util_win32.c revision cccd31fa4a72fe23cc3249c06db181b274a55a69
842ae4bd224140319ae7feec1872b93dfd491143fielding/* ====================================================================
842ae4bd224140319ae7feec1872b93dfd491143fielding * The Apache Software License, Version 1.1
842ae4bd224140319ae7feec1872b93dfd491143fielding * Copyright (c) 2000 The Apache Software Foundation. All rights
842ae4bd224140319ae7feec1872b93dfd491143fielding * reserved.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * Redistribution and use in source and binary forms, with or without
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * modification, are permitted provided that the following conditions
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * are met:
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * 1. Redistributions of source code must retain the above copyright
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * notice, this list of conditions and the following disclaimer.
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * 2. Redistributions in binary form must reproduce the above copyright
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * notice, this list of conditions and the following disclaimer in
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * the documentation and/or other materials provided with the
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * distribution.
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh * 3. The end-user documentation included with the redistribution,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * if any, must include the following acknowledgment:
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh * "This product includes software developed by the
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * Apache Software Foundation (http://www.apache.org/)."
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * Alternately, this acknowledgment may appear in the software itself,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * if and wherever such third-party acknowledgments normally appear.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * 4. The names "Apache" and "Apache Software Foundation" must
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * not be used to endorse or promote products derived from this
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * software without prior written permission. For written
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * permission, please contact apache@apache.org.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * 5. Products derived from this software may not be called "Apache",
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * nor may "Apache" appear in their name, without prior written
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * permission of the Apache Software Foundation.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
f888346b48f5e5b5e3f0a47dedb8cefd2759a4e2gregames * SUCH DAMAGE.
750d12c59545dbbac70390988de94f7e901b08f2niq * ====================================================================
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * This software consists of voluntary contributions made by many
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * individuals on behalf of the Apache Software Foundation. For more
db455cbc662c98dbbf53175393c50086ff63370cchrisd * information on the Apache Software Foundation, please see
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * Portions of this software are based upon public domain software
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * originally written at the National Center for Supercomputing Applications,
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * University of Illinois, Urbana-Champaign.
d4abb06ac220bb280ae996b6d21bbd257db51bb1jerenkrantz/* Returns TRUE if the input string is a string
18b5268e013574026b2503b1641baf3299045f45sf * of one or more '.' characters.
a2a0abd88b19e042a3eb2a9fa1702c25ad51303dwrowe for (c = pString;*c;c++)
4f9c22c4f27571d54197be9674e1fc0d528192aestriker if (*c != '.')
4f9c22c4f27571d54197be9674e1fc0d528192aestriker/* Accepts as input a pathname, and tries to match it to an
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * existing path and return the pathname in the case that
4f9c22c4f27571d54197be9674e1fc0d528192aestriker * is present on the existing path. This routine also
18b5268e013574026b2503b1641baf3299045f45sf * converts alias names to long names.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbAP_DECLARE(char *) ap_os_systemcase_filename(apr_pool_t *pPool,
4f9c22c4f27571d54197be9674e1fc0d528192aestriker const char *szFile)
60a765cccbd3f3b5997b65b0034220c79f78369etrawick char *p, *q, *t;
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd if (!szFile || strlen(szFile) == 0 || strlen(szFile) >= sizeof(buf))
c2cf53a40a9814eb91db2cdf820f97d943f21628coar /* First convert all slashes to \ so Win32 calls work OK */
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe for (p = pInputName; *p; p++) {
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe if (*p == '/')
731344ed8f3677d1661c261ca5fcdd2ee3dbc74ccoar *p = '\\';
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe /* If there is drive information, copy it over. */
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe /* This is correct - if systemcase is used for
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe * comparison, d: designations will match
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe *(t++) = tolower(*p++);
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe *(t++) = *p++;
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe /* If all we have is a drive letter, then we are done */
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe if (*p == '\\') {
8419e6f8bff1a3617933f3ba760d2bdec7442f44coar /* Get past the machine name. FindFirstFile
8419e6f8bff1a3617933f3ba760d2bdec7442f44coar * will not find a machine name only
d4abb06ac220bb280ae996b6d21bbd257db51bb1jerenkrantz *(t++) = '\\';
8419e6f8bff1a3617933f3ba760d2bdec7442f44coar /* Get past the share name. FindFirstFile */
8419e6f8bff1a3617933f3ba760d2bdec7442f44coar /* will not find a \\machine\share name only */
d4abb06ac220bb280ae996b6d21bbd257db51bb1jerenkrantz /* This was faulty - as of 1.3.13 \\machine\share
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe * name is now always lowercased
4f9c22c4f27571d54197be9674e1fc0d528192aestriker t += p - q;
efd83d1dd1a25688a3093c5a542ae16bacef62ddsf while (!bDone) {
4f9c22c4f27571d54197be9674e1fc0d528192aestriker /* If the path exists so far, call FindFirstFile
fa06de8a28a737e8fbaad76d7f3ff67aaa5e4a09wrowe * again. However, if this portion of the path contains
fa06de8a28a737e8fbaad76d7f3ff67aaa5e4a09wrowe * only '.' charaters, skip the call to FindFirstFile
fa06de8a28a737e8fbaad76d7f3ff67aaa5e4a09wrowe * since it will convert '.' and '..' to actual names.
c2cf53a40a9814eb91db2cdf820f97d943f21628coar * Note: in the call to OnlyDots, we may have to skip
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe * a leading slash.
