Apache HTTPD
mod_suexec.c
Go to the documentation of this file.
1/* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "httpd.h"
18#include "http_config.h"
19#include "http_core.h"
20#include "http_log.h"
21#include "http_request.h"
22#include "apr_strings.h"
23#include "unixd.h"
24#include "mpm_common.h"
25#include "mod_suexec.h"
26
27module AP_MODULE_DECLARE_DATA suexec_module;
28
29/*
30 * Create a configuration specific to this module for a server or directory
31 * location, and fill it with the default settings.
32 */
33static void *mkconfig(apr_pool_t *p)
34{
35 suexec_config_t *cfg = apr_palloc(p, sizeof(suexec_config_t));
36
37 cfg->active = 0;
38 return cfg;
39}
40
41/*
42 * Respond to a callback to create configuration record for a server or
43 * vhost environment.
44 */
45static void *create_mconfig_for_server(apr_pool_t *p, server_rec *s)
46{
47 return mkconfig(p);
48}
49
50/*
51 * Respond to a callback to create a config record for a specific directory.
52 */
53static void *create_mconfig_for_directory(apr_pool_t *p, char *dir)
54{
55 return mkconfig(p);
56}
57
58static const char *set_suexec_ugid(cmd_parms *cmd, void *mconfig,
59 const char *uid, const char *gid)
60{
61 suexec_config_t *cfg = (suexec_config_t *) mconfig;
62 const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_CONTEXT);
63
64 if (err != NULL) {
65 return err;
66 }
67
68 if (!ap_unixd_config.suexec_enabled) {
69 return apr_pstrcat(cmd->pool, "SuexecUserGroup configured, but "
70 "suEXEC is disabled: ",
71 ap_unixd_config.suexec_disabled_reason, NULL);
72 }
73
74 cfg->ugid.uid = ap_uname2id(uid);
75 cfg->ugid.gid = ap_gname2id(gid);
76 cfg->ugid.userdir = 0;
77 cfg->active = 1;
78
79 return NULL;
80}
81
82static ap_unix_identity_t *get_suexec_id_doer(const request_rec *r)
83{
84 suexec_config_t *cfg =
85 (suexec_config_t *) ap_get_module_config(r->per_dir_config, &suexec_module);
86
87 return cfg->active ? &cfg->ugid : NULL;
88}
89
90#define SUEXEC_POST_CONFIG_USERDATA "suexec_post_config_userdata"
91static int suexec_post_config(apr_pool_t *p, apr_pool_t *plog,
92 apr_pool_t *ptemp, server_rec *s)
93{
94 void *reported;
95
96 apr_pool_userdata_get(&reported, SUEXEC_POST_CONFIG_USERDATA,
97 s->process->pool);
98
99 if ((reported == NULL) && ap_unixd_config.suexec_enabled) {
100 ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, APLOGNO(01232)
101 "suEXEC mechanism enabled (wrapper: %s)", SUEXEC_BIN);
102
103 apr_pool_userdata_set((void *)1, SUEXEC_POST_CONFIG_USERDATA,
104 apr_pool_cleanup_null, s->process->pool);
105 }
106
107 return OK;
108}
109#undef SUEXEC_POST_CONFIG_USERDATA
110
111/*
112 * Define the directives specific to this module. This structure is referenced
113 * later by the 'module' structure.
114 */
115static const command_rec suexec_cmds[] =
116{
117 /* XXX - Another important reason not to allow this in .htaccess is that
118 * the ap_[ug]name2id() is not thread-safe */
119 AP_INIT_TAKE2("SuexecUserGroup", set_suexec_ugid, NULL, RSRC_CONF,
120 "User and group for spawned processes"),
121 { NULL }
122};
123
129
130AP_DECLARE_MODULE(suexec) =
131{
132 STANDARD20_MODULE_STUFF,
133 create_mconfig_for_directory, /* create per-dir config */
134 NULL, /* merge per-dir config */
135 create_mconfig_for_server, /* server config */
136 NULL, /* merge server config */
137 suexec_cmds, /* command table */
138 suexec_hooks /* register hooks */
139};
apr_strings.h
APR Strings library.
