cvs commit: apachen/src/modules/standard mod_cgi.c mod_env.c mod_include.c mod_negotiation.c mod_setenvif.c
dgaudet 98/01/24 11:00:28 Modified:src CHANGES src/main alloc.c alloc.h src/modules/standard mod_cgi.c mod_env.c mod_include.c mod_negotiation.c mod_setenvif.c Log: Clean up the usage of the table API. There have always been enough routines in alloc.h to treat table as an opaque type, however even we got lazy at times and didn't do the right thing. This change causes compile time errors for folks who aren't treating table as an opaque type. It was built as part of my table hashing patch, but the hashing has all been removed (since it didn't appear to be a win). Reviewed by: Paul Sutton Revision ChangesPath 1.595 +8 -0 apachen/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apachen/src/CHANGES,v retrieving revision 1.594 retrieving revision 1.595 diff -u -r1.594 -r1.595 --- CHANGES 1998/01/24 16:27:53 1.594 +++ CHANGES 1998/01/24 19:00:18 1.595 @@ -1,5 +1,13 @@ Changes with Apache 1.3b4 + *) typedef array_header table removed from alloc.h, folks should have + been writing to use table as if it were an opaque type, but even + some standard modules got this wrong. By changing the definition + to typedef struct table table module authors will receive compile + time warnings that they're doing the wrong thing. This change + facilitates future changes with more sophisticated table + structures. [Dean Gaudet] + *) Rename new_connection() to ap__new_connection() to avoid namespace collision with LDAP library routines. The ap__ prefix means it's a private non-API interface, as opposed to ap_. 1.68 +75 -43apachen/src/main/alloc.c Index: alloc.c === RCS file: /export/home/cvs/apachen/src/main/alloc.c,v retrieving revision 1.67 retrieving revision 1.68 diff -u -r1.67 -r1.68 --- alloc.c 1998/01/07 16:45:59 1.67 +++ alloc.c 1998/01/24 19:00:21 1.68 @@ -584,10 +584,8 @@ * The 'array' functions... */ -API_EXPORT(array_header *) make_array(pool *p, int nelts, int elt_size) +static void make_array_core(array_header *res, pool *p, int nelts, int elt_size) { -array_header *res = (array_header *) palloc(p, sizeof(array_header)); - if (nelts 1) nelts = 1; /* Assure sanity if someone asks for * array of zero elts. @@ -599,7 +597,13 @@ res-elt_size = elt_size; res-nelts = 0; /* No active elements yet... */ res-nalloc = nelts; /* ...but this many allocated */ +} + +API_EXPORT(array_header *) make_array(pool *p, int nelts, int elt_size) +{ +array_header *res = (array_header *) palloc(p, sizeof(array_header)); +make_array_core(res, p, nelts, elt_size); return res; } @@ -658,17 +662,21 @@ * overhead of the full copy only where it is really needed. */ -API_EXPORT(array_header *) copy_array_hdr(pool *p, const array_header *arr) +static ap_inline void copy_array_hdr_core(array_header *res, +const array_header *arr) { -array_header *res = (array_header *) palloc(p, sizeof(array_header)); - res-elts = arr-elts; - -res-pool = p; res-elt_size = arr-elt_size; res-nelts = arr-nelts; res-nalloc = arr-nelts;/* Force overflow on push */ +} + +API_EXPORT(array_header *) copy_array_hdr(pool *p, const array_header *arr) +{ +array_header *res = (array_header *) palloc(p, sizeof(array_header)); +res-pool = p; +copy_array_hdr_core(res, arr); return res; } @@ -690,35 +698,50 @@ * The table functions. */ +/* XXX: if you tweak this you should look at is_empty_table() and table_elts() + * in alloc.h */ +struct table { +/* This has to be first to promote backwards compatibility with + * older modules which cast a table * to an array_header *... + * they should use the table_elts() function for most of the + * cases they do this for. + */ +array_header a; +}; + + API_EXPORT(table *) make_table(pool *p, int nelts) { -return make_array(p, nelts, sizeof(table_entry)); +table *t = palloc(p, sizeof(table)); + +make_array_core(t-a, p, nelts, sizeof(table_entry)); +return t; } API_EXPORT(table *) copy_table(pool *p, const table *t) { -return copy_array(p, t); -} +table *new = palloc(p, sizeof(table)); -API_EXPORT(void) clear_table(table *t) -{ -t-nelts = 0; +make_array_core(new-a, p, t-a.nalloc, sizeof(table_entry)); +memcpy(new-a.elts, t-a.elts, t-a.nelts * sizeof(table_entry)); +new-a.nelts = t-a.nelts; +return new; }
cvs commit: apachen/src/modules/standard mod_cgi.c
coar98/01/20 07:17:40 Modified:src/modules/standard mod_cgi.c Log: Bracket some one-line statements (residue of indenting) Revision ChangesPath 1.66 +10 -5 apachen/src/modules/standard/mod_cgi.c Index: mod_cgi.c === RCS file: /export/home/cvs/apachen/src/modules/standard/mod_cgi.c,v retrieving revision 1.65 retrieving revision 1.66 diff -u -r1.65 -r1.66 --- mod_cgi.c 1998/01/07 16:46:46 1.65 +++ mod_cgi.c 1998/01/20 15:17:39 1.66 @@ -483,8 +483,9 @@ char *location, sbuf[MAX_STRING_LEN]; int ret; - if ((ret = scan_script_header_err_buff(r, script_in, sbuf))) + if ((ret = scan_script_header_err_buff(r, script_in, sbuf))) { return log_script(r, conf, ret, dbuf, sbuf, script_in, script_err); + } location = table_get(r-headers_out, Location); @@ -492,10 +493,12 @@ /* Soak up all the script output */ hard_timeout(read from script, r); - while (bgets(argsbuffer, HUGE_STRING_LEN, script_in) 0) + while (bgets(argsbuffer, HUGE_STRING_LEN, script_in) 0) { continue; - while (bgets(argsbuffer, HUGE_STRING_LEN, script_err) 0) + } + while (bgets(argsbuffer, HUGE_STRING_LEN, script_err) 0) { continue; + } kill_timeout(r); @@ -522,13 +525,15 @@ } send_http_header(r); - if (!r-header_only) + if (!r-header_only) { send_fb(script_in, r); + } bclose(script_in); soft_timeout(soaking script stderr, r); - while (bgets(argsbuffer, HUGE_STRING_LEN, script_err) 0) + while (bgets(argsbuffer, HUGE_STRING_LEN, script_err) 0) { continue; + } kill_timeout(r); bclose(script_err); }
cvs commit: apachen/src/modules/standard mod_cgi.c
dgaudet 97/11/06 13:54:15 Modified:src/main alloc.c http_log.c http_main.c httpd.h src/modules/standard mod_cgi.c Log: Commit the RAISE_SIGSTOP debugging support. Reviewed by: Jim Jagielski, Martin Kraemer Revision ChangesPath 1.57 +1 -0 apachen/src/main/alloc.c Index: alloc.c === RCS file: /export/home/cvs/apachen/src/main/alloc.c,v retrieving revision 1.56 retrieving revision 1.57 diff -u -r1.56 -r1.57 --- alloc.c 1997/11/01 21:13:20 1.56 +++ alloc.c 1997/11/06 21:54:07 1.57 @@ -1361,6 +1361,7 @@ if (!pid) { /* Child process */ + RAISE_SIGSTOP(SPAWN_CHILD); if (pipe_out) { close(out_fds[0]); 1.43 +1 -0 apachen/src/main/http_log.c Index: http_log.c === RCS