diff options
| author | Miikka Heikkinen <miikka.heikkinen@digia.com> | 2012-01-12 09:16:45 (GMT) |
|---|---|---|
| committer | Qt by Nokia <qt-info@nokia.com> | 2012-01-16 09:52:49 (GMT) |
| commit | b1916b524b0d076dfc9fad2656d65493067b1b84 (patch) | |
| tree | 327e36678f4ff470e994559145e14e6dd563c349 | |
| parent | 0ce52668616eba11de6c8255ec5319db3405483a (diff) | |
| download | Qt-b1916b524b0d076dfc9fad2656d65493067b1b84.zip Qt-b1916b524b0d076dfc9fad2656d65493067b1b84.tar.gz Qt-b1916b524b0d076dfc9fad2656d65493067b1b84.tar.bz2 | |
Windows: Fix qt_ntfs_permission_lookup
Specifying qt_ntfs_permission_lookup++ in application code didn't
make qfilesystemengine_win.cpp respect Windows ACL as it was supposed
to. This was because GetTokenInformation for TokenUser failed always in
resolveLibs() function, because the TOKEN_USER struct that was given to
it wasn't large enough to contain both TOKEN_USER and SID structs that
GetTokenInformation wants to return in this case.
Fixed by calling GetTokenInformation twice, first to determine the
required size, and then another time to get the actual token info.
Additionally, the SID returned as part of the token info needs to be
stored for the lifetime of the application, as the TRUSTEE_W struct
has a pointer to it (currentUserTrusteeW).
The worldTrusteeW initialization also required a change to properly
store the SID.
Note: The dynamic resolution of FreeSid and other SID manipulating
functions doesn't appear to be necessary, as they are found on the
same ifdef level (in winbase.h) as the GetTokenInformation, which
already isn't dynamically resolved.
Task-number: QTBUG-247
Change-Id: If5b43faeded351c45b52a63854a10d9f618e33ef
Reviewed-by: Joerg Bornemann <joerg.bornemann@nokia.com>
| -rw-r--r-- | src/corelib/io/qfilesystemengine_win.cpp | 57 |
1 files changed, 46 insertions, 11 deletions
diff --git a/src/corelib/io/qfilesystemengine_win.cpp b/src/corelib/io/qfilesystemengine_win.cpp index 0ba8fe1..7e43684 100644 --- a/src/corelib/io/qfilesystemengine_win.cpp +++ b/src/corelib/io/qfilesystemengine_win.cpp @@ -160,6 +160,31 @@ typedef DWORD (WINAPI *PtrGetEffectiveRightsFromAclW)(PACL, PTRUSTEE_W, OUT PACC static PtrGetEffectiveRightsFromAclW ptrGetEffectiveRightsFromAclW = 0; static TRUSTEE_W currentUserTrusteeW; static TRUSTEE_W worldTrusteeW; +static PSID currentUserSID = 0; +static PSID worldSID = 0; + +/* + Deletes the allocated SIDs during global static cleanup +*/ +class SidCleanup +{ +public: + ~SidCleanup(); +}; + +SidCleanup::~SidCleanup() +{ + qFree(currentUserSID); + currentUserSID = 0; + + // worldSID was allocated with AllocateAndInitializeSid so it needs to be freed with FreeSid + if (worldSID) { + ::FreeSid(worldSID); + worldSID = 0; + } +} + +Q_GLOBAL_STATIC(SidCleanup, initSidCleanup) typedef BOOL (WINAPI *PtrGetUserProfileDirectoryW)(HANDLE, LPWSTR, LPDWORD); static PtrGetUserProfileDirectoryW ptrGetUserProfileDirectoryW = 0; @@ -198,25 +223,35 @@ static void resolveLibs() // Create TRUSTEE for current user HANDLE hnd = ::GetCurrentProcess(); HANDLE token = 0; + initSidCleanup(); if (::OpenProcessToken(hnd, TOKEN_QUERY, &token)) { - TOKEN_USER tu; - DWORD retsize; - if (::GetTokenInformation(token, TokenUser, &tu, sizeof(tu), &retsize)) - ptrBuildTrusteeWithSidW(¤tUserTrusteeW, tu.User.Sid); + DWORD retsize = 0; + // GetTokenInformation requires a buffer big enough for the TOKEN_USER struct and + // the SID struct. Since the SID struct can have variable number of subauthorities + // tacked at the end, its size is variable. Obtain the required size by first + // doing a dummy GetTokenInformation call. + ::GetTokenInformation(token, TokenUser, 0, 0, &retsize); + if (retsize) { + void *tokenBuffer = qMalloc(retsize); + if (::GetTokenInformation(token, TokenUser, tokenBuffer, retsize, &retsize)) { + PSID tokenSid = reinterpret_cast<PTOKEN_USER>(tokenBuffer)->User.Sid; + DWORD sidLen = ::GetLengthSid(tokenSid); + currentUserSID = reinterpret_cast<PSID>(qMalloc(sidLen)); + if (::CopySid(sidLen, currentUserSID, tokenSid)) + ptrBuildTrusteeWithSidW(¤tUserTrusteeW, currentUserSID); + } + qFree(tokenBuffer); + } ::CloseHandle(token); } typedef BOOL (WINAPI *PtrAllocateAndInitializeSid)(PSID_IDENTIFIER_AUTHORITY, BYTE, DWORD, DWORD, DWORD, DWORD, DWORD, DWORD, DWORD, DWORD, PSID*); PtrAllocateAndInitializeSid ptrAllocateAndInitializeSid = (PtrAllocateAndInitializeSid)advapi32.resolve("AllocateAndInitializeSid"); - typedef PVOID (WINAPI *PtrFreeSid)(PSID); - PtrFreeSid ptrFreeSid = (PtrFreeSid)advapi32.resolve("FreeSid"); - if (ptrAllocateAndInitializeSid && ptrFreeSid) { + if (ptrAllocateAndInitializeSid) { // Create TRUSTEE for Everyone (World) SID_IDENTIFIER_AUTHORITY worldAuth = { SECURITY_WORLD_SID_AUTHORITY }; - PSID pWorld = 0; - if (ptrAllocateAndInitializeSid(&worldAuth, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &pWorld)) - ptrBuildTrusteeWithSidW(&worldTrusteeW, pWorld); - ptrFreeSid(pWorld); + if (ptrAllocateAndInitializeSid(&worldAuth, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &worldSID)) + ptrBuildTrusteeWithSidW(&worldTrusteeW, worldSID); } } |