httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodent of Unusual Size <Ken.C...@Golux.Com>
Subject Re: [PATCH] "responsible party" for requests.
Date Wed, 05 May 1999 16:07:16 GMT
I've played with this patch, and it looks rather interesting.
I've made some tweaks for style and consistency; the updated
patch (against to-day's HEAD) is attached.

I haven't tested this with CGI or suexec; I don't use suexec
at all.  Maybe someone else could run it through some suexec
paces?

+1 for 1.3.7.
-- 
#ken    P-)}

Ken Coar                    <http://Web.Golux.Com/coar/>
Apache Software Foundation  <http://www.apache.org/>
"Apache Server for Dummies" <http://Web.Golux.Com/coar/ASFD/>

Index: include/http_core.h
===================================================================
RCS file: /home/cvs/apache-1.3/src/include/http_core.h,v
retrieving revision 1.56
diff -u -r1.56 http_core.h
--- http_core.h	1999/04/28 08:35:08	1.56
+++ http_core.h	1999/05/05 16:00:36
@@ -162,6 +162,11 @@
 API_EXPORT(file_type_e) ap_get_win32_interpreter(const request_rec *, char*, char **);
 #endif
 
+typedef enum { URI_OWNED_UNSET, URI_OWNED_SERVER, URI_OWNED_UID } uri_owner_e;
+
+API_EXPORT(int) ap_get_uri_owner(const request_rec *r, uid_t *u, gid_t *g);
+API_EXPORT(uri_owner_e) ap_get_uri_owner_type(const request_rec *r);
+
 #ifdef CORE_PRIVATE
 
 /*
@@ -263,6 +268,9 @@
     /* Where to find interpreter to run scripts */
     interpreter_source_e script_interpreter_source;
 #endif    
+
+    /* Is the resource owned by the UID of the server or the file owner? */
+    uri_owner_e uri_owner;
     
 } core_dir_config;
 
Index: main/http_core.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/main/http_core.c,v
retrieving revision 1.260
diff -u -r1.260 http_core.c
--- http_core.c	1999/04/28 08:35:31	1.260
+++ http_core.c	1999/05/05 16:00:36
@@ -150,6 +150,7 @@
 #endif
 
     conf->server_signature = srv_sig_unset;
+    conf->uri_owner = URI_OWNED_UNSET;
 
     return (void *)conf;
 }
@@ -278,6 +279,9 @@
 	conf->server_signature = new->server_signature;
     }
 
+    conf->uri_owner = (new->uri_owner != URI_OWNED_UNSET)
+	? new->uri_owner : base->uri_owner;
+
     return (void*)conf;
 }
 
@@ -904,6 +908,48 @@
 }
 #endif
 
+API_EXPORT(int) ap_get_uri_owner(const request_rec *r, uid_t *uid, gid_t *gid)
+{
+    uri_owner_e uri_owner;
+
+    uri_owner = ap_get_uri_owner_type(r);
+
+    if (uri_owner == URI_OWNED_UID) {
+        *uid = r->finfo.st_uid;
+        *gid = r->finfo.st_gid;
+    }
+    else if (uri_owner == URI_OWNED_UNSET && !strncmp(r->uri, "/~", 2)) {
+        struct passwd *pw;
+        char *username, *slash;
+
+        username = ap_pstrdup(r->pool, r->uri+2);
+        if ((slash = strchr(username, '/')) != NULL) {
+            *slash = '\0';
+        }
+        pw = getpwnam(username);
+        if (!pw) {
+            return -1;
+        }
+
+        *uid = pw->pw_uid;
+        *gid = pw->pw_gid;
+    }
+    else {
+        *uid = r->server->server_uid;
+        *gid = r->server->server_gid;
+    }
+    return 0;
+}
+
+API_EXPORT(uri_owner_e) ap_get_uri_owner_type(const request_rec *r)
+{
+    core_dir_config *d;
+
+    d = (core_dir_config *)ap_get_module_config(r->per_dir_config,
+                                                &core_module);
+    return d->uri_owner;
+}
+
 /*****************************************************************
  *
  * Commands... this module handles almost all of the NCSA httpd.conf
@@ -2653,6 +2699,21 @@
 }
 #endif
 
+static const char *set_uri_owner(cmd_parms *cmd, core_dir_config *d,
+				 char *arg)
+{
+    if (!strcasecmp(arg, "server")) {
+        d->uri_owner = URI_OWNED_SERVER;
+    }
+    else if (!strcasecmp(arg, "file")) {
+        d->uri_owner = URI_OWNED_UID;
+    }
+    else {
+        return "Argument to URIowner must be either \"server\" or \"file\"";
+    }
+    return NULL;
+}
+
 /* Note --- ErrorDocument will now work from .htaccess files.  
  * The AllowOverride of Fileinfo allows webmasters to turn it off
  */
@@ -2878,6 +2939,8 @@
   (void*)XtOffsetOf(core_dir_config, limit_req_body),
   OR_ALL, TAKE1,
   "Limit (in bytes) on maximum size of request message body" },
+{ "URIOwner", set_uri_owner, NULL, RSRC_CONF|ACCESS_CONF, TAKE1,
+  "Owner of the URL (either 'server' or 'file')" },
 { NULL }
 };
 
