httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@hyperreal.org>
Subject patches from "Paul B. Henson" <henson@intranet.csupomona.edu>
Date Wed, 27 Aug 1997 01:09:50 GMT

Oy.  Anyone want to tackle these?  Some look like they have some merit;
Doug, you may want to look at the ones which mention DCE.

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@hyperreal.org     http://www.apache.org     http://www.organic.com/jobs

---------- Forwarded message ----------
Date: Tue, 26 Aug 1997 17:49:40 -0700 (PDT)
From: new-httpd-owner@apache.org
To: new-httpd-owner@apache.org
Subject: BOUNCE new-httpd@apache.org:    Non-member submission from ["Paul B. Henson" <henson@intranet.csupomona.edu>]
  

>From henson@intranet.intranet.csupomona.edu  Tue Aug 26 17:49:37 1997
Received: from intranet.intranet.csupomona.edu (intranet.intranet.csupomona.edu [134.71.184.20])
	by hyperreal.org (8.8.5/8.8.5) with ESMTP id RAA17667
	for <new-httpd@apache.org>; Tue, 26 Aug 1997 17:49:37 -0700 (PDT)
Received: (from henson@localhost) by intranet.intranet.csupomona.edu (8.8.5/8.8.3) id RAA26585;
Tue, 26 Aug 1997 17:49:32 -0700 (PDT)
Date: Tue, 26 Aug 1997 17:49:32 -0700 (PDT)
Message-Id: <199708270049.RAA26585@intranet.intranet.csupomona.edu>
From: "Paul B. Henson" <henson@intranet.csupomona.edu>
To: new-httpd@apache.org
Subject: patches
Reply-to: pbhenson@csupomona.edu


I'd like to request the inclusion of any/all of these patches into the
Apache source tree. I've included part of a README from my mod_auth_dce
package, and a patch file.

Except for the patch to http_request.c, none of these are really specific
to my module, and I don't think there would be any side effects.

I don't really mind applying a few patches myself, but a number of people
who use my module have requested that I try and get these patches
incorporated into Apache rather than including the patch file with my
distribution.

Thanks for your consideration... If anyone would like to take a look at
mod_auth_dce, it's available at:

http://www.intranet.csupomona.edu/~henson/www/projects/mod_auth_dce/


---------------------------------------------------------------------------
Technical Details
-----------------

The following is a list of files modified by the patches and the reasons
the modifications needed to be made.

  mod_cgi.c

       The call to can_exec(), which checks execute permissions by
       comparing the server's UID and GID to owner/group permissions
       on the file, does not work correctly when a CGI might not be
       executable by the server user/group. This call is replaced with
       a call to the access() system routine instead, which will take
       ACLs into account when deciding whether execute permission
       exists.


  mod_userdir.c

       This module was using the r->finfo structure as storage for a 
       local stat. This contaminated the structure, and had unexpected
       side effects on mod_auth_dce. A local stat structure was added.
      

  http_request.c

       In the get_path_info() function in this file, the server tries to
       separate the request into a system path and the extra PATH_INFO
       environment variable. This is accomplished by repeated calls to
       stat(), and the removal of the rightmost component of the
       request on each stat() failure. This function is called before
       any credentials are obtained, and the stat() might fail with a
       permission error if the any_other entry does not have access.
       This makes the PATH_INFO incorrect. The function is modified to
       check for a permission error (EACCES) when stat() fails, and if
       it finds one, to immediately return OK with no further processing.
       mod_auth_dce will call this function again after credentials
       have been obtained, if needed, to correctly separate the PATH_INFO.


  md5.h, md5c.c, mod_proxy.c, util_md5.h, util_md5.c 

       Apache includes MD5 hashing routines. These routines collide
       with identically named functions in the DCE library. All the
       Apache routines are modified to include an apache_ prefix to
       remove this collision.

