From: foobar Date: Tue, 11 Apr 2006 11:32:06 +0000 (+0000) Subject: - More safe_mode left-overs. X-Git-Tag: RELEASE_1_3~93 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b8cdb46cce716837498cb55876feefdd737af58a;p=php - More safe_mode left-overs. --- diff --git a/ext/curl/interface.c b/ext/curl/interface.c index b6614152f7..87578293d1 100644 --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@ -1356,7 +1356,7 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu break; } - /* the following options deal with files, therefor safe_mode & open_basedir checks + /* the following options deal with files, therefore open_basedir checks * are required. */ case CURLOPT_COOKIEJAR: diff --git a/ext/gd/php_gd.h b/ext/gd/php_gd.h index dac14310b1..950b348e3a 100644 --- a/ext/gd/php_gd.h +++ b/ext/gd/php_gd.h @@ -30,7 +30,7 @@ #if HAVE_LIBGD -/* open_basedir and safe_mode checks */ +/* open_basedir check */ #define PHP_GD_CHECK_OPEN_BASEDIR(filename, errormsg) \ if (!filename || php_check_open_basedir(filename TSRMLS_CC)) { \ php_error_docref(NULL TSRMLS_CC, E_WARNING, errormsg); \ diff --git a/main/safe_mode.c b/main/safe_mode.c deleted file mode 100644 index aece6172e8..0000000000 --- a/main/safe_mode.c +++ /dev/null @@ -1,236 +0,0 @@ -/* - +----------------------------------------------------------------------+ - | PHP Version 5 | - +----------------------------------------------------------------------+ - | Copyright (c) 1997-2006 The PHP Group | - +----------------------------------------------------------------------+ - | This source file is subject to version 3.01 of the PHP license, | - | that is bundled with this package in the file LICENSE, and is | - | available through the world-wide-web at the following url: | - | http://www.php.net/license/3_01.txt | - | If you did not receive a copy of the PHP license and are unable to | - | obtain it through the world-wide-web, please send a note to | - | license@php.net so we can mail you a copy immediately. | - +----------------------------------------------------------------------+ - | Author: Rasmus Lerdorf | - +----------------------------------------------------------------------+ - */ - -/* $Id$ */ - -#include "php.h" - -#include -#include - -#if HAVE_UNISTD_H -#include -#endif -#include -#include "ext/standard/pageinfo.h" -#include "safe_mode.h" -#include "SAPI.h" -#include "php_globals.h" - -/* - * php_checkuid - * - * This function has six modes: - * - * 0 - return invalid (0) if file does not exist - * 1 - return valid (1) if file does not exist - * 2 - if file does not exist, check directory - * 3 - only check directory (needed for mkdir) - * 4 - check mode and param - * 5 - only check file - */ - -PHPAPI int php_checkuid_ex(const char *filename, char *fopen_mode, int mode, int flags) -{ - struct stat sb; - int ret, nofile=0; - long uid=0L, gid=0L, duid=0L, dgid=0L; - char path[MAXPATHLEN]; - char *s, filenamecopy[MAXPATHLEN]; - php_stream_wrapper *wrapper = NULL; - TSRMLS_FETCH(); - - if (!filename) { - return 0; /* path must be provided */ - } - - if (strlcpy(filenamecopy, filename, MAXPATHLEN)>=MAXPATHLEN) { - return 0; - } - filename=(char *)&filenamecopy; - - if (fopen_mode) { - if (fopen_mode[0] == 'r') { - mode = CHECKUID_DISALLOW_FILE_NOT_EXISTS; - } else { - mode = CHECKUID_CHECK_FILE_AND_DIR; - } - } - - /* - * If given filepath is a URL, allow - safe mode stuff - * related to URL's is checked in individual functions - */ - wrapper = php_stream_locate_url_wrapper(filename, NULL, STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC); - if (wrapper != NULL) - return 1; - - /* First we see if the file is owned by the same user... - * If that fails, passthrough and check directory... - */ - if (mode != CHECKUID_ALLOW_ONLY_DIR) { - VCWD_REALPATH(filename, path); - ret = VCWD_STAT(path, &sb); - if (ret < 0) { - if (mode == CHECKUID_DISALLOW_FILE_NOT_EXISTS) { - if ((flags & CHECKUID_NO_ERRORS) == 0) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to access %s", filename); - } - return 0; - } else if (mode == CHECKUID_ALLOW_FILE_NOT_EXISTS) { - if ((flags & CHECKUID_NO_ERRORS) == 0) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to access %s", filename); - } - return 1; - } - nofile = 1; - } else { - uid = sb.st_uid; - gid = sb.st_gid; - if (uid == php_getuid()) { - return 1; - } else if (PG(safe_mode_gid) && gid == php_getgid()) { - return 1; - } - } - - /* Trim off filename */ - if ((s = strrchr(path, DEFAULT_SLASH))) { - if (s == path) - path[1] = '\0'; - else - *s = '\0'; - } - } else { /* CHECKUID_ALLOW_ONLY_DIR */ - s = strrchr(filename, DEFAULT_SLASH); - - if (s == filename) { - /* root dir */ - path[0] = DEFAULT_SLASH; - path[1] = '\0'; - } else if (s) { - *s = '\0'; - VCWD_REALPATH(filename, path); - *s = DEFAULT_SLASH; - } else { - /* Under Solaris, getcwd() can fail if there are no - * read permissions on a component of the path, even - * though it has the required x permissions */ - path[0] = '.'; - path[1] = '\0'; - VCWD_GETCWD(path, sizeof(path)); - } - } /* end CHECKUID_ALLOW_ONLY_DIR */ - - if (mode != CHECKUID_ALLOW_ONLY_FILE) { - /* check directory */ - ret = VCWD_STAT(path, &sb); - if (ret < 0) { - if ((flags & CHECKUID_NO_ERRORS) == 0) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to access %s", filename); - } - return 0; - } - duid = sb.st_uid; - dgid = sb.st_gid; - if (duid == php_getuid()) { - return 1; - } else if (PG(safe_mode_gid) && dgid == php_getgid()) { - return 1; - } else { - TSRMLS_FETCH(); - - if (SG(rfc1867_uploaded_files)) { - if (zend_hash_exists(SG(rfc1867_uploaded_files), (char *) filename, strlen(filename)+1)) { - return 1; - } - } - } - } - - if (mode == CHECKUID_ALLOW_ONLY_DIR) { - uid = duid; - gid = dgid; - if (s) { - *s = 0; - } - } - - if (nofile) { - uid = duid; - gid = dgid; - filename = path; - } - - if ((flags & CHECKUID_NO_ERRORS) == 0) { - if (PG(safe_mode_gid)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in effect. The script whose uid/gid is %ld/%ld is not allowed to access %s owned by uid/gid %ld/%ld", php_getuid(), php_getgid(), filename, uid, gid); - } else { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in effect. The script whose uid is %ld is not allowed to access %s owned by uid %ld", php_getuid(), filename, uid); - } - } - - return 0; -} - -PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode) { -#ifdef NETWARE -/* NetWare don't have uid*/ - return 1; -#else - return php_checkuid_ex(filename, fopen_mode, mode, 0); -#endif -} - -PHPAPI char *php_get_current_user() -{ - struct passwd *pwd; - struct stat *pstat; - TSRMLS_FETCH(); - - if (SG(request_info).current_user) { - return SG(request_info).current_user; - } - - /* FIXME: I need to have this somehow handled if - USE_SAPI is defined, because cgi will also be - interfaced in USE_SAPI */ - - pstat = sapi_get_stat(TSRMLS_C); - - if (!pstat) { - return ""; - } - - if ((pwd=getpwuid(pstat->st_uid))==NULL) { - return ""; - } - SG(request_info).current_user_length = strlen(pwd->pw_name); - SG(request_info).current_user = estrndup(pwd->pw_name, SG(request_info).current_user_length); - - return SG(request_info).current_user; -} - -/* - * Local variables: - * tab-width: 4 - * c-basic-offset: 4 - * End: - * vim600: sw=4 ts=4 fdm=marker - * vim<600: sw=4 ts=4 - */ diff --git a/main/safe_mode.h b/main/safe_mode.h deleted file mode 100644 index f2025b434c..0000000000 --- a/main/safe_mode.h +++ /dev/null @@ -1,41 +0,0 @@ -/* - +----------------------------------------------------------------------+ - | PHP Version 5 | - +----------------------------------------------------------------------+ - | Copyright (c) 1997-2006 The PHP Group | - +----------------------------------------------------------------------+ - | This source file is subject to version 3.01 of the PHP license, | - | that is bundled with this package in the file LICENSE, and is | - | available through the world-wide-web at the following url: | - | http://www.php.net/license/3_01.txt | - | If you did not receive a copy of the PHP license and are unable to | - | obtain it through the world-wide-web, please send a note to | - | license@php.net so we can mail you a copy immediately. | - +----------------------------------------------------------------------+ - | Author: | - +----------------------------------------------------------------------+ -*/ - -/* $Id$ */ - -#ifndef SAFE_MODE_H -#define SAFE_MODE_H - -/* mode's for php_checkuid() */ -#define CHECKUID_DISALLOW_FILE_NOT_EXISTS 0 -#define CHECKUID_ALLOW_FILE_NOT_EXISTS 1 -#define CHECKUID_CHECK_FILE_AND_DIR 2 -#define CHECKUID_ALLOW_ONLY_DIR 3 -#define CHECKUID_CHECK_MODE_PARAM 4 -#define CHECKUID_ALLOW_ONLY_FILE 5 - -/* flags for php_checkuid_ex() */ -#define CHECKUID_NO_ERRORS 0x01 - -BEGIN_EXTERN_C() -PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode); -PHPAPI int php_checkuid_ex(const char *filename, char *fopen_mode, int mode, int flags); -PHPAPI char *php_get_current_user(void); -END_EXTERN_C() - -#endif