1999-04-08 05:05:13 +08:00
/*
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
1999-07-16 21:13:16 +08:00
| PHP version 4.0 |
1999-04-08 05:05:13 +08:00
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
2001-02-26 14:11:02 +08:00
| Copyright ( c ) 1997 - 2001 The PHP Group |
1999-04-08 05:05:13 +08:00
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
2000-05-18 23:34:45 +08:00
| This source file is subject to version 2.02 of the PHP license , |
1999-07-16 21:13:16 +08:00
| that is bundled with this package in the file LICENSE , and is |
| available at through the world - wide - web at |
2000-05-18 23:34:45 +08:00
| http : //www.php.net/license/2_02.txt. |
1999-07-16 21:13:16 +08:00
| If you did not receive a copy of the PHP license and are unable to |
| obtain it through the world - wide - web , please send a note to |
| license @ php . net so we can mail you a copy immediately . |
1999-04-08 05:05:13 +08:00
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| Authors : Rasmus Lerdorf < rasmus @ lerdorf . on . ca > |
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
*/
/* $Id$ */
1999-04-24 04:06:01 +08:00
1999-04-08 05:05:13 +08:00
# include "php.h"
# include <stdio.h>
# include <stdlib.h>
# if HAVE_UNISTD_H
# include <unistd.h>
# endif
# include <sys/stat.h>
1999-04-17 08:37:12 +08:00
# include "ext/standard/pageinfo.h"
1999-04-08 05:05:13 +08:00
# include "safe_mode.h"
1999-04-27 01:26:37 +08:00
# include "SAPI.h"
2001-07-10 01:36:04 +08:00
# include "php_globals.h"
1999-04-08 05:05:13 +08:00
2000-11-02 02:05:27 +08:00
1999-04-08 05:05:13 +08:00
/*
1999-12-18 03:16:50 +08:00
* php_checkuid
1999-04-08 05:05:13 +08:00
*
* This function has four modes :
*
* 0 - return invalid ( 0 ) if file does not exist
* 1 - return valid ( 1 ) if file does not exist
* 2 - if file does not exist , check directory
* 3 - only check directory ( needed for mkdir )
*/
2000-11-02 02:05:27 +08:00
PHPAPI int php_checkuid ( const char * filename , char * fopen_mode , int mode )
2000-11-02 01:31:53 +08:00
{
1999-04-08 05:05:13 +08:00
struct stat sb ;
int ret ;
2001-07-10 01:36:04 +08:00
long uid = 0L , gid = 0L , duid = 0L , dgid = 0L ;
2001-07-14 02:21:21 +08:00
char path [ MAXPATHLEN ] ;
1999-04-08 05:05:13 +08:00
char * s ;
2001-07-10 02:57:19 +08:00
PLS_FETCH ( ) ;
1999-04-08 05:05:13 +08:00
2000-11-02 02:05:27 +08:00
if ( ! filename ) {
return 0 ; /* path must be provided */
}
1999-04-08 05:05:13 +08:00
2000-06-26 01:02:59 +08:00
if ( fopen_mode ) {
if ( fopen_mode [ 0 ] = = ' r ' ) {
2000-11-02 02:05:27 +08:00
mode = CHECKUID_DISALLOW_FILE_NOT_EXISTS ;
2000-06-26 01:02:59 +08:00
} else {
2000-11-02 02:05:27 +08:00
mode = CHECKUID_CHECK_FILE_AND_DIR ;
2000-06-26 01:02:59 +08:00
}
}
1999-04-08 05:05:13 +08:00
/*
* If given filepath is a URL , allow - safe mode stuff
* related to URL ' s is checked in individual functions
*/
2000-11-02 02:05:27 +08:00
if ( ! strncasecmp ( filename , " http:// " , 7 ) | | ! strncasecmp ( filename , " ftp:// " , 6 ) ) {
return 1 ;
1999-04-08 05:05:13 +08:00
}
2001-07-14 02:21:21 +08:00
/* First we see if the file is owned by the same user...
* If that fails , passthrough and check directory . . .
