mirror of
https://github.com/php/php-src.git
synced 2024-10-04 08:16:11 +00:00
178 lines
4.0 KiB
PHP
178 lines
4.0 KiB
PHP
|
<?php
|
||
|
|
error_reporting(E_ALL);
|
||
|
|
define('PHPT_ACL_READ', 1 << 1);
|
||
|
|
define('PHPT_ACL_WRITE', 1 << 2);
|
||
|
|
define('PHPT_ACL_EXEC', 1 << 3);
|
||
|
|
define('PHPT_ACL_NONE', 1 << 4);
|
||
|
|
define('PHPT_ACL_FULL', 1 << 5);
|
||
|
|
|
||
|
|
define('PHPT_ACL_GRANT', 1);
|
||
|
|
define('PHPT_ACL_DENY', 2);
|
||
|
|
|
||
|
|
function skipif() {
|
||
|
|
if(substr(PHP_OS, 0, 3) != 'WIN' ) {
|
||
|
|
die('skip windows only test');
|
||
|
|
}
|
||
|
|
if(stripos(php_uname(), 'XP') !== FALSE) {
|
||
|
|
die('skip windows 2003 or newer only test');
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
function get_username(){
|
||
|
|
return getenv('USERNAME');
|
||
|
|
}
|
||
|
|
|
||
|
|
function get_domainname()
|
||
|
|
{
|
||
|
|
return getenv('USERDOMAIN');
|
||
|
|
}
|
||
|
|
|
||
|
|
function icacls_set($path, $mode, $perm) {
|
||
|
|
$user = get_username();
|
||
|
|
$path_escaped = '"' . $path . '"';
|
||
|
|
$perm_entry = array();
|
||
|
|
|
||
|
|
if ($perm & PHPT_ACL_READ) $perm_entry[] = 'R';
|
||
|
|
if ($perm & PHPT_ACL_WRITE) $perm_entry[] = 'W';
|
||
|
|
if ($perm & PHPT_ACL_EXEC) $perm_entry[] = 'RX';
|
||
|
|
if ($perm & PHPT_ACL_FULL) $perm_entry[] = 'F';
|
||
|
|
|
||
|
|
// Deny all
|
||
|
|
$cmd = 'icacls ' . $path_escaped . ' /inheritance:r /deny ' . $user . ':(F,M,R,RX,W)';
|
||
|
|
exec($cmd);
|
||
|
|
|
||
|
|
if ($perm & PHPT_ACL_NONE) {
|
||
|
|
/*
|
||
|
|
This is required to remove all the previously denied
|
||
|
|
permission for the USER. Just granting permission doesn't
|
||
|
|
remove the previously denied permission.
|
||
|
|
*/
|
||
|
|
$cmd = 'icacls ' . $path_escaped . ' /' . 'remove:d';
|
||
|
|
$cmd .= ' ' . $user;
|
||
|
|
exec($cmd);
|
||
|
|
$cmd = 'icacls ' . $path_escaped . ' /' . 'remove:g';
|
||
|
|
$cmd .= ' ' . $user;
|
||
|
|
exec($cmd);
|
||
|
|
return;
|
||
|
|
}
|
||
|
|
|
||
|
|
if ($mode == PHPT_ACL_GRANT) {
|
||
|
|
$mode = 'grant';
|
||
|
|
} else {
|
||
|
|
$mode = 'deny';
|
||
|
|
}
|
||
|
|
|
||
|
|
|
||
|
|
// Deny all
|
||
|
|
$cmd = 'icacls ' . $path_escaped . ' /deny ' . $user . ':(F,M,R,RX,W)';
|
||
|
|
exec($cmd);
|
||
|
|
|
||
|
|
/*
|
||
|
|
This is required to remove all the previously denied
|
||
|
|
permission for the USER. Just granting permission doesn't
|
||
|
|
remove the previously denied permission.
|
||
|
|
*/
|
||
|
|
$cmd = 'icacls ' . $path_escaped . ' /' . 'remove:d';
|
||
|
|
$cmd .= ' ' . $user;
|
||
|
|
exec($cmd);
|
||
|
|
$cmd = 'icacls ' . $path_escaped . ' /' . 'remove:g';
|
||
|
|
$cmd .= ' ' . $user;
|
||
|
|
exec($cmd);
|
||
|
|
|
||
|
|
|
||
|
|
/*
|
||
|
|
Required to set no permission and check that is_readable()
|
||
|
|
returns false. If the $perm_entry contains 'N' skip this step.
