user, name); if(!usesec) return; u = unametouser(ntsrv, up->env->user); if(u == nil) u = fsnone; else { qlock(&u->lk); addgroups(u, 1); qunlock(&u->lk); } if(u == nil) panic("setid: user nil\n"); up->env->ui = u; } static void fsfree(Chan *c) { cnameclose(FS(c)->name); if(FS(c)->de != nil) free(FS(c)->de); free(FS(c)); } void fsinit(void) { int n, isvol; ulong attr; char *p, tmp[MAXROOT]; wchar_t *wp, *wpath, *last; wchar_t wrootdir[MAXROOT]; isntfrog['/'] = 1; isntfrog['\\'] = 1; isntfrog[':'] = 1; isntfrog['*'] = 1; isntfrog['?'] = 1; isntfrog['"'] = 1; isntfrog['<'] = 1; isntfrog['>'] = 1; /* * vet the root */ strcpy(tmp, rootdir); for(p = tmp; *p; p++) if(*p == '/') *p = '\\'; if(tmp[0] != 0 && tmp[1] == ':') { if(tmp[2] == 0) { tmp[2] = '\\'; tmp[3] = 0; } else if(tmp[2] != '\\') { /* don't allow c:foo - only c:\foo */ panic("illegal root pathX"); } } wrootdir[0] = '\0'; wpath = widen(tmp); for(wp = wpath; *wp; wp++) { if(*wp < 32 || (*wp < 256 && isntfrog[*wp] && *wp != '\\' && *wp != ':')) panic("illegal root path"); } n = GetFullPathName(wpath, MAXROOT, wrootdir, &last); free(wpath); runes16toutf(rootdir, wrootdir, MAXROOT); if(n >= MAXROOT || n == 0) panic("illegal root path"); /* get rid of trailing \ */ while(rootdir[n-1] == '\\') { if(n <= 2) { panic("illegal root path"); } rootdir[--n] = '\0'; } isvol = 0; if(rootdir[1] == ':' && rootdir[2] == '\0') isvol = 1; else if(rootdir[0] == '\\' && rootdir[1] == '\\') { p = strchr(&rootdir[2], '\\'); if(p == nil) panic("inferno root can't be a server"); isvol = strchr(p+1, '\\') == nil; } if(strchr(rootdir, '\\') == nil) strcat(rootdir, "\\."); attr = GetFileAttributes(wrootdir); if(attr == 0xFFFFFFFF) panic("root path '%s' does not exist", narrowen(wrootdir)); rootqid.path = fsqidpath(rootdir); if(attr & FILE_ATTRIBUTE_DIRECTORY) rootqid.type |= QTDIR; rootdir[n] = '\0'; rootqid.vers = time(0); /* * set up for nt file security checking */ ntsrv = filesrv(rootdir); usesec = PlatformId == VER_PLATFORM_WIN32_NT; /* true for NT and 2000 */ if(usesec){ file_share_delete = FILE_SHARE_DELETE; /* sensible handling of shared files by delete and rename */ secinit(); if(!fsacls(rootdir)) usesec = 0; } checksec = usesec && isserver; } Chan* fsattach(char *spec) { Chan *c; static int devno; static Lock l; char *drive = (char *)spec; if (!emptystr(drive) && (drive[1] != ':' || drive[2] != '\0')) error(Ebadspec); c = devattach('U', spec); lock(&l); c->dev = devno++; unlock(&l); c->qid = rootqid; c->aux = smalloc(sizeof(Fsinfo)); FS(c)->srv = ntsrv; if(!emptystr(spec)) { char *s = smalloc(strlen(spec)+1); strcpy(s, spec); FS(c)->spec = s; FS(c)->srv = filesrv(spec); if(usesec) FS(c)->usesec = fsacls(spec); FS(c)->checksec = FS(c)->usesec && isserver; c->qid.path = fsqidpath(spec); c->qid.type = QTDIR; c->qid.vers = 0; }else{ FS(c)->usesec = usesec; FS(c)->checksec = checksec; } FS(c)->name = newcname("/"); return c; } Walkqid* fswalk(Chan *c, Chan *nc, char **name, int nname) { int j, alloc; Walkqid *wq; char path[MAX_PATH], *p; Cname *ph; Cname *current, *next; if(nname > 0) isdir(c); alloc = 0; current = nil; wq = smalloc(sizeof(Walkqid)+(nname-1)*sizeof(Qid)); if(waserror()){ if(alloc && wq->clone != nil) cclose(wq->clone); cnameclose(current); free(wq); return nil; } if(nc == nil){ nc = devclone(c); nc->type = 0; alloc = 1; } wq->clone = nc; current = FS(c)->name; if(current != nil) incref(¤t->r); for(j = 0; j < nname; j++){ if(!(nc->qid.type&QTDIR)){ if(j==0) error(Enotdir); break; } if(!okelem(name[j], 0)){ if(j == 0) error(Efilename); break; } p = fspath(current, name[j], path, FS(c)->spec); if(FS(c)->checksec) { *p = '\0'; if(!sechasperm(path, XMODE, FS(c)->srv)){ if(j == 0) error(Eperm); break; } *p = '\\'; } if(strcmp(name[j], "..") == 0) { if(fsisroot(c)) nc->qid = rootqid; else{ ph = fswalkpath(current, "..", 1); if(cnisroot(ph)){ nc->qid = rootqid; current = ph; if(current != nil) incref(¤t->r); } else { fspath(ph, 0, path, FS(c)->spec); if(!fsexist(path, &nc->qid)){ cnameclose(ph); if(j == 0) error(Enonexist); break; } } next = fswalkpath(current, name[j], 1); cnameclose(current); current = next; cnameclose(ph); } } else{ if(!fsexist(path, &nc->qid)){ if(j == 0) error(Enonexist); break; } next = fswalkpath(current, name[j], 1); cnameclose(current); current = next; } wq->qid[wq->nqid++] = nc->qid; } poperror(); if(wq->nqid < nname){ cnameclose(current); if(alloc) cclose(wq->clone); wq->clone = nil; }else if(wq->clone){ nc->aux = smalloc(sizeof(Fsinfo)); nc->type = c->type; FS(nc)->spec = FS(c)->spec; FS(nc)->srv = FS(c)->srv; FS(nc)->name = current; FS(nc)->usesec = FS(c)->usesec; FS(nc)->checksec = FS(c)->checksec; } return wq; } Chan* fsopen(Chan *c, int mode) { HANDLE h; int m, isdir, aflag, cflag; char path[MAX_PATH]; wchar_t *wpath; isdir = c->qid.type & QTDIR; if(isdir && mode != OREAD) error(Eperm); fspath(FS(c)->name, 0, path, FS(c)->spec); if(FS(c)->checksec) { switch(mode & (OTRUNC|3)) { case OREAD: seccheck(path, RMODE, FS(c)->srv); break; case OWRITE: case OWRITE|OTRUNC: seccheck(path, WMODE, FS(c)->srv); break; case ORDWR: case ORDWR|OTRUNC: case