You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rb...@locus.apache.org on 2000/12/23 04:15:17 UTC
cvs commit: httpd-2.0/support suexec.c suexec.h
rbb 00/12/22 19:15:16
Modified: . CHANGES configure.in
support suexec.c suexec.h
Log:
Allow SuExec to be configured from the ./configure command line
Revision Changes Path
1.23 +3 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- CHANGES 2000/12/23 01:46:41 1.22
+++ CHANGES 2000/12/23 03:15:15 1.23
@@ -1,5 +1,8 @@
Changes with Apache 2.0b1
+ *) Allow SuExec to be configured from the ./configure command line.
+ [Ryan Bloom]
+
*) Update some of the docs in README and INSTALL to reflect some of
the changes in Apache 2.0 [Cliff Woolley <cl...@yahoo.com>]
1.108 +29 -0 httpd-2.0/configure.in
Index: configure.in
===================================================================
RCS file: /home/cvs/httpd-2.0/configure.in,v
retrieving revision 1.107
retrieving revision 1.108
diff -u -r1.107 -r1.108
--- configure.in 2000/12/22 22:44:45 1.107
+++ configure.in 2000/12/23 03:15:15 1.108
@@ -169,6 +169,35 @@
progname="$withval" ], [
progname="httpd"] )
+# SuExec parameters
+AC_ARG_WITH(suexec-caller,
+[ --with-suexec-caller=User allowed to call SuExec],[
+ AC_DEFINE_UNQUOTED(AP_HTTPD_USER, $withval, [User allowed to call SuExec] ) ] )
+
+AC_ARG_WITH(suexec-userdir,
+[ --with-suexec-userdir=User subdirectory],[
+ AC_DEFINE_UNQUOTED(AP_USERDIR_SUFFIX, $withval, [User subdirectory] ) ] )
+
+AC_ARG_WITH(suexec-docroot,
+[ --with-suexec-docroot=SuExec root directory],[
+ AC_DEFINE_UNQUOTED(AP_DOC_ROOT, $withval, [SuExec root directory] ) ] )
+
+AC_ARG_WITH(suexec-uidmin,
+[ --with-suexec-uidmin=Minimal allowed UID],[
+ AC_DEFINE_UNQUOTED(AP_UID_MIN, $withval, [Minimal allowed UID] ) ] )
+
+AC_ARG_WITH(suexec-gidmin,
+[ --with-suexec-gidmin=Minimal allowed GID],[
+ AC_DEFINE_UNQUOTED(AP_GID_MIN, $withval, [Minimal allowed GID] ) ] )
+
+AC_ARG_WITH(suexec-logfile,
+[ --with-suexec-logfile=Set the logfile],[
+ AC_DEFINE_UNQUOTED(AP_LOG_EXEC, $withval, [SuExec log file] ) ] )
+
+AC_ARG_WITH(suexec-safepath,
+[ --with-suexec-safepath=Set the safepath],[
+ AC_DEFINE_UNQUOTED(AP_SAFE_PATH, $withval, [safe shell path for SuExec] ) ] )
+
dnl ### util_xml is always included, so we always need Expat (for now)
apache_need_expat=yes
1.7 +20 -19 httpd-2.0/support/suexec.c
Index: suexec.c
===================================================================
RCS file: /home/cvs/httpd-2.0/support/suexec.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- suexec.c 2000/10/23 15:30:55 1.6
+++ suexec.c 2000/12/23 03:15:16 1.7
@@ -68,6 +68,7 @@
*
*/
+#include "ap_config_auto.h"
#include "ap_config.h"
#include <sys/param.h>
#include <sys/stat.h>
@@ -163,12 +164,12 @@
static void err_output(const char *fmt, va_list ap)
{
-#ifdef LOG_EXEC
+#ifdef AP_LOG_EXEC
time_t timevar;
struct tm *lt;
if (!log) {
- if ((log = fopen(LOG_EXEC, "a")) == NULL) {
+ if ((log = fopen(AP_LOG_EXEC, "a")) == NULL) {
fprintf(stderr, "failed to open log file\n");
perror("fopen");
exit(1);
@@ -185,19 +186,19 @@
vfprintf(log, fmt, ap);
fflush(log);
-#endif /* LOG_EXEC */
+#endif /* AP_LOG_EXEC */
return;
}
static void log_err(const char *fmt,...)
{
-#ifdef LOG_EXEC
+#ifdef AP_LOG_EXEC
va_list ap;
va_start(ap, fmt);
err_output(fmt, ap);
va_end(ap);
-#endif /* LOG_EXEC */
+#endif /* AP_LOG_EXEC */
return;
}
@@ -215,7 +216,7 @@
exit(120);
}
- sprintf(pathbuf, "PATH=%s", SAFE_PATH);
+ sprintf(pathbuf, "PATH=%s", AP_SAFE_PATH);
cleanenv[cidx] = strdup(pathbuf);
cidx++;
@@ -291,13 +292,13 @@
*/
#ifdef _OSD_POSIX
/* User name comparisons are case insensitive on BS2000/OSD */
- if (strcasecmp(HTTPD_USER, pw->pw_name)) {
- log_err("user mismatch (%s instead of %s)\n", pw->pw_name, HTTPD_USER);
+ if (strcasecmp(AP_HTTPD_USER, pw->pw_name)) {
+ log_err("user mismatch (%s instead of %s)\n", pw->pw_name, AP_HTTPD_USER);
exit(103);
}
#else /*_OSD_POSIX*/
- if (strcmp(HTTPD_USER, pw->pw_name)) {
- log_err("user mismatch (%s instead of %s)\n", pw->pw_name, HTTPD_USER);
+ if (strcmp(AP_HTTPD_USER, pw->pw_name)) {
+ log_err("user mismatch (%s instead of %s)\n", pw->pw_name, AP_HTTPD_USER);
exit(103);
}
#endif /*_OSD_POSIX*/
@@ -401,18 +402,18 @@
/*
* Error out if attempt is made to execute as root or as
- * a UID less than UID_MIN. Tsk tsk.