*/
2000-11-02 02:05:27 +08:00
if ( mode ! = CHECKUID_ALLOW_ONLY_DIR ) {
2001-07-14 02:21:21 +08:00
VCWD_REALPATH ( filename , path ) ;
ret = VCWD_STAT ( path , & sb ) ;
2000-11-02 02:05:27 +08:00
if ( ret < 0 ) {
if ( mode = = CHECKUID_DISALLOW_FILE_NOT_EXISTS ) {
php_error ( E_WARNING , " Unable to access %s " , filename ) ;
return 0 ;
} else if ( mode = = CHECKUID_ALLOW_FILE_NOT_EXISTS )
php_error ( E_WARNING , " Unable to access %s " , filename ) ; {
return 1 ;
}
} else {
uid = sb . st_uid ;
2001-07-14 02:21:21 +08:00
gid = sb . st_gid ;
2000-11-02 02:05:27 +08:00
if ( uid = = php_getuid ( ) ) {
return 1 ;
2001-07-14 02:21:21 +08:00
} else if ( PG ( safe_mode_gid ) & & gid = = php_getgid ( ) ) {
return 1 ;
2000-11-02 02:05:27 +08:00
}
1999-04-08 05:05:13 +08:00
}
2001-07-14 02:21:21 +08:00
/* Trim off filename */
2001-07-16 12:31:13 +08:00
if ( ( s = strrchr ( path , DEFAULT_SLASH ) ) ) {
2001-07-14 02:21:21 +08:00
* s = ' \0 ' ;
}
} else { /* CHECKUID_ALLOW_ONLY_DIR */
s = strrchr ( filename , DEFAULT_SLASH ) ;
1999-04-08 05:05:13 +08:00
2001-07-14 02:21:21 +08:00
if ( s ) {
* s = ' \0 ' ;
VCWD_REALPATH ( filename , path ) ;
* s = DEFAULT_SLASH ;
} else {
VCWD_GETCWD ( path , MAXPATHLEN ) ;
}
} /* end CHECKUID_ALLOW_ONLY_DIR */
if ( mode ! = CHECKUID_ALLOW_ONLY_FILE ) {
/* check directory */
ret = VCWD_STAT ( path , & sb ) ;
2000-11-02 02:05:27 +08:00
if ( ret < 0 ) {
php_error ( E_WARNING , " Unable to access %s " , filename ) ;
return 0 ;
1999-04-08 05:05:13 +08:00
}
duid = sb . st_uid ;
2001-07-14 02:21:21 +08:00
dgid = sb . st_gid ;
if ( duid = = php_getuid ( ) ) {
return 1 ;
} else if ( PG ( safe_mode_gid ) & & dgid = = php_getgid ( ) ) {
return 1 ;
} else {
SLS_FETCH ( ) ;
2001-01-09 19:58:57 +08:00
2001-07-14 02:21:21 +08:00
if ( SG ( rfc1867_uploaded_files ) ) {
if ( zend_hash_exists ( SG ( rfc1867_uploaded_files ) , ( char * ) filename , strlen ( filename ) + 1 ) ) {
return 1 ;
}
2001-01-09 19:58:57 +08:00
}
}
2001-07-14 02:21:21 +08:00
}
2001-01-09 19:58:57 +08:00
2001-07-14 02:21:21 +08:00
if ( mode = = CHECKUID_ALLOW_ONLY_DIR ) {
uid = duid ;
gid = dgid ;
if ( s ) {
* s = 0 ;
}
1999-04-08 05:05:13 +08:00
}
2001-07-14 02:21:21 +08:00
if ( PG ( safe_mode_gid ) ) {
php_error ( E_WARNING , " SAFE MODE Restriction in effect. The script whose uid/gid is %ld/%ld is not allowed to access %s owned by uid/gid %ld/%ld " , php_getuid ( ) , php_getgid ( ) , filename , uid , gid ) ;
} else {
php_error ( E_WARNING , " SAFE MODE Restriction in effect. The script whose uid is %ld is not allowed to access %s owned by uid %ld " , php_getuid ( ) , filename , uid ) ;
}
return 0 ;
1999-04-08 05:05:13 +08:00
}
1999-12-18 03:16:50 +08:00
PHPAPI char * php_get_current_user ( )
1999-04-08 05:05:13 +08:00
{
struct passwd * pwd ;
2000-02-11 02:19:04 +08:00
struct stat * pstat ;
1999-04-27 01:26:37 +08:00
SLS_FETCH ( ) ;
1999-04-08 05:05:13 +08:00
2000-02-11 04:13:08 +08:00
if ( SG ( request_info ) . current_user ) {
return SG ( request_info ) . current_user ;
1999-04-08 05:05:13 +08:00
}
/* FIXME: I need to have this somehow handled if
USE_SAPI is defined , because cgi will also be
interfaced in USE_SAPI */
2000-02-11 01:26:57 +08:00
2000-02-11 02:19:04 +08:00
pstat = sapi_get_stat ( ) ;
2000-02-11 01:26:57 +08:00
2000-02-11 02:19:04 +08:00
if ( ! pstat ) {
1999-04-08 05:05:13 +08:00
return empty_string ;
}
2000-02-11 02:19:04 +08:00
if ( ( pwd = getpwuid ( pstat - > st_uid ) ) = = NULL ) {
1999-04-08 05:05:13 +08:00
return empty_string ;
}
2000-02-11 04:13:08 +08:00
SG ( request_info ) . current_user_length = strlen ( pwd - > pw_name ) ;
SG ( request_info ) . current_user = estrndup ( pwd - > pw_name , SG ( request_info ) . current_user_length ) ;
1999-04-08 05:05:13 +08:00
2000-02-11 04:13:08 +08:00
return SG ( request_info ) . current_user ;
1999-04-08 05:05:13 +08:00
}
2001-06-05 21:12:10 +08:00
/*
* Local variables :
* tab - width : 4
* c - basic - offset : 4
* End :
2001-06-06 21:06:12 +08:00
* vim600 : sw = 4 ts = 4 tw = 78 fdm = marker
* vim < 600 : sw = 4 ts = 4 tw = 78
2001-06-05 21:12:10 +08:00
*/