Attachment #125184 for bug #168769

View | Details | Raw Unified | Return to bug 168769
Collapse All | Expand All

Lines 125-130 Link Here

(-)./Makefile (+8 lines)
125		125
126	.include "${APACHEDIR}/Makefile.modules"	126	.include "${APACHEDIR}/Makefile.modules"
127		127
		128	.if defined(WITH_SUEXEC_USERDIR)
		129	EXTRA_PATCHES+= ${FILESDIR}/extra-patch-suexec_userdir
		130	.if !defined(WITH_SUEXEC)
		131	IGNORE= suEXEC UserDir patch requires mod_suexec.\
		132	Please (re)run 'make config' and choose SUEXEC option also
		133	.endif
		134	.endif
		135
128	.if (defined(WITH_SSL)\|\| !defined(WITHOUT_SSL_MODULES))	136	.if (defined(WITH_SSL)\|\| !defined(WITHOUT_SSL_MODULES))
129	.include "${PORTSDIR}/Mk/bsd.openssl.mk"	137	.include "${PORTSDIR}/Mk/bsd.openssl.mk"
130	CFLAGS+= -I${OPENSSLINC}	138	CFLAGS+= -I${OPENSSLINC}

Lines 73-78 Link Here

(-)./Makefile.options (+1 lines)
73	SSL "Enable mod_ssl" ON \	73	SSL "Enable mod_ssl" ON \
74	SUEXEC "Enable mod_suexec" OFF \	74	SUEXEC "Enable mod_suexec" OFF \
75	SUEXEC_RSRCLIMIT "SuEXEC rlimits based on login class" OFF \	75	SUEXEC_RSRCLIMIT "SuEXEC rlimits based on login class" OFF \
		76	SUEXEC_USERDIR "SuEXEC UserDir support" OFF \
76	REQTIMEOUT "Enable mod_reqtimeout" ON \	77	REQTIMEOUT "Enable mod_reqtimeout" ON \
77	CGID "Enable mod_cgid" OFF \	78	CGID "Enable mod_cgid" OFF \
78		79




--- modules/generators/mod_suexec.c.orig	2006-07-11 22:38:44.000000000 -0500
+++ modules/generators/mod_suexec.c	2010-02-05 23:22:23.000000000 -0600
@@ -57,10 +57,11 @@
 }
 
 static const char *set_suexec_ugid(cmd_parms *cmd, void *mconfig,
-                                   const char *uid, const char *gid)
+                                   const char *uid, const char *gid,
+                                   int userdir)
 {
     suexec_config_t *cfg = (suexec_config_t *) mconfig;
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
+    const char *err = ap_check_cmd_context(cmd, NOT_IN_LOCATION|NOT_IN_FILES|NOT_IN_LIMIT);
 
     if (err != NULL) {
         return err;
@@ -68,7 +69,7 @@
     if (unixd_config.suexec_enabled) {
         cfg->ugid.uid = ap_uname2id(uid);
         cfg->ugid.gid = ap_gname2id(gid);
-        cfg->ugid.userdir = 0;
+        cfg->ugid.userdir = userdir;
         cfg->active = 1;
     }
     else {
@@ -78,6 +79,18 @@
     return NULL;
 }
 
+static const char *set_suexec_ugid_nouserdir(cmd_parms *cmd, void *mconfig,
+                                             const char *uid, const char *gid)
+{
+    return set_suexec_ugid(cmd, mconfig, uid, gid, 0);
+}
+
+static const char *set_suexec_ugid_userdir(cmd_parms *cmd, void *mconfig,
+                                           const char *uid, const char *gid)
+{
+    return set_suexec_ugid(cmd, mconfig, uid, gid, 1);
+}
+
 static ap_unix_identity_t *get_suexec_id_doer(const request_rec *r)
 {
     suexec_config_t *cfg =
@@ -115,7 +128,9 @@
 {
     /* XXX - Another important reason not to allow this in .htaccess is that
      * the ap_[ug]name2id() is not thread-safe */
-    AP_INIT_TAKE2("SuexecUserGroup", set_suexec_ugid, NULL, RSRC_CONF,
+    AP_INIT_TAKE2("SuexecUserGroup", set_suexec_ugid_nouserdir, NULL, RSRC_CONF|ACCESS_CONF,
+      "User and group for spawned processes"),
+    AP_INIT_TAKE2("SuexecUserdir", set_suexec_ugid_userdir, NULL, RSRC_CONF|ACCESS_CONF,
       "User and group for spawned processes"),
     { NULL }
 };

Return to bug 168769

Line 0 Link Here

(-)./files/extra-patch-suexec_userdir (+55 lines)
	1	--- modules/generators/mod_suexec.c.orig 2006-07-11 22:38:44.000000000 -0500
	2	+++ modules/generators/mod_suexec.c 2010-02-05 23:22:23.000000000 -0600
	3	@@ -57,10 +57,11 @@
	4	}
	5
	6	static const char set_suexec_ugid(cmd_parms cmd, void *mconfig,
	7	- const char uid, const char gid)
	8	+ const char uid, const char gid,
	9	+ int userdir)
	10	{
	11	suexec_config_t cfg = (suexec_config_t ) mconfig;
	12	- const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE\|NOT_IN_LIMIT);
	13	+ const char *err = ap_check_cmd_context(cmd, NOT_IN_LOCATION\|NOT_IN_FILES\|NOT_IN_LIMIT);
	14
	15	if (err != NULL) {
	16	return err;
	17	@@ -68,7 +69,7 @@
	18	if (unixd_config.suexec_enabled) {
	19	cfg->ugid.uid = ap_uname2id(uid);
	20	cfg->ugid.gid = ap_gname2id(gid);
	21	- cfg->ugid.userdir = 0;
	22	+ cfg->ugid.userdir = userdir;
	23	cfg->active = 1;
	24	}
	25	else {
	26	@@ -78,6 +79,18 @@
	27	return NULL;
	28	}
	29
	30	+static const char set_suexec_ugid_nouserdir(cmd_parms cmd, void *mconfig,
	31	+ const char uid, const char gid)
	32	+{
	33	+ return set_suexec_ugid(cmd, mconfig, uid, gid, 0);
	34	+}
	35	+
	36	+static const char set_suexec_ugid_userdir(cmd_parms cmd, void *mconfig,
	37	+ const char uid, const char gid)
	38	+{
	39	+ return set_suexec_ugid(cmd, mconfig, uid, gid, 1);
	40	+}
	41	+
	42	static ap_unix_identity_t get_suexec_id_doer(const request_rec r)
	43	{
	44	suexec_config_t *cfg =
	45	@@ -115,7 +128,9 @@
	46	{
	47	/* XXX - Another important reason not to allow this in .htaccess is that
	48	* the ap_[ug]name2id() is not thread-safe */
	49	- AP_INIT_TAKE2("SuexecUserGroup", set_suexec_ugid, NULL, RSRC_CONF,
	50	+ AP_INIT_TAKE2("SuexecUserGroup", set_suexec_ugid_nouserdir, NULL, RSRC_CONF\|ACCESS_CONF,
	51	+ "User and group for spawned processes"),
	52	+ AP_INIT_TAKE2("SuexecUserdir", set_suexec_ugid_userdir, NULL, RSRC_CONF\|ACCESS_CONF,
	53	"User and group for spawned processes"),
	54	{ NULL }
	55	};