1 files changed, 227 insertions, 0 deletions
diff --git a/os/beos/beosd.c b/os/beos/beosd.c
new file mode 100644
index 0000000000..af364c6989
--- /dev/null
+++ b/os/beos/beosd.c
@@ -0,0 +1,227 @@
+/* ====================================================================
+ * Copyright (c) 1998-1999 The Apache Group.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the Apache Group
+ *    for use in the Apache HTTP server project (http://www.apache.org/)."
+ *
+ * 4. The names "Apache Server" and "Apache Group" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache"
+ *    nor may "Apache" appear in their names without prior written
+ *    permission of the Apache Group.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the Apache Group
+ *    for use in the Apache HTTP server project (http://www.apache.org/)."
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE APACHE GROUP OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Group and was originally based
+ * on public domain software written at the National Center for
+ * Supercomputing Applications, University of Illinois, Urbana-Champaign.
+ * For more information on the Apache Group and the Apache HTTP server
+ * project, please see <http://www.apache.org/>.
+ *
+ */
+
+#include "httpd.h"
+#include "http_config.h"
+#include "http_main.h"
+#include "http_log.h"
+#include "unixd.h"
+
+unixd_config_rec unixd_config;
+
+void unixd_detach(void)
+{
+    int x;
+    pid_t pgrp;
+
+    chdir("/");
+
+    if ((x = fork()) > 0)
+	exit(0);
+    else if (x == -1) {
+	perror("fork");
+	fprintf(stderr, "%s: unable to fork new process\n", ap_server_argv0);
+	exit(1);
+    }
+    RAISE_SIGSTOP(DETACH);
+
+#ifndef NO_SETSID
+    if ((pgrp = setsid()) == -1) {
+	perror("setsid");
+	fprintf(stderr, "%s: setsid failed\n", ap_server_argv0);
+	exit(1);
+    }
+#else
+    if ((pgrp = setpgrp(getpid(), 0)) == -1) {
+	perror("setpgrp");
+	fprintf(stderr, "%s: setpgrp failed\n", ap_server_argv0);
+	exit(1);
+    }
+#endif
+
+    /* close out the standard file descriptors */
+    if (freopen("/dev/null", "r", stdin) == NULL) {
+	fprintf(stderr, "%s: unable to replace stdin with /dev/null: %s\n",
+		ap_server_argv0, strerror(errno));
+	/* continue anyhow -- note we can't close out descriptor 0 because we
+	 * have nothing to replace it with, and if we didn't have a descriptor
+	 * 0 the next file would be created with that value ... leading to
+	 * havoc.
+	 */
+    }
+    if (freopen("/dev/null", "w", stdout) == NULL) {
+	fprintf(stderr, "%s: unable to replace stdout with /dev/null: %s\n",
+		ap_server_argv0, strerror(errno));
+    }
+    /* stderr is a tricky one, we really want it to be the error_log,
+     * but we haven't opened that yet.  So leave it alone for now and it'll
+     * be reopened moments later.
+     */
+}
+
+/* Set group privileges.
+ *
+ * Note that we use the username as set in the config files, rather than
+ * the lookup of to uid --- the same uid may have multiple passwd entries,
+ * with different sets of groups for each.
+ */
+
+static int set_group_privs(void)
+{
+    if (!geteuid()) {
+	char *name;
+
+	/* Get username if passed as a uid */
+
+	if (unixd_config.user_name[0] == '#') {
+	    struct passwd *ent;
+	    uid_t uid = atoi(&unixd_config.user_name[1]);
+
+	    if ((ent = getpwuid(uid)) == NULL) {
+		ap_log_error(APLOG_MARK, APLOG_ALERT, NULL,
+			 "getpwuid: couldn't determine user name from uid %u, "
+			 "you probably need to modify the User directive",
+			 (unsigned)uid);
+		return -1;
+	    }
+
+	    name = ent->pw_name;
+	}
+	else
+	    name = unixd_config.user_name;
+
+	if (setgid(unixd_config.group_id) == -1) {
+	    ap_log_error(APLOG_MARK, APLOG_ALERT, NULL,
+			"setgid: unable to set group id to Group %u",
+			(unsigned)unixd_config.group_id);
+	    return -1;
+	}
+
+	/* Reset `groups' attributes. */
+
+	if (initgroups(name, unixd_config.group_id) == -1) {
+	    ap_log_error(APLOG_MARK, APLOG_ALERT, NULL,
+			"initgroups: unable to set groups for User %s "
+			"and Group %u", name, (unsigned)unixd_config.group_id);
+	    return -1;
+	}
+    }
+    return 0;
+}
+
+
+int unixd_setup_child(void)
+{
+    if (set_group_privs()) {
+	return -1;
+    }
+
+    /* Only try to switch if we're running as root */
+    if (!geteuid() && (
+	setuid(unixd_config.user_id) == -1)) {
+	ap_log_error(APLOG_MARK, APLOG_ALERT, NULL,
+		    "setuid: unable to change uid");
+	return -1;
+    }
+    return 0;
+}
+
+
+const char *unixd_set_user(cmd_parms *cmd, void *dummy, char *arg)
+{
+    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+    if (err != NULL) {
+        return err;
+    }
+
+    unixd_config.user_name = arg;
+    unixd_config.user_id = ap_uname2id(arg);
+#if !defined (BIG_SECURITY_HOLE) && !defined (OS2)
+    if (unixd_config.user_id == 0) {
+	return "Error:\tApache has not been designed to serve pages while\n"
+		"\trunning as root.  There are known race conditions that\n"
+		"\twill allow any local user to read any file on the system.\n"
+		"\tIf you still desire to serve pages as root then\n"
+		"\tadd -DBIG_SECURITY_HOLE to the EXTRA_CFLAGS line in your\n"
+		"\tsrc/Configuration file and rebuild the server.  It is\n"
+		"\tstrongly suggested that you instead modify the User\n"
+		"\tdirective in your httpd.conf file to list a non-root\n"
+		"\tuser.\n";
+    }
+#endif
+
+    return NULL;
+}
+
+const char *unixd_set_group(cmd_parms *cmd, void *dummy, char *arg)
+{
+    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+    if (err != NULL) {
+        return err;
+    }
+
+    unixd_config.group_id = ap_gname2id(arg);
+
+    return NULL;
+}
+
+void unixd_pre_config(void)
+{
+    unixd_config.user_name = DEFAULT_USER;
+    unixd_config.user_id = ap_uname2id(DEFAULT_USER);
+    unixd_config.group_id = ap_gname2id(DEFAULT_GROUP);
+}