file: /export/home/cvs/apachen/src/main/http_log.c,v retrieving revision 1.42 retrieving revision 1.43 diff -u -r1.42 -r1.43 --- http_log.c1997/10/27 19:09:43 1.42 +++ http_log.c1997/11/06 21:54:08 1.43 @@ -413,6 +413,7 @@ /* XXX: need to check what open fds the logger is actually passed, * XXX: and CGIs for that matter ... cleanup_for_exec *should* * XXX: close all the relevant stuff, but hey, it could be broken. */ + RAISE_SIGSTOP(PIPED_LOG_SPAWN); /* we're now in the child */ close (STDIN_FILENO); dup2 (pl-fds[0], STDIN_FILENO); 1.246 +12 -1 apachen/src/main/http_main.c Index: http_main.c === RCS file: /export/home/cvs/apachen/src/main/http_main.c,v retrieving revision 1.245 retrieving revision 1.246 diff -u -r1.245 -r1.246 --- http_main.c 1997/11/06 10:47:01 1.245 +++ http_main.c 1997/11/06 21:54:10 1.246 @@ -223,6 +223,10 @@ int one_process = 0; +#ifdef DEBUG_SIGSTOP +int raise_sigstop_flags; +#endif + #ifndef NO_OTHER_CHILD /* used to maintain list of children which aren't part of the scoreboard */ typedef struct other_child_rec other_child_rec; @@ -2144,6 +2148,7 @@ fprintf(stderr, httpd: unable to fork new process\n); exit(1); } +RAISE_SIGSTOP(DETACH); #endif #ifndef NO_SETSID if ((pgrp = setsid()) == -1) { @@ -2983,6 +2988,7 @@ } if (!pid) { + RAISE_SIGSTOP(MAKE_CHILD); /* Disable the restart signal handlers and enable the just_die stuff. * Note that since restart() just notes that a restart has been * requested there's no race condition here. @@ -3424,7 +3430,7 @@ setup_prelinked_modules(); -while ((c = getopt(argc, argv, Xd:f:vhl)) != -1) { +while ((c = getopt(argc, argv, Xd:f:vhlZ:)) != -1) { switch (c) { case 'd': strncpy(server_root, optarg, sizeof(server_root) - 1); @@ -3446,6 +3452,11 @@ case 'X': ++one_process; /* Weird debugging mode. */ break; +#ifdef DEBUG_SIGSTOP + case 'Z': + raise_sigstop_flags = atoi(optarg); + break; +#endif case '?': usage(argv[0]); } 1.166 +20 -0 apachen/src/main/httpd.h Index: httpd.h === RCS file: /export/home/cvs/apachen/src/main/httpd.h,v retrieving revision 1.165 retrieving revision 1.166 diff -u -r1.165 -r1.166 --- httpd.h 1997/10/26 21:57:13 1.165 +++ httpd.h 1997/11/06 21:54:11 1.166 @@ -903,3 +903,23 @@ #if !defined (MULTITHREAD) (defined (HAVE_MMAP) || defined (HAVE_SHMGET)) #define OPTIMIZE_TIMEOUTS #endif + +/* A set of flags which indicate places where the server should raise(SIGSTOP). + * This is useful for debugging, because you can then attach to that process + * with gdb and continue. This is important in cases where one_process + * debugging isn't possible. + */ +#define SIGSTOP_DETACH 1 +#define SIGSTOP_MAKE_CHILD 2 +#define SIGSTOP_SPAWN_CHILD 4 +#define SIGSTOP_PIPED_LOG_SPAWN 8 +#define SIGSTOP_CGI_CHILD16 + +#ifdef DEBUG_SIGSTOP +extern int raise_sigstop_flags; +#define RAISE_SIGSTOP(x) do { \ + if (raise_sigstop_flags SIGSTOP_##x) raise(SIGSTOP);\ +} while (0) +#else +#define RAISE_SIGSTOP(x) +#endif 1.63 +1 -0 apachen/src/modules/standard/mod_cgi.c Index: mod_cgi.c === RCS file: /export/home/cvs/apachen/src/modules/standard/mod_cgi.c,v retrieving revision 1.62 retrieving revision 1.63 diff -u -r1.62 -r1.63 --- mod_cgi.c 1997/10/25 22:35:18 1.62 +++ mod_cgi.c
cvs commit: apachen/src/modules/standard mod_cgi.c
