summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/httpd.h1
-rw-r--r--os/bs2000/bs2login.c308
-rw-r--r--os/bs2000/os.c125
-rw-r--r--os/bs2000/os.h8
-rw-r--r--server/core.c16
5 files changed, 121 insertions, 337 deletions
diff --git a/include/httpd.h b/include/httpd.h
index cfbbab6c13..256b3fc1c3 100644
--- a/include/httpd.h
+++ b/include/httpd.h
@@ -1616,7 +1616,6 @@ AP_DECLARE(int) ap_is_rdirectory(apr_pool_t *p, const char *name);
AP_DECLARE(int) ap_is_directory(apr_pool_t *p, const char *name);
#ifdef _OSD_POSIX
-extern const char *os_set_account(apr_pool_t *p, const char *account);
extern int os_init_job_environment(server_rec *s, const char *user_name, int one_process);
#endif /* _OSD_POSIX */
diff --git a/os/bs2000/bs2login.c b/os/bs2000/bs2login.c
deleted file mode 100644
index 3f64c39a24..0000000000
--- a/os/bs2000/bs2login.c
+++ /dev/null
@@ -1,308 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation. All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- * if any, must include the following acknowledgment:
- * "This product includes software developed by the
- * Apache Software Foundation (http://www.apache.org/)."
- * Alternately, this acknowledgment may appear in the software itself,
- * if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- * not be used to endorse or promote products derived from this
- * software without prior written permission. For written
- * permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- * nor may "Apache" appear in their name, without prior written
- * permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation. For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifdef _OSD_POSIX
-#include "httpd.h"
-#include "http_config.h"
-#include "http_log.h"
-#include <ctype.h>
-#include <sys/utsname.h>
-
-#define ACCT_LEN 8
-#define USER_LEN 8
-
-static const char *bs2000_account = NULL;
-typedef enum
-{
- bs2_unknown, /* not initialized yet. */
- bs2_noFORK, /* no fork() because -X flag was specified */
- bs2_FORK, /* only fork() because uid != 0 */
- bs2_FORK_RINI, /* prior to A17, regular fork() and _rini() was used. */
- bs2_RFORK_RINI, /* for A17, use of _rfork() and _rini() was required */
- bs2_UFORK /* As of A18, the new ufork() is used. */
-} bs2_ForkType;
-
-static bs2_ForkType forktype = bs2_unknown;
-
-#if !defined(_POSIX_SOURCE) && !defined(_XOPEN_SOURCE)
-typedef struct {
- char *username;
- char *account;
- char *processor_name;
-} _rini_struct;
-
-extern int _rini(_rini_struct *);
-#endif /* !defined(_POSIX_SOURCE) && !defined(_XOPEN_SOURCE) */
-
-
-static void ap_pad(char *dest, size_t size, char ch)
-{
- int i = strlen(dest); /* Leave space for trailing '\0' */
-
- while (i < size-1)
- dest[i++] = ch;
-
- dest[size-1] = '\0'; /* Guarantee for trailing '\0' */
-}
-
-static void ap_str_toupper(char *str)
-{
- while (*str) {
- *str = apr_toupper(*str);
- ++str;
- }
-}
-
-/* Determine the method for forking off a child in such a way as to
- * set both the POSIX and BS2000 user id's to the unprivileged user.
- */
-static bs2_ForkType os_forktype(void)
-{
- struct utsname os_version;
-
- /* have we checked the OS version before? If yes return the previous
- * result - the OS release isn't going to change suddenly!
- */
- if (forktype != bs2_unknown) {
- return forktype;
- }
-
- /* If the user is unprivileged, use the normal fork() only. */
- if (getuid() != 0) {
- return forktype = bs2_FORK;
- }
-
- if (uname(&os_version) < 0)
- {
- ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,
- "uname() failed - aborting.");
- exit(APEXIT_CHILDFATAL);
- }
-
- /*
- * Old BS2000/OSD versions (before XPG4 SPEC1170) don't work with Apache.
- * Anyway, simply return a fork().
- */
- if (strcmp(os_version.release, "01.0A") == 0 ||
- strcmp(os_version.release, "02.0A") == 0 ||
- strcmp(os_version.release, "02.1A") == 0)
- {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
- "Error: unsupported OS version. "
- "You may encounter problems.");
- forktype = bs2_FORK;
- }
-
- /* The following versions are special:
- * OS versions before A17 needs regular fork() and _rini().
- * A17 requires _rfork() and _rini(),
- * and later versions need ufork().
