refactor so that the windows implementation can happen (#386)

Byron · Byron · commit 7bbe44c979bd · 2022-04-15T19:53:22.000+08:00
For posterity, using the windows API is absolutely terrible and
I hope I don't have to do it again anytime soon.

More importantly, I hope that it works nonetheless.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/git-sec/Cargo.toml b/git-sec/Cargo.toml
@@ -22,6 +22,8 @@ serde = { version = "1.0.114", optional = true, default-features = false, featur
 [target.'cfg(not(windows))'.dependencies]
 libc = "0.2.123"
 
+[target.'cfg(windows)'.dependencies]
+windows = { version = "0.35.0", features = ["Win32_System_Threading", "Win32_Foundation", "Win32_Security", "Win32_Security_Authorization"] }
 
 [dev-dependencies]
 tempfile = "3.3.0"
diff --git a/git-sec/src/lib.rs b/git-sec/src/lib.rs
@@ -3,14 +3,6 @@
 
 /// Various types to identify entities.
 pub mod identity {
-    /// A unix user id as obtained from the file system.
-    #[cfg(not(windows))]
-    pub type UserId = u32;
-
-    /// A windows [security identifier](https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/security-identifiers)
-    /// in its stringified form.
-    #[cfg(windows)]
-    pub type UserId = String;
 
     #[derive(PartialEq, Eq, Debug, Hash, Ord, PartialOrd, Clone)]
     #[cfg_attr(feature = "serde1", derive(serde::Serialize, serde::Deserialize))]
@@ -25,56 +17,119 @@ pub mod identity {
     use std::borrow::Cow;
     use std::path::Path;
 
-    /// Obtain the owner of the given `path`.
-    pub fn from_path(path: Cow<'_, Path>) -> std::io::Result<UserId> {
-        impl_::from_path(path)
-    }
-
-    /// Obtain the of the currently running process.
-    pub fn from_process() -> Result<UserId, from_process::Error> {
-        impl_::from_process()
-    }
-
+    /// Returns true if the given `path` is owned by the user who is executing the current process.
     ///
-    pub mod from_process {
-        use crate::identity::impl_;
-
-        /// The error returned by [from_process()][super::from_process()].
-        pub type Error = impl_::FromProcessError;
+    /// Note that this method is very specific to avoid having to deal with any operating system types.
+    pub fn is_path_owned_by_current_user(path: Cow<'_, Path>) -> std::io::Result<bool> {
+        impl_::is_path_owned_by_current_user(path)
     }
 
     #[cfg(not(windows))]
     mod impl_ {
-        use crate::identity::UserId;
         use std::borrow::Cow;
         use std::path::Path;
 
-        pub fn from_path(path: Cow<'_, Path>) -> std::io::Result<UserId> {
-            use std::os::unix::fs::MetadataExt;
-            let meta = std::fs::symlink_metadata(path)?;
-            Ok(meta.uid())
-        }
+        pub fn is_path_owned_by_current_user(path: Cow<'_, Path>) -> std::io::Result<bool> {
+            fn from_path(path: Cow<'_, Path>) -> std::io::Result<u32> {
+                use std::os::unix::fs::MetadataExt;
+                let meta = std::fs::symlink_metadata(path)?;
+                Ok(meta.uid())
+            }
 
-        pub type FromProcessError = std::convert::Infallible;
-        pub fn from_process() -> Result<UserId, FromProcessError> {
-            // SAFETY: there is no documented possibility for failure
-            #[allow(unsafe_code)]
-            let uid = unsafe { libc::geteuid() };
-            Ok(uid)
+            fn from_process() -> std::io::Result<u32> {
+                // SAFETY: there is no documented possibility for failure
+                #[allow(unsafe_code)]
+                let uid = unsafe { libc::geteuid() };
+                Ok(uid)
+            }
+
+            Ok(from_path(path)? == from_process()?)
         }
     }
 
     #[cfg(windows)]
     mod impl_ {
-        use crate::identity::UserId;
         use std::borrow::Cow;
         use std::path::Path;
 
