1999-04-07 21:05:13 +00:00
/*
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
2001-12-11 15:32:16 +00:00
| PHP Version 4 |
1999-04-07 21:05:13 +00:00
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
2001-12-11 15:32:16 +00:00
| Copyright ( c ) 1997 - 2002 The PHP Group |
1999-04-07 21:05:13 +00:00
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
2000-05-18 15:34:45 +00:00
| This source file is subject to version 2.02 of the PHP license , |
1999-07-16 13:13:16 +00:00
| that is bundled with this package in the file LICENSE , and is |
| available at through the world - wide - web at |
2000-05-18 15:34:45 +00:00
| http : //www.php.net/license/2_02.txt. |
1999-07-16 13:13:16 +00:00
| If you did not receive a copy of the PHP license and are unable to |
| obtain it through the world - wide - web , please send a note to |
| license @ php . net so we can mail you a copy immediately . |
1999-04-07 21:05:13 +00:00
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
2002-02-28 08:29:35 +00:00
| Author : Rasmus Lerdorf < rasmus @ lerdorf . on . ca > |
1999-04-07 21:05:13 +00:00
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
*/
/* $Id$ */
1999-04-23 20:06:01 +00:00
1999-04-07 21:05:13 +00:00
# include "php.h"
# include <stdio.h>
# include <stdlib.h>
# if HAVE_UNISTD_H
# include <unistd.h>
# endif
# include <sys/stat.h>
1999-04-17 00:37:12 +00:00
# include "ext/standard/pageinfo.h"
1999-04-07 21:05:13 +00:00
# include "safe_mode.h"
1999-04-26 17:26:37 +00:00
# include "SAPI.h"
2001-07-09 17:36:04 +00:00
# include "php_globals.h"
1999-04-07 21:05:13 +00:00
/*
1999-12-17 19:16:50 +00:00
* php_checkuid
1999-04-07 21:05:13 +00:00
*
2002-07-17 05:15:17 +00:00
* This function has six modes :
1999-04-07 21:05:13 +00:00
*
* 0 - return invalid ( 0 ) if file does not exist
* 1 - return valid ( 1 ) if file does not exist
* 2 - if file does not exist , check directory
* 3 - only check directory ( needed for mkdir )
2002-07-17 05:15:17 +00:00
* 4 - check mode and param
* 5 - only check file
1999-04-07 21:05:13 +00:00
*/
2000-11-01 18:05:27 +00:00
PHPAPI int php_checkuid ( const char * filename , char * fopen_mode , int mode )
2000-11-01 17:31:53 +00:00
{
1999-04-07 21:05:13 +00:00
struct stat sb ;
2002-03-17 21:00:44 +00:00
int ret , nofile = 0 ;
2001-07-09 17:36:04 +00:00
long uid = 0L , gid = 0L , duid = 0L , dgid = 0L ;
2001-07-13 18:21:21 +00:00
char path [ MAXPATHLEN ] ;
2002-07-13 00:52:18 +00:00
char * s , filenamecopy [ MAXPATHLEN ] ;
2002-08-16 09:50:24 +00:00
php_stream_wrapper * wrapper = NULL ;
2001-07-28 11:36:37 +00:00
TSRMLS_FETCH ( ) ;
1999-04-07 21:05:13 +00:00
2002-07-13 00:52:18 +00:00
strlcpy ( filenamecopy , filename , MAXPATHLEN ) ;
filename = ( char * ) & filenamecopy ;
2000-11-01 18:05:27 +00:00
if ( ! filename ) {
return 0 ; /* path must be provided */
}
1999-04-07 21:05:13 +00:00
2000-06-25 17:02:59 +00:00
if ( fopen_mode ) {
if ( fopen_mode [ 0 ] = = ' r ' ) {
2000-11-01 18:05:27 +00:00
mode = CHECKUID_DISALLOW_FILE_NOT_EXISTS ;
2000-06-25 17:02:59 +00:00
} else {
2000-11-01 18:05:27 +00:00
mode = CHECKUID_CHECK_FILE_AND_DIR ;
2000-06-25 17:02:59 +00:00
}
}
1999-04-07 21:05:13 +00:00
/*
* If given filepath is a URL , allow - safe mode stuff
* related to URL ' s is checked in individual functions
2002-07-13 00:52:18 +00:00
*/
2002-08-16 09:50:24 +00:00
wrapper = php_stream_locate_url_wrapper ( filename , NULL , STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC ) ;
if ( wrapper ! = NULL )
2000-11-01 18:05:27 +00:00
return 1 ;
1999-04-07 21:05:13 +00:00
2001-07-13 18:21:21 +00:00
/* First we see if the file is owned by the same user...
