modules/generators/mod_suexec.c

	mod_suexec.c revision 78cd48acd325773619d78ac0d7263a99a8922fae
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher/* Copyright 2000-2004 The Apache Software Foundation
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher *
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher * Licensed under the Apache License, Version 2.0 (the "License");
294e9a5521d327c5cdc49beeb9cb9e703b3134f1Jan Zeleny * you may not use this file except in compliance with the License.
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher * You may obtain a copy of the License at
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher *
f6cd1236c27817b97db002094b76648d92b55f82Jan Zeleny *     http://www.apache.org/licenses/LICENSE-2.0
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher *
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher * Unless required by applicable law or agreed to in writing, software
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher * distributed under the License is distributed on an "AS IS" BASIS,
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher * See the License for the specific language governing permissions and
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher * limitations under the License.
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher */
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher#define CORE_PRIVATE
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher#include "httpd.h"
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher#include "http_config.h"
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher#include "http_core.h"
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher#include "http_log.h"
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher#include "http_request.h"
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher#include "apr_strings.h"
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher#include "unixd.h"
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher#include "mpm_common.h"
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher#include "mod_suexec.h"
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher
07b7b76d7cd494cbd26263503ba2732c21819941Jan Zelenymodule AP_MODULE_DECLARE_DATA suexec_module;
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher/*
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher * Create a configuration specific to this module for a server or directory
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher * location, and fill it with the default settings.
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher */
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagherstatic void *mkconfig(apr_pool_t *p)
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher{
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    suexec_config_t *cfg = apr_palloc(p, sizeof(suexec_config_t));
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    cfg->active = 0;
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    return cfg;
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher}
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher/*
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher * Respond to a callback to create configuration record for a server or
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher * vhost environment.
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher */
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagherstatic void *create_mconfig_for_server(apr_pool_t *p, server_rec *s)
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher{
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    return mkconfig(p);
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher}
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher/*
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher * Respond to a callback to create a config record for a specific directory.
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher */
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagherstatic void *create_mconfig_for_directory(apr_pool_t *p, char *dir)
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher{
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    return mkconfig(p);
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher}
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagherstatic const char *set_suexec_ugid(cmd_parms *cmd, void *mconfig,
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher                                   const char *uid, const char *gid)
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher{
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    suexec_config_t *cfg = (suexec_config_t *) mconfig;
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    if (err != NULL) {
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher        return err;
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    }
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    if (unixd_config.suexec_enabled) {
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher        cfg->ugid.uid = ap_uname2id(uid);
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher        cfg->ugid.gid = ap_gname2id(gid);
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher        cfg->ugid.userdir = 0;
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher        cfg->active = 1;
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    }
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    else {
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher        fprintf(stderr,
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher                "Warning: SuexecUserGroup directive requires SUEXEC wrapper.\n");
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    }
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    return NULL;
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher}
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagherstatic ap_unix_identity_t *get_suexec_id_doer(const request_rec *r)
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher{
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    suexec_config_t *cfg =
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    (suexec_config_t *) ap_get_module_config(r->per_dir_config, &suexec_module);
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    return cfg->active ? &cfg->ugid : NULL;
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher}
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher#define SUEXEC_POST_CONFIG_USERDATA "suexec_post_config_userdata"
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagherstatic int suexec_post_config(apr_pool_t *p, apr_pool_t *plog,
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher                              apr_pool_t *ptemp, server_rec *s)
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher{
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    void *reported;
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    apr_pool_userdata_get(&reported, SUEXEC_POST_CONFIG_USERDATA,
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher                          s->process->pool);
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    if ((reported == NULL) && unixd_config.suexec_enabled) {
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher        ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher                     "suEXEC mechanism enabled (wrapper: %s)", SUEXEC_BIN);
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher        apr_pool_userdata_set((void *)1, SUEXEC_POST_CONFIG_USERDATA,
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher                              apr_pool_cleanup_null, s->process->pool);
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    }
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    return OK;
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher}
fae99bfe4bfc8b4a12e9c2a0ad01b3684c22f934Simo Sorce#undef SUEXEC_POST_CONFIG_USERDATA
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher/*
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher * Define the directives specific to this module.  This structure is referenced
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher * later by the 'module' structure.
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher */
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagherstatic const command_rec suexec_cmds[] =
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher{
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    /* XXX - Another important reason not to allow this in .htaccess is that
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher     * the ap_[ug]name2id() is not thread-safe */
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    AP_INIT_TAKE2("SuexecUserGroup", set_suexec_ugid, NULL, RSRC_CONF,
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher      "User and group for spawned processes"),
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    { NULL }
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher};
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagherstatic void suexec_hooks(apr_pool_t *p)
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher{
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    ap_hook_get_suexec_identity(get_suexec_id_doer,NULL,NULL,APR_HOOK_MIDDLE);
03532fb1cbb7e8c1d5cf2e93aa3719f926631cabStephen Gallagher    ap_hook_post_config(suexec_post_config,NULL,NULL,APR_HOOK_MIDDLE);
07b7b76d7cd494cbd26263503ba2732c21819941Jan Zeleny}

module AP_MODULE_DECLARE_DATA suexec_module =
{
    STANDARD20_MODULE_STUFF,
    create_mconfig_for_directory,   /* create per-dir config */
    NULL,                       /* merge per-dir config */
    create_mconfig_for_server,  /* server config */
    NULL,                       /* merge server config */
    suexec_cmds,                /* command table */
    suexec_hooks        /* register hooks */
};