check file ownership before reading user specific config

git-svn-id: svn+ssh://svn.gna.org/svn/gnustep/libs/base/trunk@22507 72102866-910b-0410-8b05-ffd578937521

ChangeLog

@@ -1,3 +1,10 @@
+2006-02-17  Richard Frith-Macdonald <rfm@gnu.org>
+
+	* Source/NSFileManager.m: Implement method to get name of files
+	owner on mingw32.
+	* Source/NSPathUtilities.m: Check that user specific config file
+	is owned by user, as suggested by Sheldon.
+
 2006-02-16  Derek Zhou <dzhou@nvidea.com>
 
 	* Source/GSStream.h:

Source/NSFileManager.m

@@ -74,7 +74,10 @@
 
 #if	defined(__MINGW32__)
 #include <stdio.h>
+#include <tchar.h>
 #include <wchar.h>
+#include <accctrl.h>
+#include <aclapi.h>
 #define	WIN32ERR	((DWORD)0xFFFFFFFF)
 #endif
 
@@ -228,6 +231,7 @@
  */
 @interface	GSAttrDictionary : NSDictionary
 {
+  _CHAR		*_path;
   struct _STATB	statbuf;
 }
 + (NSDictionary*) attributesAt: (const _CHAR*)lpath
@@ -2714,12 +2718,19 @@ static NSSet	*fileKeys = nil;
 		  traverseLink: (BOOL)traverse
 {
   GSAttrDictionary	*d;
+  unsigned		l = 0;
+  unsigned		i;
 
   if (lpath == 0 || *lpath == 0)
     {
       return nil;
     }
-  d = (GSAttrDictionary*)NSAllocateObject(self, 0, NSDefaultMallocZone());
+  while (lpath[l] != 0)
+    {
+      l++;
+    }
+  d = (GSAttrDictionary*)NSAllocateObject(self, (l+1)*sizeof(_CHAR),
+    NSDefaultMallocZone());
 
 #if defined(S_IFLNK) && !defined(__MINGW32__)
   if (traverse == NO)
@@ -2735,6 +2746,11 @@ static NSSet	*fileKeys = nil;
     {
       DESTROY(d);
     }
+  d->_path = (_CHAR*)&d[1];
+  for (i = 0; i <= l; i++)
+    {
+      d->_path[i] = lpath[i];
+    }
   return AUTORELEASE(d);
 }
 
@@ -2845,23 +2861,23 @@ static NSSet	*fileKeys = nil;
 
 - (NSString*) fileOwnerAccountName
 {
-  NSString	*result = @"UnknownUser";
+  NSString	*owner = @"UnknownUser";
-#ifdef __MINGW_NOT_AVAILABLE_YET
+
-{
+#if	defined(__MINGW32__)
-  DWORD		dwRtnCode = 0;
+  DWORD		returnCode = 0;
-  PSID		pSidOwner;
+  PSID		sidOwner;
-  BOOL		bRtnBool = TRUE;
+  BOOL		result = TRUE;
-  LPTSTR	AcctName;
+  _CHAR		account[BUFSIZ];
-  LPTSTR	DomainName;
+  _CHAR		domain[BUFSIZ];
-  DWORD		dwAcctName = 1;
+  DWORD		accountSize = 1024;
-  DWORD		dwDomainName = 1;
+  DWORD		domainSize = 1024;
   SID_NAME_USE	eUse = SidTypeUnknown;
   HANDLE	hFile;
   PSECURITY_DESCRIPTOR pSD;
 
   // Get the handle of the file object.
   hFile = CreateFileW(
-    "myfile.txt",
+    _path,
     GENERIC_READ,
     FILE_SHARE_READ,
     0,
@@ -2875,112 +2891,66 @@ static NSSet	*fileKeys = nil;
       DWORD dwErrorCode = 0;
 
       dwErrorCode = GetLastError();
-      _tprintf(TEXT("CreateFile error = %d\n"), dwErrorCode);
+      NSDebugMLog(@"Error %d getting file handle for '%S'",
-      return -1;
+        dwErrorCode, _path);
+      return owner;
     }
 