* If that fails , passthrough and check directory . . .
*/
2000-11-01 18:05:27 +00:00
if ( mode ! = CHECKUID_ALLOW_ONLY_DIR ) {
2001-07-13 18:21:21 +00:00
VCWD_REALPATH ( filename , path ) ;
ret = VCWD_STAT ( path , & sb ) ;
2000-11-01 18:05:27 +00:00
if ( ret < 0 ) {
if ( mode = = CHECKUID_DISALLOW_FILE_NOT_EXISTS ) {
2002-08-25 18:45:02 +00:00
php_error_docref ( NULL TSRMLS_CC , E_WARNING , " Unable to access %s " , filename ) ;
2000-11-01 18:05:27 +00:00
return 0 ;
2002-03-14 16:48:18 +00:00
} else if ( mode = = CHECKUID_ALLOW_FILE_NOT_EXISTS ) {
2002-08-25 18:45:02 +00:00
php_error_docref ( NULL TSRMLS_CC , E_WARNING , " Unable to access %s " , filename ) ;
2000-11-01 18:05:27 +00:00
return 1 ;
}
2002-03-17 21:00:44 +00:00
nofile = 1 ;
2000-11-01 18:05:27 +00:00
} else {
uid = sb . st_uid ;
2001-07-13 18:21:21 +00:00
gid = sb . st_gid ;
2000-11-01 18:05:27 +00:00
if ( uid = = php_getuid ( ) ) {
return 1 ;
2001-07-13 18:21:21 +00:00
} else if ( PG ( safe_mode_gid ) & & gid = = php_getgid ( ) ) {
return 1 ;
2000-11-01 18:05:27 +00:00
}
1999-04-07 21:05:13 +00:00
}
2001-07-13 18:21:21 +00:00
/* Trim off filename */
2001-08-05 01:43:02 +00:00
if ( ( s = strrchr ( path , DEFAULT_SLASH ) ) ) {
2002-03-03 21:12:49 +00:00
if ( s = = path )
path [ 1 ] = ' \0 ' ;
else
* s = ' \0 ' ;
2001-07-13 18:21:21 +00:00
}
} else { /* CHECKUID_ALLOW_ONLY_DIR */
2001-08-05 01:43:02 +00:00
s = strrchr ( filename , DEFAULT_SLASH ) ;
1999-04-07 21:05:13 +00:00
2002-03-03 20:49:04 +00:00
if ( s = = filename ) {
/* root dir */
path [ 0 ] = DEFAULT_SLASH ;
path [ 1 ] = ' \0 ' ;
} else if ( s ) {
2001-07-13 18:21:21 +00:00
* s = ' \0 ' ;
VCWD_REALPATH ( filename , path ) ;
* s = DEFAULT_SLASH ;
} else {
2002-07-13 00:52:18 +00:00
VCWD_GETCWD ( path , sizeof ( path ) ) ;
2001-07-13 18:21:21 +00:00
}
} /* end CHECKUID_ALLOW_ONLY_DIR */
if ( mode ! = CHECKUID_ALLOW_ONLY_FILE ) {
/* check directory */
ret = VCWD_STAT ( path , & sb ) ;
2000-11-01 18:05:27 +00:00
if ( ret < 0 ) {
2002-08-25 18:45:02 +00:00
php_error_docref ( NULL TSRMLS_CC , E_WARNING , " Unable to access %s " , filename ) ;
2000-11-01 18:05:27 +00:00
return 0 ;
1999-04-07 21:05:13 +00:00
}
duid = sb . st_uid ;
2001-07-13 18:21:21 +00:00
dgid = sb . st_gid ;
if ( duid = = php_getuid ( ) ) {
return 1 ;
} else if ( PG ( safe_mode_gid ) & & dgid = = php_getgid ( ) ) {
return 1 ;
} else {
2001-07-28 11:36:37 +00:00
TSRMLS_FETCH ( ) ;
2001-01-09 11:58:57 +00:00
2001-07-13 18:21:21 +00:00
if ( SG ( rfc1867_uploaded_files ) ) {
