martin 98/10/28 11:26:31
Modified: src/os/bs2000 bs2login.c os.h
src/main http_main.c
src/include httpd.h
src CHANGES
Log:
(BS2000 only)
Update BS2000 OS code to work with recent versions. Starting with
release A17, the child fork() must be replaced by a _rfork().
Revision Changes Path
1.6 +126 -4 apache-1.3/src/os/bs2000/bs2login.c
Index: bs2login.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/os/bs2000/bs2login.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- bs2login.c 1998/09/30 08:36:20 1.5
+++ bs2login.c 1998/10/28 19:26:25 1.6
@@ -59,49 +59,171 @@
#include "httpd.h"
#include "http_config.h"
#include "http_log.h"
+#include <ctype.h>
+#include <sys/utsname.h>
+#define ACCT_LEN 8
+#define USER_LEN 8
+
static const char *bs2000_account = NULL;
+static void ap_pad(char *dest, size_t size, char ch)
+{
+ int i = strlen(dest); /* Leave space for trailing '\0' */
+
+ while (i < size-1)
+ dest[i++] = ch;
+
+ dest[size-1] = '\0'; /* Guarantee for trailing '\0' */
+}
+
+static void ap_str_toupper(char *str)
+{
+ while (*str) {
+ *str = ap_toupper(*str);
+ ++str;
+ }
+}
+
/* This routine is called by http_core for the BS2000Account directive */
/* It stores the account name for later use */
const char *os_set_account(pool *p, const char *account)
{
- bs2000_account = ap_pstrdup(p, account);
+ char account_temp[ACCT_LEN+1];
+
+ ap_cpystrn(account_temp, account, sizeof account_temp);
+
+ /* Make account all upper case */
+ ap_str_toupper(account_temp);
+
+ /* Pad to length 8 */
+ ap_pad(account_temp, sizeof account_temp, ' ');
+
+ bs2000_account = ap_pstrdup(p, account_temp);
return NULL;
}
-int os_init_job_environment(server_rec *server, const char *user_name)
+/* This routine complements the setuid() call: it causes the BS2000 job
+ * environment to be switched to the target user's user id.
+ * That is important if CGI scripts try to execute native BS2000 commands.
+ */
+int os_init_job_environment(server_rec *server, const char *user_name, int
one_process)
{
_rini_struct inittask;
+ char username[USER_LEN+1];
+ int save_errno;
/* We can be sure that no change to uid==0 is possible because of
* the checks in http_core.c:set_user()
*/
+ /* The _rini() function works only after a prior _rfork().
+ * In the case of one_process, it would fail.
+ */
/* An Account is required for _rini() */
if (bs2000_account == NULL)
{
ap_log_error(APLOG_MARK, APLOG_ALERT|APLOG_NOERRNO, server,
- "No BS2000Account configured - cannot switch to User %S",
+ "No BS2000Account configured - cannot switch to User %s",
user_name);
exit(APEXIT_CHILDFATAL);
}
+
+ /* The one_process test is placed _behind_ the BS2000Account test
+ * because we never want the user to forget configuring an account.
+ */
+ if (one_process) {
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, server,
+ "The debug mode of Apache should only "
+ "be started by an unprivileged user!");
+ return 0;
+ }
+
+ ap_cpystrn(username, user_name, sizeof username);
+
+ /* Make user name all upper case */
+ ap_str_toupper(username);
- inittask.username = user_name;
+ /* Pad to length 8 */
+ ap_pad(username, sizeof username, ' ');
+
+ inittask.username = username;
inittask.account = bs2000_account;
inittask.processor_name = " ";
/* Switch to the new logon user (setuid() and setgid() are done later) */
/* Only the super use can switch identities. */
if (_rini(&inittask) != 0) {
+ save_errno = errno;
+
ap_log_error(APLOG_MARK, APLOG_ALERT, server,
"_rini: BS2000 auth failed for user \"%s\" acct \"%s\"",
inittask.username, inittask.account);
+
+ if (save_errno == EAGAIN) {
+ /* This funny error code does NOT mean that the operation should
+ * be retried. Instead it means that authentication failed
+ * because of possibly incompatible `JOBCLASS'es between
+ * the calling (SYSROOT) and the target non-privileged user id.
+ * Help the administrator by logging a hint.