---------------------------------------------------------------------------

diff -c -r apache_1.2.0-orig/src/http_request.c apache_1.2.0/src/http_request.c
*** apache_1.2.0-orig/src/http_request.c	Wed May 14 12:22:52 1997
--- apache_1.2.0/src/http_request.c	Tue Jun 17 18:37:26 1997
***************
*** 177,182 ****
--- 177,191 ----
  	    *cp = '\0';
  	    return OK;
  	}
+ 	/* Modification for mod_auth_dce -- This check is made before
+ 	 * authentication modules are called. If the error is access
+ 	 * denied, it is possible that once DCE credentials are obtained
+ 	 * that the entry would be accessible. Therefore, return OK now,
+ 	 * and mod_auth_dce will call this function again after credentials
+ 	 * are obtained.
+ 	 */
+ 	else if (errno == EACCES)
+ 	  return OK;
  #if defined(ENOENT) && defined(ENOTDIR)
  	else if (errno == ENOENT || errno == ENOTDIR) {
  #else
diff -c -r apache_1.2.0-orig/src/md5.h apache_1.2.0/src/md5.h
*** apache_1.2.0-orig/src/md5.h	Wed Jan  1 10:10:23 1997
--- apache_1.2.0/src/md5.h	Tue Jun 17 18:22:45 1997
***************
*** 91,99 ****
    UINT4 state[4];                                   /* state (ABCD) */
    UINT4 count[2];        /* number of bits, modulo 2^64 (lsb first) */
    unsigned char buffer[64];                         /* input buffer */
! } MD5_CTX;
  
! extern void MD5Init(MD5_CTX *context);
! extern void MD5Update(MD5_CTX *context, const unsigned char *input,
  		      unsigned int inputLen);
! extern void MD5Final(unsigned char digest[16], MD5_CTX *context);
--- 91,99 ----
    UINT4 state[4];                                   /* state (ABCD) */
    UINT4 count[2];        /* number of bits, modulo 2^64 (lsb first) */
    unsigned char buffer[64];                         /* input buffer */
! } APACHE_MD5_CTX;
  
! extern void apache_MD5Init(APACHE_MD5_CTX *context);
! extern void apache_MD5Update(APACHE_MD5_CTX *context, const unsigned char *input,
  		      unsigned int inputLen);
! extern void apache_MD5Final(unsigned char digest[16], APACHE_MD5_CTX *context);
diff -c -r apache_1.2.0-orig/src/md5c.c apache_1.2.0/src/md5c.c
*** apache_1.2.0-orig/src/md5c.c	Wed Jan  1 10:10:24 1997
--- apache_1.2.0/src/md5c.c	Tue Jun 17 18:22:47 1997
***************
*** 158,164 ****
  /* MD5 initialization. Begins an MD5 operation, writing a new context.
   */
  void
! MD5Init(MD5_CTX *context)
  {
      context->count[0] = context->count[1] = 0;
    /* Load magic initialization constants. */
--- 158,164 ----
  /* MD5 initialization. Begins an MD5 operation, writing a new context.
   */
  void
! apache_MD5Init(APACHE_MD5_CTX *context)
  {
      context->count[0] = context->count[1] = 0;
    /* Load magic initialization constants. */
***************
*** 173,179 ****
    context.
   */
  void
! MD5Update(MD5_CTX *context, const unsigned char *input, unsigned int inputLen)
  {
      unsigned int i, index, partLen;
  
--- 173,179 ----
    context.
   */
  void
! apache_MD5Update(APACHE_MD5_CTX *context, const unsigned char *input, unsigned int inputLen)
  {
      unsigned int i, index, partLen;
  
***************
*** 209,215 ****
    the message digest and zeroizing the context.
   */
  void
! MD5Final(unsigned char digest[16], MD5_CTX *context)
  {
      unsigned char bits[8];
      unsigned int index, padLen;
--- 209,215 ----
    the message digest and zeroizing the context.
   */
  void
! apache_MD5Final(unsigned char digest[16], APACHE_MD5_CTX *context)
  {
      unsigned char bits[8];
      unsigned int index, padLen;
***************
*** 220,229 ****
    /* Pad out to 56 mod 64. */
      index = (unsigned int)((context->count[0] >> 3) & 0x3f);
      padLen = (index < 56) ? (56 - index) : (120 - index);
!     MD5Update(context, PADDING, padLen);
  
    /* Append length (before padding) */
!     MD5Update(context, bits, 8);
  