OREAD|OTRUNC: seccheck(path, RMODE|WMODE, FS(c)->srv); break; case OEXEC: seccheck(path, XMODE, FS(c)->srv); break; default: error(Ebadarg); } } c->mode = openmode(mode); if(isdir) FS(c)->fd = nth2fd(INVALID_HANDLE_VALUE); else { m = fsomode(mode & 3); cflag = OPEN_EXISTING; if(mode & OTRUNC) cflag = TRUNCATE_EXISTING; aflag = FILE_FLAG_RANDOM_ACCESS; if(mode & ORCLOSE) aflag |= FILE_FLAG_DELETE_ON_CLOSE; if (winfileclash(path)) error(Eexist); wpath = widen(path); h = CreateFile(wpath, m, FILE_SHARE_READ|FILE_SHARE_WRITE|file_share_delete, 0, cflag, aflag, 0); free(wpath); if(h == INVALID_HANDLE_VALUE) oserror(); FS(c)->fd = nth2fd(h); } c->offset = 0; FS(c)->offset = 0; c->flag |= COPEN; return c; } void fscreate(Chan *c, char *name, int mode, ulong perm) { Stat st; HANDLE h; int m, aflag; SECURITY_ATTRIBUTES sa; SECURITY_DESCRIPTOR *sd; BY_HANDLE_FILE_INFORMATION hi; char *p, path[MAX_PATH], sdrock[SD_ROCK]; wchar_t *wpath; ACL *acl; if(!okelem(name, 1)) error(Efilename); m = fsomode(mode & 3); p = fspath(FS(c)->name, name, path, FS(c)->spec); acl = (ACL*)smalloc(ACL_ROCK); sd = nil; if(FS(c)->usesec) { *p = '\0'; sd = secsd(path, sdrock); *p = '\\'; if(sd == nil){ free(acl); oserror(); } if(FS(c)->checksec && !secsdhasperm(sd, WMODE, FS(c)->srv) || !secsdstat(sd, &st, FS(c)->srv)){ if(sd != (void*)sdrock) free(sd); free(acl); error(Eperm); } if(sd != (void*)sdrock) free(sd); if(perm & DMDIR) st.mode = (perm & ~0777) | (st.mode & perm & 0777); else st.mode = (perm & ~0666) | (st.mode & perm & 0666); st.owner = up->env->ui; if(!isserver) st.owner = fsuser; sd = secmksd(sdrock, &st, acl, perm & DMDIR); if(sd == nil){ free(acl); oserror(); } } sa.nLength = sizeof(sa); sa.lpSecurityDescriptor = sd; sa.bInheritHandle = 0; if(perm & DMDIR) { if(mode != OREAD) { free(acl); error(Eisdir); } wpath = widen(path); if(!CreateDirectory(wpath, &sa) || !fsexist(path, &c->qid)) { free(wpath); free(acl); oserror(); } free(wpath); FS(c)->fd = nth2fd(INVALID_HANDLE_VALUE); } else { aflag = 0; if(mode & ORCLOSE) aflag = FILE_FLAG_DELETE_ON_CLOSE; if (winfileclash(path)) error(Eexist); wpath = widen(path); h = CreateFile(wpath, m, FILE_SHARE_READ|FILE_SHARE_WRITE|file_share_delete, &sa, CREATE_ALWAYS, aflag, 0); free(wpath); if(h == INVALID_HANDLE_VALUE) { free(acl); oserror(); } FS(c)->fd = nth2fd(h); c->qid.path = fsqidpath(path); c->qid.type = 0; c->qid.vers = 0; if(GetFileInformationByHandle(h, &hi)) c->qid.vers = unixtime(hi.ftLastWriteTime); } c->mode = openmode(mode); c->offset = 0; FS(c)->offset = 0; c->flag |= COPEN; FS(c)->name = fswalkpath(FS(c)->name, name, 0); free(acl); } void fsclose(Chan *c) { HANDLE h; if(c->flag & COPEN){ h = ntfd2h(FS(c)->fd); if(h != INVALID_HANDLE_VALUE){ if(c->qid.type & QTDIR) FindClose(h); else CloseHandle(h); } } if(c->flag & CRCLOSE){ if(!waserror()){ fsremove(c); poperror(); } return; } fsfree(c); } /* * 64-bit seeks, using SetFilePointer because SetFilePointerEx * is not supported by NT */ static void fslseek(HANDLE h, vlong offset) { LONG hi; if(offset <= 0x7fffffff){ if(SetFilePointer(h, (LONG)offset, NULL, FILE_BEGIN) == INVALID_SET_FILE_POINTER) oserror(); }else{ hi = offset>>32; if(SetFilePointer(h, (LONG)offset, &hi, FILE_BEGIN) == INVALID_SET_FILE_POINTER && GetLastError() != NO_ERROR) oserror(); } } long fsread(Chan *c, void *va, long n, vlong offset) { DWORD n2; HANDLE h; qlock(&FS(c)->oq); if(waserror()){ qunlock(&FS(c)->oq); nexterror(); } if(c->qid.type & QTDIR) { n2 = fsdirread(c, va, n, offset); } else { h = ntfd2h(FS(c)->fd); if(FS(c)->offset != offset){ fslseek(h, offset); FS(c)->offset = offset; } if(!ReadFile(h, va, n, &n2, NULL)) oserror(); FS(c)->offset += n2; } qunlock(&FS(c)->oq); poperror(); return n2; } long fswrite(Chan *c, void *va, long n, vlong offset) { DWORD n2; HANDLE h; qlock(&FS(c)->oq); if(waserror()){ qunlock(&FS(c)->oq); nexterror(); } h = ntfd2h(FS(c)->fd); if(FS(c)->offset != offset){ fslseek(h, offset); FS(c)->offset = offset; } if(!WriteFile(h, va, n, &n2, NULL)) oserror(); FS(c)->offset += n2; qunlock(&FS(c)->oq); poperror(); return n2; } int fsstat(Chan *c, uchar *buf, int n) { WIN32_FIND_DATA data; char path[MAX_PATH]; wchar_t *wpath; /* * have to fake up a data for volumes like * c: and \\server\share since you can't FindFirstFile them */ if(fsisroot(c)){ strcpy(path, rootdir); if(strchr(path, '\\') == nil) strcat(path, "\\."); wpath = widen(path); data.dwFileAttributes = GetFileAttributes(wpath); free(wpath); if(data.dwFileAttributes == 0xffffffff) oserror(); data.ftCreationTime = data.ftLastAccessTime = data.ftLastWriteTime = wintime(time(0)); data.nFileSizeHigh = 0; data.nFileSizeLow = 0; utftorunes16(data.cFileName, ".", MAX_PATH); } else { HANDLE h = INVALID_HANDLE_VALUE; fspath(FS(c)->name, 0, path, FS(c)->spec); if (c->flag & COPEN) h = ntfd2h(FS(c)->fd); if (h != INVALID_HANDLE_VALUE) { BY_HANDLE_FILE_INFORMATION fi; if (c->mode & OWRITE) FlushFileBuffers(h); if (!GetFileInformationByHandle(h, &fi)) oserror(); data.dwFileAttributes = fi.dwFileAttributes; data.ftCreationTime = fi.ftCreationTime; data.ftLastAccessTime = fi.ftLastAccessTime; data.ftLastWriteTime = fi.ftLastWriteTime;; data.nFileSizeHigh = fi.nFileSizeHigh; data.nFileSizeLow = fi.nFileSizeLow; } else { wpath = widen(path); h = FindFirstFile(wpath, &data); free(wpath); if(h == INVALID_HANDLE_VALUE) oserror(); if (!winfilematch(path, &data)) { FindClose(h); error(Enonexist); } FindClose(h); } utftorunes16(data.cFileName, fslastelem(FS(c)->name), MAX_PATH); } return fsdirset(buf, n, &data, path, c, 0); } int fswstat(Chan *c, uchar *buf, int n) { int wsd; Dir dir; Stat st; Cname * volatile ph; HANDLE h; ulong attr; User *ou, *gu; WIN32_FIND_DATA data; SECURITY_DESCRIPTOR *sd; char *last, sdrock[SD_ROCK], path[MAX_PATH], newpath[MAX_PATH], strs[4*256]; wchar_t wspath[MAX_PATH], wsnewpath[MAX_PATH]; wchar_t *wpath; int nmatch; n = convM2D(buf, n, &dir, strs); if(n == 0) error(Eshortstat); last = fspath(FS(c)->name, 0, path, FS(c)->spec); utftorunes16(wspath, path, MAX_PATH); if(fsisroot(c)){ if(dir.atime != ~0) data.ftLastAccessTime = wintime(dir.atime); if(dir.mtime != ~0) data.ftLastWriteTime = wintime(dir.mtime); utftorunes16(data.cFileName, ".", MAX_PATH); }else{ h = FindFirstFile(wspath, &data); if(h == INVALID_HANDLE_VALUE) oserror(); if (!winfilematch(path, &data)) { FindClose(h); error(Enonexist); } FindClose(h); } wsd = 0; ou = nil; gu = nil; if(FS(c)->usesec) { if(FS(c)->checksec && up->env->ui == fsnone) error(Eperm); /* * find new owner and group */ if(!emptystr(dir.uid)){ ou = unametouser(FS(c)->srv, dir.uid); if(ou == nil) oserror(); } if(!emptystr(dir.gid)){ gu = unametouser(FS(c)->srv, dir.gid); if(gu == nil){ if(strcmp(dir.gid, "unknown") != 0 && strcmp(dir.gid, "deleted") != 0) oserror(); gu = ou; } } /* * find old stat info */ sd = secsd(path, sdrock); if(sd == nil || !secsdstat(sd, &st, FS(c)->srv)){ if(sd != nil && sd != (void*)sdrock) free(sd); oserror(); } if(sd != (void*)sdrock) free(sd); /* * permission rules: * if none, can't do anything * chown => no way * chgrp => current owner or group, and in new group * mode/time => owner or in either group * rename => write in parent */ if(ou == nil) ou = st.owner; if(FS(c)->checksec && st.owner != ou) error(Eperm); if(gu == nil) gu = st.group; if(st.group != gu){ if(FS(c)->checksec &&(!ismember(up->env->ui, ou) && !ismember(up->env->ui, gu) || !ismember(up->env->ui, st.group))) error(Eperm); wsd = 1; } if(dir.atime != ~0 && unixtime(data.ftLastAccessTime) != dir.atime || dir.mtime != ~0 && unixtime(data.ftLastWriteTime) != dir.mtime || dir.mode != ~0 && st.mode != dir.mode){ if(FS(c)->checksec && !ismember(up->env->ui, ou) && !ismember(up->env->ui, gu) && !ismember(up->env->ui, st.group)) error(Eperm); if(dir.mode != ~0 && st.mode != dir.mode) wsd = 1; } } wpath = widen(dir.name); nmatch = runes16cmp(wpath, data.cFileName); free(wpath); if(!emptystr(dir.name) && nmatch != 0){ if(!okelem(dir.name, 1)) error(Efilename); ph = fswalkpath(FS(c)->name, "..", 1); if(waserror()){ cnameclose(ph); nexterror(); } ph = fswalkpath(ph, dir.name, 0); fspath(ph, 0, newpath, FS(c)->spec); utftorunes16(wsnewpath, newpath, MAX_PATH); if(GetFileAttributes(wpath) != 0xffffffff && !winfileclash(newpath)) error("file already exists"); if(fsisroot(c)) error(Eperm); if(FS(c)->checksec){ *last = '\0'; seccheck(path, WMODE, FS(c)->srv); *last = '\\'; } poperror(); cnameclose(ph); } if(dir.atime != ~0 && unixtime(data.ftLastAccessTime) != dir.atime || dir.mtime != ~0 && unixtime(data.ftLastWriteTime) != dir.mtime) fssettime(path, dir.atime, dir.mtime); attr = data.dwFileAttributes; if(dir.mode & 0222) attr &= ~FILE_ATTRIBUTE_READONLY; else attr |= FILE_ATTRIBUTE_READONLY; if(!fsisroot(c) && attr != data.dwFileAttributes && (attr & FILE_ATTRIBUTE_READONLY)) SetFileAttributes(wspath, attr); if(FS(c)->usesec && wsd){ ACL *acl = (ACL *) smalloc(ACL_ROCK); st.owner = ou; st.group = gu; if(dir.mode != ~0) st.mode = dir.mode; sd = secmksd(sdrock, &st, acl, data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY); if(sd == nil || !SetFileSecurity(wspath, DACL_SECURITY_INFORMATION, sd)){ free(acl); oserror(); } free(acl); } if(!fsisroot(c) && attr != data.dwFileAttributes && !(attr & FILE_ATTRIBUTE_READONLY)) SetFileAttributes(wspath, attr); /* do last so path is valid throughout */ wpath = widen(dir.name); nmatch = runes16cmp(wpath, data.cFileName); free(wpath); if(!emptystr(dir.name) && nmatch != 0) { ph = fswalkpath(FS(c)->name, "..", 1); if(waserror()){ cnameclose(ph); nexterror(); } ph = fswalkpath(ph, dir.name, 0); fspath(ph, 0, newpath, FS(c)->spec); utftorunes16(wsnewpath, newpath, MAX_PATH); /* * can't rename if it is open: if this process has it open, close it temporarily. */ if(!file_share_delete && c->flag & COPEN){ h = ntfd2h(FS(c)->fd); if(h != INVALID_HANDLE_VALUE) CloseHandle(h); /* woe betide it if ORCLOSE */ FS(c)->fd = nth2fd(INVALID_HANDLE_VALUE); } if(!MoveFile(wspath, wsnewpath)) { oserror(); } else if(!file_share_delete && c->flag & COPEN) { int aflag; SECURITY_ATTRIBUTES sa; /* The move succeeded, so open new file to maintain handle */ sa.nLength = sizeof(sa); sa.lpSecurityDescriptor = sd; sa.bInheritHandle = 0; if(c->flag & CRCLOSE) aflag = FILE_FLAG_DELETE_ON_CLOSE; h = CreateFile(wsnewpath, fsomode(c->mode & 0x3), FILE_SHARE_READ|FILE_SHARE_WRITE|file_share_delete, &sa, OPEN_EXISTING, aflag, 0); if(h == INVALID_HANDLE_VALUE) oserror(); FS(c)->fd = nth2fd(h); } cnameclose(FS(c)->name); poperror(); FS(c)->name = ph; } return n; } static void fsremove(Chan *c) { int n; char *p, path[MAX_PATH]; wchar_t wspath[MAX_PATH]; if(waserror()){ fsfree(c); nexterror(); } if(fsisroot(c)) error(Eperm); p = fspath(FS(c)->name, 0, path, FS(c)->spec); utftorunes16(wspath, path, MAX_PATH); if(FS(c)->checksec){ *p = '\0'; seccheck(path, WMODE, FS(c)->srv); *p = '\\'; } if(c->qid.type & QTDIR) n = RemoveDirectory(wspath); else n = DeleteFile(wspath); if (!n) { ulong attr, mode; SECURITY_DESCRIPTOR *sd = nil; char sdrock[SD_ROCK]; Stat st; int secok; attr = GetFileAttributes(wspath); if(attr != 0xFFFFFFFF) { if (FS(c)->usesec) { sd = secsd(path, sdrock); secok = (sd != nil) && secsdstat(sd, &st, FS(c)->srv); if (secok) { ACL *acl = (ACL *) smalloc(ACL_ROCK); mode = st.mode; st.mode |= 0660; sd = secmksd(sdrock, &st, acl, attr & FILE_ATTRIBUTE_DIRECTORY); if(sd != nil) { SetFileSecurity(wspath, DACL_SECURITY_INFORMATION, sd); } free(acl); if(sd != nil && sd != (void*)sdrock) free(sd); sd = nil; } } SetFileAttributes(wspath, FILE_ATTRIBUTE_NORMAL); if(c->qid.type & QTDIR) n = RemoveDirectory(wspath); else n = DeleteFile(wspath); if (!n) { if (FS(c)->usesec && secok) { ACL *acl = (ACL *) smalloc(ACL_ROCK); st.mode = mode; sd = secmksd(sdrock, &st, acl, attr & FILE_ATTRIBUTE_DIRECTORY); if(sd != nil) { SetFileSecurity(wspath, DACL_SECURITY_INFORMATION, sd); } free(acl); } SetFileAttributes(wspath, attr); if(sd != nil && sd != (void*)sdrock) free(sd); } } } if(!n) oserror(); poperror(); fsfree(c); } /* * check elem for illegal characters /\:*?"<> * ... and relatives are also disallowed, * since they specify grandparents, which we * are not prepared to handle */ static int okelem(char *elem, int nodots) { int c, dots; dots = 0; while((c = *(uchar*)elem) != 0){ if(isntfrog[c]) return 0; if(c == '.' && dots >= 0) dots++; else dots = -1; elem++; } if(nodots) return dots <= 0; return dots <= 2; } static int cnisroot(Cname *c) { return strcmp(c->s, "/") == 0; } static int fsisroot(Chan *c) { return strcmp(FS(c)->name->s, "/") == 0; } static char* fspath(Cname *c, char *ext, char *path, char *spec) { char *p, *last, *rootd; int extlen = 0; rootd = spec != nil ? spec : rootdir; if(ext) extlen = strlen(ext) + 1; if(strlen(rootd) + extlen >= MAX_PATH) error(Etoolong); strcpy(path, rootd); if(cnisroot(c)){ if(ext) { strcat(path, "\\"); strcat(path, ext); } }else{ if(*c->s != '/') { if(strlen(path) + 1 >= MAX_PATH) error(Etoolong); strcat(path, "\\"); } if(strlen(path) + strlen(c->s) + extlen >= MAX_PATH) error(Etoolong); strcat(path, c->s); if(ext){ strcat(path, "\\"); strcat(path, ext); } } last = path; for(p = path; *p != '\0'; p++){ if(*p == '/' || *p == '\\'){ *p = '\\'; last = p; } } return last; } extern void cleancname(Cname*); static Cname * fswalkpath(Cname *c, char *name, int dup) { if(dup) c = newcname(c->s); c = addelem(c, name); if(isdotdot(name)) cleancname(c); return c; } static char * fslastelem(Cname *c) { char *p; p = c->s + c->len; while(p > c->s && p[-1] != '/') p--; return p; } static int fsdirbadentry(WIN32_FIND_DATA *data) { wchar_t *s; s = data->cFileName; if(s[0] == 0) return 1; if(s[0] == '.' && (s[1] == 0 || s[1] == '.' && s[2] == 0)) return 1; return 0; } static Fsdir* fsdirent(Chan *c, char *path, Fsdir *data) { wchar_t *wpath; HANDLE h; h = ntfd2h(FS(c)->fd); if(data == nil) data = smalloc(sizeof(*data)); if(FS(c)->offset == 0){ if(h != INVALID_HANDLE_VALUE) FindClose(h); wpath = widen(path); h = FindFirstFile(wpath, data); free(wpath); FS(c)->fd = nth2fd(h); if(h == INVALID_HANDLE_VALUE){ free(data); return nil; } if(!fsdirbadentry(data)) return data; } do{ if(!FindNextFile(h, data)){ free(data); return nil; } }while(fsdirbadentry(data)); return data; } static long fsdirread(Chan *c, uchar *va, int count, vlong offset) { int i, r; char path[MAX_PATH], *p; Fsdir *de; vlong o; if(count == 0 || offset < 0) return 0; p = fspath(FS(c)->name, "*.*", path, FS(c)->spec); p++; de = nil; if(FS(c)->offset != offset){ de = FS(c)->de; if(FS(c)->de != nil){ free(FS(c)->de); FS(c)->de = nil; } FS(c)->offset = 0; for(o = 0; o < offset;){ de = fsdirent(c, path, de); if(de == nil){ FS(c)->offset = o; return 0; } runes16toutf(p, de->cFileName, &path[MAX_PATH]-p); path[MAX_PATH-1] = '\0'; o += fsdirsize(de, path, c); } FS(c)->offset = offset; } for(i = 0; i < count;){ if(FS(c)->de != nil){ /* left over from previous read at offset */ de = FS(c)->de; FS(c)->de = nil; }else{ de = fsdirent(c, path, de); if(de == nil) break; } runes16toutf(p, de->cFileName, &path[MAX_PATH]-p); path[MAX_PATH-1] = '\0'; r = fsdirset(va+i, count-i, de, path, c, 1); if(r <= 0){ /* won't fit; save for next read at this offset */ FS(c)->de = de; break; } i += r; FS(c)->offset += r; } return i; } static ulong fsqidpath(char *p) { ulong h; int c; h = 0; while(*p != '\0'){ /* force case insensitive