Attachment #98090 for bug #136928

View | Details | Raw Unified | Return to bug 136928 | Differences between
Collapse All | Expand All




diff -Nru www/apache20.orig/work/httpd-2.0.63/support/Makefile.in www/apache20/work/httpd-2.0.63/support/Makefile.in
--- www/apache20.orig/work/httpd-2.0.63/support/Makefile.in	2009-07-08 10:27:36.000000000 +0400
+++ www/apache20/work/httpd-2.0.63/support/Makefile.in	2009-07-08 10:33:26.000000000 +0400
@@ -57,7 +57,7 @@
 
 suexec_OBJECTS = suexec.lo
 suexec: $(suexec_OBJECTS)
-	$(LINK) $(suexec_OBJECTS)
+	$(LINK) -lutil $(suexec_OBJECTS)
 
 httxt2dbm_OBJECTS = httxt2dbm.lo
 httxt2dbm: $(httxt2dbm_OBJECTS)
diff -Nru www/apache20.orig/work/httpd-2.0.63/support/suexec.c www/apache20/work/httpd-2.0.63/support/suexec.c
--- www/apache20.orig/work/httpd-2.0.63/support/suexec.c	2006-07-12 11:40:55.000000000 +0400
+++ www/apache20/work/httpd-2.0.63/support/suexec.c	2009-07-08 10:32:47.000000000 +0400
@@ -37,6 +37,7 @@
 #include <sys/param.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#include <login_cap.h>
 #include <string.h>
 #include <time.h>
 #if APR_HAVE_UNISTD_H
@@ -242,6 +243,7 @@
     char *cmd;              /* command to be executed    */
     char cwd[AP_MAXPATH];   /* current working directory */
     char dwd[AP_MAXPATH];   /* docroot working directory */
+    login_cap_t *lc;        /* user resource limits      */
     struct passwd *pw;      /* password entry holder     */
     struct group *gr;       /* group entry holder        */
     struct stat dir_info;   /* directory info holder     */
@@ -448,6 +450,18 @@
     }
 
     /*
+     * Apply user resource limits based on login class.
+     */
+    if ((lc = login_getclassbyname(pw->pw_class, pw)) == NULL) {
+               log_err("failed to login_getclassbyname()\n");
+               exit(109);
+       }
+       if ((setusercontext(lc, pw, uid, LOGIN_SETRESOURCES)) != 0) {
+               log_err("failed to setusercontext()\n");
+               exit(109);
+       }
+
+    /*
      * Change UID/GID here so that the following tests work over NFS.
      *
      * Initialize the group access list for the target user,




 	fi
 
 htpasswd_OBJECTS = htpasswd.lo
@@ -57,7 +57,7 @@

 suexec_OBJECTS = suexec.lo
 suexec: $(suexec_OBJECTS)
-	$(LINK) $(suexec_OBJECTS)
+	$(LINK) -lutil $(suexec_OBJECTS)

 httxt2dbm_OBJECTS = httxt2dbm.lo
 httxt2dbm: $(httxt2dbm_OBJECTS)





--- support/suexec.c	2006-07-12 11:40:55.000000000 +0400
+++ support/suexec.c	2009-07-08 10:32:47.000000000 +0400
@@ -37,6 +37,7 @@
 #include <sys/param.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#include <login_cap.h>
 #include <string.h>
 #include <time.h>
 #if APR_HAVE_UNISTD_H
@@ -242,6 +243,7 @@
     char *cmd;              /* command to be executed    */
     char cwd[AP_MAXPATH];   /* current working directory */
     char dwd[AP_MAXPATH];   /* docroot working directory */
+    login_cap_t *lc;        /* user resource limits      */
     struct passwd *pw;      /* password entry holder     */
     struct group *gr;       /* group entry holder        */
     struct stat dir_info;   /* directory info holder     */
@@ -448,6 +450,18 @@
     }
 
     /*
+     * Apply user resource limits based on login class.
+     */
+    if ((lc = login_getclassbyname(pw->pw_class, pw)) == NULL) {
+               log_err("failed to login_getclassbyname()\n");
+               exit(109);
+       }
+       if ((setusercontext(lc, pw, uid, LOGIN_SETRESOURCES)) != 0) {
+               log_err("failed to setusercontext()\n");
+               exit(109);
+       }
+
+    /*
      * Change UID/GID here so that the following tests work over NFS.
      *
      * Initialize the group access list for the target user,

