Changeset 105631 in vbox for trunk/src/VBox/Runtime
- Timestamp:
- Aug 9, 2024 12:59:18 AM (8 months ago)
- svn:sync-xref-src-repo-rev:
- 164320
- Location:
- trunk/src/VBox/Runtime
- Files:
-
- 1 added
- 4 edited
- 1 copied
-
Makefile.kmk (modified) (2 diffs)
-
r3/nt/RTPathUnlink-r3-nt.cpp (copied) (copied from trunk/src/VBox/Runtime/r3/nt/RTFileDelete-r3-nt.cpp ) (9 diffs)
-
r3/posix/path-posix.cpp (modified) (1 diff)
-
r3/win/path-win.cpp (modified) (2 diffs)
-
testcase/Makefile.kmk (modified) (2 diffs)
-
testcase/tstRTPathUnlink.cpp (added)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/Runtime/Makefile.kmk
r104570 r105631 1053 1053 r3/nt/RTPathQueryInfo-nt.cpp \ 1054 1054 r3/nt/RTPathSetMode-r3-nt.cpp \ 1055 r3/nt/RTPathUnlink-r3-nt.cpp \ 1055 1056 r3/nt/RTProcQueryParent-r3-nt.cpp \ 1056 1057 nt/semevent-nt.cpp \ … … 2655 2656 r3/nt/RTPathQueryInfo-nt.cpp \ 2656 2657 r3/nt/RTPathSetMode-r3-nt.cpp \ 2658 r3/nt/RTPathUnlink-r3-nt.cpp \ 2657 2659 r3/nt/RTProcQueryParent-r3-nt.cpp \ 2658 2660 r3/win/RTMemProtect-win.cpp \ -
trunk/src/VBox/Runtime/r3/nt/RTPathUnlink-r3-nt.cpp
r105630 r105631 42 42 #include "internal-r3-nt.h" 43 43 44 #include <iprt/ file.h>44 #include <iprt/path.h> 45 45 #include <iprt/err.h> 46 46 … … 48 48 49 49 50 RT DECL(int) RTFileDelete(const char *pszFilename)50 RTR3DECL(int) RTPathUnlink(const char *pszPath, uint32_t fUnlink) 51 51 { 52 /* 53 * Validate input. 54 */ 55 AssertPtrReturn(pszPath, VERR_INVALID_POINTER); 56 AssertReturn(*pszPath, VERR_INVALID_NAME); 57 AssertReturn(!(fUnlink & ~RTPATHUNLINK_FLAGS_NO_SYMLINKS), VERR_INVALID_FLAGS); 58 52 59 /* 53 60 * Convert and normalize the path. … … 55 62 UNICODE_STRING NtName; 56 63 HANDLE hRootDir; 57 int rc = RTNtPathFromWinUtf8(&NtName, &hRootDir, psz Filename);64 int rc = RTNtPathFromWinUtf8(&NtName, &hRootDir, pszPath); 58 65 if (RT_SUCCESS(rc)) 59 66 { 60 ULONG fUnwantedFileAttribs = FILE_ATTRIBUTE_REPARSE_POINT | FILE_ATTRIBUTE_DIRECTORY;61 62 67 /* 63 * Try open it as a file or reparse point. 64 * 65 * Note! This will succeed on directory alternate data streams, despite 66 * the FILE_NON_DIRECTORY_FILE flag. 67 * 68 * OTOH, it will open the reparse point even if an ADS is 69 * specified in the path (i.e. given symlink 'foo' targeting 70 * directory 'bar\', attempts to open 'foo::$INDEX_ALLOCATION' 71 * will result in opening the 'foo' reparse point and any 72 * attempts to delete it will only delete 'foo', the 'bar' 73 * directory will be left untouched - so safe). 68 * Try open the file system object without preference to directory or 69 * non-directory, while making sure we don't follow reparse points. 74 70 */ 75 71 HANDLE hPath = RTNT_INVALID_HANDLE_VALUE; … … 78 74 InitializeObjectAttributes(&ObjAttr, &NtName, 0 /*fAttrib*/, hRootDir, NULL); 79 75 80 ULONG fOpenOptions = FILE_NON_DIRECTORY_FILE | FILE_OPEN_FOR_BACKUP_INTENT | FILE_OPEN_REPARSE_POINT 81 | FILE_SYNCHRONOUS_IO_NONALERT; 76 ULONG fOpenOptions = FILE_OPEN_FOR_BACKUP_INTENT | FILE_OPEN_REPARSE_POINT | FILE_SYNCHRONOUS_IO_NONALERT; 82 77 NTSTATUS rcNt = NtCreateFile(&hPath, 83 DELETE | FILE_READ_ATTRIBUTES |SYNCHRONIZE,78 DELETE | SYNCHRONIZE, 84 79 &ObjAttr, 85 80 &Ios, … … 91 86 NULL /*EaBuffer*/, 92 87 0 /*EaLength*/); 93 if (NT_SUCCESS(rcNt)) 94 { 95 /* 96 * Check if it is a reparse point. 