Merge branch 'PHP-5.6' of git.php.net:php-src into PHP-5.6

sapi/litespeed/lsapilib.c

@@ -868,6 +868,190 @@ static int setUID_LVE(LSAPI_Request * pReq, uid_t uid, gid_t gid, const char * p
 #endif
     return 0;
 }
+#endif
+
+
+static int setUID_LVE(LSAPI_Request * pReq, uid_t uid, gid_t gid, const char * pChroot)
+{
+    int rv;
+    struct passwd * pw;
+    pw = getpwuid( uid );
+#if defined(linux) || defined(__linux) || defined(__linux__) || defined(__gnu_linux__)
+    if ( s_lve )
+    { 
+        if( lsapi_enterLVE( pReq, uid ) == -1 )
+            return -1;
+        if ( pw && fp_lve_jail)
+        {
+            rv = lsapi_jailLVE( pReq, uid, pw );
+            if ( rv == -1 )
+                return -1;
+            if (( rv == 1 )&&(s_enable_lve == LSAPI_CAGEFS_NO_SUEXEC ))    //this mode only use cageFS, does not use suEXEC
+            {
+                uid = s_defaultUid;
+                gid = s_defaultGid;
+                pw = getpwuid( uid );
+            }
+        }
+    }
+#endif
+    //if ( !uid || !gid )  //do not allow root 
+    //{
+    //    return -1;
+    //}
+
+#if defined(__FreeBSD__ ) || defined(__NetBSD__) || defined(__OpenBSD__) \
+    || defined(macintosh) || defined(__APPLE__) || defined(__APPLE_CC__)
+    if ( s_enable_core_dump )
+        lsapi_enable_core_dump();
+#endif
+
+    rv = setgid(gid);
+    if (rv == -1)
+    {
+        LSAPI_perror_r(pReq, "LSAPI: setgid()", NULL);
+        return -1;
+    }
+    if ( pw && (pw->pw_gid == gid ))
+    {
+        rv = initgroups( pw->pw_name, gid );
+        if (rv == -1)
+        {
+            LSAPI_perror_r(pReq, "LSAPI: initgroups()", NULL);
+            return -1;
+        }
+    }
+    else
+    {
+        rv = setgroups(1, &gid);
+        if (rv == -1)
+        {
+            LSAPI_perror_r(pReq, "LSAPI: setgroups()", NULL);
+        }
+    }
+    if ( pChroot )
+    {
+        rv = chroot( pChroot );
+        if ( rv == -1 )
+        {
+            LSAPI_perror_r(pReq, "LSAPI: chroot()", NULL);
+            return -1;
+        }
+    }
+    rv = setuid(uid);
+    if (rv == -1)
+    {
+        LSAPI_perror_r(pReq, "LSAPI: setuid()", NULL);
+        return -1;
+    }
+#if defined(linux) || defined(__linux) || defined(__linux__) || defined(__gnu_linux__)
+    if ( s_enable_core_dump )
+        lsapi_enable_core_dump();
+#endif
+    return 0;
+}
+
+static int lsapi_suexec_auth( LSAPI_Request *pReq, 
+            char * pAuth, int len, char * pUgid, int ugidLen )
+{
+    lsapi_MD5_CTX md5ctx;
+    unsigned char achMD5[16];
+    if ( len < 32 )
+        return -1;
+    memmove( achMD5, pAuth + 16, 16 );
+    memmove( pAuth + 16, s_pSecret, 16 );
+    lsapi_MD5Init( &md5ctx );
+    lsapi_MD5Update( &md5ctx, (unsigned char *)pAuth, 32 );
+    lsapi_MD5Update( &md5ctx, (unsigned char *)pUgid, 8 );
+    lsapi_MD5Final( (unsigned char *)pAuth + 16, &md5ctx);
+    if ( memcmp( achMD5, pAuth + 16, 16 ) == 0 )
+        return 0;
+    return 1;
+}
+
+
+static int lsapi_changeUGid( LSAPI_Request * pReq )
+{
+    int uid = s_defaultUid;
+    int gid = s_defaultGid;
+    const char * pChroot = NULL;
+    struct LSAPI_key_value_pair * pEnv;
+    struct LSAPI_key_value_pair * pAuth;
+    int i;
+    if ( s_uid )
+        return 0;
+    //with special ID  0x00
+    //authenticate the suEXEC request;
+    //first one should be MD5( nonce + lscgid secret )
+    //remember to clear the secret after verification 
+    //it should be set at the end of special env
+    i = pReq->m_pHeader->m_cntSpecialEnv - 1;
+    if ( i >= 0 )
+    {
+        pEnv = pReq->m_pSpecialEnvList + i;
+        if (( *pEnv->pKey == '\000' )&&
+            ( strcmp( pEnv->pKey+1, "SUEXEC_AUTH" ) == 0 ))
+        {
+            --pReq->m_pHeader->m_cntSpecialEnv;
+            pAuth = pEnv--;
+            if (( *pEnv->pKey == '\000' )&&
+                ( strcmp( pEnv->pKey+1, "SUEXEC_UGID" ) == 0 ))
+            {
+                --pReq->m_pHeader->m_cntSpecialEnv;
+                uid = *(uint32_t *)pEnv->pValue;
+                gid = *(((uint32_t *)pEnv->pValue) + 1 ); 
+                //fprintf( stderr, "LSAPI: SUEXEC_UGID set UID: %d, GID: %d\n", uid, gid );
+            }
+            else
+            {
+                fprintf( stderr, "LSAPI: missing SUEXEC_UGID env, use default user!\n" );
+                pEnv = NULL;
+            }
+            if ( pEnv&& lsapi_suexec_auth( pReq, pAuth->pValue, pAuth->valLen, pEnv->pValue, pEnv->valLen ) == 0 )
+            {
+                //read UID, GID from specialEnv 
+                
+            }
+            else
+            {
+                //authentication error
+                fprintf( stderr, "LSAPI: SUEXEC_AUTH authentication failed, use default user!\n" );
+                uid = 0;
+            }
+        }
+        else
+        {
+            //fprintf( stderr, "LSAPI: no SUEXEC_AUTH env, use default user!\n" );
+        }
+    }
+
+
+    if ( !uid )
+    {
+        uid = s_defaultUid;
+        gid = s_defaultGid;
+    }
+
+    //change uid
+    if ( setUID_LVE( pReq, uid, gid, pChroot ) == -1 )
+    {
+        return -1;
+    }
+
+    s_uid = uid; 	
+
+    return 0;
+ 
+}
+
+static int parseContentLenFromHeader(LSAPI_Request * pReq)
+{
+    const char * pContentLen = LSAPI_GetHeader_r( pReq, H_CONTENT_LENGTH );
+    if ( pContentLen )
+        pReq->m_reqBodyLen = strtoll( pContentLen, NULL, 10 );
+    return 0;
+}
+
 
