php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #52376 opendir() cannot open UNC paths in IIS7 using passthrough auth.
Submitted: 2010-07-19 12:38 UTC Modified: 2017-10-24 07:32 UTC
Votes:15
Avg. Score:4.6 ± 0.8
Reproduced:12 of 12 (100.0%)
Same Version:4 (33.3%)
Same OS:10 (83.3%)
From: ryan at kisc dot edu dot np Assigned:
Status: Open Package: *Directory/Filesystem functions
PHP Version: 5.3.2 OS: win64 - W2008R2
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ryan at kisc dot edu dot np
New email:
PHP Version: OS:

 

 [2010-07-19 12:38 UTC] ryan at kisc dot edu dot np
Description:
------------
This seems to be identical to #50542 but that one was closed and I couldn't do anything to it.

Basically it was marked closed because with passthrough-authentication essentially disabled by putting a username in "physical path credentials" and selecting ClearText in the "Physical Path Credentials Logon Type" both in advanced settings, this can be made to work so long as that configuration is acceptable.

I too am having trouble with this and unfortunately the solution of editing
physical path credentials breaks the pass through authentication to the
database, ldap, and other things. This all worked on 5.3.1 with IIS6 on W2K3 but
on IIS7 with W2K8R2 no joy. So I upgraded to 5.3.2, still no joy. My application is so reliant on the pass-through authentication that when I do arrange things such that opendir works (clear-text + specific physical path credentials) the system becomes a single user system!

So I can confirm the workaround mentioned for #50542 works if the environment allows for it, but mine does not. Any other ideas? If I connect to IIS using the environment requirement of network type auth and pass-through authentication it does NOT work, though it really should. If I use that exact same user in the "physical path credentials" field and set "clear text" opendir suddenly works. Please don't close this as it really is a bug and apparently specific to IIS7

Test script:
---------------
<?PHP
error_reporting(E_ALL);
opendir("any UNC path at all"); //example //someserver/someshare/somefolder
?>

Expected result:
----------------
I expect to get no errors.



Actual result:
--------------
Warning: opendir(//someserver/someshare/somefolder,//someserver/someshare/somefolder) [function.opendir]: Access is denied. (code: 5) in C:\inetpub\wwwroot\testdir.php on line 2

Warning: opendir(//someserver/someshare/somefolder) [function.opendir]: failed to open dir: No such file or directory in C:\inetpub\wwwroot\testdir.php on line 2

Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-07-19 23:50 UTC] pajoye@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: pajoye
 [2010-07-19 23:50 UTC] pajoye@php.net
Can you try to follow the advice here please:

http://support.microsoft.com/kb/214806
 [2010-07-20 04:04 UTC] ryan at kisc dot edu dot np
-Status: Feedback +Status: Assigned
 [2010-07-20 04:04 UTC] ryan at kisc dot edu dot np
Well, that allows me to browse to the folder via chrome and essentially does the 
same thing as the 
workaround from #50542 but only on the one folder which could work. What it does 
not appear to do 
is give me programmatic access to the folder. The instructions in that KB are 
outdated as it uses 
adsutil.vbs and the setting is the same as the "Physical Path Credentials" from 
the IIS manager. 
This could work, in a much less than ideal way, if there is some way to run 
"opendir" on the 
virtual directory without specifying the unc path (since the UNC path itself 
still does not work). 
I could just be unaware of how, since it seems to use the system paths and not 
honor or even 
acknowledge virtual directories. I tried lots of different formats against my 
better judgement but 
none worked. I even tried using the http path reference. Still no joy. I've used 
PHP since 1998 but 
realize something could have changed at any one of the releases, however I'm not 
sure I see how a 
virtual directory could solve the ability to use opendir. Fair enough if this 
was just a try. I'm 
happy to keep trying if it can help the community. This worked fabulously in 
IIS6. I also confess 
that it appears to be Microsoft's fault. Very frustrating.

I wonder if I can create a symbolic link equivalent. I've done this before in 
older versions of 
windows, but I don't think I've ever done it to a network share. In my case I 
may be able to just 
move the share to the IIS server and be done with it, but I'm willing to stick 
this out if it will 
help find a solution to this issue.
 [2010-07-20 04:08 UTC] ryan at kisc dot edu dot np
-Status: Assigned +Status: Open
 [2010-07-20 04:08 UTC] ryan at kisc dot edu dot np
sorry about the line breaks, apparently this site doesn't like what Chrome does when I resize the text box. I'll be more careful in the future. Actually this site seems to hate Chrome altogether. 
I keep getting "incorrect username" constantly. The bug site is buggy, at least in Chrome.
 [2010-07-20 04:42 UTC] aharvey@php.net
-Status: Open +Status: Assigned
 [2010-07-20 04:42 UTC] aharvey@php.net
(Restoring status.)

As a fellow Chrome user, I feel your pain. :)
 [2011-01-13 04:24 UTC] mark at internode dot on dot net
Hi I am having the same problem with PHP 5.3.5 running under IIS 7.5, FastCGI, Windows Server 2008 R2 where I am simply trying to access a file on another server using a UNC path.

$uploadfile = "\\<server>\<share>\<folder>\<file>.txt";
$fh = fopen($uploadfile, 'r') or die("Can't open file $uploadfile");

I have tried granting "everyone" full permissions for the share and the file system but it still does not work.

This code works perfectly if the file is stored on the same server and is accessed through a local path.

Other things I have tried inlcude:
- setting the defaultappool to use a specific user and granting that user permissions on the share and file system
- using "network" as above

Any other ideas on this one?
 [2011-08-05 15:14 UTC] marc dot seitz at ww-informatik dot de
Hi Guys,

we have exactly the same problem now.
We want to migrate to Windows Server 2008 R2 with IIS 7.5, FastCGI, PHP 5.3.6.

When I try to do a file_get_contents(<UNC-PATH>) or opendir(<UNC-PATH>) I always will get the error:
Warning: fopen(<UNC-PATH-TO-FILE>): failed to open stream: Permission denied in D:\inetpub\wwwroot\XXX.php on line 26

The Application-Pools of the IIS are running under a Domain-Account which has access to the Network Share.

I don't know how to solve this problem.

Any ideas of you?

Thanks 
Marc
 [2011-10-13 09:57 UTC] em at ducommun dot ch
I have exactly the same problem.

I have tried to map the share to a letter, exemple Z:/ same result.
This is not a permissions problem.

Please help.

Config: xampp running under w2k3r2 server, with php 5.3.5

Thanks!
 [2012-02-08 19:37 UTC] mike dot riendeau at gmail dot com
I fixed this in Win7 IIS7 Through the inetmgr.
WebSite->Authentication->Anonymous Authentication (edit on side panel)
I changed the Specific User (IUSR) to Application pool identity.
I am only using it for local development, so I'm not sure how this affects security.
 [2012-06-15 13:30 UTC] alexkyrlis at me dot com
Greetings,

I have the same problem, expect that, when testing this script:

<?PHP
error_reporting(E_ALL);
opendir("//node1/wwwroot/public/joomla");
?>

I get no errors, PHP actually likes this path, no problem.
But, this same path is not accepted by Windows. Instead, the correct path that 
Windows 2008 (and IIS) recognizes is:

\\node1\wwwroot\public\joomla

This is quite an annoying problem. Windows likes \ and php likes / in the path.

Any ideas?

Thanks
Alex
 [2017-10-24 07:32 UTC] kalle@php.net
-Status: Assigned +Status: Open -Assigned To: pajoye +Assigned To:
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 08:01:29 2024 UTC