97 * 98 * DeleteFileW and MoveFileExW (on build 19040) will re-open reparse 99 * points other than symlinks, mount points (junctions?) and named 100 * pipe symlinks. We OTOH, will just fail as that could be a 101 * potentially security problem, since unknown reparse point behaviour 102 * could be used for exploits if they work in a similar manner to the 103 * three just mentioned. 104 * 105 * To delete symbolic links, use RTSymlinkDelete. 106 * 107 * Alternative: We could model this on linux instead and also allow 108 * this function unlink symlinks, mount points and global reparse stuff, 109 * but fail on any other reparse point. This would make the APIs work 110 * more or less the same across the platforms. (Code is #if 0'ed below.) 111 * 112 * See @bugref{10632}. 113 */ 114 FILE_ATTRIBUTE_TAG_INFORMATION TagInfo = {0, 0}; 115 RTNT_IO_STATUS_BLOCK_REINIT(&Ios); 116 rcNt = NtQueryInformationFile(hPath, &Ios, &TagInfo, sizeof(TagInfo), FileAttributeTagInformation); 117 if (NT_SUCCESS(rcNt)) 118 { 119 if (TagInfo.FileAttributes & FILE_ATTRIBUTE_REPARSE_POINT) 120 { 121 #if 0 122 if ( TagInfo.ReparseTag == IO_REPARSE_TAG_SYMLINK 123 || TagInfo.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT 124 || TagInfo.ReparseTag == IO_REPARSE_TAG_GLOBAL_REPARSE) 125 fUnwantedFileAttribs = 0; /* Consider all symlinks to be files, even the ones pointing at directories. */ 126 else 127 #endif 128 { 129 NtClose(hPath); 130 hPath = RTNT_INVALID_HANDLE_VALUE; 131 rcNt = STATUS_DIRECTORY_IS_A_REPARSE_POINT; 132 rc = VERR_IS_A_SYMLINK; 133 } 134 } 135 } 136 else if (rcNt == STATUS_INVALID_PARAMETER || rcNt == STATUS_NOT_IMPLEMENTED) 137 rcNt = STATUS_SUCCESS; 138 else 139 { 140 NtClose(hPath); 141 hPath = RTNT_INVALID_HANDLE_VALUE; 142 } 143 } 88 144 89 /* 145 90 * Retry w/o the FILE_OPEN_REPARSE_POINT if the file system returns … … 147 92 * grok the reparse point stuff. 148 93 */ 149 elseif (rcNt == STATUS_INVALID_PARAMETER)94 if (rcNt == STATUS_INVALID_PARAMETER) 150 95 { 151 96 fOpenOptions &= ~FILE_OPEN_REPARSE_POINT; … … 153 98 RTNT_IO_STATUS_BLOCK_REINIT(&Ios); 154 99 rcNt = NtCreateFile(&hPath, 155 DELETE | FILE_READ_ATTRIBUTES |SYNCHRONIZE,100 DELETE | SYNCHRONIZE, 156 101 &ObjAttr, 157 102 &Ios, … … 164 109 0 /*EaLength*/); 165 110 } 166 /* else:167 DeleteFileW will retry opening the file w/o FILE_READ_ATTRIBUTES here when168 the status code is STATUS_ACCESS_DENIED. We OTOH will not do that as we will169 be querying attributes to check that it is a file and not a directory. */170 171 111 if (NT_SUCCESS(rcNt)) 172 112 { 173 113 /* 174 * Recheck that this is a file and not a directory or a reparse point we 175 * don't approve of. 176 * 177 * This prevents us from accidentally deleting a directory via the 178 * ::$INDEX_ALLOCATION stream, at the cost of not being able to delete 179 * any alternate data streams on directories using this API. 180 * 181 * See @bugref{10632}. 114 * Delete it. 182 115 */ 183 FILE_BASIC_INFORMATION BasicInfo = {}; 184 RTNT_IO_STATUS_BLOCK_REINIT(&Ios); 185 rcNt = NtQueryInformationFile(hPath, &Ios, &BasicInfo, sizeof(BasicInfo), FileBasicInformation); 116 FILE_DISPOSITION_INFORMATION DeleteInfo = { TRUE }; 117 rcNt = NtSetInformationFile(hPath, &Ios, &DeleteInfo, sizeof(DeleteInfo), FileDispositionInformation); 186 118 if (NT_SUCCESS(rcNt)) 187 { 188 if (!(BasicInfo.FileAttributes & fUnwantedFileAttribs)) 189 { 190 /* 191 * Okay, it is a file. Delete it. 192 */ 193 FILE_DISPOSITION_INFORMATION DeleteInfo = { TRUE }; 194 rcNt = NtSetInformationFile(hPath, &Ios, &DeleteInfo, sizeof(DeleteInfo), FileDispositionInformation); 195 } 196 else if (BasicInfo.FileAttributes & FILE_ATTRIBUTE_DIRECTORY) 197 rc = VERR_IS_A_DIRECTORY; 198 else 199 rc = VERR_IS_A_SYMLINK; 200 } 119 rc = VINF_SUCCESS; 201 120 else 202 121 rc = RTErrConvertFromNtStatus(rcNt); … … 206 125 rc = RTErrConvertFromNtStatus(rcNt); 207 126 } 208 else if (RT_SUCCESS_NP(rc))127 else 209 128 rc = RTErrConvertFromNtStatus(rcNt); 210 129 RTNtPathFree(&NtName, &hRootDir); -
