--- docman.php 2002/07/28 12:14:18 1.14
+++ docman.php 2002/07/28 16:24:54 1.18
@@ -20,7 +20,7 @@
//////////////////////////////////////////////////////////////////
// CONFIGURATION OPTIONS
-// error_reporting(4) ; // how verbose ?
+ error_reporting(E_ALL) ; // how verbose ?
// from where to include auth_*.php modules?
$gblIncDir = "/data/docman2";
@@ -84,7 +84,7 @@
LoadLanguage($HTTP_SERVER_VARS["HTTP_ACCEPT_LANGUAGE"]);
// for security and configuration
- $realm=$HTTP_SERVER_VARS[HTTP_HOST];
+ $realm=$HTTP_SERVER_VARS["HTTP_HOST"];
$fsDocumentRoot = dirname($HTTP_SERVER_VARS[SCRIPT_FILENAME]);
if ($fsDocumentRoot == "") Error("Configuration error","Can't get SCRIPT_FILENAME from your web server. Please set \$fsDocumentRoot in \$",1);
@@ -138,7 +138,9 @@
} else {
$url .= md5($gblLogin.$gblPasswd);
}
- if (isset($gblLogin) && $gblLogin != "" && ($gblPasswd == "" || !isset($gblPasswd))) {
+ if ( ( (isset($gblLogin) && $gblLogin != "") ||
+ (!isset($gblLogin) || $gblLogin == "")
+ ) && ($gblPasswd == "" || !isset($gblPasswd))) {
$url_title="login";
$url .= "&force_login=1";
} else {
@@ -582,11 +584,17 @@
$self = $HTTP_SERVER_VARS["PHP_SELF"] ;
- if ($relDir == "") $relDir = "/";
+ $relDir = chopsl($relDir)."/";
+ $fsDir = $fsRoot.$relDir; // current directory
- $fsDir = $fsRoot.$relDir."/"; // current directory
+ if (!is_dir($fsDir)) Error("Dir not found","Directory $relDir not found on filesystem at $fsDir",1) ;
- if (!is_dir($fsDir)) Error("Dir not found",$relDir,1) ;
+ global $debug;
+ $debug .= "[$gblLogin|$relDir] before >";
+
+ if (! check_perm($relDir,(trperm_b | trperm_r)))
+ Error("Access denied","User $gblLogin tried to access $relDir without valid trustee.",1);
+ $debug .= "< afeter";
$hide_items=",$gblHide,";
@@ -904,8 +912,6 @@
global $html, $HTTP_SERVER_VARS;
$self = $HTTP_SERVER_VARS["PHP_SELF"] ;
- if ($relDir == "") $relDir = "/" ;
-
include("$html/UploadPage.html");
} // end function UploadPage
@@ -1375,12 +1381,14 @@
}//init_trustee
function in_group($user,$group) {
- return in_array($groups[$group],$user);
+ global $groups;
+ return in_array($user,$groups[$group]);
}
// helper function
function unroll_perm($u,$t,$user,$perm) {
- // check user
+
+ // check user FIX
if ($t & trmask_not && ($u==$user)) continue;
if (!($t & trmask_not) && ($u!=$user)) continue;
@@ -1402,12 +1410,21 @@
global $trustees;
$perm[allow] = 0;
$perm[deny] = 0;
+
+global $debug;
+$debug .= "
check_trustee $path ... ";
+
$path_arr=explode("/",$path);
- $path = "/";
+ $tmppath = "/";
while (count($path_arr)) {
- if (substr($path,strlen($path)-1,1) != "/") $path.="/";
- $path.=array_shift($path_arr);
- $tr = $trustees[$path];
+ $tmppath.=array_shift($path_arr);
+$debug.= ">> $tmppath ";
+ if (substr($tmppath,strlen($tmppath)-1,1) != "/") $tmppath.="/";
+ $tr = $trustees[$tmppath];
+
+ # clear one level flag
+ $perm[allow] &= ~trperm_one_level;
+ $perm[deny] &= ~trperm_one_level;
if (isset($tr)) {
// first apply trustee for all
@@ -1416,26 +1433,25 @@
unset($tr['*']);
}
// then apply group policies
- foreach ($tr as $u=>$t) {
- if ($t & trmask_group && in_group($user,$u)) {
+ foreach ($tr as $g=>$t) {
+ if ($t & trmask_group && in_group($user,$g)) {
// resolv user
$t = $t & ~trmask_group;
- $u = $user;
- $perm = unroll_perm($u,$t,$user, $perm);
- unset($tr[$u]);
+ $perm = unroll_perm($user,$t,$user, $perm);
+ unset($tr[$g]);
}
}
- // then apply use policy
+ // then apply user policy
if (isset($tr[$user])) {
$perm = unroll_perm($user,$tr[$user],$user, $perm);
unset($tr[$user]);
}
-
}
+$debug.="d:".display_trustee($perm[deny])." a:".display_trustee($perm[allow])." ";
}
-#print "
user: $user path: $path perm: ";
-#print "d: $perm[deny] (".display_trustee($perm[deny]).") a: $perm[allow] (".display_trustee($perm[allow]).")