if ( zend_hash_exists ( SG ( rfc1867_uploaded_files ) , ( char * ) filename , strlen ( filename ) + 1 ) ) {
return 1 ;
}
2001-01-09 11:58:57 +00:00
}
}
2001-07-13 18:21:21 +00:00
}
2001-01-09 11:58:57 +00:00
2001-07-13 18:21:21 +00:00
if ( mode = = CHECKUID_ALLOW_ONLY_DIR ) {
uid = duid ;
gid = dgid ;
if ( s ) {
* s = 0 ;
}
1999-04-07 21:05:13 +00:00
}
2002-03-17 21:00:44 +00:00
if ( nofile ) {
uid = duid ;
gid = dgid ;
filename = path ;
}
2001-07-13 18:21:21 +00:00
if ( PG ( safe_mode_gid ) ) {
2002-08-25 18:45:02 +00:00
php_error_docref ( NULL TSRMLS_CC , E_WARNING , " SAFE MODE Restriction in effect. The script whose uid/gid is %ld/%ld is not allowed to access %s owned by uid/gid %ld/%ld " , php_getuid ( ) , php_getgid ( ) , filename , uid , gid ) ;
2001-07-13 18:21:21 +00:00
} else {
2002-08-25 18:45:02 +00:00
php_error_docref ( NULL TSRMLS_CC , E_WARNING , " SAFE MODE Restriction in effect. The script whose uid is %ld is not allowed to access %s owned by uid %ld " , php_getuid ( ) , filename , uid ) ;
2001-07-13 18:21:21 +00:00
}
return 0 ;
1999-04-07 21:05:13 +00:00
}
1999-12-17 19:16:50 +00:00
PHPAPI char * php_get_current_user ( )
1999-04-07 21:05:13 +00:00
{
struct passwd * pwd ;
2000-02-10 18:19:04 +00:00
struct stat * pstat ;
2001-07-28 11:36:37 +00:00
TSRMLS_FETCH ( ) ;
1999-04-07 21:05:13 +00:00
2000-02-10 20:13:08 +00:00
if ( SG ( request_info ) . current_user ) {
return SG ( request_info ) . current_user ;
1999-04-07 21:05:13 +00:00
}
/* FIXME: I need to have this somehow handled if
USE_SAPI is defined , because cgi will also be
interfaced in USE_SAPI */
2000-02-10 17:26:57 +00:00
2001-07-31 06:28:05 +00:00
pstat = sapi_get_stat ( TSRMLS_C ) ;
2000-02-10 17:26:57 +00:00
2000-02-10 18:19:04 +00:00
if ( ! pstat ) {
1999-04-07 21:05:13 +00:00
return empty_string ;
}
2000-02-10 18:19:04 +00:00
if ( ( pwd = getpwuid ( pstat - > st_uid ) ) = = NULL ) {
1999-04-07 21:05:13 +00:00
return empty_string ;
}
2000-02-10 20:13:08 +00:00
SG ( request_info ) . current_user_length = strlen ( pwd - > pw_name ) ;
SG ( request_info ) . current_user = estrndup ( pwd - > pw_name , SG ( request_info ) . current_user_length ) ;
1999-04-07 21:05:13 +00:00
2000-02-10 20:13:08 +00:00
return SG ( request_info ) . current_user ;
1999-04-07 21:05:13 +00:00
}
2001-06-05 13:12:10 +00:00
/*
* Local variables :
* tab - width : 4
* c - basic - offset : 4
* End :
2001-09-09 13:29:31 +00:00
* vim600 : sw = 4 ts = 4 fdm = marker
* vim < 600 : sw = 4 ts = 4
2001-06-05 13:12:10 +00:00
*/