Changeset 105631 in vbox for trunk/src/VBox/Runtime/r3/nt/RTPathUnlink-r3-nt.cpp

Timestamp:

Aug 9, 2024 12:59:18 AM (5 months ago)

Author:

vboxsync

Message:

IPRT/RTPathUnlink: Implemented NT and posix versions w/ simple testcase.

File:

• trunk/src/VBox/Runtime/r3/nt/RTPathUnlink-r3-nt.cpp (copied) (copied from trunk/src/VBox/Runtime/r3/nt/RTFileDelete-r3-nt.cpp ) (9 diffs)

trunk/src/VBox/Runtime/r3/nt/RTPathUnlink-r3-nt.cpp

@@ -42 +42 @@
 #include "internal-r3-nt.h"
 
-#include <iprt/file.h>
+#include <iprt/path.h>
 #include <iprt/err.h>
 
@@ -48 +48 @@
 
 
-RTDECL(int) RTFileDelete(const char *pszFilename)
+RTR3DECL(int) RTPathUnlink(const char *pszPath, uint32_t fUnlink)
 {
+    /*
+     * Validate input.
+     */
+    AssertPtrReturn(pszPath, VERR_INVALID_POINTER);
+    AssertReturn(*pszPath, VERR_INVALID_NAME);
+    AssertReturn(!(fUnlink & ~RTPATHUNLINK_FLAGS_NO_SYMLINKS), VERR_INVALID_FLAGS);
+
     /*
      * Convert and normalize the path.
@@ -55 +62 @@
     UNICODE_STRING NtName;
     HANDLE         hRootDir;
-    int rc = RTNtPathFromWinUtf8(&NtName, &hRootDir, pszFilename);
+    int rc = RTNtPathFromWinUtf8(&NtName, &hRootDir, pszPath);
     if (RT_SUCCESS(rc))
     {
-        ULONG fUnwantedFileAttribs = FILE_ATTRIBUTE_REPARSE_POINT | FILE_ATTRIBUTE_DIRECTORY;
-
         /*
-         * Try open it as a file or reparse point.
-         *
-         * Note! This will succeed on directory alternate data streams, despite
-         *       the FILE_NON_DIRECTORY_FILE flag.
-         *
-         *       OTOH, it will open the reparse point even if an ADS is
-         *       specified in the path (i.e. given symlink 'foo' targeting
-         *       directory 'bar\', attempts to open 'foo::$INDEX_ALLOCATION'
-         *       will result in opening the 'foo' reparse point and any
-         *       attempts to delete it will only delete 'foo', the 'bar'
-         *       directory will be left untouched - so safe).
+         * Try open the file system object without preference to directory or
+         * non-directory, while making sure we don't follow reparse points.
          */
         HANDLE              hPath   = RTNT_INVALID_HANDLE_VALUE;
@@ -78 +74 @@
         InitializeObjectAttributes(&ObjAttr, &NtName, 0 /*fAttrib*/, hRootDir, NULL);
 