|
||
|
|
This will make the file/dir with NO aceess.
|
||
|
|
*/
|
||
|
|
if (!in_array('N', $perm_entry)) {
|
||
|
|
/*
|
||
|
|
This is required to remove all the previously denied
|
||
|
|
permission for the USER. Just granting permission doesn't
|
||
|
|
remove the previously denied permission.
|
||
|
|
*/
|
||
|
|
$cmd = 'icacls ' . $path_escaped . ' /' . 'remove:d';
|
||
|
|
$cmd .= ' ' . get_username();
|
||
|
|
exec($cmd);
|
||
|
|
$cmd = 'icacls ' . $path_escaped . ' /' . 'remove:g';
|
||
|
|
$cmd .= ' ' . get_username();
|
||
|
|
exec($cmd);
|
||
|
|
|
||
|
|
$cmd = 'icacls ' . $path_escaped . ' /' . $mode;
|
||
|
|
$cmd .= ' ' . get_username();
|
||
|
|
$cmd .= ':' . '(' . implode($perm_entry, ',') . ')';
|
||
|
|
exec($cmd);
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
function create_dir($name, $perms) {
|
||
|
|
if (empty($name)) {
|
||
|
|
echo "create_dir: Empty name is not allowed\n";
|
||
|
|
return;
|
||
|
|
}
|
||
|
|
|
||
|
|
mkdir($name);
|
||
|
|
$dst = realpath($name);
|
||
|
|
icacls_set($name, PHPT_ACL_GRANT, $perms);
|
||
|
|
}
|
||
|
|
|
||
|
|
function create_file($name, $perms) {
|
||
|
|
if (empty($name)) {
|
||
|
|
echo "create_dir: Empty name is not allowed\n";
|
||
|
|
return;
|
||
|
|
}
|
||
|
|
|
||
|
|
touch($name);
|
||
|
|
$dst = realpath($name);
|
||
|
|
icacls_set($name, PHPT_ACL_GRANT, $perms);
|
||
|
|
}
|
||
|
|
|
||
|
|
function delete_file($path) {
|
||
|
|
icacls_set($path, PHPT_ACL_GRANT, PHPT_ACL_FULL);
|
||
|
|
if (is_file($path)) {
|
||
|
|
unlink($path);
|
||
|
|
} else {
|
||
|
|
echo "delete_file: '$path' is not a file\n";
|
||
|
|
return;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
function delete_dir($path) {
|
||
|
|
if (is_dir($path)) {
|
||
|
|
icacls_set($path, PHPT_ACL_GRANT, PHPT_ACL_FULL);
|
||
|
|
rmdir($path);
|
||
|
|
} else {
|
||
|
|
echo "delete_dir: '$path' is not a directory\n";
|
||
|
|
return;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
if (0) {
|
||
|
|
$path = __DIR__ . '/a.txt';
|
||
|
|
create_file($path, PHPT_ACL_NONE);
|
||
|
|
if (!is_writable($path)) {
|
||
|
|
echo "PHPT_ACL_NONE success!!\n";
|
||
|
|
} else {
|
||
|
|
echo "PHPT_ACL_NONE failed!!\n";
|
||
|
|
}
|
||
|
|
delete_file($path);
|
||
|
|
|
||
|
|
$path = __DIR__ . '/a.txt';
|
||
|
|
create_file($path, PHPT_ACL_READ);
|
||
|
|
if (!is_writable($path)) {
|
||
|
|
echo "PHPT_ACL_READ success!!\n";
|
||
|
|
} else {
|
||
|
|
echo "PHPT_ACL_READ failed!!\n";
|
||
|
|
}
|
||
|
|
delete_file($path);
|
||
|
|
|
||
|
|
$path = __DIR__ . '/adir';
|
||
|
|
create_dir($path, PHPT_ACL_READ);
|
||
|
|
if (!is_writable($path)) {
|
||
|
|
echo "PHPT_ACL_READ dir success!!\n";
|
||
|
|
} else {
|
||
|
|
echo "PHPT_ACL_READ dir failed!!\n";
|
||
|
|
}
|
||
|
|
delete_dir($path);
|
||
|
|
|
||
|
|
}
|