\n";
+$debug.="
check_trustee: user: $user path: $path==$tmppath perm: ";
+$debug.="d: $perm[deny] (".display_trustee($perm[deny]).") a: $perm[allow] (".display_trustee($perm[allow]).")
\n";
return $perm;
}
@@ -1446,12 +1462,13 @@
global $debug;
$debug.="
check_perm: $path test perm ".display_trustee($perm)."
\n";
+
$return = ! $HAVE_TRUSTEE;
if ($HAVE_TRUSTEE) {
$perm = check_trustee($gblLogin,$path);
-$debug.=" d: $perm[deny] (".display_trustee($perm[deny]).") a: $perm[allow] (".display_trustee($perm[allow]).") perm: $trperm";
+$debug.=" d: $perm[deny] (".display_trustee($perm[deny]).") a: $perm[allow] (".display_trustee($perm[allow]).") perm to have: $trperm (".display_trustee($trperm).")";
if ($perm[deny] & $trperm) $return=0;
- elseif ($perm[allow] & $trperm) $return=1;
+ elseif (($perm[allow] & $trperm) == $trperm) $return=1;
}
$debug.=" return: $return
\n";
return($return);
@@ -1547,6 +1564,10 @@
Error("Configuration error","Can't find user handling module at $gblIncDir/htusers/$gblUsers.php ! Please fix $realm_config");
}
+ // take additional login vars
+ $relogin = $HTTP_GET_VARS[relogin];
+ $force_login = $HTTP_GET_VARS[force_login];
+
// if no password, or empty password logout
if (
isset($gblLogin) && (
@@ -1571,11 +1592,12 @@
// get ACL informations
$HAVE_TRUSTEE = init_trustee();
- if (strtolower($gblLogin) == "anonymous" || !isset($gblPasswd)) {
- $perm = check_trustee($gblLogin,$path);
+ if (strtolower($gblLogin) == "anonymous" || !isset($gblLogin)) {
+ $perm = check_trustee("anonymous",$path);
// browsing must be explicitly allowed for root directory
// of repository for anonymous user to work!
if ($perm[allow] & trperm_b) {
+ $gblLogin = $gblPasswd = "anonymous";
$secHash = md5($gblLogin.$gblPasswd);
$gblUserName = "Anonymous user";
}
@@ -1618,8 +1640,6 @@
$relDir = $D;
}
- if ($relDir == "/") $relDir = "" ;
-
$relScriptDir = dirname($SCRIPT_NAME) ;
// i.e. /docman
@@ -1628,7 +1648,9 @@
// i.e. /home/httpd/repository
$fsDir = $gblFsRoot . $relDir ; // current directory
- if ( !is_dir($fsDir) ) Error("Dir not found",$relDir,1) ;
+ if ( !is_dir($fsDir) ) Error("Dir not found","Can't find $relDir which points to $fsDir",1) ;
+
+ if ($relDir == "") $relDir="/";
if (isset($HTTP_SERVER_VARS["HTTPS"]) && $HTTP_SERVER_VARS["HTTPS"] == "on") {
$webRoot = "https://";
@@ -1824,8 +1846,10 @@
switch ($A) {
case "U" :
// upload to $relDir
+ if (! check_perm($relDir, trperm_w))
+ Error("Write access denied","You don't have permission to write in $relDir");
if (!is_writeable($gblFsRoot . $relDir))
- Error("Write access denied",$relDir) ;
+ Error("Write access denied","User $gblLogin has permission on $relDir, but directory is not writable",1);
$text = "Use this page to upload a single " ;
$text .= "file to $realm." ;
StartHTML("(Upload Page)", $text) ;
@@ -1875,15 +1899,12 @@
case "I" :
if (! isset($F) || $F == "")
Error("Can't find file to include","Your request didn't specify file to include which should be in variable F like $HTTP_SERVER_VARS[REQUEST_URI]&F=include_php_file",1);
- if (file_exists("$gblIncDir/include_php/$F.php")) {
- $inc_file="$gblIncDir/include_php/${F}.php";
- } elseif (file_exists("$fsRealmDir/$realm/$F.php")) {
- $inc_file="$fsRealmDir/$realm/${F}.php";
- } else {
- Error("Can't find file to include","Can't find include file $F.php in $gblIncDir/include_php/ nor $fsRealmDir/$realm/",1);
+ $inc_file="$fsRealmDir/$realm".$realm_sep.$F.".php";
+ if (! file_exists($inc_file)) {
+ Error("Can't find file to include","Can't find include file $F.php in $fsRealmDir/$realm/. Meybe you should copy $gblIncDir/include_php/$F.php to $inc_file ?",1);
}
if (!is_readable($inc_file))
- Error("Read access to include file denied","Can't read PHP include file $inc_file. Fix permissions on it.");
+ Error("Read access to include file denied","Can't read PHP include file $inc_file. Fix permissions on it.",1);
$text = "Your include file should define \$text variable which holds this text and \$title variable which is page title";
$title = "You should define \$title variable with page title";
include($inc_file);