    /* Store state in digest */
      Encode(digest, context->state, 16);
--- 220,229 ----
    /* Pad out to 56 mod 64. */
      index = (unsigned int)((context->count[0] >> 3) & 0x3f);
      padLen = (index < 56) ? (56 - index) : (120 - index);
!     apache_MD5Update(context, PADDING, padLen);
  
    /* Append length (before padding) */
!     apache_MD5Update(context, bits, 8);
  
    /* Store state in digest */
      Encode(digest, context->state, 16);
diff -c -r apache_1.2.0-orig/src/mod_cgi.c apache_1.2.0/src/mod_cgi.c
*** apache_1.2.0-orig/src/mod_cgi.c	Mon Apr 21 13:29:09 1997
--- apache_1.2.0/src/mod_cgi.c	Tue Jun 17 18:37:24 1997
***************
*** 393,401 ****
  			       "script not found or unable to stat");
  #endif
      if (!suexec_enabled) {
!         if (!can_exec(&r->finfo))
!             return log_scripterror(r, conf, FORBIDDEN,
!                                    "file permissions deny server execution");
      }
  
      if ((retval = setup_client_block(r, REQUEST_CHUNKED_ERROR)))
--- 393,412 ----
  			       "script not found or unable to stat");
  #endif
      if (!suexec_enabled) {
!       /* Modification for mod_auth_dce -- This used to be a call to can_exec
!        * in util.c; however, that function does a naive bit check to decide
!        * if a script is executable. That fails in an environment with ACLs,
!        * where the server may have permission based on the ACL, but not on
!        * the Unix mode bits. The access() system call takes ACLs into account.
!        */
!       if(access(r->filename, X_OK)) {
! 	if (errno == EACCES)
! 	  return log_scripterror(r, conf, FORBIDDEN,
! 				 "file permissions deny server execution");
! 	else
! 	  return log_scripterror(r, conf, SERVER_ERROR,
! 				 "system error checking execute access");
!       }
      }
  
      if ((retval = setup_client_block(r, REQUEST_CHUNKED_ERROR)))
diff -c -r apache_1.2.0-orig/src/mod_userdir.c apache_1.2.0/src/mod_userdir.c
*** apache_1.2.0-orig/src/mod_userdir.c	Fri Mar  7 06:15:44 1997
--- apache_1.2.0/src/mod_userdir.c	Tue Jun 17 18:37:21 1997
***************
*** 114,120 ****
      char *name = r->uri;
      const char *w, *dname, *redirect;
      char *x = NULL;
! 
      if (userdirs == NULL || !strcasecmp(userdirs, "disabled") ||
          (name[0] != '/') || (name[1] != '~')) {
        return DECLINED;
--- 114,126 ----
      char *name = r->uri;
      const char *w, *dname, *redirect;
      char *x = NULL;
!     /* Modification for mod_auth_dce -- This module previously used the
!      * r->finfo structure for temporary storage of a local stat. This
!      * contaminated that structure and had unexpected side effects. Adding
!      * a local stat structure will fix the problem.
!      */
!     struct stat statbuf;
!     
      if (userdirs == NULL || !strcasecmp(userdirs, "disabled") ||
          (name[0] != '/') || (name[1] != '~')) {
        return DECLINED;
***************
*** 182,188 ****
         in the hope that some handler might handle it. This can be used, for
         example, to run a CGI script for the user. 
         */
!       if (filename && (!*userdirs || stat(filename, &r->finfo) != -1)) {
  	r->filename = pstrcat(r->pool, filename, dname, NULL);
  	return OK;
        }
--- 188,194 ----
         in the hope that some handler might handle it. This can be used, for
         example, to run a CGI script for the user. 
         */
!       if (filename && (!*userdirs || stat(filename, &statbuf) != -1)) {
  	r->filename = pstrcat(r->pool, filename, dname, NULL);
  	return OK;
        }
diff -c -r apache_1.2.0-orig/src/util_md5.c apache_1.2.0/src/util_md5.c
*** apache_1.2.0-orig/src/util_md5.c	Wed Jan  1 10:10:46 1997
--- apache_1.2.0/src/util_md5.c	Tue Jun 17 18:22:51 1997
***************
*** 84,90 ****
  
  char *md5 (pool *p, unsigned char *string)
  {
!     MD5_CTX my_md5;
      unsigned char hash[16];
      char *r, result[33];
      int i;
--- 84,90 ----
  
  char *md5 (pool *p, unsigned char *string)
  {
!     APACHE_MD5_CTX my_md5;
      unsigned char hash[16];
      char *r, result[33];
      int i;
***************
*** 93,101 ****
       * Take the MD5 hash of the string argument.
       */
  
