1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 #include "apr_private.h"
18 #include "apr_strings.h"
19 #include "apr_portable.h"
21 #include "apr_arch_file_io.h"
22 #if APR_HAVE_SYS_TYPES_H
23 #include <sys/types.h>
27 /* Internal sid binary to string translation, see MSKB Q131320.
28 * Several user related operations require our SID to access
29 * the registry, but in a string format. All error handling
30 * depends on IsValidSid(), which internally we better test long
33 void get_sid_string(char *buf, int blen, apr_uid_t id)
35 PSID_IDENTIFIER_AUTHORITY psia;
40 /* Determine authority values (these is a big-endian value,
41 * and NT records the value as hex if the value is > 2^32.)
43 psia = GetSidIdentifierAuthority(id);
44 nsa = (DWORD)(psia->Value[5]) + ((DWORD)(psia->Value[4]) << 8)
45 + ((DWORD)(psia->Value[3]) << 16) + ((DWORD)(psia->Value[2]) << 24);
46 sa = (DWORD)(psia->Value[1]) + ((DWORD)(psia->Value[0]) << 8);
48 slen = apr_snprintf(buf, blen, "S-%lu-0x%04x%08x",
49 SID_REVISION, sa, nsa);
51 slen = apr_snprintf(buf, blen, "S-%lu-%lu",
55 /* Now append all the subauthority strings.
57 nsa = *GetSidSubAuthorityCount(id);
58 for (sa = 0; sa < nsa; ++sa) {
59 slen += apr_snprintf(buf + slen, blen - slen, "-%lu",
60 *GetSidSubAuthority(id, sa));
64 /* Query the ProfileImagePath from the version-specific branch, where the
65 * regkey uses the user's name on 9x, and user's sid string on NT.
67 APR_DECLARE(apr_status_t) apr_uid_homepath_get(char **dirname,
72 *dirname = apr_pstrdup(p, "/My Documents");
76 char regkey[MAX_PATH * 2];
82 if (apr_os_level >= APR_WIN_NT) {
86 if ((rv = apr_uid_get(&uid, &gid, username, p)) != APR_SUCCESS)
89 strcpy(regkey, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\"
91 keylen = strlen(regkey);
92 get_sid_string(regkey + keylen, sizeof(regkey) - keylen, uid);
95 strcpy(regkey, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\"
97 keylen = strlen(regkey);
98 apr_cpystrn(regkey + keylen, username, sizeof(regkey) - keylen);
102 if ((rv = RegOpenKeyEx(HKEY_LOCAL_MACHINE, regkey, 0,
103 KEY_QUERY_VALUE, &key)) != ERROR_SUCCESS)
104 return APR_FROM_OS_ERROR(rv);
106 #if APR_HAS_UNICODE_FS
110 keylen = sizeof(regkey);
111 rv = RegQueryValueExW(key, L"ProfileImagePath", NULL, &type,
112 (void*)regkey, &keylen);
114 if (rv != ERROR_SUCCESS)
115 return APR_FROM_OS_ERROR(rv);
116 if (type == REG_SZ) {
117 char retdir[MAX_PATH];
118 if ((rv = unicode_to_utf8_path(retdir, sizeof(retdir),
119 (apr_wchar_t*)regkey)) != APR_SUCCESS)
121 *dirname = apr_pstrdup(p, retdir);
123 else if (type == REG_EXPAND_SZ) {
124 apr_wchar_t path[MAX_PATH];
125 char retdir[MAX_PATH];
126 ExpandEnvironmentStringsW((apr_wchar_t*)regkey, path,
128 if ((rv = unicode_to_utf8_path(retdir, sizeof(retdir), path))
131 *dirname = apr_pstrdup(p, retdir);
140 keylen = sizeof(regkey);
141 rv = RegQueryValueEx(key, "ProfileImagePath", NULL, &type,
142 (void*)regkey, &keylen);
144 if (rv != ERROR_SUCCESS)
145 return APR_FROM_OS_ERROR(rv);
146 if (type == REG_SZ) {
147 *dirname = apr_pstrdup(p, regkey);
149 else if (type == REG_EXPAND_SZ) {
151 ExpandEnvironmentStrings(regkey, path, sizeof(path));