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe if (bFileExists && !OnlyDots((*q == '.' ? q : q+1))) {
48e4b65042d94992c50f1db6c0b0cdbd99ca77e8sf if (*q == '\\')
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe *(t++) = '\\';
60a765cccbd3f3b5997b65b0034220c79f78369etrawick /* XXX: Comparison could be faulty ...\unknown
60a765cccbd3f3b5997b65b0034220c79f78369etrawick * names may not be tested (if they reside outside
60a765cccbd3f3b5997b65b0034220c79f78369etrawick * of the file system)!
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe *p++ = '\\';
fa06de8a28a737e8fbaad76d7f3ff67aaa5e4a09wrowe /* Finally, convert all slashes to / so server code handles it ok */
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd for (p = buf; *p; p++) {
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd if (*p == '\\')
18b5268e013574026b2503b1641baf3299045f45sf/* Perform canonicalization with the exception that the
0d26b42fc1735e110c6dc83b114c56257b20070bbnicholes * input case is preserved.
18b5268e013574026b2503b1641baf3299045f45sfAP_DECLARE(char *) ap_os_case_canonical_filename(apr_pool_t *pPool,
18b5268e013574026b2503b1641baf3299045f45sf const char *szFile)
1a7a4f8c6a312cb237e428c77da0792eb165dc7aniq /* Change all '\' characters to '/' characters.
1a7a4f8c6a312cb237e428c77da0792eb165dc7aniq * While doing this, remove any trailing '.'.
185aa71728867671e105178b4c66fbc22b65ae26sf * Also, blow away any directories with 3 or
60fc37bb7b498f4bba5eaaa73a42a25daa27a9dasf * more '.'
0d26b42fc1735e110c6dc83b114c56257b20070bbnicholes if (q-p > 2)
18b5268e013574026b2503b1641baf3299045f45sf *p = '\0';
18b5268e013574026b2503b1641baf3299045f45sf /* Blow away any final trailing '.' since on Win32
18b5268e013574026b2503b1641baf3299045f45sf * foo.bat == foo.bat. == foo.bat... etc.
18b5268e013574026b2503b1641baf3299045f45sf * Also blow away any trailing spaces since
18b5268e013574026b2503b1641baf3299045f45sf * "filename" == "filename "
69bbd0a9d1892949e1d4e454c10e8ad24b37c759sf if ((p > pNewStr) ||
185aa71728867671e105178b4c66fbc22b65ae26sf *p = '\0';
60fc37bb7b498f4bba5eaaa73a42a25daa27a9dasf /* One more security issue to deal with. Win32 allows
69bbd0a9d1892949e1d4e454c10e8ad24b37c759sf * you to create long filenames. However, alias filenames
69bbd0a9d1892949e1d4e454c10e8ad24b37c759sf * are always created so that the filename will
69bbd0a9d1892949e1d4e454c10e8ad24b37c759sf * conform to 8.3 rules. According to the Microsoft
69bbd0a9d1892949e1d4e454c10e8ad24b37c759sf * Developer's network CD (1/98)
0d26b42fc1735e110c6dc83b114c56257b20070bbnicholes * "Automatically generated aliases are composed of the
0d26b42fc1735e110c6dc83b114c56257b20070bbnicholes * first six characters of the filename plus ~n
0d26b42fc1735e110c6dc83b114c56257b20070bbnicholes * (where n is a number) and the first three characters
0d26b42fc1735e110c6dc83b114c56257b20070bbnicholes * after the last period."
0d26b42fc1735e110c6dc83b114c56257b20070bbnicholes * Here, we attempt to detect and decode these names.
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe * XXX: Netware network clients may have alternate short names,
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe * simply truncated, with no embedded '~'. Further, this behavior
4f9c22c4f27571d54197be9674e1fc0d528192aestriker * can be modified on WinNT volumes. This was not a safe test,
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe * therefore exclude the '~' pretest.
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe /* We potentially have a short name. Call
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe * ap_os_systemcase_filename to examine the filesystem
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe * and possibly extract the long name.
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe pConvertedName = ap_os_systemcase_filename(pPool, pNewStr);
83a8dc5a596a8a1b9d14f063268287d123b9ed7ewrowe /* Since we want to preserve the incoming case as much
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe * as we can, compare for differences in the string and
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe * only substitute in the path names that changed.