+ * a UID less than AP_UID_MIN. Tsk tsk.
*/
- if ((uid == 0) || (uid < UID_MIN)) {
+ if ((uid == 0) || (uid < AP_UID_MIN)) {
log_err("cannot run as forbidden uid (%d/%s)\n", uid, cmd);
exit(107);
}
/*
* Error out if attempt is made to execute as root group
- * or as a GID less than GID_MIN. Tsk tsk.
+ * or as a GID less than AP_GID_MIN. Tsk tsk.
*/
- if ((gid == 0) || (gid < GID_MIN)) {
+ if ((gid == 0) || (gid < AP_GID_MIN)) {
log_err("cannot run as forbidden gid (%d/%s)\n", gid, cmd);
exit(108);
}
@@ -451,7 +452,7 @@
if (userdir) {
if (((chdir(target_homedir)) != 0) ||
- ((chdir(USERDIR_SUFFIX)) != 0) ||
+ ((chdir(AP_USERDIR_SUFFIX)) != 0) ||
((getcwd(dwd, AP_MAXPATH)) == NULL) ||
((chdir(cwd)) != 0)) {
log_err("cannot get docroot information (%s)\n", target_homedir);
@@ -459,10 +460,10 @@
}
}
else {
- if (((chdir(DOC_ROOT)) != 0) ||
+ if (((chdir(AP_DOC_ROOT)) != 0) ||
((getcwd(dwd, AP_MAXPATH)) == NULL) ||
((chdir(cwd)) != 0)) {
- log_err("cannot get docroot information (%s)\n", DOC_ROOT);
+ log_err("cannot get docroot information (%s)\n", AP_DOC_ROOT);
exit(113);
}
}
@@ -543,10 +544,10 @@
* Be sure to close the log file so the CGI can't
* mess with it. If the exec fails, it will be reopened
* automatically when log_err is called. Note that the log
- * might not actually be open if LOG_EXEC isn't defined.
+ * might not actually be open if AP_LOG_EXEC isn't defined.
* However, the "log" cell isn't ifdef'd so let's be defensive
* and assume someone might have done something with it
- * outside an ifdef'd LOG_EXEC block.
+ * outside an ifdef'd AP_LOG_EXEC block.
*/
if (log != NULL) {
fclose(log);
1.4 +14 -14 httpd-2.0/support/suexec.h
Index: suexec.h
===================================================================
RCS file: /home/cvs/httpd-2.0/support/suexec.h,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- suexec.h 2000/03/31 09:42:55 1.3
+++ suexec.h 2000/12/23 03:15:16 1.4
@@ -66,24 +66,24 @@
* runs. This is the only user allowed to execute
* this program.
*/
-#ifndef HTTPD_USER
-#define HTTPD_USER "www"
+#ifndef AP_HTTPD_USER
+#define AP_HTTPD_USER "www"
#endif
/*
* UID_MIN -- Define this as the lowest UID allowed to be a target user
* for suEXEC. For most systems, 500 or 100 is common.
*/
-#ifndef UID_MIN
-#define UID_MIN 100
+#ifndef AP_UID_MIN
+#define AP_UID_MIN 100
#endif
/*
* GID_MIN -- Define this as the lowest GID allowed to be a target group
* for suEXEC. For most systems, 100 is common.
*/
-#ifndef GID_MIN
-#define GID_MIN 100
+#ifndef AP_GID_MIN
+#define AP_GID_MIN 100
#endif
/*
@@ -107,8 +107,8 @@
* See the suEXEC documentation for more detailed
* information.
*/
-#ifndef USERDIR_SUFFIX
-#define USERDIR_SUFFIX "public_html"
+#ifndef AP_USERDIR_SUFFIX
+#define AP_USERDIR_SUFFIX "public_html"
#endif
/*
@@ -116,8 +116,8 @@
* transactions and errors logged for auditing and
* debugging purposes.
*/
-#ifndef LOG_EXEC
-#define LOG_EXEC "/usr/local/apache/logs/cgi.log" /* Need me? */
+#ifndef AP_LOG_EXEC
+#define AP_LOG_EXEC "/usr/local/apache/logs/cgi.log" /* Need me? */
#endif
/*
@@ -125,16 +125,16 @@
* will be the only hierarchy (aside from UserDirs)
* that can be used for suEXEC behavior.
*/
-#ifndef DOC_ROOT
-#define DOC_ROOT "/usr/local/apache/htdocs"
+#ifndef AP_DOC_ROOT
+#define AP_DOC_ROOT "/usr/local/apache/htdocs"
#endif
/*
* SAFE_PATH -- Define a safe PATH environment to pass to CGI executables.
*
*/
-#ifndef SAFE_PATH
-#define SAFE_PATH "/usr/local/bin:/usr/bin:/bin"
+#ifndef AP_SAFE_PATH
+#define AP_SAFE_PATH "/usr/local/bin:/usr/bin:/bin"
#endif
#endif /* _SUEXEC_H */