cvs commit: apache-1.3/src/os/bs2000 bs2login.c ebcdic.c
martin 99/12/09 04:10:12 Modified:src/os/bs2000 bs2login.c ebcdic.c Log: First cut at using the CRLF macro changes of Gil's patch. Next step is replacement of all xxx_strictly stuff by xxx (and renaming the os_toascii_strictly[] table to os_toascii[]) Revision ChangesPath 1.13 +0 -1 apache-1.3/src/os/bs2000/bs2login.c Index: bs2login.c === RCS file: /export/home/cvs/apache-1.3/src/os/bs2000/bs2login.c,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- bs2login.c1999/07/26 07:46:55 1.12 +++ bs2login.c1999/12/09 12:10:11 1.13 @@ -192,7 +192,6 @@ { _rini_structinittask; charusername[USER_LEN+1]; -int save_errno; bs2_ForkTypetype = os_forktype(); /* We can be sure that no change to uid==0 is possible because of 1.12 +1 -1 apache-1.3/src/os/bs2000/ebcdic.c Index: ebcdic.c === RCS file: /export/home/cvs/apache-1.3/src/os/bs2000/ebcdic.c,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- ebcdic.c 1999/11/24 17:12:19 1.11 +++ ebcdic.c 1999/12/09 12:10:12 1.12 @@ -235,7 +235,7 @@ const unsigned char *usrce = srce; while (count-- != 0) { -*udest++ = os_toascii[*usrce++]; +*udest++ = os_toascii_strictly[*usrce++]; } } void
cvs commit: apache-1.3/src/os/bs2000 bs2login.c
martin 99/07/26 00:21:37 Modified:src/os/bs2000 bs2login.c Log: When BS2000 ufork() fails because of EPERM, there's no use in retrying. Bail out. Revision ChangesPath 1.10 +12 -0 apache-1.3/src/os/bs2000/bs2login.c Index: bs2login.c === RCS file: /export/home/cvs/apache-1.3/src/os/bs2000/bs2login.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- bs2login.c1999/01/28 18:27:21 1.9 +++ bs2login.c1999/07/26 07:21:36 1.10 @@ -255,6 +255,7 @@ pid_t os_fork(const char *user) { pid_t pid; +char username[USER_LEN+1]; switch (os_forktype()) { case bs2_FORK: @@ -267,7 +268,18 @@ break; case bs2_UFORK: + ap_cpystrn(username, user, sizeof username); + + /* Make user name all upper case - for some versions of ufork() */ + ap_str_toupper(username); + pid = ufork(user); + if (pid == -1 errno == EPERM) { + ap_log_error(APLOG_MARK, APLOG_EMERG, + NULL, ufork: Possible mis-configuration + for user %s - Aborting., user); + clean_parent_exit(1); + } break; default:
cvs commit: apache-1.3/src/os/bs2000 bs2login.c
martin 99/07/26 00:23:52 Modified:src/os/bs2000 bs2login.c Log: Oops - an oversight. Revision ChangesPath 1.11 +1 -1 apache-1.3/src/os/bs2000/bs2login.c Index: bs2login.c === RCS file: /export/home/cvs/apache-1.3/src/os/bs2000/bs2login.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- bs2login.c1999/07/26 07:21:36 1.10 +++ bs2login.c1999/07/26 07:23:49 1.11 @@ -273,7 +273,7 @@ /* Make user name all upper case - for some versions of ufork() */ ap_str_toupper(username); - pid = ufork(user); + pid = ufork(username); if (pid == -1 errno == EPERM) { ap_log_error(APLOG_MARK, APLOG_EMERG, NULL, ufork: Possible mis-configuration
cvs commit: apache-1.3/src/os/bs2000 bs2login.c
martin 99/07/26 00:46:56 Modified:src/os/bs2000 bs2login.c Log: Another oops - of course clean_parent_exit is only available in http_main.c Revision ChangesPath 1.12 +1 -1 apache-1.3/src/os/bs2000/bs2login.c Index: bs2login.c === RCS file: /export/home/cvs/apache-1.3/src/os/bs2000/bs2login.c,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- bs2login.c1999/07/26 07:23:49 1.11 +++ bs2login.c1999/07/26 07:46:55 1.12 @@ -278,7 +278,7 @@ ap_log_error(APLOG_MARK, APLOG_EMERG, NULL, ufork: Possible mis-configuration for user %s - Aborting., user); - clean_parent_exit(1); + exit(1); } break;
cvs commit: apache-1.3/src/os/bs2000 bs2login.c
martin 99/01/28 10:27:21 Modified:src CHANGES src/main http_main.c src/os/bs2000 bs2login.c Log: BS2000 only: Adapt to the new ufork() system call interface which will make subtasking easier on the OSD/POSIX mainframe environment. Revision ChangesPath 1.1227+4 -0 apache-1.3/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v retrieving revision 1.1226 retrieving revision 1.1227 diff -u -r1.1226 -r1.1227 --- CHANGES 1999/01/28 09:24:56 1.1226 +++ CHANGES 1999/01/28 18:27:17 1.1227 @@ -1,5 +1,9 @@ Changes with Apache 1.3.5 + *) BS2000: Adapt to the new ufork() system call interface which will + make subtasking easier on the OSD/POSIX mainframe environment. + [Martin Kraemer] + *) Add a compatibility define for escape_uri() - ap_escape_uri() to ap_compat.h. [David White [EMAIL PROTECTED]] PR#3725 1.420 +1 -1 apache-1.3/src/main/http_main.c Index: http_main.c === RCS file: /export/home/cvs/apache-1.3/src/main/http_main.c,v retrieving revision 1.419 retrieving revision 1.420 diff -u -r1.419 -r1.420 --- http_main.c 1999/01/08 08:48:46 1.419 +++ http_main.c 1999/01/28 18:27:19 1.420 @@ -3935,7 +3935,7 @@ if ((pid = fork()) == -1) { #else /*_OSD_POSIX*/ /* BS2000 requires a special version of fork() before a setuid() call */ -if ((pid = os_fork()) == -1) { +if ((pid = os_fork(ap_user_name)) == -1) { #endif /*_OSD_POSIX*/ ap_log_error(APLOG_MARK, APLOG_ERR, s, fork: Unable to fork new process); 1.9 +115 -72 apache-1.3/src/os/bs2000/bs2login.c Index: bs2login.c === RCS file: /export/home/cvs/apache-1.3/src/os/bs2000/bs2login.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- bs2login.c1999/01/01 19:05:27 1.8 +++ bs2login.c1999/01/28 18:27:21 1.9 @@ -66,6 +66,17 @@ #define USER_LEN 8 static const char *bs2000_account = NULL; +typedef enum +{ +bs2_unknown, /* not initialized yet. */ +bs2_noFORK, /* no fork() because -X flag was specified */ +bs2_FORK,/* only fork() because uid != 0 */ +bs2_FORK_RINI, /* prior to A17, regular fork() and _rini() was used. */ +bs2_RFORK_RINI, /* for A17, use of _rfork() and _rini() was required */ +bs2_UFORK/* As of A18, the new ufork() is used. */ +} bs2_ForkType; + +static bs2_ForkType forktype = bs2_unknown; static void ap_pad(char *dest, size_t size, char ch) @@ -86,6 +97,75 @@ } } +/* Determine the method for forking off a child in such a way as to + * set both the POSIX and BS2000 user id's to the unprivileged user. + */ +static bs2_ForkType os_forktype(void) +{ +struct utsname os_version; + +/* have we checked the OS version before? If yes return the previous + * result - the OS release isn't going to change suddenly! + */ +if (forktype != bs2_unknown) { + return forktype; +} + +/* If the user is unprivileged, use the normal fork() only. */ +if (getuid() != 0) { + return forktype = bs2_FORK; +} + +if (uname(os_version) 0) +{ + ap_log_error(APLOG_MARK, APLOG_ALERT, NULL, + uname() failed - aborting.); + exit(APEXIT_CHILDFATAL); +} + +/* + * Old BS2000/OSD versions (before XPG4 SPEC1170) don't work with Apache. + * Anyway, simply return a fork(). + */ +if (strcmp(os_version.release, 01.0A) == 0 || + strcmp(os_version.release, 02.0A) == 0 || + strcmp(os_version.release, 02.1A) == 0) +{ + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, NULL, + Error: unsupported OS version. + You may encounter problems.); + forktype = bs2_FORK; +} + +/* The following versions are special: + * OS versions before A17 needs regular fork() and _rini(). + * A17 requires _rfork() and _rini(), + * and later versions need ufork(). + */ +else if (strcmp(os_version.release, 01.1A) == 0 || + strcmp(os_version.release, 03.0A) == 0 || + strcmp(os_version.release, 03.1A) == 0 || + strcmp(os_version.release, 04.0A) == 0) +{ +if (strcmp (os_version.version, A18) = 0) +forktype = bs2_UFORK; + + else if (strcmp (os_version.version, A17) 0) +forktype = bs2_FORK_RINI; + + else + forktype = bs2_RFORK_RINI; +} + +/* All later OS versions will hopefully use ufork()
cvs commit: apache-1.3/src/os/bs2000 bs2login.c
martin 98/12/23 03:17:21 Modified:src/os/bs2000 bs2login.c Log: Use regular fork() when calling user is not root. Revision ChangesPath 1.7 +10 -1 apache-1.3/src/os/bs2000/bs2login.c Index: bs2login.c === RCS file: /export/home/cvs/apache-1.3/src/os/bs2000/bs2login.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- bs2login.c1998/10/28 19:26:25 1.6 +++ bs2login.c1998/12/23 11:17:21 1.7 @@ -194,9 +194,18 @@ { struct utsname os_version; +/* + * When we run as a normal user (and bypass setuid() and _rini()), + * we use the regular fork(). + */ +if (getuid() != 0) { + return fork(); +} + if (uname(os_version) = 0) { - /* Old versions (before XPG4 SPEC1170) don't work with Apache + /* + * Old versions (before XPG4 SPEC1170) don't work with Apache * and they require a fork(), not a _rfork() */ if (strcmp(os_version.release, 01.0A) == 0 ||
cvs commit: apache-1.3/src/os/bs2000 bs2login.c
