You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2001/10/26 20:30:57 UTC
cvs commit: httpd-2.0/support checkgid.c Makefile.in
coar 01/10/26 11:30:57
Modified: support Makefile.in
Added: support checkgid.c
Log:
Bring forward checkgid helper from 1.3; checks runtime
validity of httpd Group directive-style group identifiers.
Revision Changes Path
1.28 +5 -1 httpd-2.0/support/Makefile.in
Index: Makefile.in
===================================================================
RCS file: /home/cvs/httpd-2.0/support/Makefile.in,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -u -r1.27 -r1.28
--- Makefile.in 2001/10/16 17:51:11 1.27
+++ Makefile.in 2001/10/26 18:30:57 1.28
@@ -1,7 +1,7 @@
DISTCLEAN_TARGETS = apxs apachectl dbmmanage log_server_status \
logresolve.pl phf_abuse_log.cgi split-logfile
-PROGRAMS = htpasswd htdigest rotatelogs logresolve ab
+PROGRAMS = htpasswd htdigest rotatelogs logresolve ab checkgid
TARGETS = $(PROGRAMS)
PROGRAM_LDADD = $(EXTRA_LDFLAGS) $(PROGRAM_DEPENDENCIES) $(EXTRA_LIBS)
@@ -41,6 +41,10 @@
ab_OBJECTS = ab.lo
ab: $(ab_OBJECTS)
$(LINK) $(ab_LTFLAGS) $(ab_OBJECTS) $(PROGRAM_LDADD)
+
+checkgid_OBJECTS = checkgid.lo
+checkgid: $(checkgid_OBJECTS)
+ $(LINK) $(checkgid_LTFLAGS) $(checkgid_OBJECTS) $(PROGRAM_LDADD)
suexec_OBJECTS = suexec.lo
suexec: $(suexec_OBJECTS)
1.1 httpd-2.0/support/checkgid.c
Index: checkgid.c
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
/*
* Given one or more group identifers on the command line (e.g.,
* "httpd" or "#-1"), figure out whether they'll be valid for
* the server to use at run-time.
*
* If a groupname isn't found, or we can't setgid() to it, return
* -1. If all groups are valid, return 0.
*
* This may need to be run as the superuser for the setgid() to
* succeed; running it as any other user may result in a false
* negative.
*/
#include "ap_config.h"
#if APR_HAVE_STDIO_H
#include <stdio.h>
#endif
#if APR_HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#if HAVE_GRP_H
#include <grp.h>
#endif
#if APR_HAVE_UNISTD_H
#include <unistd.h>
#endif
int main(int argc, char *argv[])
{
int i;
int result;
gid_t gid;
struct group *grent;
struct group fake_grent;
/*
* Assume success. :-)
*/
result = 0;
for (i = 1; i < argc; ++i) {
char *arg;
arg = argv[i];
/*
* If it's from a 'Group #-1' statement, get the numeric value
* and skip the group lookup stuff.
*/
if (*arg == '#') {
gid = atoi(&arg[1]);
fake_grent.gr_gid = gid;
grent = &fake_grent;
}
else {
grent = getgrnam(arg);
}
/*
* A NULL return means no such group was found, so we're done
* with this one.
*/
if (grent == NULL) {
fprintf(stderr, "%s: group '%s' not found\n", argv[0], arg);
result = -1;
}
else {
int check;
/*
* See if we can switch to the numeric GID we have. If so,
* all well and good; if not, well..
*/
gid = grent->gr_gid;
check = setgid(gid);
if (check != 0) {
fprintf(stderr, "%s: invalid group '%s'\n", argv[0], arg);
perror(argv[0]);
result = -1;
}
}
}
/*
* Worst-case return value.
*/
return result;
}
/*
* Local Variables:
* mode: C
* c-file-style: "bsd"
* End:
*/