 static int lsapi_suexec_auth( LSAPI_Request *pReq, 
             char * pAuth, int len, char * pUgid, int ugidLen )

sapi/litespeed/lsapilib.h

@@ -48,6 +48,13 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
 */
 
+/***************************************************************************
+                          lsapilib.h  -  description
+                             -------------------
+    begin                : Mon Feb 21 2005
+    copyright            : (C) 2005 by George Wang
+    email                : gwang@litespeedtech.com
+ ***************************************************************************/
 
 #ifndef  _LSAPILIB_H_
 #define  _LSAPILIB_H_

win32/build/Makefile.phpize

@@ -5,10 +5,7 @@ MT="$(MT)"
 
 PHPSDK_DIR=$(PHP_DIR)
 PHPLIB=$(PHPSDK_DIR)\lib\$(PHPLIB)
-LDFLAGS=/libpath:"$(PHPSDK_DIR)\lib\;$(PHPSDK_DIR)"
-
-CFLAGS=/nologo /FD $(BASE_INCLUDES) /D _WINDOWS /D ZEND_WIN32=1 /D PHP_WIN32=1 /D WIN32 /D_USE_32BIT_TIME_T=1 /D ZEND_WIN32_FORCE_INLINE /GF /D ZEND_DEBUG=0 /D ZTS=1 /D FD_SETSIZE=256 
-CFLAGS_PHP=/D _USRDLL /D PHP5DLLTS_EXPORTS /D PHP_EXPORTS /D TSRM_EXPORTS /D SAPI_EXPORTS /D WINVER=0x500 /D COMPILE_DL_AJAXMIN 
+LDFLAGS=$(LDFLAGS) /libpath:"$(PHPSDK_DIR)\lib\;$(PHPSDK_DIR)"
 
 all: $(EXT_TARGETS) $(PECL_TARGETS)
 

win32/build/confutils.js

@@ -1170,11 +1170,6 @@ function ADD_EXTENSION_DEP(extname, dependson, optional)
 	var dep_present = false;
 	var dep_shared = false;
 
-	if (MODE_PHPIZE) {
-		ext_deps_js = file_get_contents(PHP_DIR + "\\script\\ext_deps.js");
-		eval(ext_deps_js);
-	}
-
 	try {
 		dep_present = eval("PHP_" + DEP);
 
@@ -1525,7 +1520,7 @@ function output_as_table(header, ar_out)
 	var min = new Array(l);
 	var max = new Array(l);
 
-	if (l != ar_out[0].length) {
+	if (!!ar_out[0] && l != ar_out[0].length) {
 		STDOUT.WriteLine("Invalid header argument, can't output the table " + l + " " + ar_out[0].length  );
 		return;
 	}
@@ -1847,7 +1842,9 @@ function generate_makefile()
 
 	MFO.Close();
 	TF = FSO.OpenTextFile("Makefile.objects", 1);
-	MF.Write(TF.ReadAll());
+	if (!TF.AtEndOfStream) {
+		MF.Write(TF.ReadAll());
+	}
 	TF.Close();
 
 	MF.Close();	

win32/build/phpize.js.in

@@ -209,6 +209,8 @@ C.WriteLine("/* This file automatically generated from script/confutils.js */");
 C.WriteLine("var MODE_PHPIZE = true;");
 C.WriteLine("var PHP_DIR = " + '"' + PHP_DIR.replace(new RegExp('(["\\\\])', "g"), '\\$1') + '"');
 
+C.Write(file_get_contents(PHP_DIR + "//script//ext_deps.js"));
+
 C.Write(file_get_contents(PHP_DIR + "/script/confutils.js"));
 C.Write(file_get_contents(PHP_DIR + "/script/config.phpize.js"));