httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject [contrib] symlinksifgroupmatch
Date Mon, 15 Sep 1997 05:06:50 GMT
On one of my machines a group of folks maintain one of the sites.  So the
files all have group ownership in common, not user ownership.  So
SymLinksIfOwnerMatch is useless ... this patch implements
SymLinksIfGroupMatch.  If both are set then permission is granted if
either the uid or the gid matches.  There's a PR on this somewhere, but
folks weren't interested in it when I brought it up a while back.  So
contrib. 

Dean

Index: src/main/http_core.c
===================================================================
RCS file: /export/home/cvs/apachen/src/main/http_core.c,v
retrieving revision 1.122
diff -u -r1.122 http_core.c
--- http_core.c	1997/09/12 21:49:17	1.122
+++ http_core.c	1997/09/15 05:01:28
@@ -682,6 +682,8 @@
 	    opt = OPT_SYM_LINKS;
 	else if(!strcasecmp(w,"SymLinksIfOwnerMatch"))
 	    opt = OPT_SYM_OWNER;
+	else if(!strcasecmp(w,"SymLinksIfGroupMatch"))
+	    opt = OPT_SYM_GROUP;
 	else if(!strcasecmp(w,"execCGI"))
 	    opt = OPT_EXECCGI;
 	else if (!strcasecmp(w,"MultiViews"))
Index: src/main/http_core.h
===================================================================
RCS file: /export/home/cvs/apachen/src/main/http_core.h,v
retrieving revision 1.28
diff -u -r1.28 http_core.h
--- http_core.h	1997/08/25 02:00:39	1.28
+++ http_core.h	1997/09/15 05:01:29
@@ -71,6 +71,7 @@
 #define OPT_INCNOEXEC 32
 #define OPT_SYM_OWNER 64
 #define OPT_MULTI 128
+#define OPT_SYM_GROUP 256
 #define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_SYM_LINKS|OPT_EXECCGI)
 
 /* options for get_remote_host() */
@@ -125,7 +126,7 @@
 
 /* Per-directory configuration */
 
-typedef unsigned char allow_options_t;
+typedef unsigned short allow_options_t;
 typedef unsigned char overrides_t;
 
 typedef struct {
Index: src/main/http_request.c
===================================================================
RCS file: /export/home/cvs/apachen/src/main/http_request.c,v
retrieving revision 1.85
diff -u -r1.85 http_request.c
--- http_request.c	1997/09/14 12:16:55	1.85
+++ http_request.c	1997/09/15 05:01:29
@@ -152,13 +152,19 @@
 
     /* OK, it's a symlink.  May still be OK with OPT_SYM_OWNER */
 
-    if (!(opts & OPT_SYM_OWNER))
+    if (!(opts & (OPT_SYM_OWNER|OPT_SYM_GROUP)))
         return HTTP_FORBIDDEN;
 
     if (stat(d, &fi) < 0)
         return HTTP_FORBIDDEN;
 
-    return (fi.st_uid == lfi.st_uid) ? OK : HTTP_FORBIDDEN;
+    if ((opts & OPT_SYM_OWNER) && fi.st_uid == lfi.st_uid)
+	return OK;
+
+    if ((opts & OPT_SYM_GROUP) && fi.st_gid == lfi.st_gid)
+	return OK;
+
+    return HTTP_FORBIDDEN;
 
 #endif
 }
Index: src/modules/standard/mod_rewrite.c
===================================================================
RCS file: /export/home/cvs/apachen/src/modules/standard/mod_rewrite.c,v
retrieving revision 1.51
diff -u -r1.51 mod_rewrite.c
--- mod_rewrite.c	1997/09/09 11:06:58	1.51
+++ mod_rewrite.c	1997/09/15 05:01:30
@@ -1142,7 +1142,7 @@
      *  only do something under runtime if the engine is really enabled,
      *  for this directory, else return immediately!
      */
-    if (!(allow_options(r) & (OPT_SYM_LINKS | OPT_SYM_OWNER))) {
+    if (!(allow_options(r) & (OPT_SYM_LINKS | OPT_SYM_OWNER | OPT_SYM_GROUP))) {
         /* FollowSymLinks is mandatory! */
         aplog_error(APLOG_MARK, APLOG_ERR, r->server,
 		    "Options FollowSymLinks or SymLinksIfOwnerMatch is off "



Mime
View raw message