file names */ c = *p++; if(c >= 'A' && c <= 'Z') c += 'a'-'A'; h = h * 19 ^ c; } return h; } /* TO DO: substitute fixed, made-up (unlikely) names for these */ static char* devf[] = { "aux", "com1", "com2", "lpt1", "nul", "prn", nil }; static int devfile(char *p) { char *s, *t, *u, **ss; if((u = strrchr(p, '\\')) != nil) u++; else if((u = strrchr(p, '/')) != nil) u++; else u = p; for(ss = devf; *ss != nil; ss++){ for(s = *ss, t = u; *s != '\0' && *t != '\0' && *t != '.'; s++, t++) if(*s != *t && *s != *t+'a'-'A') break; if(*s == '\0' && (*t == '\0' || *t == '.')) return 1; } return 0; } /* * there are other ways to figure out * the attributes and times for a file. * perhaps they are faster */ static int fsexist(char *p, Qid *q) { HANDLE h; WIN32_FIND_DATA data; wchar_t *wpath; if(devfile(p)) return 0; wpath = widen(p); h = FindFirstFile(wpath, &data); free(wpath); if(h == INVALID_HANDLE_VALUE) return 0; if (!winfilematch(p, &data)) { FindClose(h); return 0; } FindClose(h); q->path = fsqidpath(p); q->type = 0; if(data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) q->type |= QTDIR; q->vers = unixtime(data.ftLastWriteTime); return 1; } static int fsdirset(char *edir, int n, WIN32_FIND_DATA *data, char *path, Chan *c, int isdir) { Dir dir; static char neveryone[] = "Everyone"; dir.name = narrowen(data->cFileName); dir.muid = nil; dir.qid.path = fsqidpath(path); dir.qid.vers = 0; dir.qid.type = 0; dir.mode = 0; dir.atime = unixtime(data->ftLastAccessTime); dir.mtime = unixtime(data->ftLastWriteTime); dir.qid.vers = dir.mtime; dir.length = ((uvlong)data->nFileSizeHigh<<32) | ((uvlong)data->nFileSizeLow & ~((uvlong)0xFFFFFFFF<<32)); dir.type = 'U'; dir.dev = c->dev; if(!FS(c)->usesec){ /* no NT security so make something up */ dir.uid = neveryone; dir.gid = neveryone; dir.mode = 0777; }else if(!secstat(&dir, path, FS(c)->srv)) oserror(); if(data->dwFileAttributes & FILE_ATTRIBUTE_READONLY) dir.mode &= ~0222; if(data->dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY){ dir.qid.type |= QTDIR; dir.mode |= DMDIR; dir.length = 0; } if(isdir && sizeD2M(&dir) > n) n = -1; else n = convD2M(&dir, edir, n); if(dir.uid != neveryone) free(dir.uid); if(dir.gid != neveryone) free(dir.gid); free(dir.name); return n; } static int fsdirsize(WIN32_FIND_DATA *data, char *path, Chan *c) { int i, n; n = widebytes(data->cFileName); if(!FS(c)->usesec) n += 8+8; else{ i = secsize(path, FS(c)->srv); if(i < 0) oserror(); n += i; } return STATFIXLEN+n; } static void fssettime(char *path, long at, long mt) { HANDLE h; FILETIME atime, mtime; wchar_t *wpath; wpath = widen(path); h = CreateFile(wpath, GENERIC_WRITE, 0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0); free(wpath); if(h == INVALID_HANDLE_VALUE) return; mtime = wintime(mt); atime = wintime(at); if(!SetFileTime(h, 0, &atime, &mtime)){ CloseHandle(h); oserror(); } CloseHandle(h); } static int fsomode(int m) { switch(m & 0x3) { case OREAD: case OEXEC: return GENERIC_READ; case OWRITE: return GENERIC_WRITE; case ORDWR: return GENERIC_READ|GENERIC_WRITE; } error(Ebadarg); return 0; } static long unixtime(FILETIME ft) { vlong t; t = (vlong)ft.dwLowDateTime + ((vlong)ft.dwHighDateTime<<32); t -= (vlong)10000000*134774*24*60*60; return (long)(t/10000000); } static FILETIME wintime(ulong t) { FILETIME ft; vlong vt; vt = (vlong)t*10000000+(vlong)10000000*134774*24*60*60; ft.dwLowDateTime = vt; ft.dwHighDateTime = vt>>32; return ft; } /* * the sec routines manage file permissions for nt. * nt files have an associated security descriptor, * which has in it an owner, a group, * and a discretionary acces control list, or acl, * which specifies the permissions for the file. * * the strategy for mapping between inferno owner, * group, other, and mode and nt file security is: * * inferno owner == nt file owner * inferno other == nt Everyone * inferno group == first non-owner, * non-Everyone user given in the acl, * or the owner if there is no such user. * we examine the entire acl when check for permissions, * but only report a subset. * * when we write an acl, we also give all permissions to * the special user rootname, who is supposed to run emu in server mode. */ static void secinit(void) { HANDLE token; TOKEN_PRIVILEGES *priv; char privrock[sizeof(TOKEN_PRIVILEGES) + 1*sizeof(LUID_AND_ATTRIBUTES)]; SID_IDENTIFIER_AUTHORITY id = SECURITY_CREATOR_SID_AUTHORITY; SID_IDENTIFIER_AUTHORITY wid = SECURITY_WORLD_SID_AUTHORITY; SID_IDENTIFIER_AUTHORITY ntid = SECURITY_NT_AUTHORITY; if(!AllocateAndInitializeSid(&id, 1, SECURITY_CREATOR_OWNER_RID, 1, 2, 3, 4, 5, 6, 7, &creatorowner) || !AllocateAndInitializeSid(&id, 1, SECURITY_CREATOR_GROUP_RID, 1, 2, 3, 4, 5, 6, 7, &creatorgroup) || !AllocateAndInitializeSid(&wid, 1, SECURITY_WORLD_RID, 1, 2, 3, 4, 5, 6, 7, &everyone) || !AllocateAndInitializeSid(&ntid, 1, 0, 1, 2, 3, 4, 5, 6, 7, &ntignore)) panic("can't initialize well-known sids"); fsnone = sidtouser(ntsrv, everyone); if(fsnone == nil) panic("can't make none user"); /* * see if we are running as the emu server user * if so, set up SE_RESTORE_NAME privilege, * which allows setting the owner