trunk/src/VBox/Runtime/r3/posix/path-posix.cpp
r98103 r105631 313 313 RTR3DECL(int) RTPathUnlink(const char *pszPath, uint32_t fUnlink) 314 314 { 315 RT_NOREF_PV(pszPath); RT_NOREF_PV(fUnlink); 316 return VERR_NOT_IMPLEMENTED; 315 /* 316 * Validate input. 317 */ 318 AssertPtrReturn(pszPath, VERR_INVALID_POINTER); 319 AssertReturn(*pszPath, VERR_INVALID_NAME); 320 AssertReturn(!(fUnlink & ~RTPATHUNLINK_FLAGS_NO_SYMLINKS), VERR_INVALID_FLAGS); 321 322 /* 323 * Convert the path. 324 */ 325 char const *pszNativePath; 326 int rc = rtPathToNative(&pszNativePath, pszPath, NULL); 327 if (RT_SUCCESS(rc)) 328 { 329 /* 330 * Check if it's a directory using lstat, since unlink() may have adverse 331 * side effects when running as root on some file systems (at least on 332 * Solaris). 333 * 334 * There are of course race conditions here, but w/o a NT style removal 335 * API it is not possible to do this w/o a race. 336 * 337 * Note! We cannot just use rmdir here, in case the final entity is a 338 * symlink pointing at a directory, as we're supposed to remove 339 * the symlink when that's the case. 340 */ 341 struct stat Stat; 342 rc = lstat(pszNativePath, &Stat); 343 if (rc || !S_ISDIR(Stat.st_mode)) 344 { 345 rc = unlink(pszNativePath); 346 if (rc == 0) 347 rc = VINF_SUCCESS; 348 else 349 { 350 rc = errno; 351 if (rc != ENOENT) 352 rc = RTErrConvertFromErrno(rc); 353 else 354 { 355 /* 356 * Make the path-not-found match windows. 357 */ 358 rc = VERR_FILE_NOT_FOUND; 359 size_t cch = strlen(pszNativePath); 360 while (cch > 0 && RTPATH_IS_SLASH(pszNativePath[cch - 1])) 361 cch--; 362 while (cch > 0 && !RTPATH_IS_SLASH(pszNativePath[cch - 1])) 363 cch--; 364 while (cch > 0 && RTPATH_IS_SLASH(pszNativePath[cch - 1])) 365 cch--; 366 if (cch >= 1) 367 { 368 char *pszParent = (char *)RTMemTmpAlloc(cch + 1); 369 if (pszParent) 370 { 371 memcpy(pszParent, pszNativePath, cch); 372 pszParent[cch] = '\0'; 373 if (stat(pszParent, &Stat) && errno == ENOENT) 374 rc = VERR_PATH_NOT_FOUND; 375 RTMemTmpFree(pszParent); 376 } 377 } 378 } 379 } 380 } 381 else 382 { 383 rc = rmdir(pszNativePath); 384 if (rc) 385 { 386 rc = errno; 387 if (rc == EEXIST) /* Solaris returns this, the rest have ENOTEMPTY. */ 388 rc = VERR_DIR_NOT_EMPTY; 389 else 390 rc = RTErrConvertFromErrno(rc); 391 } 392 } 393 394 rtPathFreeNative(pszNativePath, pszPath); 395 } 396 return rc; 317 397 } 318 398 -
trunk/src/VBox/Runtime/r3/win/path-win.cpp
r99758 r105631 604 604 605 605 606 #if 0 /* RTPathUnlink-r3-nt.cpp */ 606 607 RTR3DECL(int) RTPathUnlink(const char *pszPath, uint32_t fUnlink) 607 608 { … … 609 610 return VERR_NOT_IMPLEMENTED; 610 611 } 612 #endif 611 613 612 614 -
trunk/src/VBox/Runtime/testcase/Makefile.kmk
r102488 r105631 129 129 tstRTPathGlob \ 130 130 tstRTPathQueryInfo \ 131 tstRTPathUnlink \ 131 132 tstRTPipe \ 132 133 tstRTPoll \ … … 782 783 tstRTPathQueryInfo_SOURCES = tstRTPathQueryInfo.cpp 783 784 785 tstRTPathUnlink_TEMPLATE = VBoxR3TstExe 786 tstRTPathUnlink_SOURCES = tstRTPathUnlink.cpp 787 784 788 tstRTPipe_TEMPLATE = VBoxR3TstExe 785 789 tstRTPipe_SOURCES = tstRTPipe.cpp
Note:
See TracChangeset
for help on using the changeset viewer.
