archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/inetsrv/iis/svcs/cmp/webdav/_davprs/security.cpp

163 lines
5.1 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*
  2. * S E C U R I T Y . C P P
  3. *
  4. * Url security checks. While these would seem to only apply to HttpEXT,
  5. * all impls. that care about ASP execution should really think about this.
  6. *
  7. * Bits stolen from the IIS5 project 'iis5\infocom\cache2\filemisc.cxx' and
  8. * cleaned up to fit in with the DAV sources.
  9. *
  10. * Copyright 1986-1997 Microsoft Corporation, All Rights Reserved
  11. */
  13. #include "_davprs.h"
  15. // This function takes a suspected NT/Win95 short filename and checks
  16. // if there's an equivalent long filename.
  17. //
  18. // For example, c:\foobar\ABCDEF~1.ABC is the same as
  19. // c:\foobar\abcdefghijklmnop.abc.
  20. //
  21. // If there is an equivalent, we need to FAIL this path, because our metabase
  22. // will NOT have the correct values listed under the short paths!
  23. // If there is no equivalent, this path can be allowed through, because it
  24. // might be a real storage entitiy (not an alias for a real storage entity).
  25. //
  26. // NOTE: This function should be called unimpersonated - the FindFirstFile()
  27. // must be called in the system context since most systems have traverse
  28. // checking turned off - except for the UNC case where we must be impersonated
  29. // to get network access.
  30. //
  31. SCODE __fastcall
  32. ScCheckIfShortFileName (
  33. /* [in] */ LPCWSTR pwszPath,
  34. /* [in] */ const HANDLE hitUser)
  35. {
  36. WIN32_FIND_DATAW fd;
  37. LPCWSTR pwsz;
  38. BOOL fUNC = FALSE;
  40. // Skip forward to find the first '~'
  41. //
  42. if (NULL == (pwsz = wcschr(pwszPath, L'~')))
  43. return S_OK;
  45. //$ REVIEW: this is not sufficient for DavEX, but it is unclear that
  46. // this function applies there. Certainly the FindFirstFile() call
  47. // will fail at this time.
  48. //
  49. fUNC = (*pwszPath == L'\\');
  50. Assert (!fUNC || (NULL != hitUser));
  52. // We actually need to loop in case multiple '~' appear in the filename
  53. //
  54. do
  55. {
  56. // At this point, pwsz should be pointing to the '~'
  57. //
  58. Assert (L'~' == *pwsz);
  60. // Is the next char a digit?
  61. //
  62. pwsz++;
  63. if ((*pwsz >= L'0') && (*pwsz <= L'9'))
  64. {
  65. WCHAR wszTmp[MAX_PATH];
  66. const WCHAR * pwchEndSeg;
  67. const WCHAR * pwchBeginSeg;
  68. HANDLE hFind;
  70. // Isolate the path up to the segment with the
  71. // '~' and do the FindFirstFile with that path
  72. //
  73. pwchEndSeg = wcschr (pwsz, L'\\');
  74. if (!pwchEndSeg)
  75. {
  76. pwchEndSeg = pwsz + wcslen (pwsz);
  77. }
  79. // If the string is beyond MAX_PATH then we fail it.
  80. // urls this long don't need to have '~N' in them.
  81. //
  82. // Also check that our buffer is big enough to handle anything
  83. // that gets through this check.
  84. //
  85. // NOTE: We are assuming that other code outside this function
  86. // will catch paths that are larger than MAX_PATH and FAIL them.
  87. //
  88. //$ REVIEW: the MAX_PATH restriction is very important because
  89. // the call to FindFirstFile() will fail if the path is larger
  90. // than MAX_PATH. Should we ever decide to support larger paths
  91. // in HttpEXT, this code will have to change.
  92. //
  93. Assert (MAX_PATH == CElems(wszTmp));
  94. if ((pwchEndSeg - pwszPath) >= MAX_PATH)
  95. return HRESULT_FROM_WIN32(ERROR_FILE_NOT_FOUND);
  97. // Make a copy of the string up to this point in the path
  98. //
  99. wcsncpy (wszTmp, pwszPath, pwchEndSeg - pwszPath);
  100. wszTmp[pwchEndSeg - pwszPath] = 0;
  102. // If we are not accessing a unc, then we need to revert
  103. // for our call to FindFirstFile() -- see comment above.
  104. //
  105. if (!fUNC)
  106. {
  107. safe_revert (const_cast<HANDLE>(hitUser));
  108. hFind = FindFirstFileW (wszTmp, &fd);
  109. }
  110. else
  111. hFind = FindFirstFileW (wszTmp, &fd);
  113. if (hFind == INVALID_HANDLE_VALUE)
  114. {
  115. // If the FindFirstFile() fails to find the file then
  116. // the filename cannot be a short name.
  117. //
  118. DWORD dw = GetLastError();
  119. if ((ERROR_FILE_NOT_FOUND != dw) && (ERROR_PATH_NOT_FOUND != dw))
  120. return HRESULT_FROM_WIN32(dw);
  122. return S_OK;
  123. }
  125. // Make sure the find context gets closed.
  126. //
  127. FindClose (hFind);
  129. // Isolate the last segment of the string which should be
  130. // the potential short name equivalency
  131. //
  132. pwchBeginSeg = wcsrchr (wszTmp, '\\');
  133. Assert (pwchBeginSeg);
  134. pwchBeginSeg++;
  136. // If the last segment doesn't match the long name then
  137. // this is the short name version (alias) of the path -- so
  138. // fail this function.
  139. //
  140. if (_wcsicmp (fd.cFileName, pwchBeginSeg))
  141. {
  142. DebugTrace ("Dav: Url: refers to shortname for file\n");
  143. Assert (!_wcsicmp (fd.cAlternateFileName, pwchBeginSeg));
  144. return E_DAV_SHORT_FILENAME;
  145. }
  146. }
  148. } while (NULL != (pwsz = wcschr (pwsz, L'~')));
  150. return S_OK;
  151. }
  153. SCODE __fastcall
  154. ScCheckForAltFileStream (
  155. /* [in] */ LPCWSTR pwszPath)
  156. {
  157. // Avoid the infamous ::$DATA bug
  158. //
  159. if (wcsstr (pwszPath, L"::"))
  160. return E_DAV_ALT_FILESTREAM;
  162. return S_OK;
  163. }