#include "php.h"
#include <stdio.h>
#include <stdlib.h>
#if HAVE_UNISTD_H
#include <unistd.h>
#endif
#include <sys/stat.h>
#include "ext/standard/pageinfo.h"
#include "safe_mode.h"
#include "SAPI.h"
#include "php_globals.h"
PHPAPI int php_checkuid_ex(const char *filename, char *fopen_mode, int mode, int flags)
{
struct stat sb;
int ret, nofile=0;
long uid=0L, gid=0L, duid=0L, dgid=0L;
char path[MAXPATHLEN];
char *s, filenamecopy[MAXPATHLEN];
php_stream_wrapper *wrapper = NULL;
TSRMLS_FETCH();
if (!filename) {
return 0;
}
if (strlcpy(filenamecopy, filename, MAXPATHLEN)>=MAXPATHLEN) {
return 0;
}
filename=(char *)&filenamecopy;
if (fopen_mode) {
if (fopen_mode[0] == 'r') {
mode = CHECKUID_DISALLOW_FILE_NOT_EXISTS;
} else {
mode = CHECKUID_CHECK_FILE_AND_DIR;
}
}
wrapper = php_stream_locate_url_wrapper(filename, NULL, STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC);
if (wrapper != NULL)
return 1;
if (mode != CHECKUID_ALLOW_ONLY_DIR) {
VCWD_REALPATH(filename, path);
ret = VCWD_STAT(path, &sb);
if (ret < 0) {
if (mode == CHECKUID_DISALLOW_FILE_NOT_EXISTS) {
if ((flags & CHECKUID_NO_ERRORS) == 0) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to access %s", filename);
}
return 0;
} else if (mode == CHECKUID_ALLOW_FILE_NOT_EXISTS) {
if ((flags & CHECKUID_NO_ERRORS) == 0) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to access %s", filename);
}
return 1;
}
nofile = 1;
} else {
uid = sb.st_uid;
gid = sb.st_gid;
if (uid == php_getuid()) {
return 1;
} else if (PG(safe_mode_gid) && gid == php_getgid()) {
return 1;
}
}
if ((s = strrchr(path, DEFAULT_SLASH))) {
if (s == path)
path[1] = '\0';
else
*s = '\0';
}
} else {
s = strrchr(filename, DEFAULT_SLASH);
if (s == filename) {
path[0] = DEFAULT_SLASH;
path[1] = '\0';
} else if (s) {
*s = '\0';
VCWD_REALPATH(filename, path);
*s = DEFAULT_SLASH;
} else {
path[0] = '.';
path[1] = '\0';
VCWD_GETCWD(path, sizeof(path));
}
}
if (mode != CHECKUID_ALLOW_ONLY_FILE) {
ret = VCWD_STAT(path, &sb);
if (ret < 0) {
if ((flags & CHECKUID_NO_ERRORS) == 0) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to access %s", filename);
}
return 0;
}
duid = sb.st_uid;
dgid = sb.st_gid;
if (duid == php_getuid()) {
return 1;
} else if (PG(safe_mode_gid) && dgid == php_getgid()) {
return 1;
} else {
TSRMLS_FETCH();
if (SG(rfc1867_uploaded_files)) {
if (zend_hash_exists(SG(rfc1867_uploaded_files), (char *) filename, strlen(filename)+1)) {
return 1;
}
}
}
}
if (mode == CHECKUID_ALLOW_ONLY_DIR) {
uid = duid;
gid = dgid;
if (s) {
*s = 0;
}
}
if (nofile) {
uid = duid;
gid = dgid;
filename = path;
}
if ((flags & CHECKUID_NO_ERRORS) == 0) {
if (PG(safe_mode_gid)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in effect. The script whose uid/gid is %ld/%ld is not allowed to access %s owned by uid/gid %ld/%ld", php_getuid(), php_getgid(), filename, uid, gid);
} else {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in effect. The script whose uid is %ld is not allowed to access %s owned by uid %ld", php_getuid(), filename, uid);
}
}
return 0;
}
PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode) {
return php_checkuid_ex(filename, fopen_mode, mode, 0);
}
PHPAPI char *php_get_current_user()
{
struct passwd *pwd;
struct stat *pstat;
TSRMLS_FETCH();
if (SG(request_info).current_user) {
return SG(request_info).current_user;
}
pstat = sapi_get_stat(TSRMLS_C);
if (!pstat) {
return empty_string;
}
if ((pwd=getpwuid(pstat->st_uid))==NULL) {
return empty_string;
}
SG(request_info).current_user_length = strlen(pwd->pw_name);
SG(request_info).current_user = estrndup(pwd->pw_name, SG(request_info).current_user_length);
return SG(request_info).current_user;
}