Return to bug 136928

Line 0 Link Here

(-)www/apache20/apache20.suexec.login.conf.limits.diff (+50 lines)
	1	diff -Nru www/apache20.orig/work/httpd-2.0.63/support/Makefile.in www/apache20/work/httpd-2.0.63/support/Makefile.in
	2	--- www/apache20.orig/work/httpd-2.0.63/support/Makefile.in 2009-07-08 10:27:36.000000000 +0400
	3	+++ www/apache20/work/httpd-2.0.63/support/Makefile.in 2009-07-08 10:33:26.000000000 +0400
	4	@@ -57,7 +57,7 @@
	5
	6	suexec_OBJECTS = suexec.lo
	7	suexec: $(suexec_OBJECTS)
	8	- $(LINK) $(suexec_OBJECTS)
	9	+ $(LINK) -lutil $(suexec_OBJECTS)
	10
	11	httxt2dbm_OBJECTS = httxt2dbm.lo
	12	httxt2dbm: $(httxt2dbm_OBJECTS)
	13	diff -Nru www/apache20.orig/work/httpd-2.0.63/support/suexec.c www/apache20/work/httpd-2.0.63/support/suexec.c
	14	--- www/apache20.orig/work/httpd-2.0.63/support/suexec.c 2006-07-12 11:40:55.000000000 +0400
	15	+++ www/apache20/work/httpd-2.0.63/support/suexec.c 2009-07-08 10:32:47.000000000 +0400
	16	@@ -37,6 +37,7 @@
	17	#include <sys/param.h>
	18	#include <sys/stat.h>
	19	#include <sys/types.h>
	20	+#include <login_cap.h>
	21	#include <string.h>
	22	#include <time.h>
	23	#if APR_HAVE_UNISTD_H
	24	@@ -242,6 +243,7 @@
	25	char cmd; / command to be executed */
	26	char cwd[AP_MAXPATH]; /* current working directory */
	27	char dwd[AP_MAXPATH]; /* docroot working directory */
	28	+ login_cap_t lc; / user resource limits */
	29	struct passwd pw; / password entry holder */
	30	struct group gr; / group entry holder */
	31	struct stat dir_info; /* directory info holder */
	32	@@ -448,6 +450,18 @@
	33	}
	34
	35	/*
	36	+ * Apply user resource limits based on login class.
	37	+ */
	38	+ if ((lc = login_getclassbyname(pw->pw_class, pw)) == NULL) {
	39	+ log_err("failed to login_getclassbyname()\n");
	40	+ exit(109);
	41	+ }
	42	+ if ((setusercontext(lc, pw, uid, LOGIN_SETRESOURCES)) != 0) {
	43	+ log_err("failed to setusercontext()\n");
	44	+ exit(109);
	45	+ }
	46	+
	47	+ /*
	48	* Change UID/GID here so that the following tests work over NFS.
	49	*
	50	* Initialize the group access list for the target user,

Lines 12-14 Link Here

(-)www/apache20/files/patch-support:Makefile.in (+10 lines)
12	fi	12	fi
13		13
14	htpasswd_OBJECTS = htpasswd.lo	14	htpasswd_OBJECTS = htpasswd.lo
		15	@@ -57,7 +57,7 @@
		16
		17	suexec_OBJECTS = suexec.lo
		18	suexec: $(suexec_OBJECTS)
		19	- $(LINK) $(suexec_OBJECTS)
		20	+ $(LINK) -lutil $(suexec_OBJECTS)
		21
		22	httxt2dbm_OBJECTS = httxt2dbm.lo
		23	httxt2dbm: $(httxt2dbm_OBJECTS)
		24

Line 0 Link Here

(-)www/apache20/files/patch-support:suexec.c (+37 lines)
	1	--- support/suexec.c 2006-07-12 11:40:55.000000000 +0400
	2	+++ support/suexec.c 2009-07-08 10:32:47.000000000 +0400
	3	@@ -37,6 +37,7 @@
	4	#include <sys/param.h>
	5	#include <sys/stat.h>
	6	#include <sys/types.h>
	7	+#include <login_cap.h>
	8	#include <string.h>
	9	#include <time.h>
	10	#if APR_HAVE_UNISTD_H
	11	@@ -242,6 +243,7 @@
	12	char cmd; / command to be executed */
	13	char cwd[AP_MAXPATH]; /* current working directory */
	14	char dwd[AP_MAXPATH]; /* docroot working directory */
	15	+ login_cap_t lc; / user resource limits */
	16	struct passwd pw; / password entry holder */
	17	struct group gr; / group entry holder */
	18	struct stat dir_info; /* directory info holder */
	19	@@ -448,6 +450,18 @@
	20	}
	21
	22	/*
	23	+ * Apply user resource limits based on login class.
	24	+ */
	25	+ if ((lc = login_getclassbyname(pw->pw_class, pw)) == NULL) {
	26	+ log_err("failed to login_getclassbyname()\n");
	27	+ exit(109);
	28	+ }
	29	+ if ((setusercontext(lc, pw, uid, LOGIN_SETRESOURCES)) != 0) {
	30	+ log_err("failed to setusercontext()\n");
	31	+ exit(109);
	32	+ }
	33	+
	34	+ /*
	35	* Change UID/GID here so that the following tests work over NFS.
	36	*
	37	* Initialize the group access list for the target user,