httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject svn commit: r595482 - /httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c
Date Thu, 15 Nov 2007 22:49:44 GMT
Author: wrowe
Date: Thu Nov 15 14:49:43 2007
New Revision: 595482

URL: http://svn.apache.org/viewvc?rev=595482&view=rev
Log:
seteuid isn't valid; we can't use this approach to bind to reserved ports.

The right solution is a domain-socket based solution spitting bound low
numbered ports at the worker upon request.


Modified:
    httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c

Modified: httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c
URL: http://svn.apache.org/viewvc/httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c?rev=595482&r1=595481&r2=595482&view=diff
==============================================================================
--- httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c (original)
+++ httpd/mod_ftp/trunk/modules/ftp/ftp_commands.c Thu Nov 15 14:49:43 2007
@@ -29,10 +29,6 @@
 #if APR_HAVE_LIMITS_H
 #include <limits.h>
 #endif
-#if APR_HAVE_UNISTD_H
-/* Required for geteuid and seteuid */
-#include <unistd.h>
-#endif
 
 /* Wish APR had one of these */
 #ifdef WIN32
@@ -1708,9 +1704,6 @@
     char *arg_tok, *ip_addr;
     apr_int32_t family;
     apr_port_t port;
-#if !defined(WIN32) && !defined(HPUX)
-    uid_t user = 0;
-#endif
     int res;
 
     if (fc->all_epsv) {
@@ -1753,15 +1746,14 @@
         }
     }
     
-#if !defined(WIN32) && !defined(HPUX)
-    user = geteuid();
+#if 0
     if ((fsc->active_min != -1) && (fsc->active_min < 1024)) {
-        if (seteuid(0) != 0) {
-            /* For safety, switch back to user, ignore result */
-            seteuid(user);
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, errno, r,
-                          "Unable to switch to root priviledges.");
-        }
+        /* Here's the case of low numbered port creation; the only way
+         * to accomplish this is either grant the apache user/group the
+         * right to bind to low numbered ports, or to have the parent
+         * running as root spin off socket fd's through a domain socket
+         * to all interested ftp worker processes.
+         */
     }
 #endif
 
@@ -1772,11 +1764,6 @@
 #endif
 
     if (rv != APR_SUCCESS) {
-#if !defined(WIN32) && !defined(HPUX)
-        if ((fsc->active_min != -1) && (fsc->active_min < 1024)) {
-            seteuid(user);
-        }
-#endif
         ap_log_error(APLOG_MARK, APLOG_ERR, rv, c->base_server,
                      "Couldn't create socket");
         return FTP_REPLY_CANNOT_OPEN_DATACONN;
@@ -1809,15 +1796,13 @@
     apr_socket_opt_set(s, APR_SO_REUSEADDR, 1);
     rv = apr_socket_bind(s, sa);
 
-#if !defined(WIN32) && !defined(HPUX)
-    if ((fsc->active_min != -1) && (fsc->active_min < 1024)) {
-        seteuid(user);
-    }
-#endif
-
     if (rv != APR_SUCCESS) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, rv, c->base_server,
-                     "Couldn't bind to socket");
+        if (sa->port < 1024)
+            ap_log_rerror(APLOG_MARK, APLOG_ERR, errno, r,
+                          "Couldn't bind to low numbered port (<1024) socket");
+        else
+            ap_log_error(APLOG_MARK, APLOG_ERR, rv, c->base_server,
+                         "Couldn't bind to socket");
         return FTP_REPLY_CANNOT_OPEN_DATACONN;
     }
 
@@ -1841,9 +1826,6 @@
     apr_status_t rv;
     char *ip_addr;
     short port;
-#if !defined(WIN32) && !defined(HPUX)
-    uid_t user = 0;
-#endif
     int res, val[6];
 
     if (fc->all_epsv) {
@@ -1887,15 +1869,14 @@
         }
     }
     
-#if !defined(WIN32) && !defined(HPUX)
-    user = geteuid();
+#if 0
     if ((fsc->active_min != -1) && (fsc->active_min < 1024)) {
-        if (seteuid(0) != 0) {
-            /* For safety, switch back to user, ignore result */
-            seteuid(user);
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, errno, r,
-                          "Unable to switch to root priviledges.");
-        }
+        /* Here's the case of low numbered port creation; the only way
+         * to accomplish this is either grant the apache user/group the
+         * right to bind to low numbered ports, or to have the parent
+         * running as root spin off socket fd's through a domain socket
+         * to all interested ftp worker processes.
+         */
     }
 #endif
         
@@ -1906,11 +1887,6 @@
 #endif
 
     if (rv != APR_SUCCESS) {
-#if !defined(WIN32) && !defined(HPUX)
-        if ((fsc->active_min != -1) && (fsc->active_min < 1024)) {
-            seteuid(user);
-        }
-#endif
         ap_log_error(APLOG_MARK, APLOG_ERR, rv, c->base_server,
                      "Couldn't create socket");
         return FTP_REPLY_CANNOT_OPEN_DATACONN;
@@ -1938,15 +1914,13 @@
     apr_socket_opt_set(s, APR_SO_REUSEADDR, 1);
     rv = apr_socket_bind(s, sa);
 
-#if !defined(WIN32) && !defined(HPUX)
-    if ((fsc->active_min != -1) && (fsc->active_min < 1024)) {
-        seteuid(user);
-    }
-#endif
-
     if (rv != APR_SUCCESS) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, rv, c->base_server,
-                     "Couldn't bind to socket");
+        if (sa->port < 1024)
+            ap_log_rerror(APLOG_MARK, APLOG_ERR, errno, r,
+                          "Couldn't bind to low numbered port (<1024) socket");
+        else
+            ap_log_error(APLOG_MARK, APLOG_ERR, rv, c->base_server,
+                         "Couldn't bind to socket");
         return FTP_REPLY_CANNOT_OPEN_DATACONN;
     }
 



Mime
View raw message