You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@apr.apache.org by Luke Kenneth Casson Leighton <lk...@samba-tng.org> on 2001/07/09 22:26:59 UTC
exploration of APR goes on
hiya,
well, i'm exploring APR more and more for xvl development (we're up!
http://xmlvl.net).
i just wanted to let you know a few things:
1) as i find out more, i get more impressed. each time i want
to add a bit more code or convert some over, i find in almost
95% of cases that the functionality in APR just points the way.
i converted over the file code to apr (2 hours). the
directory-listing to apr (2 hours). i got a bit
confused about which thing to use in an apr_finfo_t:
fname or name, that _is_ really odd, guys :)
apr_proc_create()? simple! easy! love it!
2) the similarities to the data structures needed by samba,
and those created for APR usage, are freaky :) this bodes
well for cliffs (auto-generated SMB client and server - an
alternative to samba)
3) the 5% missing bits i've found so far are:
- getuid() i assume that this has been discussed? i have
to get latest httpd-2 to find out how this has been tackled.
instead i have to do a getenv('USER') [yes, yuck].
- signal handling / blocking. i am very concerned by the
recent report by todd sabin on razor.bindview.com about
80% of unix programs being vulnerable to signal attacks
(esp. SIG_PIPE). so i am going to leave in the signal
blocking - even though it will make it impossible to compile
on Win32. i can't find any equivalent functionality in
APR to stop certain kinds of signals or to trap SIG_TERM
and call a fault_cleanup(). am i missing something?
- getenv() i'm going to assume that every system has getenv()
because i can't find one in APR, but i see that the apache
1.3.x code uses getenv...
anyway, should get back to work now.
i love code that makes life easy.
luke
Re: exploration of APR goes on
Posted by Luke Kenneth Casson Leighton <lk...@samba-tng.org>.
hey, guys, unless it's like bugging you or captivated
your interest, don't worry about it: i have a fix,
albeit not a nice one :)
On Tue, Jul 10, 2001 at 01:15:48AM +0200, Sander Striker wrote:
> > On Tue, 10 Jul 2001, Luke Kenneth Casson Leighton wrote:
> >
> > > ImpersonateLoggedOnUser? same thing as ImpersonateNamedPipeClient.
> > >
> > > i.e. you can only impersonate an existing user IF you have a handle
> > > to that user.
> >
> > The other problem with ImpersonateLoggedOnUser AFAICT is that you can
> > apparently call RevertToSelf() which does what it sounds like. That's
> > generally undesirable in the contexts we're talking about...
>
> Ok, well maybe OpenThreadToken() and SetThreadToken() could be usefull?
> As you can see, I'm just going over the API, looking for leads :(
> Maybe someone out there knows how it's done?
>
> > --Cliff
>
> Sander
RE: exploration of APR goes on
Posted by Cliff Woolley <cl...@yahoo.com>.
On Tue, 10 Jul 2001, Sander Striker wrote:
> Ok, well maybe OpenThreadToken() and SetThreadToken() could be usefull?
I haven't looked at those yet, but I will. CreateProcessAsUser() might be
at least tangentially useful, as well...
> As you can see, I'm just going over the API, looking for leads :(
Same here. :-/ Why does MS insist on reinventing the wheel? <sigh>
--Cliff
--------------------------------------------------------------
Cliff Woolley
cliffwoolley@yahoo.com
Charlottesville, VA
RE: exploration of APR goes on
Posted by Sander Striker <st...@apache.org>.
> On Tue, 10 Jul 2001, Luke Kenneth Casson Leighton wrote:
>
> > ImpersonateLoggedOnUser? same thing as ImpersonateNamedPipeClient.
> >
> > i.e. you can only impersonate an existing user IF you have a handle
> > to that user.
>
> The other problem with ImpersonateLoggedOnUser AFAICT is that you can
> apparently call RevertToSelf() which does what it sounds like. That's
> generally undesirable in the contexts we're talking about...
Ok, well maybe OpenThreadToken() and SetThreadToken() could be usefull?
As you can see, I'm just going over the API, looking for leads :(
Maybe someone out there knows how it's done?
> --Cliff
Sander
Re: exploration of APR goes on
Posted by Cliff Woolley <cl...@yahoo.com>.