!     MD5Init(&my_md5);
!     MD5Update(&my_md5, string, strlen((const char *)string));
!     MD5Final(hash, &my_md5);
  
      for (i=0, r=result; i<16; i++, r+=2)
          sprintf(r, "%02x", hash[i]);
--- 93,101 ----
       * Take the MD5 hash of the string argument.
       */
  
!     apache_MD5Init(&my_md5);
!     apache_MD5Update(&my_md5, string, strlen((const char *)string));
!     apache_MD5Final(hash, &my_md5);
  
      for (i=0, r=result; i<16; i++, r+=2)
          sprintf(r, "%02x", hash[i]);
***************
*** 149,155 ****
  static char basis_64[] =
     "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
  
! char *md5contextTo64(pool *a, MD5_CTX *context)
  {
      unsigned char digest[18];
      char *encodedDigest;
--- 149,155 ----
  static char basis_64[] =
     "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
  
! char *md5contextTo64(pool *a, APACHE_MD5_CTX *context)
  {
      unsigned char digest[18];
      char *encodedDigest;
***************
*** 158,164 ****
  
      encodedDigest = (char *)pcalloc(a, 25 * sizeof(char));
  
!     MD5Final(digest, context);
      digest[sizeof(digest)-1] = digest[sizeof(digest)-2] = 0;
  
      p = encodedDigest;
--- 158,164 ----
  
      encodedDigest = (char *)pcalloc(a, 25 * sizeof(char));
  
!     apache_MD5Final(digest, context);
      digest[sizeof(digest)-1] = digest[sizeof(digest)-2] = 0;
  
      p = encodedDigest;
***************
*** 176,190 ****
  
  char *md5digest(pool *p, FILE *infile)
  {
!     MD5_CTX context;
      unsigned char buf[1000];
      long length = 0;
      int nbytes;
  
!     MD5Init(&context);
      while ((nbytes = fread(buf, 1, sizeof(buf), infile))) {
          length += nbytes;
!         MD5Update(&context, buf, nbytes);
      }
      rewind(infile);
      return md5contextTo64(p, &context);
--- 176,190 ----
  
  char *md5digest(pool *p, FILE *infile)
  {
!     APACHE_MD5_CTX context;
      unsigned char buf[1000];
      long length = 0;
      int nbytes;
  
!     apache_MD5Init(&context);
      while ((nbytes = fread(buf, 1, sizeof(buf), infile))) {
          length += nbytes;
!         apache_MD5Update(&context, buf, nbytes);
      }
      rewind(infile);
      return md5contextTo64(p, &context);
diff -c -r apache_1.2.0-orig/src/util_md5.h apache_1.2.0/src/util_md5.h
*** apache_1.2.0-orig/src/util_md5.h	Wed Jan  1 10:10:46 1997
--- apache_1.2.0/src/util_md5.h	Tue Jun 17 18:22:46 1997
***************
*** 53,58 ****
  #include "md5.h"
  
  char *md5(pool *a, unsigned char *string);
! char *md5contextTo64(pool *p, MD5_CTX *context);
  char *md5digest(pool *p, FILE *infile);
  
--- 53,58 ----
  #include "md5.h"
  
  char *md5(pool *a, unsigned char *string);
! char *md5contextTo64(pool *p, APACHE_MD5_CTX *context);
  char *md5digest(pool *p, FILE *infile);


-- 
Paul Henson  |  System Administrator  |  Cal Poly Pomona  |  (909) 869-3781
pbhenson@csupomona.edu | finger -l henson@www.csupomona.edu for PGP key


Mime
View raw message