Index: main/util_script.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/main/util_script.c,v
retrieving revision 1.140
diff -u -r1.140 util_script.c
--- util_script.c	1999/04/08 11:36:33	1.140
+++ util_script.c	1999/05/05 16:00:37
@@ -986,11 +986,29 @@
 	    || (!strncmp("/~", r->uri, 2)))) {
 
 	char *execuser, *grpname;
+	uid_t exec_uid;
+	gid_t exec_gid;
 	struct passwd *pw;
 	struct group *gr;
 
-	if (!strncmp("/~", r->uri, 2)) {
-	    gid_t user_gid;
+	if (ap_get_uri_owner(r, &exec_uid, &exec_gid) < 0) {
+	    ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
+			  "ap_get_uri_owner: failed on %s", r->uri);
+	    return (pid);
+	}
+
+	if ((pw = getpwuid(exec_uid)) == NULL) {
+	    ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
+			  "getpwuid: invalid userid %ld",
+			  (long) exec_uid);
+	}
+	if ((gr = getgrgid(exec_gid)) == NULL) {
+	    ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
+			  "getgrgid: invalid groupid %ld",
+			  (long) exec_gid);
+	}
+	if (ap_get_uri_owner_type(r) == URI_OWNED_UNSET
+	    && !strncmp("/~", r->uri, 2)) {
 	    char *username = ap_pstrdup(r->pool, r->uri + 2);
 	    char *pos = strchr(username, '/');
 
@@ -998,20 +1016,19 @@
 		*pos = '\0';
 	    }
 
-	    if ((pw = getpwnam(username)) == NULL) {
+	    if (strcmp(username, pw->pw_name) != 0) {
 		ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-			     "getpwnam: invalid username %s", username);
+			      "getpwnam: invalid username %s", username);
 		return (pid);
 	    }
 	    execuser = ap_pstrcat(r->pool, "~", pw->pw_name, NULL);
-	    user_gid = pw->pw_gid;
 
-	    if ((gr = getgrgid(user_gid)) == NULL) {
+	    if ((gr = getgrgid(exec_gid)) == NULL) {
 	        if ((grpname = ap_palloc(r->pool, 16)) == NULL) {
 		    return (pid);
 		}
 		else {
-		    ap_snprintf(grpname, 16, "%ld", (long) user_gid);
+		    ap_snprintf(grpname, 16, "%ld", (long) exec_gid);
 		}
 	    }
 	    else {
@@ -1019,20 +1036,7 @@
 	    }
 	}
 	else {
-	    if ((pw = getpwuid(r->server->server_uid)) == NULL) {
-		ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-			     "getpwuid: invalid userid %ld",
-			     (long) r->server->server_uid);
-		return (pid);
-	    }
-	    execuser = ap_pstrdup(r->pool, pw->pw_name);
-
-	    if ((gr = getgrgid(r->server->server_gid)) == NULL) {
-		ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-			     "getgrgid: invalid groupid %ld",
-			     (long) r->server->server_gid);
-		return (pid);
-	    }
+	    execuser = pw->pw_name;
 	    grpname = gr->gr_name;
 	}
 
Index: modules/standard/mod_log_config.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_log_config.c,v
retrieving revision 1.76
diff -u -r1.76 mod_log_config.c
--- mod_log_config.c	1999/03/04 19:28:40	1.76
+++ mod_log_config.c	1999/05/05 16:00:43
@@ -124,6 +124,8 @@
  * %...a:  remote IP-address
  * %...{Foobar}i:  The contents of Foobar: header line(s) in the request
  *                 sent to the client.
+ * %...I:  the UID that owns the requested URL
+ * %...G:  the GID that owns the requested URL
  * %...l:  remote logname (from identd, if supplied)
  * %...{Foobar}n:  The contents of note "Foobar" from another module.
  * %...{Foobar}o:  The contents of Foobar: header line(s) in the reply.
@@ -350,6 +352,28 @@
     return ap_table_get(r->headers_in, a);
 }
 
+static const char *log_request_uid(request_rec *r, char *a)
+{
+    uid_t uid;
+    gid_t gid;
+
+    if (ap_get_uri_owner(r, &uid, &gid) < 0) {
+	return "-";
+    }
+    return ap_psprintf(r->pool, "%u", uid);
+}
+
+static const char *log_request_gid(request_rec *r, char *a)
+{
+    uid_t uid;
+    gid_t gid;
+
+    if (ap_get_uri_owner(r, &uid, &gid) < 0) {
+	return "-";
+    }
+    return ap_psprintf(r->pool, "%u", gid);
+}
+
 static const char *log_header_out(request_rec *r, char *a)
 {
     const char *cp = ap_table_get(r->headers_out, a);
@@ -480,6 +504,12 @@
     },
     {
         'o', log_header_out, 0
+    },
+    {
+        'I', log_request_uid, 0
+    },
+    {
+        'G', log_request_gid, 0
     },
     {
         'n', log_note, 0

Mime
View raw message