On Fri, Mar 31, 2023 at 2:27 PM Yann Ylavic <[email protected]> wrote:
>
> Hello,
>
> On Fri, Mar 31, 2023 at 8:18 AM Stefan Helmert <[email protected]> wrote:
> >
> > in my setup, httpd runs on a specific uid and delegates transfers to
> > mpm_itk with AssignUserIDExpr %{reqenv:MAPPED_USER} dynamic uid.
> >
> > The problem is: httpd runs ap_directory_walk() with its own uid before
> > delegating to mpm_itk with the dynamic uid. This fails, because httpd
> > doesn't have the permissions to read the directory.
> >
> > How can I disable ap_directory_walk() or delegate it to mpm_itk?
>
> I can't think of a configuration that could change this behaviour, but
> if you can patch mpm_itk I'd suggest to try to make the
> itk_post_perdir_config hook an itk_map_to_storage hook instead
> (APR_HOOK_REALLY_FIRST still, but returning DECLINED on success so
> that the next map_to_storage hooks run too).
>
> That's from a quick look at mpm_itk code (and I know very little about
> this MPM), but it looks like it could work..
So something like the attached patch possibly.
>
> Regards;
> Yann.
--- mpm_itk.c.original 2023-03-31 14:37:25.665476368 +0200
+++ mpm_itk.c 2023-03-31 14:38:27.897630190 +0200
@@ -267,7 +267,7 @@ static int itk_init_handler(apr_pool_t *
return OK;
}
-static int itk_post_perdir_config(request_rec *r)
+static int itk_map_to_storage(request_rec *r)
{
uid_t wanted_uid;
gid_t wanted_gid;
@@ -420,7 +420,7 @@ static int itk_post_perdir_config(reques
}
}
- return OK;
+ return DECLINED;
}
/*
@@ -494,7 +494,7 @@ static void itk_hooks(apr_pool_t *p)
ap_hook_process_connection(itk_fork_process, NULL, NULL, APR_HOOK_REALLY_FIRST);
/* set the uid as fast as possible, but not before merging per-dir config */
- ap_hook_post_perdir_config(itk_post_perdir_config, NULL, NULL, APR_HOOK_REALLY_FIRST);
+ ap_hook_map_to_storage(itk_map_to_storage, NULL, NULL, APR_HOOK_REALLY_FIRST);
/* replace core_dirwalk_stat so that we can kill the connection on stat() failure */
ap_hook_dirwalk_stat(itk_dirwalk_stat, NULL, NULL, APR_HOOK_MIDDLE);
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