- */
- else if (strcmp(os_version.release, "01.1A") == 0 ||
- strcmp(os_version.release, "03.0A") == 0 ||
- strcmp(os_version.release, "03.1A") == 0 ||
- strcmp(os_version.release, "04.0A") == 0)
- {
- if (strcmp (os_version.version, "A18") >= 0)
- forktype = bs2_UFORK;
-
- else if (strcmp (os_version.version, "A17") < 0)
- forktype = bs2_FORK_RINI;
-
- else
- forktype = bs2_RFORK_RINI;
- }
-
- /* All later OS versions will hopefully use ufork() only ;-) */
- else
- forktype = bs2_UFORK;
-
- return forktype;
-}
-
-
-
-/* This routine is called by http_core for the BS2000Account directive */
-/* It stores the account name for later use */
-const char *os_set_account(apr_pool_t *p, const char *account)
-{
- char account_temp[ACCT_LEN+1];
-
- apr_cpystrn(account_temp, account, sizeof account_temp);
-
- /* Make account all upper case */
- ap_str_toupper(account_temp);
-
- /* Pad to length 8 */
- ap_pad(account_temp, sizeof account_temp, ' ');
-
- bs2000_account = apr_pstrdup(p, account_temp);
- return NULL;
-}
-
-/* This routine complements the setuid() call: it causes the BS2000 job
- * environment to be switched to the target user's user id.
- * That is important if CGI scripts try to execute native BS2000 commands.
- */
-int os_init_job_environment(server_rec *server, const char *user_name, int one_process)
-{
- _rini_struct inittask;
- char username[USER_LEN+1];
- int save_errno;
- bs2_ForkType type = os_forktype();
-
- /* We can be sure that no change to uid==0 is possible because of
- * the checks in http_core.c:set_user()
- */
-
- /* The _rini() function works only after a prior _rfork().
- * In the case of one_process, it would fail.
- */
- if (one_process) {
-
- type = forktype = bs2_noFORK;
-
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, server,
- "The debug mode of Apache should only "
- "be started by an unprivileged user!");
- return 0;
- }
-
- /* If no _rini() is required, then return quickly. */
- if (type != bs2_RFORK_RINI && type != bs2_FORK_RINI)
- return 0;
-
- /* An Account is required for _rini() */
- if (bs2000_account == NULL)
- {
- ap_log_error(APLOG_MARK, APLOG_ALERT, 0, server,
- "No BS2000Account configured - cannot switch to User %s",
- user_name);
- exit(APEXIT_CHILDFATAL);
- }
-
- apr_cpystrn(username, user_name, sizeof username);
-
- /* Make user name all upper case */
- ap_str_toupper(username);
-
- /* Pad to length 8 */
- ap_pad(username, sizeof username, ' ');
-
- inittask.username = username;
- inittask.account = bs2000_account;
- inittask.processor_name = " ";
-
- /* Switch to the new logon user (setuid() and setgid() are done later) */
- /* Only the super user can switch identities. */
- if (_rini(&inittask) != 0) {
-
- ap_log_error(APLOG_MARK, APLOG_ALERT, errno, server,
- "_rini: BS2000 auth failed for user \"%s\" acct \"%s\"",
- inittask.username, inittask.account);
-
- exit(APEXIT_CHILDFATAL);
- }
-
- return 0;
-}
-
-/* BS2000 requires a "special" version of fork() before a setuid()/_rini() call */
-pid_t os_fork(const char *user)
-{
- pid_t pid;
- char username[USER_LEN+1];
-
- switch (os_forktype()) {
- case bs2_FORK:
- case bs2_FORK_RINI:
- pid = fork();
- break;
-
- case bs2_RFORK_RINI:
- pid = _rfork();
- break;
-
- case bs2_UFORK:
- apr_cpystrn(username, user, sizeof username);
-
- /* Make user name all upper case - for some versions of ufork() */
- ap_str_toupper(username);
-
- pid = ufork(username);
- if (pid == -1 && errno == EPERM) {
- ap_log_error(APLOG_MARK, APLOG_EMERG, errno,
- NULL, "ufork: Possible mis-configuration "
- "for user %s - Aborting.", user);
- exit(1);
- }
- break;
-
- default:
- pid = 0;
- break;
- }
-
- return pid;
-}
-
-#else /* _OSD_POSIX */
-void bs2login_is_not_here()
-{
-}
-#endif /* _OSD_POSIX */
diff --git a/os/bs2000/os.c b/os/bs2000/os.c
index dd825fe0b3..6d3ec26ac1 100644
--- a/os/bs2000/os.c
+++ b/os/bs2000/os.c
@@ -61,16 +61,125 @@
* Any inlineable functions should be defined in os-inline.c instead.
*/
-#include "httpd.h"
+#ifdef _OSD_POSIX
+
#include "os.h"
-AP_DECLARE(apr_status_t) ap_os_create_privileged_process(
- const request_rec *r,
- apr_proc_t *newproc, const char *progname,
- const char * const *args,
- const char * const *env,
- apr_procattr_t *attr, apr_pool_t *p)
+#include "httpd.h"
+#include "http_config.h"
+#include "http_log.h"
+#include "apr_lib.h"
+
+#define USER_LEN 8
+
+typedef enum
{
- return apr_proc_create(newproc, progname, args, env, attr, p);
+ bs2_unknown, /* not initialized yet. */
+ bs2_noFORK, /* no fork() because -X flag was specified */
+ bs2_FORK, /* only fork() because uid != 0 */
+ bs2_UFORK /* Normally, ufork() is used to switch identities. */
+} bs2_ForkType;
+
+static bs2_ForkType forktype = bs2_unknown;
+
+
+static void ap_str_toupper(char *str)
+{
+ while (*str) {
+ *str = apr_toupper(*str);
+ ++str;
+ }
}
+/* Determine the method for forking off a child in such a way as to
+ * set both the POSIX and BS2000 user id's to the unprivileged user.
