martin 98/10/28 11:26:31
Modified: src/os/bs2000 bs2login.c os.h src/main http_main.c src/include httpd.h src CHANGES Log: (BS2000 only) Update BS2000 OS code to work with recent versions. Starting with release A17, the child fork() must be replaced by a _rfork(). Revision Changes Path 1.6 +126 -4 apache-1.3/src/os/bs2000/bs2login.c Index: bs2login.c =================================================================== RCS file: /export/home/cvs/apache-1.3/src/os/bs2000/bs2login.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- bs2login.c 1998/09/30 08:36:20 1.5 +++ bs2login.c 1998/10/28 19:26:25 1.6 @@ -59,49 +59,171 @@ #include "httpd.h" #include "http_config.h" #include "http_log.h" +#include <ctype.h> +#include <sys/utsname.h> +#define ACCT_LEN 8 +#define USER_LEN 8 + static const char *bs2000_account = NULL; +static void ap_pad(char *dest, size_t size, char ch) +{ + int i = strlen(dest); /* Leave space for trailing '\0' */ + + while (i < size-1) + dest[i++] = ch; + + dest[size-1] = '\0'; /* Guarantee for trailing '\0' */ +} + +static void ap_str_toupper(char *str) +{ + while (*str) { + *str = ap_toupper(*str); + ++str; + } +} + /* This routine is called by http_core for the BS2000Account directive */ /* It stores the account name for later use */ const char *os_set_account(pool *p, const char *account) { - bs2000_account = ap_pstrdup(p, account); + char account_temp[ACCT_LEN+1]; + + ap_cpystrn(account_temp, account, sizeof account_temp); + + /* Make account all upper case */ + ap_str_toupper(account_temp); + + /* Pad to length 8 */ + ap_pad(account_temp, sizeof account_temp, ' '); + + bs2000_account = ap_pstrdup(p, account_temp); return NULL; } -int os_init_job_environment(server_rec *server, const char *user_name) +/* This routine complements the setuid() call: it causes the BS2000 job + * environment to be switched to the target user's user id. + * That is important if CGI scripts try to execute native BS2000 commands. + */ +int os_init_job_environment(server_rec *server, const char *user_name, int one_process) { _rini_struct inittask; + char username[USER_LEN+1]; + int save_errno; /* We can be sure that no change to uid==0 is possible because of * the checks in http_core.c:set_user() */ + /* The _rini() function works only after a prior _rfork(). + * In the case of one_process, it would fail. + */ /* An Account is required for _rini() */ if (bs2000_account == NULL) { ap_log_error(APLOG_MARK, APLOG_ALERT|APLOG_NOERRNO, server, - "No BS2000Account configured - cannot switch to User %S", + "No BS2000Account configured - cannot switch to User %s", user_name); exit(APEXIT_CHILDFATAL); } + + /* The one_process test is placed _behind_ the BS2000Account test + * because we never want the user to forget configuring an account. + */ + if (one_process) { + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, server, + "The debug mode of Apache should only " + "be started by an unprivileged user!"); + return 0; + } + + ap_cpystrn(username, user_name, sizeof username); + + /* Make user name all upper case */ + ap_str_toupper(username); - inittask.username = user_name; + /* Pad to length 8 */ + ap_pad(username, sizeof username, ' '); + + inittask.username = username; inittask.account = bs2000_account; inittask.processor_name = " "; /* Switch to the new logon user (setuid() and setgid() are done later) */ /* Only the super use can switch identities. */ if (_rini(&inittask) != 0) { + save_errno = errno; + ap_log_error(APLOG_MARK, APLOG_ALERT, server, "_rini: BS2000 auth failed for user \"%s\" acct \"%s\"", inittask.username, inittask.account); + + if (save_errno == EAGAIN) { + /* This funny error code does NOT mean that the operation should + * be retried. Instead it means that authentication failed + * because of possibly incompatible `JOBCLASS'es between + * the calling (SYSROOT) and the target non-privileged user id. + * Help the administrator by logging a hint. + */ + char *curr_user, curr_uid[L_cuserid]; + + if ((curr_user = cuserid(curr_uid)) == NULL) { + /* This *SHOULD* not occur. But if it does, deal with it. */ + ap_snprintf(curr_uid, sizeof curr_uid, "#%u", getuid()); + curr_user = curr_uid; + } + + ap_log_error(APLOG_MARK, APLOG_ALERT|APLOG_NOERRNO, server, + "_rini: Hint: Possible reason: JOBCLASS of user %s " + "not compatible with that of user %s ?", + curr_user, inittask.username); + } exit(APEXIT_CHILDFATAL); } return 0; +} + +/* BS2000 requires a "special" version of fork() before a setuid()/_rini() call */ +/* Additionally, there's an OS release dependency here :-((( */ +/* I'm sorry, but there was no other way to make it work. -Martin */ +pid_t os_fork(void) +{ + struct utsname os_version; + + if (uname(&os_version) >= 0) + { + /* Old versions (before XPG4 SPEC1170) don't work with Apache + * and they require a fork(), not a _rfork() + */ + if (strcmp(os_version.release, "01.0A") == 0 || + strcmp(os_version.release, "02.0A") == 0 || + strcmp(os_version.release, "02.1A") == 0) + { + return fork(); + } + + /* The following versions are special: + * OS versions before A17 work with regular fork() only, + * later versions with _rfork() only. + */ + if (strcmp(os_version.release, "01.1A") == 0 || + strcmp(os_version.release, "03.0A") == 0 || + strcmp(os_version.release, "03.1A") == 0 || + strcmp(os_version.release, "04.0A") == 0) + { + return (strcmp (os_version.version, "A17") < 0) + ? fork() : _rfork(); + } + } + + /* All later OS versions will require _rfork() + * to prepare for authorization with _rini() + */ + return _rfork(); } #else /* _OSD_POSIX */ 1.12 +1 -0 apache-1.3/src/os/bs2000/os.h Index: os.h =================================================================== RCS file: /export/home/cvs/apache-1.3/src/os/bs2000/os.h,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- os.h 1998/07/13 11:32:47 1.11 +++ os.h 1998/10/28 19:26:25 1.12 @@ -30,5 +30,6 @@ * to use request_rec here... */ struct request_rec; extern int ap_checkconv(struct request_rec *r); +extern pid_t os_fork(void); #endif /*! APACHE_OS_H*/ 1.404 +6 -1 apache-1.3/src/main/http_main.c Index: http_main.c =================================================================== RCS file: /export/home/cvs/apache-1.3/src/main/http_main.c,v retrieving revision 1.403 retrieving revision 1.404 diff -u -r1.403 -r1.404 --- http_main.c 1998/10/28 13:02:38 1.403 +++ http_main.c 1998/10/28 19:26:26 1.404 @@ -3532,7 +3532,7 @@ /* Only try to switch if we're running as root */ if (!geteuid() && ( #ifdef _OSD_POSIX - os_init_job_environment(server_conf, ap_user_name) != 0 || + os_init_job_environment(server_conf, ap_user_name, one_process) != 0 || #endif setuid(ap_user_id) == -1)) { ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf, @@ -3904,7 +3904,12 @@ Explain1("Starting new child in slot %d", slot); (void) ap_update_child_status(slot, SERVER_STARTING, (request_rec *) NULL); +#ifndef _OSD_POSIX if ((pid = fork()) == -1) { +#else /*_OSD_POSIX*/ + /* BS2000 requires a "special" version of fork() before a setuid() call */ + if ((pid = os_fork()) == -1) { +#endif /*_OSD_POSIX*/ ap_log_error(APLOG_MARK, APLOG_ERR, s, "fork: Unable to fork new process"); /* fork didn't succeed. Fix the scoreboard or else 1.249 +1 -1 apache-1.3/src/include/httpd.h Index: httpd.h =================================================================== RCS file: /export/home/cvs/apache-1.3/src/include/httpd.h,v retrieving revision 1.248 retrieving revision 1.249 diff -u -r1.248 -r1.249 --- httpd.h 1998/10/07 10:18:17 1.248 +++ httpd.h 1998/10/28 19:26:28 1.249 @@ -1004,7 +1004,7 @@ #ifdef _OSD_POSIX extern const char *os_set_account(pool *p, const char *account); -extern int os_init_job_environment(server_rec *s, const char *user_name); +extern int os_init_job_environment(server_rec *s, const char *user_name, int one_process); #endif /* _OSD_POSIX */ char *ap_get_local_host(pool *); 1.1127 +4 -0 apache-1.3/src/CHANGES Index: CHANGES =================================================================== RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v retrieving revision 1.1126 retrieving revision 1.1127 diff -u -r1.1126 -r1.1127 --- CHANGES 1998/10/28 13:02:35 1.1126 +++ CHANGES 1998/10/28 19:26:29 1.1127 @@ -1,5 +1,9 @@ Changes with Apache 1.3.4 + *) Update BS2000 OS code to work with recent versions. Starting with + release A17, the child fork() must be replaced by a _rfork(). + (BS2000 only) [Martin Kraemer] + *) Add the actual server_rec structure of the specific Vhost to the scoreboard file and avoid a string copy (as well as allow some further future enhancements). [Harrie Hazewinkel