martin 98/05/04 09:22:12 Added: src/os/bs2000 bs2login.c Log: BS2000 needs an extra authentication phase (beside setuid()) for changing the permissions to the un-privileged user account Revision ChangesPath 1.1 apache-1.3/src/os/bs2000/bs2login.c Index: bs2login.c === /* * Copyright (c) 1995-1998 The Apache Group. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright *notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright *notice, this list of conditions and the following disclaimer in *the documentation and/or other materials provided with the *distribution. * * 3. All advertising materials mentioning features or use of this *software must display the following acknowledgment: *This product includes software developed by the Apache Group *for use in the Apache HTTP server project (http://www.apache.org/). * * 4. The names Apache Server and Apache Group must not be used to *endorse or promote products derived from this software without *prior written permission. For written permission, please contact *[EMAIL PROTECTED] * * 5. Products derived from this software may not be called Apache *nor may Apache appear in their names without prior written *permission of the Apache Group. * * 6. Redistributions of any form whatsoever must retain the following *acknowledgment: *This product includes software developed by the Apache Group *for use in the Apache HTTP server project (http://www.apache.org/). * * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Group and was originally based * on public domain software written at the National Center for * Supercomputing Applications, University of Illinois, Urbana-Champaign. * For more information on the Apache Group and the Apache HTTP server * project, please see http://www.apache.org/. * */ #ifdef _OSD_POSIX #include httpd.h #include http_config.h #include http_log.h static const char *bs2000_authfile = NULL; /* This routine is called by http_core for the BS2000AuthFile directive */ /* It stores the file name (after a quick check for validity) for later use */ const char *os_set_authfile(pool *p, const char *name) { struct stat stbuf; char *filename; filename = ap_server_root_relative(p, name); /* auth file must exist */ if (stat(filename, stbuf) != 0) { return ap_pstrcat(p, Unable to access bs2000 auth file , filename, NULL); exit(1); } /* auth file must be owned by root, and not readable/writable by everyone else */ if (stbuf.st_uid != 0) { return ap_pstrcat(p, BS2000 auth file , filename, is not owned by SYSROOT - change owner!, NULL); } if (stbuf.st_mode (S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH)) { return ap_pstrcat(p, BS2000 auth file , filename, is readable/writable by others - check permissions!, NULL); } bs2000_authfile = filename; return NULL; } int os_init_job_environment(server_rec *server, const char *user_name) { _checkuser_struct chk_usr; _rini_structinittask; struct { char username[8+1]; /* Length of a user name including \0 */ char password[8+1]; /* Length of a password including \0 */ char account [8+1]; /* Length of a account number including \0 */
cvs commit: apache-1.3/src/os/bs2000 bs2login.c
martin 98/05/04 15:18:24 Modified:src/os/bs2000 bs2login.c Log: Use new error-propagating APEXIT_CHILDFATAL exit code Revision ChangesPath 1.2 +6 -6 apache-1.3/src/os/bs2000/bs2login.c Index: bs2login.c === RCS file: /home/cvs/apache-1.3/src/os/bs2000/bs2login.c,v retrieving revision 1.1 retrieving revision 1.2 diff -u -u -r1.1 -r1.2 --- bs2login.c1998/05/04 16:22:12 1.1 +++ bs2login.c1998/05/04 22:18:24 1.2 @@ -76,7 +76,7 @@ if (stat(filename, stbuf) != 0) { return ap_pstrcat(p, Unable to access bs2000 auth file , filename, NULL); - exit(1); + exit(APEXIT_CHILDFATAL); } /* auth file must be owned by root, and not readable/writable by everyone else */ @@ -126,14 +126,14 @@ Use the 'BS2000AuthFile passwdfile' directive to specify an authorization file for User %s, user_name); - exit(1); + exit(APEXIT_CHILDFATAL); } if ((pwfile = fopen(bs2000_authfile, r)) == NULL) { ap_log_error(APLOG_MARK, APLOG_ALERT, server, Unable to open bs2000 auth file %s for User %s, bs2000_authfile, user_name); - exit(1); + exit(APEXIT_CHILDFATAL); } if (fgets(lcl_data.password, sizeof lcl_data.password, pwfile) == NULL @@ -141,7 +141,7 @@ ap_log_error(APLOG_MARK, APLOG_ALERT|APLOG_NOERRNO, server, Unable ro read BS2000 auth file %s, bs2000_authfile); - exit(1); + exit(APEXIT_CHILDFATAL); } fclose(pwfile); @@ -156,7 +156,7 @@ if(_checkuser(chk_usr) != 0) { ap_log_error(APLOG_MARK, APLOG_ALERT, server, _checkuser: BS2000 auth failed for user %s, chk_usr.username); - exit(1); + exit(APEXIT_CHILDFATAL); } inittask.username = chk_usr.username; @@ -170,7 +170,7 @@ ap_log_error(APLOG_MARK, APLOG_ALERT, server, _rini: BS2000 auth failed for user %s, inittask.username); - exit(1); + exit(APEXIT_CHILDFATAL); } /*ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, server,