+ */
+ char *curr_user, curr_uid[L_cuserid];
+
+ if ((curr_user = cuserid(curr_uid)) == NULL) {
+ /* This *SHOULD* not occur. But if it does, deal with it. */
+ ap_snprintf(curr_uid, sizeof curr_uid, "#%u", getuid());
+ curr_user = curr_uid;
+ }
+
+ ap_log_error(APLOG_MARK, APLOG_ALERT|APLOG_NOERRNO, server,
+ "_rini: Hint: Possible reason: JOBCLASS of user %s "
+ "not compatible with that of user %s ?",
+ curr_user, inittask.username);
+ }
exit(APEXIT_CHILDFATAL);
}
return 0;
+}
+
+/* BS2000 requires a "special" version of fork() before a setuid()/_rini()
call */
+/* Additionally, there's an OS release dependency here :-((( */
+/* I'm sorry, but there was no other way to make it work. -Martin */
+pid_t os_fork(void)
+{
+ struct utsname os_version;
+
+ if (uname(&os_version) >= 0)
+ {
+ /* Old versions (before XPG4 SPEC1170) don't work with Apache
+ * and they require a fork(), not a _rfork()
+ */
+ if (strcmp(os_version.release, "01.0A") == 0 ||
+ strcmp(os_version.release, "02.0A") == 0 ||
+ strcmp(os_version.release, "02.1A") == 0)
+ {
+ return fork();
+ }
+
+ /* The following versions are special:
+ * OS versions before A17 work with regular fork() only,
+ * later versions with _rfork() only.
+ */
+ if (strcmp(os_version.release, "01.1A") == 0 ||
+ strcmp(os_version.release, "03.0A") == 0 ||
+ strcmp(os_version.release, "03.1A") == 0 ||
+ strcmp(os_version.release, "04.0A") == 0)
+ {
+ return (strcmp (os_version.version, "A17") < 0)
+ ? fork() : _rfork();
+ }
+ }
+
+ /* All later OS versions will require _rfork()
+ * to prepare for authorization with _rini()
+ */
+ return _rfork();
}
#else /* _OSD_POSIX */
1.12 +1 -0 apache-1.3/src/os/bs2000/os.h
Index: os.h
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/os/bs2000/os.h,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- os.h 1998/07/13 11:32:47 1.11
+++ os.h 1998/10/28 19:26:25 1.12
@@ -30,5 +30,6 @@
* to use request_rec here... */
struct request_rec;
extern int ap_checkconv(struct request_rec *r);
+extern pid_t os_fork(void);
#endif /*! APACHE_OS_H*/
1.404 +6 -1 apache-1.3/src/main/http_main.c
Index: http_main.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/main/http_main.c,v
retrieving revision 1.403
retrieving revision 1.404
diff -u -r1.403 -r1.404
--- http_main.c 1998/10/28 13:02:38 1.403
+++ http_main.c 1998/10/28 19:26:26 1.404
@@ -3532,7 +3532,7 @@
/* Only try to switch if we're running as root */
if (!geteuid() && (
#ifdef _OSD_POSIX
- os_init_job_environment(server_conf, ap_user_name) != 0 ||
+ os_init_job_environment(server_conf, ap_user_name, one_process) != 0 ||
#endif
setuid(ap_user_id) == -1)) {
ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
@@ -3904,7 +3904,12 @@
Explain1("Starting new child in slot %d", slot);
(void) ap_update_child_status(slot, SERVER_STARTING, (request_rec *)
NULL);
+#ifndef _OSD_POSIX
if ((pid = fork()) == -1) {
+#else /*_OSD_POSIX*/
+ /* BS2000 requires a "special" version of fork() before a setuid() call
*/
+ if ((pid = os_fork()) == -1) {
+#endif /*_OSD_POSIX*/
ap_log_error(APLOG_MARK, APLOG_ERR, s, "fork: Unable to fork new
process");
/* fork didn't succeed. Fix the scoreboard or else
1.249 +1 -1 apache-1.3/src/include/httpd.h
Index: httpd.h
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/include/httpd.h,v
retrieving revision 1.248
retrieving revision 1.249
diff -u -r1.248 -r1.249
--- httpd.h 1998/10/07 10:18:17 1.248
+++ httpd.h 1998/10/28 19:26:28 1.249
@@ -1004,7 +1004,7 @@
#ifdef _OSD_POSIX
extern const char *os_set_account(pool *p, const char *account);
-extern int os_init_job_environment(server_rec *s, const char *user_name);
+extern int os_init_job_environment(server_rec *s, const char *user_name, int
one_process);
#endif /* _OSD_POSIX */
char *ap_get_local_host(pool *);
1.1127 +4 -0 apache-1.3/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.1126
retrieving revision 1.1127
diff -u -r1.1126 -r1.1127
--- CHANGES 1998/10/28 13:02:35 1.1126
+++ CHANGES 1998/10/28 19:26:29 1.1127
@@ -1,5 +1,9 @@
Changes with Apache 1.3.4
+ *) Update BS2000 OS code to work with recent versions. Starting with
+ release A17, the child fork() must be replaced by a _rfork().
+ (BS2000 only) [Martin Kraemer]
+
*) Add the actual server_rec structure of the specific Vhost to the
scoreboard file and avoid a string copy (as well as allow some
further future enhancements). [Harrie Hazewinkel
