From: Dmitry Stogov <dmitry@php.net>
Date: Tue, 27 Feb 2007 11:05:56 +0000 (+0000)
Subject: Backport: Fixed impersonation support for persistent FastCGI connections.
X-Git-Tag: php-4.4.6~4
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7e424740fd3097310cebe6a1e29aa29193673c85;p=php

Backport: Fixed impersonation support for persistent FastCGI connections.
---

diff --git a/sapi/cgi/libfcgi/fcgiapp.c b/sapi/cgi/libfcgi/fcgiapp.c
index 72df62014a..c81b06a7d1 100644
--- a/sapi/cgi/libfcgi/fcgiapp.c
+++ b/sapi/cgi/libfcgi/fcgiapp.c
@@ -2061,6 +2061,10 @@ void FCGX_Free(FCGX_Request * request, int close)
         OS_IpcClose(request->ipcFd, ! request->detached);
         request->ipcFd = -1;
         request->detached = 0;
+#ifdef _WIN32
+    } else {
+        OS_StopImpersonation();
+#endif
     }
 }
 
@@ -2225,6 +2229,10 @@ int FCGX_Accept_r(FCGX_Request *reqDataPtr)
             if (reqDataPtr->ipcFd < 0) {
                 return (errno > 0) ? (0 - errno) : -9999;
             }
+#ifdef _WIN32
+		} else if (!OS_StartImpersonation()) {
+			FCGX_Free(reqDataPtr, 1);
+#endif
         }
         /*
          * A connection is open.  Read from the connection in order to
diff --git a/sapi/cgi/libfcgi/include/fcgios.h b/sapi/cgi/libfcgi/include/fcgios.h
index f796456ab3..4a188fe2c5 100644
--- a/sapi/cgi/libfcgi/include/fcgios.h
+++ b/sapi/cgi/libfcgi/include/fcgios.h
@@ -129,6 +129,8 @@ DLLAPI void OS_ShutdownPending(void);
 
 #ifdef _WIN32
 DLLAPI int OS_SetImpersonate(void);
+int OS_StartImpersonation(void);
+void OS_StopImpersonation(void);
 #endif
 
 #if defined (__cplusplus) || defined (c_plusplus)
diff --git a/sapi/cgi/libfcgi/os_win32.c b/sapi/cgi/libfcgi/os_win32.c
index 05306f9e6d..58172b952d 100644
--- a/sapi/cgi/libfcgi/os_win32.c
+++ b/sapi/cgi/libfcgi/os_win32.c
@@ -306,6 +306,18 @@ int OS_SetImpersonate(void)
 	return 0;
 }
 
+int OS_StartImpersonation(void)
+{
+	return (!bImpersonate ||
+	        ((hListen != INVALID_HANDLE_VALUE) && 
+	         !ImpersonateNamedPipeClient(hListen)));
+}
+
+void OS_StopImpersonation(void)
+{
+	if (bImpersonate) RevertToSelf();
+}
+
 /*
  *--------------------------------------------------------------
  *
@@ -596,7 +608,7 @@ void OS_LibShutdown()
     if (stdioHandles[0] != INVALID_HANDLE_VALUE) {
 		DisconnectNamedPipe(hListen);
 		CancelIo(hListen);
-		if (bImpersonate) RevertToSelf();
+		OS_StopImpersonation();
 	}
 
     WSACleanup();
@@ -1763,14 +1775,14 @@ static int acceptNamedPipe()
     //
     // impersonate the client
     //
-    if(bImpersonate && !ImpersonateNamedPipeClient(hListen)) {
+    if(bImpersonate && OS_StartImpersonation()) {
         DisconnectNamedPipe(hListen);
     } else {
 		ipcFd = Win32NewDescriptor(FD_PIPE_SYNC, (int) hListen, -1);
 		if (ipcFd == -1) 
 		{
 			DisconnectNamedPipe(hListen);
-			if (bImpersonate) RevertToSelf();
+			OS_StopImpersonation();
 		}
 	}
 
@@ -1975,7 +1987,7 @@ int OS_IpcClose(int ipcFd, int shutdown)
 
         if (! DisconnectNamedPipe(fdTable[ipcFd].fid.fileHandle)) return -1;
 
-        if (bImpersonate) RevertToSelf();
+		OS_StopImpersonation();
 
         /* fall through */
     case FD_SOCKET_SYNC:
@@ -2049,4 +2061,3 @@ void OS_SetFlags(int fd, int flags)
     }
     return;
 }
-