-        ULONG fOpenOptions = FILE_NON_DIRECTORY_FILE | FILE_OPEN_FOR_BACKUP_INTENT | FILE_OPEN_REPARSE_POINT
-                           | FILE_SYNCHRONOUS_IO_NONALERT;
+        ULONG fOpenOptions = FILE_OPEN_FOR_BACKUP_INTENT | FILE_OPEN_REPARSE_POINT | FILE_SYNCHRONOUS_IO_NONALERT;
         NTSTATUS rcNt = NtCreateFile(&hPath,
-                                     DELETE | FILE_READ_ATTRIBUTES | SYNCHRONIZE,
+                                     DELETE | SYNCHRONIZE,
                                      &ObjAttr,
                                      &Ios,
@@ -91 +86 @@
                                      NULL /*EaBuffer*/,
                                      0 /*EaLength*/);
-        if (NT_SUCCESS(rcNt))
-        {
-            /*
-             * Check if it is a reparse point.
-             *
-             * DeleteFileW and MoveFileExW (on build 19040) will re-open reparse
-             * points other than symlinks, mount points (junctions?) and named
-             * pipe symlinks.  We OTOH, will just fail as that could be a
-             * potentially security problem, since unknown reparse point behaviour
-             * could be used for exploits if they work in a similar manner to the
-             * three just mentioned.
-             *
-             * To delete symbolic links, use RTSymlinkDelete.
-             *
-             * Alternative: We could model this on linux instead and also allow
-             * this function unlink symlinks, mount points and global reparse stuff,
-             * but fail on any other reparse point.  This would make the APIs work
-             * more or less the same across the platforms.  (Code is #if 0'ed below.)
-             *
-             * See @bugref{10632}.
-             */
-            FILE_ATTRIBUTE_TAG_INFORMATION TagInfo = {0, 0};
-            RTNT_IO_STATUS_BLOCK_REINIT(&Ios);
-            rcNt = NtQueryInformationFile(hPath, &Ios, &TagInfo, sizeof(TagInfo), FileAttributeTagInformation);
-            if (NT_SUCCESS(rcNt))
-            {
-                if (TagInfo.FileAttributes & FILE_ATTRIBUTE_REPARSE_POINT)
-                {
-#if 0
-                    if (   TagInfo.ReparseTag == IO_REPARSE_TAG_SYMLINK
-                        || TagInfo.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT
-                        || TagInfo.ReparseTag == IO_REPARSE_TAG_GLOBAL_REPARSE)
-                        fUnwantedFileAttribs = 0; /* Consider all symlinks to be files, even the ones pointing at directories. */
-                    else
-#endif
-                    {
-                        NtClose(hPath);
-                        hPath = RTNT_INVALID_HANDLE_VALUE;
-                        rcNt  = STATUS_DIRECTORY_IS_A_REPARSE_POINT;
-                        rc    = VERR_IS_A_SYMLINK;
-                    }
-                }
-            }
-            else if (rcNt == STATUS_INVALID_PARAMETER || rcNt == STATUS_NOT_IMPLEMENTED)
-                rcNt = STATUS_SUCCESS;
-            else
-            {
-                NtClose(hPath);
-                hPath = RTNT_INVALID_HANDLE_VALUE;
-            }
-        }
+
         /*
          * Retry w/o the FILE_OPEN_REPARSE_POINT if the file system returns
@@ -147 +92 @@
          * grok the reparse point stuff.
          */
-        else if (rcNt == STATUS_INVALID_PARAMETER)
+        if (rcNt == STATUS_INVALID_PARAMETER)
         {
             fOpenOptions &= ~FILE_OPEN_REPARSE_POINT;
@@ -153 +98 @@
             RTNT_IO_STATUS_BLOCK_REINIT(&Ios);
             rcNt = NtCreateFile(&hPath,
-                                DELETE | FILE_READ_ATTRIBUTES | SYNCHRONIZE,
+                                DELETE | SYNCHRONIZE,
                                 &ObjAttr,
                                 &Ios,
@@ -164 +109 @@
                                 0 /*EaLength*/);
         }
-        /* else:
-           DeleteFileW will retry opening the file w/o FILE_READ_ATTRIBUTES here when
-           the status code is STATUS_ACCESS_DENIED. We OTOH will not do that as we will
-           be querying attributes to check that it is a file and not a directory. */
-
         if (NT_SUCCESS(rcNt))
         {
             /*
-             * Recheck that this is a file and not a directory or a reparse point we
-             * don't approve of.
-             *
-             * This prevents us from accidentally deleting a directory via the
-             * ::$INDEX_ALLOCATION stream, at the cost of not being able to delete
-             * any alternate data streams on directories using this API.
-             *
-             * See @bugref{10632}.
+             * Delete it.
              */
-            FILE_BASIC_INFORMATION BasicInfo = {};
-            RTNT_IO_STATUS_BLOCK_REINIT(&Ios);
-            rcNt = NtQueryInformationFile(hPath, &Ios, &BasicInfo, sizeof(BasicInfo), FileBasicInformation);
+            FILE_DISPOSITION_INFORMATION DeleteInfo = { TRUE };
+            rcNt = NtSetInformationFile(hPath, &Ios, &DeleteInfo, sizeof(DeleteInfo), FileDispositionInformation);
             if (NT_SUCCESS(rcNt))
-            {
-                if (!(BasicInfo.FileAttributes & fUnwantedFileAttribs))
-                {
-                    /*
-                     * Okay, it is a file.  Delete it.
-                     */
-                    FILE_DISPOSITION_INFORMATION DeleteInfo = { TRUE };
-                    rcNt = NtSetInformationFile(hPath, &Ios, &DeleteInfo, sizeof(DeleteInfo), FileDispositionInformation);
-                }
-                else if (BasicInfo.FileAttributes & FILE_ATTRIBUTE_DIRECTORY)
-                    rc = VERR_IS_A_DIRECTORY;
-                else
-                    rc = VERR_IS_A_SYMLINK;
-            }
+                rc = VINF_SUCCESS;
             else
                 rc = RTErrConvertFromNtStatus(rcNt);
@@ -206 +125 @@
                 rc = RTErrConvertFromNtStatus(rcNt);
         }
-        else if (RT_SUCCESS_NP(rc))
+        else
             rc = RTErrConvertFromNtStatus(rcNt);
         RTNtPathFree(&NtName, &hRootDir);