diff options
-rw-r--r-- | include/httpd.h | 1 | ||||
-rw-r--r-- | os/bs2000/bs2login.c | 308 | ||||
-rw-r--r-- | os/bs2000/os.c | 125 | ||||
-rw-r--r-- | os/bs2000/os.h | 8 | ||||
-rw-r--r-- | server/core.c | 16 |
5 files changed, 121 insertions, 337 deletions
diff --git a/include/httpd.h b/include/httpd.h index cfbbab6c13..256b3fc1c3 100644 --- a/include/httpd.h +++ b/include/httpd.h @@ -1616,7 +1616,6 @@ AP_DECLARE(int) ap_is_rdirectory(apr_pool_t *p, const char *name); AP_DECLARE(int) ap_is_directory(apr_pool_t *p, const char *name); #ifdef _OSD_POSIX -extern const char *os_set_account(apr_pool_t *p, const char *account); extern int os_init_job_environment(server_rec *s, const char *user_name, int one_process); #endif /* _OSD_POSIX */ diff --git a/os/bs2000/bs2login.c b/os/bs2000/bs2login.c deleted file mode 100644 index 3f64c39a24..0000000000 --- a/os/bs2000/bs2login.c +++ /dev/null @@ -1,308 +0,0 @@ -/* ==================================================================== - * The Apache Software License, Version 1.1 - * - * Copyright (c) 2000-2003 The Apache Software Foundation. All rights - * reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The end-user documentation included with the redistribution, - * if any, must include the following acknowledgment: - * "This product includes software developed by the - * Apache Software Foundation (http://www.apache.org/)." - * Alternately, this acknowledgment may appear in the software itself, - * if and wherever such third-party acknowledgments normally appear. - * - * 4. The names "Apache" and "Apache Software Foundation" must - * not be used to endorse or promote products derived from this - * software without prior written permission. For written - * permission, please contact apache@apache.org. - * - * 5. Products derived from this software may not be called "Apache", - * nor may "Apache" appear in their name, without prior written - * permission of the Apache Software Foundation. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF - * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT - * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * ==================================================================== - * - * This software consists of voluntary contributions made by many - * individuals on behalf of the Apache Software Foundation. For more - * information on the Apache Software Foundation, please see - * <http://www.apache.org/>. - * - * Portions of this software are based upon public domain software - * originally written at the National Center for Supercomputing Applications, - * University of Illinois, Urbana-Champaign. - */ - -#ifdef _OSD_POSIX -#include "httpd.h" -#include "http_config.h" -#include "http_log.h" -#include <ctype.h> -#include <sys/utsname.h> - -#define ACCT_LEN 8 -#define USER_LEN 8 - -static const char *bs2000_account = NULL; -typedef enum -{ - bs2_unknown, /* not initialized yet. */ - bs2_noFORK, /* no fork() because -X flag was specified */ - bs2_FORK, /* only fork() because uid != 0 */ - bs2_FORK_RINI, /* prior to A17, regular fork() and _rini() was used. */ - bs2_RFORK_RINI, /* for A17, use of _rfork() and _rini() was required */ - bs2_UFORK /* As of A18, the new ufork() is used. */ -} bs2_ForkType; - -static bs2_ForkType forktype = bs2_unknown; - -#if !defined(_POSIX_SOURCE) && !defined(_XOPEN_SOURCE) -typedef struct { - char *username; - char *account; - char *processor_name; -} _rini_struct; - -extern int _rini(_rini_struct *); -#endif /* !defined(_POSIX_SOURCE) && !defined(_XOPEN_SOURCE) */ - - -static void ap_pad(char *dest, size_t size, char ch) -{ - int i = strlen(dest); /* Leave space for trailing '\0' */ - - while (i < size-1) - dest[i++] = ch; - - dest[size-1] = '\0'; /* Guarantee for trailing '\0' */ -} - -static void ap_str_toupper(char *str) -{ - while (*str) { - *str = apr_toupper(*str); - ++str; - } -} - -/* Determine the method for forking off a child in such a way as to - * set both the POSIX and BS2000 user id's to the unprivileged user. - */ -static bs2_ForkType os_forktype(void) -{ - struct utsname os_version; - - /* have we checked the OS version before? If yes return the previous - * result - the OS release isn't going to change suddenly! - */ - if (forktype != bs2_unknown) { - return forktype; - } - - /* If the user is unprivileged, use the normal fork() only. */ - if (getuid() != 0) { - return forktype = bs2_FORK; - } - - if (uname(&os_version) < 0) - { - ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, - "uname() failed - aborting."); - exit(APEXIT_CHILDFATAL); - } - - /* - * Old BS2000/OSD versions (before XPG4 SPEC1170) don't work with