bs2login.c revision 10a4cdd68ef1ca0e54af296fe1d08ac00150c90b
2128N/A/* ==================================================================== 2128N/A * The Apache Software License, Version 1.1 2128N/A * Copyright (c) 2000 The Apache Software Foundation. All rights 2128N/A * Redistribution and use in source and binary forms, with or without 2128N/A * modification, are permitted provided that the following conditions 2128N/A * 1. Redistributions of source code must retain the above copyright 2128N/A * notice, this list of conditions and the following disclaimer. 2128N/A * 2. Redistributions in binary form must reproduce the above copyright 2128N/A * notice, this list of conditions and the following disclaimer in 2128N/A * the documentation and/or other materials provided with the 2128N/A * 3. The end-user documentation included with the redistribution, 2128N/A * if any, must include the following acknowledgment: 3817N/A * "This product includes software developed by the 2128N/A * Alternately, this acknowledgment may appear in the software itself, 2128N/A * if and wherever such third-party acknowledgments normally appear. 2128N/A * 4. The names "Apache" and "Apache Software Foundation" must 2128N/A * not be used to endorse or promote products derived from this 2128N/A * software without prior written permission. For written 2128N/A * permission, please contact apache@apache.org. 3817N/A * 5. Products derived from this software may not be called "Apache", 2128N/A * nor may "Apache" appear in their name, without prior written 2128N/A * permission of the Apache Software Foundation. 2128N/A * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED 2128N/A * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 3817N/A * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 3817N/A * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR 2128N/A * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 2128N/A * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 3817N/A * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 3817N/A * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 3817N/A * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 3817N/A * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * ==================================================================== * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * Portions of this software are based upon public domain software * originally written at the National Center for Supercomputing Applications, * University of Illinois, Urbana-Champaign. bs2_noFORK,
/* no fork() because -X flag was specified */ bs2_FORK,
/* only fork() because uid != 0 */ bs2_FORK_RINI,
/* prior to A17, regular fork() and _rini() was used. */ bs2_RFORK_RINI,
/* for A17, use of _rfork() and _rini() was required */ bs2_UFORK /* As of A18, the new ufork() is used. */ int i =
strlen(
dest);
/* Leave space for trailing '\0' */ dest[
size-
1] =
'\0';
/* Guarantee for trailing '\0' */ /* Determine the method for forking off a child in such a way as to * set both the POSIX and BS2000 user id's to the unprivileged user. /* have we checked the OS version before? If yes return the previous * result - the OS release isn't going to change suddenly! /* If the user is unprivileged, use the normal fork() only. */ "uname() failed - aborting.");
* Old BS2000/OSD versions (before XPG4 SPEC1170) don't work with Apache. * Anyway, simply return a fork(). "Error: unsupported OS version. " "You may encounter problems.");
/* The following versions are special: * OS versions before A17 needs regular fork() and _rini(). * A17 requires _rfork() and _rini(), * and later versions need ufork(). /* All later OS versions will hopefully use ufork() only ;-) */ /* This routine is called by http_core for the BS2000Account directive */ /* It stores the account name for later use */ /* Make account all upper case */ /* This routine complements the setuid() call: it causes the BS2000 job * environment to be switched to the target user's user id. * That is important if CGI scripts try to execute native BS2000 commands. /* We can be sure that no change to uid==0 is possible because of /* The _rini() function works only after a prior _rfork(). * In the case of one_process, it would fail. "The debug mode of Apache should only " "be started by an unprivileged user!");
/* If no _rini() is required, then return quickly. */ /* An Account is required for _rini() */ "No BS2000Account configured - cannot switch to User %s",
/* Make user name all upper case */ /* Switch to the new logon user (setuid() and setgid() are done later) */ /* Only the super user can switch identities. */ "_rini: BS2000 auth failed for user \"%s\" acct \"%s\"",
/* BS2000 requires a "special" version of fork() before a setuid()/_rini() call */ /* Make user name all upper case - for some versions of ufork() */ NULL,
"ufork: Possible mis-configuration " "for user %s - Aborting.",
user);