-        pub fn from_path(path: Cow<'_, Path>) -> std::io::Result<UserId> {
-            todo!("unix")
+        fn err(msg: &str) -> std::io::Error {
+            std::io::Error::new(std::io::ErrorKind::Other, msg)
         }
-        pub fn from_process() -> std::io::Result<UserId> {
-            todo!("process")
+
+        pub fn is_path_owned_by_current_user(path: Cow<'_, Path>) -> std::io::Result<bool> {
+            use windows::Win32::{
+                Foundation::{CloseHandle, ERROR_SUCCESS, HANDLE, PSID},
+                Security,
+                Security::Authorization::SE_FILE_OBJECT,
+                System::Threading,
+            };
+            let mut handle = HANDLE::default();
+            let mut descriptor = Security::PSECURITY_DESCRIPTOR::default();
+            let mut err_msg = None;
+            let mut is_owned = false;
+
+            #[allow(unsafe_code)]
+            unsafe {
+                Threading::OpenProcessToken(Threading::GetCurrentProcess(), Security::TOKEN_QUERY, &mut handle)
+                    .ok()
+                    .map_err(|_| err("Failed to open process token"))?;
+
+                let mut len = 0_u32;
+                if Security::GetTokenInformation(&handle, Security::TokenUser, std::ptr::null_mut(), 0, &mut len)
+                    .as_bool()
+                {
+                    let mut token_user = Security::TOKEN_USER::default();
+                    if Security::GetTokenInformation(
+                        &handle,
+                        Security::TokenUser,
+                        &mut token_user as *mut _ as *mut std::ffi::c_void,
+                        len,
+                        &mut len,
+                    )
+                    .as_bool()
+                    {
+                        // NOTE: we avoid to copy the sid or cache it in any way for now, even though it should be possible
+                        //       with a custom allocation/vec/box and it's just very raw. Can the `windows` crate do better?
+                        //       When/If yes, then let's improve this.
+                        if Security::IsValidSid(token_user.User.Sid).as_bool() {
+                            use std::os::windows::ffi::OsStrExt;
+                            let mut wide_path: Vec<_> = path.as_ref().as_os_str().encode_wide().collect();
+                            // err = GetNamedSecurityInfoW(wpath, SE_FILE_OBJECT,
+                            //                             OWNER_SECURITY_INFORMATION |
+                            //                                 DACL_SECURITY_INFORMATION,
+                            //                             &sid, NULL, NULL, NULL, &descriptor);
+                            let mut path_sid = PSID::default();
+                            let res = Security::Authorization::GetNamedSecurityInfoW(
+                                windows::core::PCWSTR(wide_path.as_mut_ptr()),
+                                SE_FILE_OBJECT,
+                                Security::OWNER_SECURITY_INFORMATION | Security::DACL_SECURITY_INFORMATION,
+                                &mut path_sid,
+                                std::ptr::null_mut(),
+                                std::ptr::null_mut(),
+                                std::ptr::null_mut(),
+                                &mut descriptor,
+                            );
+
+                            if res == ERROR_SUCCESS.0 && Security::IsValidSid(path_sid).as_bool() {
+                                is_owned = Security::EqualSid(path_sid, token_user.User.Sid).as_bool();
+                            } else {
+                                err_msg = "couldn't get owner for path or it wasn't valid".into();
+                            }
+                        } else {
+                            err_msg = "owner id of current process wasn't set or valid".into();
+                        }
+                    } else {
+                        err_msg = "Could not get information about the token user".into();
+                    }
+                } else {
+                    err_msg = "Could not get token information for length of token user".into();
+                }
+                CloseHandle(handle);
+                if !descriptor.is_invalid() {
+                    windows::core::heap_free(descriptor.0);
+                }
+            }
+            err_msg.map(|msg| Err(err(msg))).unwrap_or(Ok(is_owned))
         }
     }
 }
diff --git a/git-sec/tests/identity/mod.rs b/git-sec/tests/identity/mod.rs
@@ -1,8 +1,8 @@
 mod uid {
     #[test]
-    fn from_path() {
-        let dir = tempfile::tempdir().unwrap();
-        let owner = git_sec::identity::from_path(dir.path().into()).unwrap();
-        assert_eq!(owner, git_sec::identity::from_process().unwrap());
+    fn from_path() -> crate::Result {
+        let dir = tempfile::tempdir()?;
+        assert!(git_sec::identity::is_path_owned_by_current_user(dir.path().into())?);
+        Ok(())
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,8 +1,8 @@`
`1`	`1`	`mod uid {`
`2`	`2`	`#[test]`
`3`		`- fn from_path() {`
`4`		`- let dir = tempfile::tempdir().unwrap();`
`5`		`- let owner = git_sec::identity::from_path(dir.path().into()).unwrap();`
`6`		`- assert_eq!(owner, git_sec::identity::from_process().unwrap());`
	`3`	`+ fn from_path() -> crate::Result {`
	`4`	`+ let dir = tempfile::tempdir()?;`
	`5`	`+ assert!(git_sec::identity::is_path_owned_by_current_user(dir.path().into())?);`
	`6`	`+ Ok(())`
`7`	`7`	`}`
`8`	`8`	`}`