-  // Allocate memory for the SID structure.
-  pSidOwner = (PSID)GlobalAlloc(
-    GMEM_FIXED,
-    sizeof(PSID));
-
-  // Allocate memory for the security descriptor structure.
-  pSD = (PSECURITY_DESCRIPTOR)GlobalAlloc(
-    GMEM_FIXED,
-    sizeof(PSECURITY_DESCRIPTOR));
-
   // Get the owner SID of the file.
-  dwRtnCode = GetSecurityInfoW(
+  returnCode = GetSecurityInfo(
     hFile,
     SE_FILE_OBJECT,
     OWNER_SECURITY_INFORMATION,
-    &pSidOwner,
+    &sidOwner,
     0,
     0,
     0,
     &pSD);
 
+  CloseHandle(hFile);
+
   // Check GetLastError for GetSecurityInfo error condition.
-  if (dwRtnCode != ERROR_SUCCESS)
+  if (returnCode != ERROR_SUCCESS)
     {
       DWORD dwErrorCode = 0;
 
       dwErrorCode = GetLastError();
-      _tprintf(TEXT("GetSecurityInfo error = %d\n"), dwErrorCode);
+      NSDebugMLog(@"Error %d getting security info for '%S'",
-      return -1;
+        dwErrorCode, _path);
+      return owner;
     }
 
   // First call to LookupAccountSid to get the buffer sizes.
-  bRtnBool = LookupAccountSid(
+  result = LookupAccountSidW(
     0,           // local computer
-    pSidOwner,
+    sidOwner,
-    AcctName,
+    account,
-    (LPDWORD)&dwAcctName,
+    (LPDWORD)&accountSize,
-    DomainName,
+    domain,
-    (LPDWORD)&dwDomainName,
+    (LPDWORD)&domainSize,
     &eUse);
 
-  // Reallocate memory for the buffers.
-  AcctName = (char *)GlobalAlloc(
-    GMEM_FIXED,
-    dwAcctName);
-
-  // Check GetLastError for GlobalAlloc error condition.
-  if (AcctName == 0)
-    {
-      DWORD dwErrorCode = 0;
-
-      dwErrorCode = GetLastError();
-      _tprintf(TEXT("GlobalAlloc error = %d\n"), dwErrorCode);
-      return -1;
-    }
-
-  DomainName = (char *)GlobalAlloc(
-    GMEM_FIXED,
-    dwDomainName);
-
-  // Check GetLastError for GlobalAlloc error condition.
-  if (DomainName == 0)
-    {
-      DWORD dwErrorCode = 0;
-
-      dwErrorCode = GetLastError();
-      _tprintf(TEXT("GlobalAlloc error = %d\n"), dwErrorCode);
-      return -1;
-    }
-
-  // Second call to LookupAccountSid to get the account name.
-  bRtnBool = LookupAccountSid(
-    0,                          // name of local or remote computer
-    pSidOwner,                     // security identifier
-    AcctName,                      // account name buffer
-    (LPDWORD)&dwAcctName,          // size of account name buffer
-    DomainName,                    // domain name
-    (LPDWORD)&dwDomainName,        // size of domain name buffer
-    &eUse);                        // SID type
-
   // Check GetLastError for LookupAccountSid error condition.
-  if (bRtnBool == FALSE)
+  if (result == FALSE)
     {
       DWORD dwErrorCode = 0;
 
       dwErrorCode = GetLastError();
-
       if (dwErrorCode == ERROR_NONE_MAPPED)
-	_tprintf(TEXT("Account owner not found for specified SID.\n"));
+	NSDebugMLog(@"Error %d in LookupAccountSid for '%S'", _path);
       else
-	_tprintf(TEXT("Error in LookupAccountSid.\n"));
+        NSDebugMLog(@"Error %d getting security info for '%S'",
-      return -1;
+          dwErrorCode, _path);
+      return owner;
     }
-  else if (bRtnBool == TRUE)
-    {
-      // Print the account name.
-      _tprintf(TEXT("Account owner = %s\n"), AcctName);
-    }
-  return 0;
-}
 
-#endif
+  if (accountSize >= 1024)
+    {
+      NSDebugMLog(@"Account name for '%S' is unreasonably long", _path);
+      return owner;
+    }
+  return [NSString stringWithCharacters: account length: accountSize];
+#else
 #ifdef HAVE_PWD_H
   struct passwd *pw;
 
