From f4d696f48b2188310e87f64a14e7eb7619ec078f Mon Sep 17 00:00:00 2001 From: Sebastian Thiel Date: Fri, 29 Dec 2023 09:51:24 +0100 Subject: [PATCH] upgrade `windows` to v0.52 --- Cargo.lock | 23 ++++++++++++++-- gix-sec/Cargo.toml | 2 +- gix-sec/src/identity.rs | 61 ++++++++++++++++++++--------------------- 3 files changed, 51 insertions(+), 35 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index d37358e3257..e9b7a2e2733 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2398,7 +2398,7 @@ dependencies = [ "libc", "serde", "tempfile", - "windows 0.48.0", + "windows 0.52.0", ] [[package]] @@ -5152,10 +5152,20 @@ version = "0.51.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ca229916c5ee38c2f2bc1e9d8f04df975b4bd93f9955dc69fabb5d91270045c9" dependencies = [ - "windows-core", + "windows-core 0.51.1", "windows-targets 0.48.5", ] +[[package]] +name = "windows" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e48a53791691ab099e5e2ad123536d0fff50652600abaf43bbf952894110d0be" +dependencies = [ + "windows-core 0.52.0", + "windows-targets 0.52.0", +] + [[package]] name = "windows-core" version = "0.51.1" @@ -5165,6 +5175,15 @@ dependencies = [ "windows-targets 0.48.5", ] +[[package]] +name = "windows-core" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9" +dependencies = [ + "windows-targets 0.52.0", +] + [[package]] name = "windows-sys" version = "0.48.0" diff --git a/gix-sec/Cargo.toml b/gix-sec/Cargo.toml index 12b4ae02d80..c96fb28656c 100644 --- a/gix-sec/Cargo.toml +++ b/gix-sec/Cargo.toml @@ -27,7 +27,7 @@ libc = "0.2.123" [target.'cfg(windows)'.dependencies] gix-path = { version = "^0.10.1", path = "../gix-path" } -windows = { version = "0.48", features = [ +windows = { version = "0.52.0", features = [ "Win32_Foundation", "Win32_Security_Authorization", "Win32_Storage_FileSystem", diff --git a/gix-sec/src/identity.rs b/gix-sec/src/identity.rs index 87c697fc494..93011274ffd 100644 --- a/gix-sec/src/identity.rs +++ b/gix-sec/src/identity.rs @@ -62,17 +62,14 @@ mod impl_ { use windows::{ core::{Error, PCWSTR}, Win32::{ - Foundation::{CloseHandle, BOOL, HANDLE, HLOCAL, PSID}, + Foundation::{CloseHandle, LocalFree, BOOL, HANDLE, HLOCAL, PSID}, Security::{ Authorization::{GetNamedSecurityInfoW, SE_FILE_OBJECT}, CheckTokenMembership, EqualSid, GetTokenInformation, IsWellKnownSid, TokenOwner, WinBuiltinAdministratorsSid, OWNER_SECURITY_INFORMATION, PSECURITY_DESCRIPTOR, TOKEN_OWNER, TOKEN_QUERY, }, - System::{ - Memory::LocalFree, - Threading::{GetCurrentProcess, GetCurrentThread, OpenProcessToken, OpenThreadToken}, - }, + System::Threading::{GetCurrentProcess, GetCurrentThread, OpenProcessToken, OpenThreadToken}, }, }; @@ -113,43 +110,43 @@ mod impl_ { let mut token = HANDLE::default(); // Use the current thread token if possible, otherwise open the process token OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, true, &mut token) - .ok() - .or_else(|_| OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &mut token).ok())?; + .or_else(|_| OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &mut token))?; let mut buffer_size = 0; let mut buffer = Vec::::new(); - GetTokenInformation(token, TokenOwner, None, 0, &mut buffer_size); + GetTokenInformation(token, TokenOwner, None, 0, &mut buffer_size)?; if buffer_size != 0 { buffer.resize(buffer_size as usize, 0); - if GetTokenInformation( + match GetTokenInformation( token, TokenOwner, Some(buffer.as_mut_ptr() as *mut std::ffi::c_void), buffer_size, &mut buffer_size, - ) - .as_bool() - { - let token_owner = buffer.as_ptr() as *const TOKEN_OWNER; - let token_owner = (*token_owner).Owner; - - is_owned = EqualSid(folder_owner, token_owner).as_bool(); - - // Admin-group owned folders are considered owned by the current user, if they are in the admin group - if !is_owned && IsWellKnownSid(token_owner, WinBuiltinAdministratorsSid).as_bool() { - let mut is_member = BOOL::default(); - // TODO: re-use the handle - match CheckTokenMembership(HANDLE::default(), token_owner, &mut is_member).ok() { - Err(e) => err_msg = Some(format!("Couldn't check if user is an administrator: {}", e)), - Ok(()) => is_owned = is_member.as_bool(), + ) { + Ok(()) => { + let token_owner = buffer.as_ptr() as *const TOKEN_OWNER; + let token_owner = (*token_owner).Owner; + + is_owned = EqualSid(folder_owner, token_owner).is_ok(); + + // Admin-group owned folders are considered owned by the current user, if they are in the admin group + if !is_owned && IsWellKnownSid(token_owner, WinBuiltinAdministratorsSid).as_bool() { + let mut is_member = BOOL::default(); + // TODO: re-use the handle + match CheckTokenMembership(HANDLE::default(), token_owner, &mut is_member) { + Err(e) => { + err_msg = Some(format!("Couldn't check if user is an administrator: {}", e)) + } + Ok(()) => is_owned = is_member.as_bool(), + } } } - } else { - err_msg = format!( - "Couldn't get actual token information for current process with err: {}", - Error::from_win32() - ) - .into(); + Err(err) => { + err_msg = + format!("Couldn't get actual token information for current process with err: {err}",) + .into(); + } } } else { err_msg = format!( @@ -158,7 +155,7 @@ mod impl_ { ) .into(); } - CloseHandle(token); + CloseHandle(token)?; } else { err_msg = format!( "Couldn't get security information for path '{}' with err {}", @@ -167,7 +164,7 @@ mod impl_ { ) .into(); } - LocalFree(HLOCAL(pdescriptor.0 as isize)).ok(); + LocalFree(HLOCAL(pdescriptor.0)).ok(); } err_msg.map(|msg| Err(err(msg))).unwrap_or(Ok(is_owned))