Apache. - * Anyway, simply return a fork(). - */ - if (strcmp(os_version.release, "01.0A") == 0 || - strcmp(os_version.release, "02.0A") == 0 || - strcmp(os_version.release, "02.1A") == 0) - { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, - "Error: unsupported OS version. " - "You may encounter problems."); - forktype = bs2_FORK; - } - - /* The following versions are special: - * OS versions before A17 needs regular fork() and _rini(). - * A17 requires _rfork() and _rini(), - * and later versions need ufork(). - */ - else if (strcmp(os_version.release, "01.1A") == 0 || - strcmp(os_version.release, "03.0A") == 0 || - strcmp(os_version.release, "03.1A") == 0 || - strcmp(os_version.release, "04.0A") == 0) - { - if (strcmp (os_version.version, "A18") >= 0) - forktype = bs2_UFORK; - - else if (strcmp (os_version.version, "A17") < 0) - forktype = bs2_FORK_RINI; - - else - forktype = bs2_RFORK_RINI; - } - - /* All later OS versions will hopefully use ufork() only ;-) */ - else - forktype = bs2_UFORK; - - return forktype; -} - - - -/* This routine is called by http_core for the BS2000Account directive */ -/* It stores the account name for later use */ -const char *os_set_account(apr_pool_t *p, const char *account) -{ - char account_temp[ACCT_LEN+1]; - - apr_cpystrn(account_temp, account, sizeof account_temp); - - /* Make account all upper case */ - ap_str_toupper(account_temp); - - /* Pad to length 8 */ - ap_pad(account_temp, sizeof account_temp, ' '); - - bs2000_account = apr_pstrdup(p, account_temp); - return NULL; -} - -/* This routine complements the setuid() call: it causes the BS2000 job - * environment to be switched to the target user's user id. - * That is important if CGI scripts try to execute native BS2000 commands. - */ -int os_init_job_environment(server_rec *server, const char *user_name, int one_process) -{ - _rini_struct inittask; - char username[USER_LEN+1]; - int save_errno; - bs2_ForkType type = os_forktype(); - - /* We can be sure that no change to uid==0 is possible because of - * the checks in http_core.c:set_user() - */ - - /* The _rini() function works only after a prior _rfork(). - * In the case of one_process, it would fail. - */ - if (one_process) { - - type = forktype = bs2_noFORK; - - ap_log_error(APLOG_MARK, APLOG_ERR, 0, server, - "The debug mode of Apache should only " - "be started by an unprivileged user!"); - return 0; - } - - /* If no _rini() is required, then return quickly. */ - if (type != bs2_RFORK_RINI && type != bs2_FORK_RINI) - return 0; - - /* An Account is required for _rini() */ - if (bs2000_account == NULL) - { - ap_log_error(APLOG_MARK, APLOG_ALERT, 0, server, - "No BS2000Account configured - cannot switch to User %s", - user_name); - exit(APEXIT_CHILDFATAL); - } - - apr_cpystrn(username, user_name, sizeof username); - - /* Make user name all upper case */ - ap_str_toupper(username); - - /* Pad to length 8 */ - ap_pad(username, sizeof username, ' '); - - inittask.username = username; - inittask.account = bs2000_account; - inittask.processor_name = " "; - - /* Switch to the new logon user (setuid() and setgid() are done later) */ - /* Only the super user can switch identities. */ - if (_rini(&inittask) != 0) { - - ap_log_error(APLOG_MARK, APLOG_ALERT, errno, server, - "_rini: BS2000 auth failed for user \"%s\" acct \"%s\"", - inittask.username, inittask.account); - - exit(APEXIT_CHILDFATAL); - } - - return 0; -} - -/* BS2000 requires a "special" version of fork() before a setuid()/_rini() call */ -pid_t os_fork(const char *user) -{ - pid_t pid; - char username[USER_LEN+1]; - - switch (os_forktype()) { - case bs2_FORK: - case bs2_FORK_RINI: - pid = fork(); - break; - - case bs2_RFORK_RINI: - pid = _rfork(); - break; - - case bs2_UFORK: - apr_cpystrn(username, user, sizeof username); - - /* Make user name all upper case - for some versions of ufork() */ - ap_str_toupper(username); - - pid = ufork(username); - if (pid == -1 && errno == EPERM) { - ap_log_error(APLOG_MARK, APLOG_EMERG, errno, - NULL, "ufork: Possible mis-configuration " - "for user %s - Aborting.", user); - exit(1); - } - break; - - default: - pid = 0; - break; - } - - return pid; -} - -#else /* _OSD_POSIX */ -void bs2login_is_not_here() -{ -} -#endif /* _OSD_POSIX */ diff --git a/os/bs2000/os.c b/os/bs2000/os.c index dd825fe0b3..6d3ec26ac1 100644 --- a/os/bs2000/os.c +++ b/os/bs2000/os.c @@ -61,16 +61,125 @@ * Any inlineable functions should be defined in os-inline.c instead. */ -#include "httpd.h" +#ifdef _OSD_POSIX + #include "os.h" -AP_DECLARE(apr_status_t) ap_os_create_privileged_process( - const request_rec *r, - apr_proc_t *newproc, const char *progname, - const char * const *args, - const char * const *env, - apr_procattr_t *attr, apr_pool_t *p) +#include "httpd.h" +#include "http_config.h" +#include "http_log.h" +#include "apr_lib.h" + +#define USER_LEN 8 + +typedef enum { - return apr_proc_create(newproc, progname, args, env, attr, p); + bs2_unknown, /* not initialized yet. */ + bs2_noFORK, /* no fork() because -X flag was specified */ + bs2_FORK, /* only fork() because uid != 0 */ + bs2_UFORK /* Normally, ufork() is used to switch identities. */ +} bs2_ForkType; + +static bs2_ForkType forktype = bs2_unknown; + + +static void ap_str_toupper(char *str) +{ + while (*str) { + *str = apr_toupper(*str); + ++str; + } } +/* Determine the method for forking off a child in such a way as to + * set both the POSIX and BS2000 user id's to the unprivileged user. + */ +static bs2_ForkType os_forktype(int one_process) +{ + /* have we checked the OS version before? If yes return the previous + * result - the OS release isn't going to change suddenly! + */ + if (forktype == bs2_unknown) { + /* not initialized yet */ + + /* No fork if the one_process option was set */ + if (one_process) { + forktype = bs2_noFORK; + } + /* If the user is unprivileged, use the normal fork() only. */ + else if (getuid() != 0) { + forktype = bs2_FORK; + } + else + forktype = bs2_UFORK; + } + return forktype; +} + + + +/* This routine complements the setuid() call: it causes the BS2000 job + * environment to be switched to the target user's user id. + * That is important if CGI scripts try to execute native BS2000 commands. + */ +int os_init_job_environment(server_rec *server, const char *user_name, int one_process) +{ + bs2_ForkType type = os_forktype(one_process); + + /* We can be sure that no change to uid==0 is possible because of + * the checks in http_core.c:set_user() + */ + + if (one_process) { + + type = forktype = bs2_noFORK; + + ap_log_error(APLOG_MARK, APLOG_ERR, 0, server, + "The debug mode of Apache should only " + "be started by an unprivileged user!"); + return 0; + } + + return 0; +} + +/* BS2000 requires a "special" version of fork() before a setuid() call */ +pid_t os_fork(const char *user) +{ + pid_t pid; + char username[USER_LEN+1]; + + switch (os_forktype(0)) { + + case bs2_FORK: + pid = fork(); + break; + + case bs2_UFORK: + apr_cpystrn(username, user, sizeof username); + + /* Make user name all upper case - for some versions of ufork() */ + ap_str_toupper(username); + + pid = ufork(username); + if (pid == -1 && errno == EPERM) { + ap_log_error(APLOG_MARK, APLOG_EMERG, errno, + NULL, "ufork: Possible mis-configuration " + "for user %s - Aborting.", user); + exit(1); + } + break; + + default: + pid = 0; + break; + } + + return pid; +} + +#else /* _OSD_POSIX */ +void bs2000_os_is_not_here() +{ +} +#endif /* _OSD_POSIX */ diff --git a/os/bs2000/os.h b/os/bs2000/os.h index 15ad0a7d5d..282cc257db 100644 --- a/os/bs2000/os.h +++ b/os/bs2000/os.h @@ -56,12 +56,12 @@ * University of Illinois, Urbana-Champaign. */ -#ifndef APACHE_OS_H -#define APACHE_OS_H +#ifndef APACHE_OS_BS2000_H +#define APACHE_OS_BS2000_H #define PLATFORM "BS2000" -#include "apr.h" +#include "../unix/os.h" /* * This file in included in all Apache source code. It contains definitions @@ -73,4 +73,4 @@ extern pid_t os_fork(const char *user); -#endif /*! APACHE_OS_H*/ +#endif /* APACHE_OS_BS2000_H */ diff --git a/server/core.c b/server/core.c index 9999e0932d..5ed2fe1ab5 100644 --- a/server/core.c +++ b/server/core.c @@ -2314,18 +2314,6 @@ static const char *set_authname(cmd_parms *cmd, void *mconfig, return NULL; } -#ifdef _OSD_POSIX /* BS2000 Logon Passwd file */ -static const char *set_bs2000_account(cmd_parms *cmd, void *dummy, char *name) -{ - const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); - if (err != NULL) { - return err; - } - - return os_set_account(cmd->pool, name); -} -#endif /*_OSD_POSIX*/ - /* * Handle a request to include the server's OS platform in the Server * response header field (the ServerTokens directive). Unfortunately @@ -3033,10 +3021,6 @@ AP_INIT_TAKE1("LogLevel", set_loglevel, NULL, RSRC_CONF, "Level of verbosity in error logging"), AP_INIT_TAKE1("NameVirtualHost", ap_set_name_virtual_host, NULL, RSRC_CONF, "A numeric IP address:port, or the name of a host"), -#ifdef _OSD_POSIX -AP_INIT_TAKE1("BS2000Account", set_bs2000_account, NULL, RSRC_CONF, - "Name of server User's bs2000 logon account name"), -#endif AP_INIT_TAKE1("ServerTokens", set_serv_tokens, NULL, RSRC_CONF, "Determine tokens displayed in the Server: header - Min(imal), OS or Full"), AP_INIT_TAKE1("LimitRequestLine", set_limit_req_line, NULL, RSRC_CONF, |