field in a security descriptor. * other interesting privileges are SE_TAKE_OWNERSHIP_NAME, * which enables changing the ownership of a file to yourself * regardless of the permissions on the file, SE_BACKUP_NAME, * which enables reading any files regardless of permission, * and SE_CHANGE_NOTIFY_NAME, which enables walking through * directories without X permission. * SE_RESTORE_NAME and SE_BACKUP_NAME together allow writing * and reading any file data, regardless of permission, * if the file is opened with FILE_BACKUP_SEMANTICS. */ isserver = 0; fsuser = secuser(); if(fsuser == nil) fsuser = fsnone; else if(runes16cmp(fsuser->name, rootname) == 0 && OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &token)){ priv = (TOKEN_PRIVILEGES*)privrock; priv->PrivilegeCount = 1; priv->Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; if(LookupPrivilegeValue(NULL, SE_RESTORE_NAME, &priv->Privileges[0].Luid) && AdjustTokenPrivileges(token, 0, priv, 0, NULL, NULL)) isserver = 1; CloseHandle(token); } } /* * get the User for the executing process */ static User* secuser(void) { DWORD need; HANDLE token; TOKEN_USER *tu; char turock[sizeof(TOKEN_USER) + MAX_SID]; if(!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token)) return nil; tu = (TOKEN_USER*)turock; if(!GetTokenInformation(token, TokenUser, tu, sizeof(turock), &need)){ CloseHandle(token); return nil; } CloseHandle(token); return sidtouser(nil, tu->User.Sid); } static int secstat(Dir *dir, char *file, Rune16 *srv) { int ok, n; Stat st; char sdrock[SD_ROCK]; SECURITY_DESCRIPTOR *sd; sd = secsd(file, sdrock); if(sd == nil){ int e = GetLastError(); if(e == ERROR_ACCESS_DENIED || e == ERROR_SHARING_VIOLATION){ dir->uid = strdup("unknown"); dir->gid = strdup("unknown"); if(dir->uid == nil || dir->gid == nil){ free(dir->uid); error(Enomem); /* will change to use kstrdup */ } dir->mode = 0; return 1; } return 0; } ok = secsdstat(sd, &st, srv); if(sd != (void*)sdrock) free(sd); if(ok){ dir->mode = st.mode; n = rune16nlen(st.owner->name, runes16len(st.owner->name)); dir->uid = smalloc(n+1); runes16toutf(dir->uid, st.owner->name, n+1); n = rune16nlen(st.group->name, runes16len(st.group->name)); dir->gid = smalloc(n+1); runes16toutf(dir->gid, st.group->name, n+1); } return ok; } static int secsize(char *file, Rune16 *srv) { int ok; Stat st; char sdrock[SD_ROCK]; SECURITY_DESCRIPTOR *sd; sd = secsd(file, sdrock); if(sd == nil){ int e = GetLastError(); if(e == ERROR_ACCESS_DENIED || e == ERROR_SHARING_VIOLATION) return 7+7; return -1; } ok = secsdstat(sd, &st, srv); if(sd != (void*)sdrock) free(sd); if(ok) return rune16nlen(st.owner->name, runes16len(st.owner->name))+rune16nlen(st.group->name, runes16len(st.group->name)); return -1; } /* * verify that u had access to file */ static void seccheck(char *file, ulong access, Rune16 *srv) { if(!sechasperm(file, access, srv)) error(Eperm); } static int sechasperm(char *file, ulong access, Rune16 *srv) { int ok; char sdrock[SD_ROCK]; SECURITY_DESCRIPTOR *sd; /* * only really needs dacl info */ sd = secsd(file, sdrock); if(sd == nil) return 0; ok = secsdhasperm(sd, access, srv); if(sd != (void*)sdrock) free(sd); return ok; } static SECURITY_DESCRIPTOR* secsd(char *file, char sdrock[SD_ROCK]) { DWORD need; SECURITY_DESCRIPTOR *sd; char *path, pathrock[6]; wchar_t *wpath; path = file; if(path[0] != '\0' && path[1] == ':' && path[2] == '\0'){ path = pathrock; strcpy(path, "?:\\."); path[0] = file[0]; } sd = (SECURITY_DESCRIPTOR*)sdrock; need = 0; wpath = widen(path); if(GetFileSecurity(wpath, OWNER_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, sd, SD_ROCK, &need)) { free(wpath); return sd; } if(GetLastError() != ERROR_INSUFFICIENT_BUFFER) { free(wpath); return nil; } sd = malloc(need); if(sd == nil) { free(wpath); error(Enomem); } if(GetFileSecurity(wpath, OWNER_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, sd, need, &need)) { free(wpath); return sd; } free(wpath); free(sd); return nil; } static int secsdstat(SECURITY_DESCRIPTOR *sd, Stat *st, Rune16 *srv) { ACL *acl; BOOL hasacl, b; ACE_HEADER *aceh; User *owner, *group; SID *sid, *osid, *gsid; ACCESS_ALLOWED_ACE *ace; int i, allow, deny, *p, m; ACL_SIZE_INFORMATION size; st->mode = 0; osid = nil; gsid = nil; if(!GetSecurityDescriptorOwner(sd, &osid, &b) || !GetSecurityDescriptorDacl(sd, &hasacl, &acl, &b)) return 0; if(acl == 0) size.AceCount = 0; else if(!GetAclInformation(acl, &size, sizeof(size), AclSizeInformation)) return 0; /* * first pass through acl finds group */ for(i = 0; i < size.AceCount; i++){ if(!GetAce(acl, i, &aceh)) continue; if(aceh->AceFlags & INHERIT_ONLY_ACE) continue; if(aceh->AceType != ACCESS_ALLOWED_ACE_TYPE && aceh->AceType != ACCESS_DENIED_ACE_TYPE) continue; ace = (ACCESS_ALLOWED_ACE*)aceh; sid = (SID*)&ace->SidStart; if(EqualSid(sid, creatorowner) || EqualSid(sid, creatorgroup)) continue; if(EqualSid(sid, everyone)) ; else if(EqualSid(sid, osid)) ; else if(EqualPrefixSid(sid, ntignore)) continue; /* boring nt accounts */ else{ gsid = sid; break; } } if(gsid == nil) gsid = osid; owner = sidtouser(srv, osid); if(owner == nil) return 