@@ -2988,10 +2958,11 @@ static NSSet	*fileKeys = nil;
 
   if (pw != 0)
     {
-      result = [NSString stringWithCString: pw->pw_name];
+      owner = [NSString stringWithCString: pw->pw_name];
     }
 #endif /* HAVE_PWD_H */
-  return result;
+#endif
+  return owner;
 }
 
 - (unsigned long long) fileSize

Source/NSPathUtilities.m

@@ -163,7 +163,8 @@ static NSMutableDictionary* GNUstepConfig(NSDictionary *newConfig);
 
 static void UserConfig(NSMutableDictionary *config, NSString *userName);
 
-static BOOL ParseConfigurationFile(NSString *name, NSMutableDictionary *dict);
+static BOOL ParseConfigurationFile(NSString *name, NSMutableDictionary *dict,
+  NSString *userName);
 
 static void InitialisePathUtilities(void);
 static void ShutdownPathUtilities(void);
@@ -461,7 +462,7 @@ GNUstepConfig(NSDictionary *newConfig)
 		{
 		  gnustepConfigPath
 		    = RETAIN([file stringByDeletingLastPathComponent]);
-		  ParseConfigurationFile(file, conf);
+		  ParseConfigurationFile(file, conf, nil);
 		}
 	    }
 	  else
@@ -539,7 +540,7 @@ UserConfig(NSMutableDictionary *config, NSString *userName)
 	{
 	  home = NSHomeDirectoryForUser(userName);
 	  path = [home stringByAppendingPathComponent: file];
-	  ParseConfigurationFile(path, config);
+	  ParseConfigurationFile(path, config, userName);
 	}
       /*
        * We don't let the user config file override the GNUSTEP_USER_CONFIG_FILE
@@ -637,7 +638,8 @@ static void ShutdownPathUtilities(void)
  * the function makes no changes to dict and returns NO.
  */
 static BOOL
-ParseConfigurationFile(NSString *fileName, NSMutableDictionary *dict)
+ParseConfigurationFile(NSString *fileName, NSMutableDictionary *dict,
+  NSString *userName)
 {
   NSDictionary	*attributes;
   NSString      *file;
@@ -658,12 +660,32 @@ ParseConfigurationFile(NSString *fileName, NSMutableDictionary *dict)
     }
 
   attributes = [MGR() fileAttributesAtPath: fileName traverseLink: YES];
+  if (userName != nil)
+    {
+      NSString	*fileOwner = [attributes fileOwnerAccountName];
+  
+      if ([userName isEqual: fileOwner] == NO)
+	{
+#if defined(__WIN32__)
+	  fprintf(stderr, "The file '%S' is owned by '%s' but we expect it"
+	    " to be the personal config file of '%s'.\nIgnoring it.\n",
+	    [fileName fileSystemRepresentation],
+	    [fileOwner UTF8String], [userName UTF8String]);
+#else
+	  fprintf(stderr, "The file '%s' is owned by '%s' but we expect it"
+	    " to be the personal config file of '%s'.\nIgnoring it.\n",
+	    [fileName fileSystemRepresentation],
+	    [fileOwner UTF8String], [userName UTF8String]);
+#endif
+          return NO;
+	}
+    }
   if (([attributes filePosixPermissions] & (0022 & ATTRMASK)) != 0)
     {
 #if defined(__WIN32__)
       fprintf(stderr, "The file '%S' is writable by someone other than"
 	" its owner (permissions 0%lo).\nIgnoring it.\n",
-	(const unichar*)[fileName fileSystemRepresentation],
+	[fileName fileSystemRepresentation],
         [attributes filePosixPermissions]);
 #else
       fprintf(stderr, "The file '%s' is writable by someone other than"

Source/win32/NSStreamWin32.m

@@ -202,11 +202,13 @@
 + (id) serverStreamToAddr: (NSString*)addr port: (int)port
 {
   [self notImplemented: _cmd];
+  return nil;
 }
 
 + (id) serverStreamToAddr: (NSString*)addr
 {
   [self notImplemented: _cmd];
+  return nil;
 }
 
 - (id) initToAddr: (NSString*)addr port: (int)port