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe if (p != NULL) {
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe if (p != NULL) {
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe *q++ = '/';
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd *p++ = '/';
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd } while (p != NULL);
a2b181763cb35fd899feb4a436aeadaa80bf91eabrianp/* Perform complete canonicalization.
4f9c22c4f27571d54197be9674e1fc0d528192aestrikerAP_DECLARE(char *) ap_os_canonical_filename(apr_pool_t *pPool, const char *szFile)
4f9c22c4f27571d54197be9674e1fc0d528192aestriker pNewName = ap_os_case_canonical_filename(pPool, szFile);
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd * XXX we will no longer use this redunant parsing function, it's
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd * logic moves off into the canonical filename processing and the
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd * apr file handling functions. Left for today till it's finished.
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe * ap_os_is_filename_valid is given a filename, and returns 0 if the filename
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd * is not valid for use on this system. On Windows, this means it fails any
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd * of the tests below. Otherwise returns 1.
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd * Test for filename validity on Win32. This is of tests come in part from
4f9c22c4f27571d54197be9674e1fc0d528192aestriker * the MSDN article at "Technical Articles, Windows Platform, Base Services,
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd * Guidelines, Making Room for Long Filenames" although the information
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd * in MSDN about filename testing is incomplete or conflicting. There is a
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd * similar set of tests in "Technical Articles, Windows Platform, Base Services,
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd * Guidelines, Moving Unix Applications to Windows NT".
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd * The tests are:
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd * 1) total path length greater than MAX_PATH
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe * 2) anything using the octets 0-31 or characters " < > | :
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd * (these are reserved for Windows use in filenames. In addition
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd * each file system has its own additional characters that are
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd * invalid. See KB article Q100108 for more details).
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe * 3) anything ending in "." (no matter how many)
cc9582e53aead2a044077c4a92f3dfc3605590b3wrowe * (filename doc, doc. and doc... all refer to the same file)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * 4) any segment in which the basename (before first period) matches
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * one of the DOS device names
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * (the list comes from KB article Q100108 although additional
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * names such as "COM5" are also special devices).
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb * If the path fails ANY of these tests, the result must be to deny access.
b38846b15c8891c6dec44dcc4f96ca40721bf663rbbAP_DECLARE(int) ap_os_is_filename_valid(const char *file)
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *segstart;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb unsigned int seglength;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb const char *pos;
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb static const char * const invalid_characters = "?\"<>*|:";
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb static const char * const invalid_filenames[] = {
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe /* Test 1 */
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe /* Path too long for Windows. Note that this test is not valid
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe * if the path starts with //?/ or \\?\. */
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe /* Skip any leading non-path components. This can be either a
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe * drive letter such as C:, or a UNC path such as \\SERVER\SHARE\.
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe * We continue and check the rest of the path based on the rules above.
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe * This means we could eliminate valid filenames from servers which
7c301a1818939f85da8f3629cc3e9b5588610ef0jerenkrantz * are not running NT (such as Samba).
731344ed8f3677d1661c261ca5fcdd2ee3dbc74ccoar /* Skip leading drive letter */
1e911973bcb9df6701a4c16c037771ecf25ade13niq /* Is a UNC, so skip the server name and share name */
731344ed8f3677d1661c261ca5fcdd2ee3dbc74ccoar /* No share name */
7c301a1818939f85da8f3629cc3e9b5588610ef0jerenkrantz /* No path information */
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe while (*pos) {
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe unsigned int idx;
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe unsigned int baselength;
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe * Now we have a segment of the path, starting at position "segstart"
731344ed8f3677d1661c261ca5fcdd2ee3dbc74ccoar * and length "seglength"
290ecc1ddceca1ed49bc1a5338921264b5c3e07cwrowe /* Test 2 */
7c301a1818939f85da8f3629cc3e9b5588610ef0jerenkrantz if ((segstart[idx] > 0 && segstart[idx] < 32) ||
b38846b15c8891c6dec44dcc4f96ca40721bf663rbb /* Test 3 */
700b96db75e7cfadb5219978c1735b710d583763wrowe /* Test 4 */
700b96db75e7cfadb5219978c1735b710d583763wrowe for (baselength = 0; baselength < seglength; baselength++) {
700b96db75e7cfadb5219978c1735b710d583763wrowe /* baselength is the number of characters in the base path of
700b96db75e7cfadb5219978c1735b710d583763wrowe * the segment (which could be the same as the whole segment length,
700b96db75e7cfadb5219978c1735b710d583763wrowe * if it does not include any dot characters). */
103a93c625bcde1a6a7a5155b64dcda36f612180pquerna !strnicmp(invalid_filenames[idx], segstart, baselength)) {
700b96db75e7cfadb5219978c1735b710d583763wroweAP_DECLARE(apr_status_t) ap_os_create_privileged_process(
700b96db75e7cfadb5219978c1735b710d583763wrowe const char * const *args,
700b96db75e7cfadb5219978c1735b710d583763wrowe const char * const *env,