ap_get_module_config
#define ap_get_module_config(v, m)
Definition http_config.h:550
ap_hook_post_config
void ap_hook_post_config(ap_HOOK_post_config_t *pf, const char *const *aszPre, const char *const *aszSucc, int nOrder)
Definition config.c:105
AP_DECLARE_MODULE
#define AP_DECLARE_MODULE(foo)
Definition http_config.h:464
r
request_rec * r
Definition http_config.h:1168
AP_INIT_TAKE2
#define AP_INIT_TAKE2(directive, func, mconfig, where, help)
Definition http_config.h:180
OK
#define OK
Definition httpd.h:456
SUEXEC_BIN
#define SUEXEC_BIN
Definition httpd.h:156
APLOGNO
#define APLOGNO(n)
Definition http_log.h:117
APLOG_NOTICE
#define APLOG_NOTICE
Definition http_log.h:69
ap_log_error
#define ap_log_error
Definition http_log.h:370
APLOG_MARK
#define APLOG_MARK
Definition http_log.h:283
uid
apr_fileperms_t apr_uid_t uid
Definition apr_global_mutex.h:159
gid
apr_fileperms_t apr_uid_t apr_gid_t gid
Definition apr_global_mutex.h:159
APR_HOOK_MIDDLE
#define APR_HOOK_MIDDLE
Definition apr_hooks.h:303
RSRC_CONF
#define RSRC_CONF
Definition http_config.h:241
STANDARD20_MODULE_STUFF
#define STANDARD20_MODULE_STUFF
Definition http_config.h:486
NOT_IN_DIR_CONTEXT
#define NOT_IN_DIR_CONTEXT
Definition http_config.h:968
ap_check_cmd_context
const char * ap_check_cmd_context(cmd_parms *cmd, unsigned forbidden)
Definition core.c:1301
size
apr_size_t size
Definition apr_allocator.h:115
dir
apr_dir_t * dir
Definition apr_portable.h:240
s
const char * s
Definition apr_strings.h:95
err
apr_int32_t apr_int32_t apr_int32_t err
Definition apr_thread_proc.h:418
cmd
apr_cmdtype_e cmd
Definition apr_thread_proc.h:495
http_config.h
Apache Configuration.
http_core.h
CORE HTTP Daemon.
http_log.h
Apache Logging library.
http_request.h
Apache Request library.
httpd.h
HTTP Daemon routines.
p
apr_pool_t * p
Definition md_event.c:32
NULL
return NULL
Definition mod_so.c:359
set_suexec_ugid
static const char * set_suexec_ugid(cmd_parms *cmd, void *mconfig, const char *uid, const char *gid)
Definition mod_suexec.c:58
SUEXEC_POST_CONFIG_USERDATA
#define SUEXEC_POST_CONFIG_USERDATA
Definition mod_suexec.c:90
mkconfig
static void * mkconfig(apr_pool_t *p)
Definition mod_suexec.c:33
suexec_post_config
static int suexec_post_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
Definition mod_suexec.c:91
suexec_cmds
static const command_rec suexec_cmds[]
Definition mod_suexec.c:115
create_mconfig_for_directory
static void * create_mconfig_for_directory(apr_pool_t *p, char *dir)
Definition mod_suexec.c:53
suexec_hooks
static void suexec_hooks(apr_pool_t *p)
Definition mod_suexec.c:124
get_suexec_id_doer
static ap_unix_identity_t * get_suexec_id_doer(const request_rec *r)
Definition mod_suexec.c:82
create_mconfig_for_server
static void * create_mconfig_for_server(apr_pool_t *p, server_rec *s)
Definition mod_suexec.c:45
mod_suexec.h
SuExec Extension Module for Apache.
mpm_common.h
Multi-Processing Modules functions.
apr_pool_t
Definition apr_pools.c:562
cmd_parms_struct
Definition http_config.h:288
command_struct
Definition http_config.h:204
request_rec
A structure that represents the current request.
Definition httpd.h:845
request_rec::per_dir_config
struct ap_conf_vector_t * per_dir_config
Definition httpd.h:1047
server_rec
A structure to store information for each virtual server.
Definition httpd.h:1322
suexec_config_t
Definition mod_suexec.h:28
suexec_config_t::ugid
ap_unix_identity_t ugid
Definition mod_suexec.h:29
suexec_config_t::active
int active
Definition mod_suexec.h:30
Generated by doxygen 1.9.8