Return-Path: Delivered-To: apmail-apache-cvs-archive@apache.org Received: (qmail 21970 invoked by uid 500); 28 Sep 2000 13:32:47 -0000 Mailing-List: contact apache-cvs-help@apache.org; run by ezmlm Precedence: bulk Reply-To: new-httpd@apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list apache-cvs@apache.org Received: (qmail 21948 invoked by uid 500); 28 Sep 2000 13:32:45 -0000 Delivered-To: apmail-apache-1.3-cvs@apache.org Date: 28 Sep 2000 13:32:44 -0000 Message-ID: <20000928133244.21943.qmail@locus.apache.org> From: wrowe@locus.apache.org To: apache-1.3-cvs@apache.org Subject: cvs commit: apache-1.3/src/os/mpeix Makefile.tmpl dlopen.c os-inline.c wrowe 00/09/28 06:32:44 Modified: . configure src CHANGES Configure src/include ap_config.h src/main http_main.c src/modules/proxy proxy_cache.c proxy_util.c src/os/mpeix Makefile.tmpl dlopen.c os-inline.c Log: Updating the MPE DSO code to be compatible with an OS patch fixing an earlier DSO problem. Refining how MPE deals with UID/GID management and dealing with some MPE limitations in this area. First-time support for mod_proxy. #include tweakage required for using apxs to build modules without access to the full source tree. Other minor tweaks. PR: 6587 Obtained from: <87FB8F5CE210D311B60500A0C9F4871C073DA372@xcup01.cup.hp.com> Submitted by: [Mark Bixby ] Reviewed by: William Rowe Revision Changes Path 1.126 +3 -3 apache-1.3/configure Index: configure =================================================================== RCS file: /home/cvs/apache-1.3/configure,v retrieving revision 1.125 retrieving revision 1.126 diff -u -r1.125 -r1.126 --- configure 2000/09/25 23:45:54 1.125 +++ configure 2000/09/28 13:32:28 1.126 @@ -351,9 +351,9 @@ iflags_core="${iflags_core} -e .exe" ;; *MPE/iX* ) - default_layout="Apache" - iflags_program="-m 755" - ;; + default_layout="Apache" + iflags_program="-m 755" + ;; *) default_layout="Apache" ;; 1.1582 +12 -0 apache-1.3/src/CHANGES Index: CHANGES =================================================================== RCS file: /home/cvs/apache-1.3/src/CHANGES,v retrieving revision 1.1581 retrieving revision 1.1582 diff -u -r1.1581 -r1.1582 --- CHANGES 2000/09/28 09:25:56 1.1581 +++ CHANGES 2000/09/28 13:32:31 1.1582 @@ -1,5 +1,17 @@ Changes with Apache 1.3.13 + *) Initial support added for mod_proxy under MPE/iX. + [Mark Bixby ] + + *) Refined UID/GID management and permissions on MPE/iX to deal + with some limitations. [Mark Bixby ] + + *) Updated the MPE DSO code to be compatible with an OS patch that + fixed an earlier DSO problem, #include tweakage required for + using apxs to build modules without access to the full source + tree, and other minor MPE tweaks. + [Mark Bixby ] + *) Tighten up the syntax checking of Host: headers to fix a security bug in some mass virtual hosting configurations that can allow a remote attacker to retrieve some files 1.403 +0 -1 apache-1.3/src/Configure Index: Configure =================================================================== RCS file: /home/cvs/apache-1.3/src/Configure,v retrieving revision 1.402 retrieving revision 1.403 diff -u -r1.402 -r1.403 --- Configure 2000/09/13 20:49:42 1.402 +++ Configure 2000/09/28 13:32:32 1.403 @@ -1032,7 +1032,6 @@ LD_SHLIB=ld LDFLAGS_SHLIB='-b -a archive' LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB - LIBS_SHLIB='$(OSDIR)/mpe_dl_stub.o' ;; *-linux1) CFLAGS_SHLIB="-fpic" 1.293 +12 -3 apache-1.3/src/include/ap_config.h Index: ap_config.h =================================================================== RCS file: /home/cvs/apache-1.3/src/include/ap_config.h,v retrieving revision 1.292 retrieving revision 1.293 diff -u -r1.292 -r1.293 --- ap_config.h 2000/07/15 15:55:34 1.292 +++ ap_config.h 2000/09/28 13:32:35 1.293 @@ -135,8 +135,16 @@ #define NO_WRITEV #define HAVE_SHMGET 1 #define USE_SHMGET_SCOREBOARD -#define SHM_R 0400 /* Read permission */ -#define SHM_W 0200 /* Write permission */ +/* + UID/GID isn't a native concept for MPE, and it's definitely not a 100% + Unix implementation. There isn't a traditional superuser