On Tue, 10 Jul 2001, Luke Kenneth Casson Leighton wrote:
> ImpersonateLoggedOnUser? same thing as ImpersonateNamedPipeClient.
>
> i.e. you can only impersonate an existing user IF you have a handle
> to that user.
The other problem with ImpersonateLoggedOnUser AFAICT is that you can
apparently call RevertToSelf() which does what it sounds like. That's
generally undesirable in the contexts we're talking about...
--Cliff
--------------------------------------------------------------
Cliff Woolley
cliffwoolley@yahoo.com
Charlottesville, VA
Re: exploration of APR goes on
Posted by Luke Kenneth Casson Leighton <lk...@samba-tng.org>.
On Tue, Jul 10, 2001 at 12:49:38AM +0200, Sander Striker wrote:
> > > > so there's no means to obtain _current_ user id of running
> > > > process, only a lookup from a username (or userid).
> > >
> > > Not yet. Nobody has needed that ability so far. Feel free to implement
> > > it though. APR follows a VERY simple rule. We don't implement
> > a feature
> > > until it is needed. :-)
> >
> > ack!
> >
> > > One warning, I have no idea how this would work on Windows. In
> > order for
> > > this to really be useful, we have to figure that piece out.
> >
> > yep.
> >
> > i mean, i can get away with getenv('USER') and to be honest, it
> > doesn't bother me. it might bother other people though.
> >
> > btw, just so you know: i know it _is_ possible else how would
> > cygwin work?
> >
> > .... and i do know that jeremy had a hell of a time getting setuid()
> > to work. it's almost impossible: none of the published APIs
> > describe how to do it. you can 'impersonate' an existing context
> > e.g. ImpersonateNamedPipeClient or similar but you can't
> > actually do a sudo. okay, it's been done, recently, and there
> > does exist SU.EXE, but still.... :)
>
> Check out:
>
> LogonUser -
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/hh
> /winbase/accclsrv_9cfm.asp
>
> ImpersonateLoggedOnUser -
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/hh
> /winbase/accclsrv_0jle.asp
>
>
> Maybe that can do the trick?
don't know about LogonUser. yes i do: it has to have a password.
ImpersonateLoggedOnUser? same thing as ImpersonateNamedPipeClient.
i.e. you can only impersonate an existing user IF you have a handle
to that user.
there is no published public API to *create* a new user context.
it's buried. i think the ntinternals, the bindview or other
security people have probably found an 'undocumented' API, but
that's not the sort of thing you put into soemthing like APR.
luke
RE: exploration of APR goes on
Posted by Sander Striker <st...@apache.org>.
> > > so there's no means to obtain _current_ user id of running
> > > process, only a lookup from a username (or userid).
> >
> > Not yet. Nobody has needed that ability so far. Feel free to implement
> > it though. APR follows a VERY simple rule. We don't implement
> a feature
> > until it is needed. :-)
>
> ack!
>
> > One warning, I have no idea how this would work on Windows. In
> order for
> > this to really be useful, we have to figure that piece out.
>
> yep.
>
> i mean, i can get away with getenv('USER') and to be honest, it
> doesn't bother me. it might bother other people though.
>
> btw, just so you know: i know it _is_ possible else how would
> cygwin work?
>
> .... and i do know that jeremy had a hell of a time getting setuid()
> to work. it's almost impossible: none of the published APIs
> describe how to do it. you can 'impersonate' an existing context
> e.g. ImpersonateNamedPipeClient or similar but you can't
> actually do a sudo. okay, it's been done, recently, and there
> does exist SU.EXE, but still.... :)
Check out:
LogonUser -
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/hh
/winbase/accclsrv_9cfm.asp
ImpersonateLoggedOnUser -
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/hh
/winbase/accclsrv_0jle.asp
Maybe that can do the trick?
Sander
Re: exploration of APR goes on
Posted by Luke Kenneth Casson Leighton <lk...@samba-tng.org>.
> > so there's no means to obtain _current_ user id of running
> > process, only a lookup from a username (or userid).
>
> Not yet. Nobody has needed that ability so far. Feel free to implement
> it though. APR follows a VERY simple rule. We don't implement a feature
> until it is needed. :-)
ack!