+ */
+static bs2_ForkType os_forktype(int one_process)
+{
+ /* have we checked the OS version before? If yes return the previous
+ * result - the OS release isn't going to change suddenly!
+ */
+ if (forktype == bs2_unknown) {
+ /* not initialized yet */
+
+ /* No fork if the one_process option was set */
+ if (one_process) {
+ forktype = bs2_noFORK;
+ }
+ /* If the user is unprivileged, use the normal fork() only. */
+ else if (getuid() != 0) {
+ forktype = bs2_FORK;
+ }
+ else
+ forktype = bs2_UFORK;
+ }
+ return forktype;
+}
+
+
+
+/* This routine complements the setuid() call: it causes the BS2000 job
+ * environment to be switched to the target user's user id.
+ * That is important if CGI scripts try to execute native BS2000 commands.
+ */
+int os_init_job_environment(server_rec *server, const char *user_name, int one_process)
+{
+ bs2_ForkType type = os_forktype(one_process);
+
+ /* We can be sure that no change to uid==0 is possible because of
+ * the checks in http_core.c:set_user()
+ */
+
+ if (one_process) {
+
+ type = forktype = bs2_noFORK;
+
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, server,
+ "The debug mode of Apache should only "
+ "be started by an unprivileged user!");
+ return 0;
+ }
+
+ return 0;
+}
+
+/* BS2000 requires a "special" version of fork() before a setuid() call */
+pid_t os_fork(const char *user)
+{
+ pid_t pid;
+ char username[USER_LEN+1];
+
+ switch (os_forktype(0)) {
+
+ case bs2_FORK:
+ pid = fork();
+ break;
+
+ case bs2_UFORK:
+ apr_cpystrn(username, user, sizeof username);
+
+ /* Make user name all upper case - for some versions of ufork() */
+ ap_str_toupper(username);
+
+ pid = ufork(username);
+ if (pid == -1 && errno == EPERM) {
+ ap_log_error(APLOG_MARK, APLOG_EMERG, errno,
+ NULL, "ufork: Possible mis-configuration "
+ "for user %s - Aborting.", user);
+ exit(1);
+ }
+ break;
+
+ default:
+ pid = 0;
+ break;
+ }
+
+ return pid;
+}
+
+#else /* _OSD_POSIX */
+void bs2000_os_is_not_here()
+{
+}
+#endif /* _OSD_POSIX */
diff --git a/os/bs2000/os.h b/os/bs2000/os.h
index 15ad0a7d5d..282cc257db 100644
--- a/os/bs2000/os.h
+++ b/os/bs2000/os.h
@@ -56,12 +56,12 @@
* University of Illinois, Urbana-Champaign.
*/
-#ifndef APACHE_OS_H
-#define APACHE_OS_H
+#ifndef APACHE_OS_BS2000_H
+#define APACHE_OS_BS2000_H
#define PLATFORM "BS2000"
-#include "apr.h"
+#include "../unix/os.h"
/*
* This file in included in all Apache source code. It contains definitions
@@ -73,4 +73,4 @@
extern pid_t os_fork(const char *user);
-#endif /*! APACHE_OS_H*/
+#endif /* APACHE_OS_BS2000_H */
diff --git a/server/core.c b/server/core.c
index 9999e0932d..5ed2fe1ab5 100644
--- a/server/core.c
+++ b/server/core.c
@@ -2314,18 +2314,6 @@ static const char *set_authname(cmd_parms *cmd, void *mconfig,
return NULL;
}
-#ifdef _OSD_POSIX /* BS2000 Logon Passwd file */
-static const char *set_bs2000_account(cmd_parms *cmd, void *dummy, char *name)
-{
- const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
- if (err != NULL) {
- return err;
- }
-
- return os_set_account(cmd->pool, name);
-}
-#endif /*_OSD_POSIX*/
-
/*
* Handle a request to include the server's OS platform in the Server
* response header field (the ServerTokens directive). Unfortunately
@@ -3033,10 +3021,6 @@ AP_INIT_TAKE1("LogLevel", set_loglevel, NULL, RSRC_CONF,
"Level of verbosity in error logging"),
AP_INIT_TAKE1("NameVirtualHost", ap_set_name_virtual_host, NULL, RSRC_CONF,
"A numeric IP address:port, or the name of a host"),
-#ifdef _OSD_POSIX
-AP_INIT_TAKE1("BS2000Account", set_bs2000_account, NULL, RSRC_CONF,
- "Name of server User's bs2000 logon account name"),
-#endif
AP_INIT_TAKE1("ServerTokens", set_serv_tokens, NULL, RSRC_CONF,
"Determine tokens displayed in the Server: header - Min(imal), OS or Full"),
AP_INIT_TAKE1("LimitRequestLine", set_limit_req_line, NULL, RSRC_CONF,