concept either, + so we're forced to liberalize SHM security a bit so the parent & children + can communicate when they're running with different UIDs within the same + GID (the GID will *always* be the same on MPE). Thus the weird SHM_R and + SHM_W below. +*/ +#define SHM_R 0440 /* Read permission */ +#define SHM_W 0220 /* Write permission */ #define NEED_INITGROUPS #define NEED_STRCASECMP #define NEED_STRDUP @@ -149,6 +157,7 @@ #define S_IREAD S_IRUSR #define S_IWRITE S_IWUSR #define PF_INET AF_INET +#define USE_FCNTL_SERIALIZED_ACCEPT #elif defined(SUNOS4) #define HAVE_GMTOFF 1 @@ -1133,7 +1142,7 @@ #undef NSIG #endif #include -#if !defined(QNX) && !defined(CONVEXOS11) && !defined(NEXT) && !defined(TPF) && !defined(NETWARE) +#if !defined(QNX) && !defined(CONVEXOS11) && !defined(NEXT) && !defined(TPF) && !defined(NETWARE) && !defined(MPE) #include #endif 1.510 +31 -18 apache-1.3/src/main/http_main.c Index: http_main.c =================================================================== RCS file: /home/cvs/apache-1.3/src/main/http_main.c,v retrieving revision 1.509 retrieving revision 1.510 diff -u -r1.509 -r1.510 --- http_main.c 2000/08/19 01:52:52 1.509 +++ http_main.c 2000/09/28 13:32:36 1.510 @@ -3137,12 +3137,21 @@ * Set the GID before initgroups(), since on some platforms * setgid() is known to zap the group list. */ +#ifdef MPE + GETPRIVMODE(); +#endif if (setgid(ap_group_id) == -1) { +#ifdef MPE + GETUSERMODE(); +#endif ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf, "setgid: unable to set group id to Group %u", (unsigned)ap_group_id); clean_child_exit(APEXIT_CHILDFATAL); } +#ifdef MPE + GETUSERMODE(); +#endif /* Reset `groups' attributes. */ @@ -3843,17 +3852,15 @@ set_group_privs(); #ifdef MPE - /* Only try to switch if we're running as MANAGER.SYS */ - if (geteuid() == 1 && ap_user_id > 1) { - GETPRIVMODE(); - if (setuid(ap_user_id) == -1) { - GETUSERMODE(); - ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf, - "setuid: unable to change to uid: %d", ap_user_id); - exit(1); - } + /* No such thing as root on MPE, so try to switch unconditionally */ + GETPRIVMODE(); + if (setuid(ap_user_id) == -1) { GETUSERMODE(); + ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf, + "setuid: unable to change to uid: %d", ap_user_id); + exit(1); } + GETUSERMODE(); #else /* Only try to switch if we're running as root */ if (!geteuid() && ( @@ -5040,17 +5047,15 @@ set_group_privs(); #ifdef MPE - /* Only try to switch if we're running as MANAGER.SYS */ - if (geteuid() == 1 && ap_user_id > 1) { - GETPRIVMODE(); - if (setuid(ap_user_id) == -1) { - GETUSERMODE(); - ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf, - "setuid: unable to change to uid: %d", ap_user_id); - exit(1); - } + /* No such thing as root on MPE, so try to switch unconditionally */ + GETPRIVMODE(); + if (setuid(ap_user_id) == -1) { GETUSERMODE(); + ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf, + "setuid: unable to change to uid: %d", ap_user_id); + exit(1); } + GETUSERMODE(); #else /* Only try to switch if we're running as root */ if (!geteuid() && setuid(ap_user_id) == -1) { @@ -7132,6 +7137,14 @@ } } +#ifdef MPE + /* + * MPE doesn't currently initialize the envp parameter. Instead, we must + * use the global variable environ. + */ + envp = environ; +#endif + /* * create path to SHARED_CORE_EXECUTABLE_PROGRAM */ 1.71 +1 -1 apache-1.3/src/modules/proxy/proxy_cache.c Index: proxy_cache.c =================================================================== RCS file: /home/cvs/apache-1.3/src/modules/proxy/proxy_cache.c,v retrieving revision 1.70 retrieving revision 1.71 diff -u -r1.70 -r1.71 --- proxy_cache.c 2000/06/22 23:49:50 1.70 +++ proxy_cache.c 2000/09/28 13:32:39 1.71 @@ -1206,7 +1206,7 @@ *p = '/'; ++p; } -#if defined(OS2) || defined(WIN32) || defined(NETWARE) +#if defined(OS2) || defined(WIN32) || defined(NETWARE) || defined(MPE) /* Under OS/2 use rename. */ if (rename(c->tempfile, c->filename) == -1) ap_log_error(APLOG_MARK, APLOG_ERR, s, 1.91 +1 -1 apache-1.3/src/modules/proxy/proxy_util.c