> One warning, I have no idea how this would work on Windows. In order for
> this to really be useful, we have to figure that piece out.
yep.
i mean, i can get away with getenv('USER') and to be honest, it
doesn't bother me. it might bother other people though.
btw, just so you know: i know it _is_ possible else how would
cygwin work?
... and i do know that jeremy had a hell of a time getting setuid()
to work. it's almost impossible: none of the published APIs
describe how to do it. you can 'impersonate' an existing context
e.g. ImpersonateNamedPipeClient or similar but you can't
actually do a sudo. okay, it's been done, recently, and there
does exist SU.EXE, but still.... :)
Re: exploration of APR goes on
Posted by rb...@covalent.net.
On Mon, 9 Jul 2001, Luke Kenneth Casson Leighton wrote:
> On Mon, Jul 09, 2001 at 05:01:25PM -0400, Cliff Woolley wrote:
> > On Mon, 9 Jul 2001, Luke Kenneth Casson Leighton wrote:
> >
> >
> > > 3) the 5% missing bits i've found so far are:
> > >
> > > - getuid() i assume that this has been discussed? i have
> > > to get latest httpd-2 to find out how this has been tackled.
> > > instead i have to do a getenv('USER') [yes, yuck].
> >
> > Take a look at apr_get_userid(), which among other things is in the "user"
> > subdirectory of APR.
>
> it doesn't do getuid() / geteuid() - it does getpwnam / getpwuid.
>
> so there's no means to obtain _current_ user id of running
> process, only a lookup from a username (or userid).
Not yet. Nobody has needed that ability so far. Feel free to implement
it though. APR follows a VERY simple rule. We don't implement a feature
until it is needed. :-)
One warning, I have no idea how this would work on Windows. In order for
this to really be useful, we have to figure that piece out.
Ryan
_____________________________________________________________________________
Ryan Bloom rbb@apache.org
Covalent Technologies rbb@covalent.net
-----------------------------------------------------------------------------
Re: exploration of APR goes on
Posted by Cliff Woolley <cl...@yahoo.com>.
On Mon, 9 Jul 2001, Luke Kenneth Casson Leighton wrote:
> it doesn't do getuid() / geteuid() - it does getpwnam / getpwuid.
>
> so there's no means to obtain _current_ user id of running
> process, only a lookup from a username (or userid).
Oh, duh, yeah, you're right. Sorry, wasn't thinking. I guess we should
add that as a new function...
--Cliff
--------------------------------------------------------------
Cliff Woolley
cliffwoolley@yahoo.com
Charlottesville, VA
Re: exploration of APR goes on
Posted by Luke Kenneth Casson Leighton <lk...@samba-tng.org>.
On Mon, Jul 09, 2001 at 05:01:25PM -0400, Cliff Woolley wrote:
> On Mon, 9 Jul 2001, Luke Kenneth Casson Leighton wrote:
>
>
> > 3) the 5% missing bits i've found so far are:
> >
> > - getuid() i assume that this has been discussed? i have
> > to get latest httpd-2 to find out how this has been tackled.
> > instead i have to do a getenv('USER') [yes, yuck].
>
> Take a look at apr_get_userid(), which among other things is in the "user"
> subdirectory of APR.
it doesn't do getuid() / geteuid() - it does getpwnam / getpwuid.
so there's no means to obtain _current_ user id of running
process, only a lookup from a username (or userid).
when a NULL name or NULL uid is passed in to apr_get_userid(),
it returns an APR error.
i did check :)
all best,
luke
Re: exploration of APR goes on
Posted by Cliff Woolley <cl...@yahoo.com>.
On Mon, 9 Jul 2001, Luke Kenneth Casson Leighton wrote:
> 3) the 5% missing bits i've found so far are:
>
> - getuid() i assume that this has been discussed? i have
> to get latest httpd-2 to find out how this has been tackled.
> instead i have to do a getenv('USER') [yes, yuck].
Take a look at apr_get_userid(), which among other things is in the "user"
subdirectory of APR.
> i love code that makes life easy.
=-)
--Cliff
--------------------------------------------------------------
Cliff Woolley
cliffwoolley@yahoo.com
Charlottesville, VA