dgaudet 97/10/07 13:05:07 Modified:src CHANGES src/main httpd.h util.c util_script.c src/modules/standard mod_cgi.c Log: Back out PR#918, it doesn't seem to do what it was supposed to do -- could be my fault because I had to update it to the newer logging/formatting. But nobody has had a chance to fix it yet. Revision ChangesPath 1.462 +0 -3 apachen/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apachen/src/CHANGES,v retrieving revision 1.461 retrieving revision 1.462 diff -u -r1.461 -r1.462 --- CHANGES 1997/10/07 19:53:19 1.461 +++ CHANGES 1997/10/07 20:04:58 1.462 @@ -38,9 +38,6 @@ Also removed the auto-generated link to www.apache.org that was the source of so many misdirected bug reports. [Roy Fielding, Marc Slemko] - *) Change to CGI permission test to allow User/Group tests to do the - right thing for suexec. [Randy Terbush] PR#918 - *) send_fb would not detect aborted connections in some situations. [Dean Gaudet] 1.153 +1 -1 apachen/src/main/httpd.h Index: httpd.h === RCS file: /export/home/cvs/apachen/src/main/httpd.h,v retrieving revision 1.152 retrieving revision 1.153 diff -u -r1.152 -r1.153 --- httpd.h 1997/10/07 19:34:05 1.152 +++ httpd.h 1997/10/07 20:05:02 1.153 @@ -811,7 +811,7 @@ API_EXPORT(uid_t) uname2id(const char *name); API_EXPORT(gid_t) gname2id(const char *name); API_EXPORT(int) is_directory(const char *name); -API_EXPORT(int) can_exec(const struct stat *, uid_t, gid_t); +API_EXPORT(int) can_exec(const struct stat *); API_EXPORT(void) chdir_file(const char *file); #ifndef HAVE_CANONICAL_FILENAME 1.71 +3 -3 apachen/src/main/util.c Index: util.c === RCS file: /export/home/cvs/apachen/src/main/util.c,v retrieving revision 1.70 retrieving revision 1.71 diff -u -r1.70 -r1.71 --- util.c1997/09/26 03:52:11 1.70 +++ util.c1997/10/07 20:05:03 1.71 @@ -1070,7 +1070,7 @@ return (x ? 1 : 0); /* If the first character is ':', it's broken, too */ } -API_EXPORT(int) can_exec(const struct stat *finfo, uid_t uid, gid_t gid) +API_EXPORT(int) can_exec(const struct stat *finfo) { #ifdef MULTIPLE_GROUPS int cnt; @@ -1079,10 +1079,10 @@ /* OS/2 dosen't have Users and Groups */ return 1; #else -if (uid == finfo-st_uid) +if (user_id == finfo-st_uid) if (finfo-st_mode S_IXUSR) return 1; -if (gid == finfo-st_gid) +if (group_id == finfo-st_gid) if (finfo-st_mode S_IXGRP) return 1; #ifdef MULTIPLE_GROUPS 1.77 +0 -14 apachen/src/main/util_script.c Index: util_script.c === RCS file: /export/home/cvs/apachen/src/main/util_script.c,v retrieving revision 1.76 retrieving revision 1.77 diff -u -r1.76 -r1.77 --- util_script.c 1997/10/07 05:27:11 1.76 +++ util_script.c 1997/10/07 20:05:03 1.77 @@ -817,13 +817,6 @@ grpname = gr-gr_name; } - if (!can_exec(r-finfo, pw-pw_uid, gr-gr_gid)) { - aplog_error(APLOG_MARK, APLOG_ERR, r-server, - file permissions deny server execution: %s, - r-filename); - return -1; - } - if (shellcmd) execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0, NULL, env); @@ -838,13 +831,6 @@ } } else { - if (!can_exec(r-finfo, user_id, group_id)) { - aplog_error(APLOG_MARK, APLOG_ERR, r-server, - file permissions deny server execution: %s, - r-filename); - return -1; - } - if (shellcmd) execle(SHELL_PATH, SHELL_PATH, -c, argv0, NULL, env); 1.60 +5 -0 apachen/src/modules/standard/mod_cgi.c