152 *dirname = apr_pstrdup(p, path);
157 #endif /* APR_HAS_ANSI_FS */
158 for (fixch = *dirname; *fixch; ++fixch)
162 #endif /* _WIN32_WCE */
165 APR_DECLARE(apr_status_t) apr_uid_current(apr_uid_t *uid,
175 TOKEN_PRIMARY_GROUP *grp;
177 if(!OpenProcessToken(GetCurrentProcess(), STANDARD_RIGHTS_READ | READ_CONTROL | TOKEN_QUERY, &threadtok)) {
178 return apr_get_os_error();
182 if (!GetTokenInformation(threadtok, TokenUser, NULL, 0, &needed)
183 && (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
184 && (usr = apr_palloc(p, needed))
185 && GetTokenInformation(threadtok, TokenUser, usr, needed, &needed))
186 *uid = usr->User.Sid;
188 return apr_get_os_error();
190 if (!GetTokenInformation(threadtok, TokenPrimaryGroup, NULL, 0, &needed)
191 && (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
192 && (grp = apr_palloc(p, needed))
193 && GetTokenInformation(threadtok, TokenPrimaryGroup, grp, needed, &needed))
194 *gid = grp->PrimaryGroup;
196 return apr_get_os_error();
202 APR_DECLARE(apr_status_t) apr_uid_get(apr_uid_t *uid, apr_gid_t *gid,
203 const char *username, apr_pool_t *p)
208 SID_NAME_USE sidtype;
212 DWORD domlen = sizeof(anydomain);
216 if (pos = strchr(username, '/')) {
217 domain = apr_pstrndup(p, username, pos - username);
220 else if (pos = strchr(username, '\\')) {
221 domain = apr_pstrndup(p, username, pos - username);
227 /* Get nothing on the first pass ... need to size the sid buffer
229 rv = LookupAccountName(domain, username, domain, &sidlen,
230 anydomain, &domlen, &sidtype);
232 /* Give it back on the second pass
234 *uid = apr_palloc(p, sidlen);
235 domlen = sizeof(anydomain);
236 rv = LookupAccountName(domain, username, *uid, &sidlen,
237 anydomain, &domlen, &sidtype);
239 if (!sidlen || !rv) {
240 return apr_get_os_error();
242 /* There doesn't seem to be a simple way to retrieve the primary group sid
249 APR_DECLARE(apr_status_t) apr_uid_name_get(char **username, apr_uid_t userid,
253 *username = apr_pstrdup(p, "Administrator");
257 char name[MAX_PATH], domain[MAX_PATH];
258 DWORD cbname = sizeof(name), cbdomain = sizeof(domain);
261 if (!LookupAccountSid(NULL, userid, name, &cbname, domain, &cbdomain, &type))
262 return apr_get_os_error();
263 if (type != SidTypeUser && type != SidTypeAlias && type != SidTypeWellKnownGroup)
265 *username = apr_pstrdup(p, name);
270 APR_DECLARE(apr_status_t) apr_uid_compare(apr_uid_t left, apr_uid_t right)
275 if (!IsValidSid(left) || !IsValidSid(right))
277 if (!EqualSid(left, right))
278 return APR_EMISMATCH;
284 APR_DECLARE(apr_status_t) apr_get_home_directory(char **dirname,
285 const char *username,
288 return apr_uid_homepath_get(dirname, username, p);
292 APR_DECLARE(apr_status_t) apr_get_userid(apr_uid_t *uid, apr_gid_t *gid,
293 const char *username, apr_pool_t *p)
295 return apr_uid_get(uid, gid, username, p);
299 APR_DECLARE(apr_status_t) apr_current_userid(apr_uid_t *uid,
303 return apr_uid_current(uid, gid, p);
307 APR_DECLARE(apr_status_t) apr_compare_users(apr_uid_t left, apr_uid_t right)
309 return apr_uid_compare(left, right);
313 APR_DECLARE(apr_status_t) apr_get_username(char **username, apr_uid_t userid,
316 return apr_uid_name_get(username, userid, p);