Index: proxy_util.c =================================================================== RCS file: /home/cvs/apache-1.3/src/modules/proxy/proxy_util.c,v retrieving revision 1.90 retrieving revision 1.91 diff -u -r1.90 -r1.91 --- proxy_util.c 2000/06/02 18:01:59 1.90 +++ proxy_util.c 2000/09/28 13:32:39 1.91 @@ -740,7 +740,7 @@ char tmp[22]; int i, k, d; unsigned int x; -#if defined(AIX) && defined(__ps2__) +#if defined(MPE) || (defined(AIX) && defined(__ps2__)) /* Believe it or not, AIX 1.x does not allow you to name a file '@', * so hack around it in the encoding. */ static const char enc_table[64] = 1.2 +2 -3 apache-1.3/src/os/mpeix/Makefile.tmpl Index: Makefile.tmpl =================================================================== RCS file: /home/cvs/apache-1.3/src/os/mpeix/Makefile.tmpl,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- Makefile.tmpl 1999/12/10 11:03:57 1.1 +++ Makefile.tmpl 2000/09/28 13:32:41 1.2 @@ -4,11 +4,11 @@ LDFLAGS=$(LDFLAGS1) $(EXTRA_LDFLAGS) LIBOBJS= os.o os-inline.o dlopen.o gettimeofday.o -OBJS= $(LIBOBJS) mpe_dl_stub.o +OBJS= $(LIBOBJS) LIB= libos.a -all: $(LIB) mpe_dl_stub.o +all: $(LIB) $(LIB): $(LIBOBJS) rm -f $@ @@ -41,7 +41,6 @@ # DO NOT REMOVE dlopen.o: dlopen.c gettimeofday.o: gettimeofday.c -mpe_dl_stub.o: mpe_dl_stub.c os-inline.o: os-inline.c $(INCDIR)/ap_config.h \ $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \ $(OSDIR)/os.h $(INCDIR)/ap_ctype.h $(INCDIR)/hsregex.h 1.2 +9 -1 apache-1.3/src/os/mpeix/dlopen.c Index: dlopen.c =================================================================== RCS file: /home/cvs/apache-1.3/src/os/mpeix/dlopen.c,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- dlopen.c 1999/12/10 11:03:44 1.1 +++ dlopen.c 2000/09/28 13:32:42 1.2 @@ -79,6 +79,8 @@ } else ap_snprintf(library, sizeof(library), " %s ", libname); +#define MPE_WITHOUT_MPELX44 +#ifdef MPE_WITHOUT_MPELX44 /* Unfortunately if we simply tried to load the module structure data item directly in dlsym(), it would complain about unresolved function pointer @@ -86,6 +88,9 @@ However, if we first load an actual dummy procedure, we can then subsequently load the data item without trouble. Go figure. + +This bug is fixed by patch MPELX44A on MPE/iX 6.0 and patch MPELX44B on +MPE/iX 6.5. */ /* Load the dummy procedure mpe_dl_stub */ @@ -100,7 +105,10 @@ mpe_dl_symtype, &datalen, 1, 0, 0); /* We consider it to be a failure if the dummy procedure doesn't exist */ -if (mpe_dl_status != 0) return NULL; +/* if (mpe_dl_status != 0) return NULL; */ +/* Or not. If we failed to load mpe_dl_stub, press on and try to load the + real data item later in dlsym(). */ +#endif /* MPE_WITHOUT_MPELX44 */ mpe_dl_symtype = 2; 1.2 +31 -1 apache-1.3/src/os/mpeix/os-inline.c Index: os-inline.c =================================================================== RCS file: /home/cvs/apache-1.3/src/os/mpeix/os-inline.c,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- os-inline.c 1999/12/10 11:03:47 1.1 +++ os-inline.c 2000/09/28 13:32:42 1.2 @@ -1 +1,31 @@ -#include "../unix/os-inline.c" +/* + * This file contains functions which can be inlined if the compiler + * has an "inline" modifier. Because of this, this file is both a + * header file and a compilable module. + * + * Only inlineable functions should be defined in here. They must all + * include the INLINE modifier. + * + * If the compiler supports inline, this file will be #included as a + * header file from os.h to create all the inline function + * definitions. INLINE will be defined to whatever is required on + * function definitions to make them inline declarations. + * + * If the compiler does not support inline, this file will be compiled + * as a normal C file into libos.a (along with os.c). In this case + * INLINE will _not_ be set so we can use this to test if we are + * compiling this source file. + */ + +#ifndef INLINE +#define INLINE + +/* Anything required only when compiling */ +#include "ap_config.h" + +#endif + +INLINE int ap_os_is_path_absolute(const char *file) +{ + return file[0] == '/'; +}