Index: mod_cgi.c === RCS file: /export/home/cvs/apachen/src/modules/standard/mod_cgi.c,v retrieving revision 1.59 retrieving revision 1.60 diff -u -r1.59 -r1.60 --- mod_cgi.c 1997/10/07 05:27:24 1.59 +++ mod_cgi.c 1997/10/07 20:05:06 1.60 @@ -393,6 +393,11 @@ return log_scripterror(r, conf, NOT_FOUND, APLOG_NOERRNO, script not found or unable to stat); #endif +if (!suexec_enabled) { + if (!can_exec(r-finfo)) + return log_scripterror(r, conf, FORBIDDEN, APLOG_NOERRNO, +file permissions deny server execution); +}
cvs commit: apachen/src/modules/standard mod_cgi.c
dgaudet 97/09/25 20:52:15 Modified:src CHANGES src/main httpd.h util.c util_script.c src/modules/standard mod_cgi.c Log: Change to CGI permission test to allow User/Group tests to do the right thing for suexec. [Randy Terbush] PR#918 (I had to rework this because the original was from pre-indent -djg) PR: 918 Submitted by: Randy Terbush Reviewed by: Dean Gaudet, Jim Jagielski Revision ChangesPath 1.451 +3 -0 apachen/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apachen/src/CHANGES,v retrieving revision 1.450 retrieving revision 1.451 diff -u -r1.450 -r1.451 --- CHANGES 1997/09/26 03:26:21 1.450 +++ CHANGES 1997/09/26 03:52:08 1.451 @@ -1,4 +1,7 @@ Changes with Apache 1.3b1 + + *) Change to CGI permission test to allow User/Group tests to do the + right thing for suexec. [Randy Terbush] PR#918 *) send_fb would not detect aborted connections in some situations. [Dean Gaudet] 1.150 +1 -1 apachen/src/main/httpd.h Index: httpd.h === RCS file: /export/home/cvs/apachen/src/main/httpd.h,v retrieving revision 1.149 retrieving revision 1.150 diff -u -r1.149 -r1.150 --- httpd.h 1997/09/16 00:25:46 1.149 +++ httpd.h 1997/09/26 03:52:10 1.150 @@ -834,7 +834,7 @@ API_EXPORT(uid_t) uname2id(const char *name); API_EXPORT(gid_t) gname2id(const char *name); API_EXPORT(int) is_directory(const char *name); -API_EXPORT(int) can_exec(const struct stat *); +API_EXPORT(int) can_exec(const struct stat *, uid_t, gid_t); API_EXPORT(void) chdir_file(const char *file); #ifndef HAVE_CANONICAL_FILENAME 1.70 +3 -3 apachen/src/main/util.c Index: util.c === RCS file: /export/home/cvs/apachen/src/main/util.c,v retrieving revision 1.69 retrieving revision 1.70 diff -u -r1.69 -r1.70 --- util.c1997/09/14 22:18:57 1.69 +++ util.c1997/09/26 03:52:11 1.70 @@ -1070,7 +1070,7 @@ return (x ? 1 : 0); /* If the first character is ':', it's broken, too */ } -API_EXPORT(int) can_exec(const struct stat *finfo) +API_EXPORT(int) can_exec(const struct stat *finfo, uid_t uid, gid_t gid) { #ifdef MULTIPLE_GROUPS int cnt; @@ -1079,10 +1079,10 @@ /* OS/2 dosen't have Users and Groups */ return 1; #else -if (user_id == finfo-st_uid) +if (uid == finfo-st_uid) if (finfo-st_mode S_IXUSR) return 1; -if (group_id == finfo-st_gid) +if (gid == finfo-st_gid) if (finfo-st_mode S_IXGRP) return 1; #ifdef MULTIPLE_GROUPS 1.75 +14 -0 apachen/src/main/util_script.c Index: util_script.c === RCS file: /export/home/cvs/apachen/src/main/util_script.c,v retrieving revision 1.74 retrieving revision 1.75 diff -u -r1.74 -r1.75 --- util_script.c 1997/09/16 03:49:57 1.74 +++ util_script.c 1997/09/26 03:52:12 1.75 @@ -827,6 +827,13 @@ grpname = gr-gr_name; } + if (!can_exec(r-finfo, pw-pw_uid, gr-gr_gid)) { + aplog_error(APLOG_MARK, APLOG_ERR, r-server, + file permissions deny server execution: %s, + r-filename); + return -1; + } + if (shellcmd) execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0, NULL, env); @@ -841,6 +848,13 @@ } } else { + if (!can_exec(r-finfo, user_id, group_id)) { + aplog_error(APLOG_MARK, APLOG_ERR, r-server, + file permissions deny server execution: %s, + r-filename); + return -1; + } + if (shellcmd) execle(SHELL_PATH, SHELL_PATH, -c, argv0, NULL, env); 1.57 +0 -5 apachen/src/modules/standard/mod_cgi.c Index: mod_cgi.c === RCS file: /export/home/cvs/apachen/src/modules/standard/mod_cgi.c,v retrieving revision 1.56 retrieving revision 1.57 diff -u -r1.56 -r1.57 --- mod_cgi.c 1997/09/18 08:12:23 1.56 +++ mod_cgi.c 1997/09/26 03:52:14 1.57 @@ -400,11 +400,6 @@ return log_scripterror(r, conf, NOT_FOUND, script not found or unable to stat); #endif -if (!suexec_enabled) { - if (!can_exec(r-finfo)) - return log_scripterror(r, conf, FORBIDDEN, -file permissions deny server execution); -} if ((retval = setup_client_block(r, REQUEST_CHUNKED_ERROR)))
cvs commit: apachen/src/modules/standard mod_cgi.c
randy 97/08/31 15:59:09 Modified:src/modules/standard mod_cgi.c Log: Convert log_*() to aplog_error(). Revision ChangesPath 1.55 +12 -11apachen/src/modules/standard/mod_cgi.c Index: mod_cgi.c === RCS file: /export/home/cvs/apachen/src/modules/standard/mod_cgi.c,v retrieving revision 1.54 retrieving revision 1.55 diff -u -r1.54 -r1.55 --- mod_cgi.c 1997/08/18 13:12:11 1.54 +++ mod_cgi.c 1997/08/31 22:59:08 1.55 @@ -155,12 +155,12 @@ { NULL} }; -static int log_scripterror(request_rec *r, cgi_server_conf *conf, int ret, - char *error) +static int log_scripterror (request_rec *r, cgi_server_conf *conf, int ret, + char *error) { FILE *f; -log_reason(error, r-filename, r); +aplog_error(APLOG_MARK, APLOG_ERR, r-server, error, r-filename); if (!conf-logname || ((stat(server_root_relative(r-pool, conf-logname), r-finfo) == 0) @@ -182,8 +182,8 @@ return ret; } -static int log_script(request_rec *r, cgi_server_conf *conf, int ret, - char *dbuf, char *sbuf, BUFF *script_in, BUFF *script_err) +static int log_script (request_rec *r, cgi_server_conf *conf, int ret, +char *dbuf, char *sbuf, BUFF *script_in, BUFF *script_err) { table *hdrs_arr = r-headers_in; table_entry *hdrs = (table_entry *)hdrs_arr-elts; @@ -323,7 +323,7 @@ * * Oh, well. Muddle through as best we can... * - * (NB we can't use log_error, or anything like that, because we + * (NB we can't use aplog_error, or anything like that, because we * just closed the file descriptor which r-server-error_log * was tied to in cleanup_for_exec(). It's only available on stderr * now, so that's what we use). @@ -412,11 +412,12 @@ * SSI request -djg */ if (!(child_pid = - spawn_child_err_buff (r-main ? r-main-pool : r-pool, cgi_child, - (void *)cld, - kill_after_timeout, - script_out, script_in, script_err))) { -log_reason (couldn't spawn child process, r-filename, r); + spawn_child_err_buff(r-main ? r-main-pool : r-pool, cgi_child, +(void *)cld, +kill_after_timeout, +script_out, script_in, script_err))) { +aplog_error(APLOG_MARK, APLOG_ERR, r-server, + couldn't spawn child process: %s, r-filename); return SERVER_ERROR; }