php-src/main/safe_mode.c

192 lines
5.0 KiB
C
Raw Normal View History

1999-04-08 05:05:13 +08:00
/*
+----------------------------------------------------------------------+
1999-07-16 21:13:16 +08:00
| PHP version 4.0 |
1999-04-08 05:05:13 +08:00
+----------------------------------------------------------------------+
2001-02-26 14:11:02 +08:00
| Copyright (c) 1997-2001 The PHP Group |
1999-04-08 05:05:13 +08:00
+----------------------------------------------------------------------+
| This source file is subject to version 2.02 of the PHP license, |
1999-07-16 21:13:16 +08:00
| that is bundled with this package in the file LICENSE, and is |
| available at through the world-wide-web at |
| http://www.php.net/license/2_02.txt. |
1999-07-16 21:13:16 +08:00
| If you did not receive a copy of the PHP license and are unable to |
| obtain it through the world-wide-web, please send a note to |
| license@php.net so we can mail you a copy immediately. |
1999-04-08 05:05:13 +08:00
+----------------------------------------------------------------------+
| Authors: Rasmus Lerdorf <rasmus@lerdorf.on.ca> |
+----------------------------------------------------------------------+
*/
/* $Id$ */
1999-04-24 04:06:01 +08:00
1999-04-08 05:05:13 +08:00
#include "php.h"
#include <stdio.h>
#include <stdlib.h>
#if HAVE_UNISTD_H
#include <unistd.h>
#endif
#include <sys/stat.h>
#include "ext/standard/pageinfo.h"
1999-04-08 05:05:13 +08:00
#include "safe_mode.h"
#include "SAPI.h"
#include "php_globals.h"
1999-04-08 05:05:13 +08:00
1999-04-08 05:05:13 +08:00
/*
1999-12-18 03:16:50 +08:00
* php_checkuid
1999-04-08 05:05:13 +08:00
*
* This function has four modes:
*
* 0 - return invalid (0) if file does not exist
* 1 - return valid (1) if file does not exist
* 2 - if file does not exist, check directory
* 3 - only check directory (needed for mkdir)
*/
PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode)
{
1999-04-08 05:05:13 +08:00
struct stat sb;
int ret;
long uid=0L, gid=0L, duid=0L, dgid=0L;
char path[MAXPATHLEN];
1999-04-08 05:05:13 +08:00
char *s;
2001-07-10 02:57:19 +08:00
PLS_FETCH();
1999-04-08 05:05:13 +08:00
if (!filename) {
return 0; /* path must be provided */
}
1999-04-08 05:05:13 +08:00
if (fopen_mode) {
if (fopen_mode[0] == 'r') {
mode = CHECKUID_DISALLOW_FILE_NOT_EXISTS;
} else {
mode = CHECKUID_CHECK_FILE_AND_DIR;
}
}
1999-04-08 05:05:13 +08:00
/*
* If given filepath is a URL, allow - safe mode stuff
* related to URL's is checked in individual functions
*/
if (!strncasecmp(filename,"http://",7) || !strncasecmp(filename,"ftp://",6)) {
return 1;
1999-04-08 05:05:13 +08:00
}
/* First we see if the file is owned by the same user...
* If that fails, passthrough and check directory...
*/
if (mode != CHECKUID_ALLOW_ONLY_DIR) {
VCWD_REALPATH(filename, path);
ret = VCWD_STAT(path, &sb);
if (ret < 0) {
if (mode == CHECKUID_DISALLOW_FILE_NOT_EXISTS) {
php_error(E_WARNING, "Unable to access %s", filename);
return 0;
} else if (mode == CHECKUID_ALLOW_FILE_NOT_EXISTS)
php_error(E_WARNING, "Unable to access %s", filename);{
return 1;
}
} else {
uid = sb.st_uid;
gid = sb.st_gid;
if (uid == php_getuid()) {
return 1;
} else if (PG(safe_mode_gid) && gid == php_getgid()) {
return 1;
}
1999-04-08 05:05:13 +08:00
}
/* Trim off filename */
2001-07-16 12:31:13 +08:00
if ((s = strrchr(path,DEFAULT_SLASH))) {
*s = '\0';
}
} else { /* CHECKUID_ALLOW_ONLY_DIR */
s = strrchr(filename,DEFAULT_SLASH);
1999-04-08 05:05:13 +08:00
if (s) {
*s = '\0';
VCWD_REALPATH(filename, path);
*s = DEFAULT_SLASH;
} else {
VCWD_GETCWD(path, MAXPATHLEN);
}
} /* end CHECKUID_ALLOW_ONLY_DIR */
if (mode != CHECKUID_ALLOW_ONLY_FILE) {
/* check directory */
ret = VCWD_STAT(path, &sb);
if (ret < 0) {
php_error(E_WARNING, "Unable to access %s", filename);
return 0;
1999-04-08 05:05:13 +08:00
}
duid = sb.st_uid;
dgid = sb.st_gid;
if (duid == php_getuid()) {
return 1;
} else if (PG(safe_mode_gid) && dgid == php_getgid()) {
return 1;
} else {
SLS_FETCH();
if (SG(rfc1867_uploaded_files)) {
if (zend_hash_exists(SG(rfc1867_uploaded_files), (char *) filename, strlen(filename)+1)) {
return 1;
}
}
}
}
if (mode == CHECKUID_ALLOW_ONLY_DIR) {
uid = duid;
gid = dgid;
if (s) {
*s = 0;
}
1999-04-08 05:05:13 +08:00
}
if (PG(safe_mode_gid)) {
php_error(E_WARNING, "SAFE MODE Restriction in effect. The script whose uid/gid is %ld/%ld is not allowed to access %s owned by uid/gid %ld/%ld", php_getuid(), php_getgid(), filename, uid, gid);
} else {
php_error(E_WARNING, "SAFE MODE Restriction in effect. The script whose uid is %ld is not allowed to access %s owned by uid %ld", php_getuid(), filename, uid);
}
return 0;
1999-04-08 05:05:13 +08:00
}
1999-12-18 03:16:50 +08:00
PHPAPI char *php_get_current_user()
1999-04-08 05:05:13 +08:00
{
struct passwd *pwd;
2000-02-11 02:19:04 +08:00
struct stat *pstat;
SLS_FETCH();
1999-04-08 05:05:13 +08:00
if (SG(request_info).current_user) {
return SG(request_info).current_user;
1999-04-08 05:05:13 +08:00
}
/* FIXME: I need to have this somehow handled if
USE_SAPI is defined, because cgi will also be
interfaced in USE_SAPI */
2000-02-11 01:26:57 +08:00
2000-02-11 02:19:04 +08:00
pstat = sapi_get_stat();
2000-02-11 01:26:57 +08:00
2000-02-11 02:19:04 +08:00
if (!pstat) {
1999-04-08 05:05:13 +08:00
return empty_string;
}
2000-02-11 02:19:04 +08:00
if ((pwd=getpwuid(pstat->st_uid))==NULL) {
1999-04-08 05:05:13 +08:00
return empty_string;
}
SG(request_info).current_user_length = strlen(pwd->pw_name);
SG(request_info).current_user = estrndup(pwd->pw_name, SG(request_info).current_user_length);
1999-04-08 05:05:13 +08:00
return SG(request_info).current_user;
1999-04-08 05:05:13 +08:00
}
/*
* Local variables:
* tab-width: 4
* c-basic-offset: 4
* End:
* vim600: sw=4 ts=4 tw=78 fdm=marker
* vim<600: sw=4 ts=4 tw=78
*/