0; group = sidtouser(srv, gsid); if(group == nil) return 0; /* no acl means full access */ allow = 0; if(acl == 0) allow = 0777; deny = 0; for(i = 0; i < size.AceCount; i++){ if(!GetAce(acl, i, &aceh)) continue; if(aceh->AceFlags & INHERIT_ONLY_ACE) continue; if(aceh->AceType == ACCESS_ALLOWED_ACE_TYPE) p = &allow; else if(aceh->AceType == ACCESS_DENIED_ACE_TYPE) p = &deny; else continue; ace = (ACCESS_ALLOWED_ACE*)aceh; sid = (SID*)&ace->SidStart; if(EqualSid(sid, creatorowner) || EqualSid(sid, creatorgroup)) continue; m = 0; if(ace->Mask & FILE_EXECUTE) m |= 1; if(ace->Mask & FILE_WRITE_DATA) m |= 2; if(ace->Mask & FILE_READ_DATA) m |= 4; if(ismembersid(srv, owner, sid)) *p |= (m << 6) & ~(allow|deny) & 0700; if(ismembersid(srv, group, sid)) *p |= (m << 3) & ~(allow|deny) & 0070; if(EqualSid(everyone, sid)) *p |= m & ~(allow|deny) & 0007; } st->mode = allow & ~deny; st->owner = owner; st->group = group; return 1; } static int secsdhasperm(SECURITY_DESCRIPTOR *sd, ulong access, Rune16 *srv) { User *u; ACL *acl; BOOL hasacl, b; ACE_HEADER *aceh; SID *sid, *osid, *gsid; int i, allow, deny, *p, m; ACCESS_ALLOWED_ACE *ace; ACL_SIZE_INFORMATION size; u = up->env->ui; allow = 0; deny = 0; osid = nil; gsid = nil; if(!GetSecurityDescriptorDacl(sd, &hasacl, &acl, &b)) return 0; /* no acl means full access */ if(acl == 0) return 1; if(!GetAclInformation(acl, &size, sizeof(size), AclSizeInformation)) return 0; for(i = 0; i < size.AceCount; i++){ if(!GetAce(acl, i, &aceh)) continue; if(aceh->AceFlags & INHERIT_ONLY_ACE) continue; if(aceh->AceType == ACCESS_ALLOWED_ACE_TYPE) p = &allow; else if(aceh->AceType == ACCESS_DENIED_ACE_TYPE) p = &deny; else continue; ace = (ACCESS_ALLOWED_ACE*)aceh; sid = (SID*)&ace->SidStart; if(EqualSid(sid, creatorowner) || EqualSid(sid, creatorgroup)) continue; m = ace->Mask; if(ismembersid(srv, u, sid)) *p |= m & ~(allow|deny); } allow &= ~deny; return (allow & access) == access; } static SECURITY_DESCRIPTOR* secmksd(char *sdrock, Stat *st, ACL *dacl, int isdir) { int m; ulong mode; ACE_HEADER *aceh; SECURITY_DESCRIPTOR *sd; sd = (SECURITY_DESCRIPTOR*)sdrock; if(!InitializeAcl(dacl, ACL_ROCK, ACL_REVISION)) return nil; mode = st->mode; if(st->owner == st->group){ mode |= (mode >> 3) & 0070; mode |= (mode << 3) & 0700; } m = modetomask[(mode>>6) & 7]; if(!AddAccessAllowedAce(dacl, ACL_REVISION, m, st->owner->sid)) return nil; if(isdir && !AddAccessAllowedAce(dacl, ACL_REVISION, m, creatorowner)) return nil; m = modetomask[(mode>>3) & 7]; if(!AddAccessAllowedAce(dacl, ACL_REVISION, m, st->group->sid)) return nil; m = modetomask[(mode>>0) & 7]; if(!AddAccessAllowedAce(dacl, ACL_REVISION, m, everyone)) return nil; if(isdir){ /* hack to add inherit flags */ if(!GetAce(dacl, 1, &aceh)) return nil; aceh->AceFlags |= OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE; if(!GetAce(dacl, 2, &aceh)) return nil; aceh->AceFlags |= OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE; if(!GetAce(dacl, 3, &aceh)) return nil; aceh->AceFlags |= OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE; } /* * allow server user to access any file */ if(isserver){ if(!AddAccessAllowedAce(dacl, ACL_REVISION, RMODE|WMODE|XMODE, fsuser->sid)) return nil; if(isdir){ if(!GetAce(dacl, 4, &aceh)) return nil; aceh->AceFlags |= OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE; } } if(!InitializeSecurityDescriptor(sd, SECURITY_DESCRIPTOR_REVISION)) return nil; if(!SetSecurityDescriptorDacl(sd, 1, dacl, 0)) return nil; // if(isserver && !SetSecurityDescriptorOwner(sd, st->owner->sid, 0)) // return nil; return sd; } /* * the user manipulation routines * just make it easier to deal with user identities */ static User* sidtouser(Rune16 *srv, SID *s) { SID_NAME_USE type; Rune16 aname[100], dname[100]; DWORD naname, ndname; User *u; qlock(&users.lk); for(u = users.u; u != 0; u = u->next) if(EqualSid(s, u->sid)) break; qunlock(&users.lk); if(u != 0) return u; naname = sizeof(aname); ndname = sizeof(dname); if(!LookupAccountSidW(srv, s, aname, &naname, dname, &ndname, &type)) return mkuser(s, SidTypeUnknown, L"unknown", L"unknown"); return mkuser(s, type, aname, dname); } static User* domnametouser(Rune16 *srv, Rune16 *name, Rune16 *dom) { User *u; qlock(&users.lk); for(u = users.u; u != 0; u = u->next) if(runes16cmp(name, u->name) == 0 && runes16cmp(dom, u->dom) == 0) break; qunlock(&users.lk); if(u == 0) u = nametouser(srv, name); return u; } static User* nametouser(Rune16 *srv, Rune16 *name) { char sidrock[MAX_SID]; SID *sid; SID_NAME_USE type; Rune16 dom[MAX_PATH]; DWORD nsid, ndom; sid = (SID*)sidrock; nsid = sizeof(sidrock); ndom = sizeof(dom); if(!LookupAccountNameW(srv, name, sid, &nsid, dom, &ndom, &type)) return nil; return mkuser(sid, type, name, dom); } /* * this mapping could be cached */ static User* unametouser(Rune16 *srv, char *name) { Rune16 rname[MAX_PATH]; utftorunes16(rname, name, MAX_PATH); return nametouser(srv, rname); } /* * make a user structure and add it to the global cache. */ static User* mkuser(SID *sid, int type, Rune16 *name, Rune16 *dom) { User *u; qlock(&users.lk); for(u = users.u; u != 0; u = u->next){ if(EqualSid(sid, u->sid)){ qunlock(&users.lk); return u; } } switch(type) { default: break; case SidTypeDeletedAccount: name = L"deleted"; break; case SidTypeInvalid: name = L"invalid"; break; case SidTypeUnknown: name = L"unknown"; break; } u = malloc(sizeof(User)); if(u == nil){ qunlock(&users.lk); return 0; } u->next = nil; u->group = nil; u->sid = dupsid(sid); u->type = type; u->name = nil; if(name != nil) u->name = runes16dup(name); u->dom = nil; if(dom != nil) u->dom = runes16dup(dom); u->next = users.u; users.u = u; qunlock(&users.lk); return u; } /* * check if u is a member of gsid, * which might be a group. */ static int ismembersid(Rune16 *srv, User *u, SID *gsid) { User *g; if(EqualSid(u->sid, gsid)) return 1; g = sidtouser(srv, gsid); if(g == 0) return 0; return ismember(u, g); } static int ismember(User *u, User *g) { Gmem *grps; if(EqualSid(u->sid, g->sid)) return 1; if(EqualSid(g->sid, everyone)) return 1; qlock(&u->lk); addgroups(u, 0); for(grps = u->group; grps != 0; grps = grps->next){ if(EqualSid(grps->user->sid, g->sid)){ qunlock(&u->lk); return 1; } } qunlock(&u->lk); return 0; } /* * find out what groups a user belongs to. * if force, throw out the old info and do it again. * * note that a global group is also know as a group, * and a local group is also know as an alias. * global groups can only contain users. * local groups can contain global groups or users. * this code finds all global groups to which a user belongs, * and all the local groups to which the user or a global group * containing the user belongs. */ static void addgroups(User *u, int force) { LOCALGROUP_USERS_INFO_0 *loc; GROUP_USERS_INFO_0 *grp; DWORD i, n, rem; User *gu; Gmem *g, *next; Rune16 *srv, srvrock[MAX_PATH]; if(force){ u->gotgroup = 0; for(g = u->group; g != nil; g = next){ next = g->next; free(g); } u->group = nil; } if(u->gotgroup) return; u->gotgroup = 1; n = 0; srv = domsrv(u->dom, srvrock); i = NetUserGetGroups(srv, u->name, 0, (BYTE**)&grp, MAX_PREFERRED_LENGTH, &n, &rem); if(i == NERR_Success || i == ERROR_MORE_DATA){ for(i = 0; i < n; i++){ gu = domnametouser(srv, grp[i].grui0_name, u->dom); if(gu == 0) continue; g = malloc(sizeof(Gmem)); if(g == nil) error(Enomem); g->user = gu; g->next = u->group; u->group = g; } NetApiBufferFree(grp); } n = 0; i = NetUserGetLocalGroups(srv, u->name, 0, LG_INCLUDE_INDIRECT, (BYTE**)&loc, MAX_PREFERRED_LENGTH, &n, &rem); if(i == NERR_Success || i == ERROR_MORE_DATA){ for(i = 0; i < n; i++){ gu = domnametouser(srv, loc[i].lgrui0_name, u->dom); if(gu == NULL) continue; g = malloc(sizeof(Gmem)); if(g == nil) error(Enomem); g->user = gu; g->next = u->group; u->group = g; } NetApiBufferFree(loc); } } static SID* dupsid(SID *sid) { SID *nsid; int n; n = GetLengthSid(sid); nsid = malloc(n); if(nsid == nil || !CopySid(n, nsid, sid)) panic("can't copy sid"); return nsid; } /* * return the name of the server machine for file */ static Rune16* filesrv(char *file) { int n; Rune16 *srv; char *p, uni[MAX_PATH], mfile[MAX_PATH]; wchar_t vol[3]; strcpy(mfile, file); /* assume file is a fully qualified name - X: or \\server */ if(file[1] == ':') { vol[0] = file[0]; vol[1] = file[1]; vol[2] = 0; if(GetDriveType(vol) != DRIVE_REMOTE) return 0; n = sizeof(uni); if(WNetGetUniversalName(vol, UNIVERSAL_NAME_INFO_LEVEL, uni, &n) != NO_ERROR) return nil; runes16toutf(mfile, ((UNIVERSAL_NAME_INFO*)uni)->lpUniversalName, MAX_PATH); file = mfile; } file += 2; p = strchr(file, '\\'); if(p == 0) n = strlen(file); else n = p - file; if(n >= MAX_PATH) n = MAX_PATH-1; memmove(uni, file, n); uni[n] = '\0'; srv = malloc((n + 1) * sizeof(Rune16)); if(srv == nil) panic("filesrv: no memory"); utftorunes16(srv, uni, n+1); return srv; } /* * does the file system support acls? */ static int fsacls(char *file) { char *p; DWORD flags; char path[MAX_PATH]; wchar_t wpath[MAX_PATH]; /* assume file is a fully qualified name - X: or \\server */ if(file[1] == ':') { path[0] = file[0]; path[1] = file[1]; path[2] = '\\'; path[3] = 0; } else { strcpy(path, file); p = strchr(path+2, '\\'); if(p == 0) return 0; p = strchr(p+1, '\\'); if(p == 0) strcat(path, "\\"); else p[1] = 0; } utftorunes16(wpath, path, MAX_PATH); if(!GetVolumeInformation(wpath, NULL, 0, NULL, NULL, &flags, NULL, 0)) return 0; return flags & FS_PERSISTENT_ACLS; } /* * given a domain, find out the server to ask about its users. * we just ask the local machine to do the translation, * so it might fail sometimes. in those cases, we don't * trust the domain anyway, and vice versa, so it's not * clear what benifit we would gain by getting the answer "right". */ static Rune16* domsrv(Rune16 *dom, Rune16 srv[MAX_PATH]) { Rune16 *psrv; int n, r; if(dom[0] == 0) return nil; r = NetGetAnyDCName(NULL, dom, (LPBYTE*)&psrv); if(r == NERR_Success) { n = runes16len(psrv); if(n >= MAX_PATH) n = MAX_PATH-1; memmove(srv, psrv, n*sizeof(Rune16)); srv[n] = 0; NetApiBufferFree(psrv); return srv; } return nil; } Dev fsdevtab = { 'U', "fs", fsinit, fsattach, fswalk, fsstat, fsopen, fscreate, fsclose, fsread, devbread, fswrite, devbwrite, fsremove, fswstat };