modules/generators/mod_suexec.c

   1 /* Licensed to the Apache Software Foundation (ASF) under one or more
   2  * contributor license agreements.  See the NOTICE file distributed with
   3  * this work for additional information regarding copyright ownership.
   4  * The ASF licenses this file to You under the Apache License, Version 2.0
   5  * (the "License"); you may not use this file except in compliance with
   6  * the License.  You may obtain a copy of the License at
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 #include "httpd.h"
  18 #include "http_config.h"
  19 #include "http_core.h"
  20 #include "http_log.h"
  21 #include "http_request.h"
  22 #include "apr_strings.h"
  23 #include "unixd.h"
  24 #include "mpm_common.h"
  25 #include "mod_suexec.h"
  26
  27 module AP_MODULE_DECLARE_DATA suexec_module;
  28
  29 /*
  30  * Create a configuration specific to this module for a server or directory
  31  * location, and fill it with the default settings.
  32  */
  33 static void *mkconfig(apr_pool_t *p)
  34 {
  35     suexec_config_t *cfg = apr_palloc(p, sizeof(suexec_config_t));
  36
  37     cfg->active = 0;
  38     return cfg;
  39 }
  40
  41 /*
  42  * Respond to a callback to create configuration record for a server or
  43  * vhost environment.
  44  */
  45 static void *create_mconfig_for_server(apr_pool_t *p, server_rec *s)
  46 {
  47     return mkconfig(p);
  48 }
  49
  50 /*
  51  * Respond to a callback to create a config record for a specific directory.
  52  */
  53 static void *create_mconfig_for_directory(apr_pool_t *p, char *dir)
  54 {
  55     return mkconfig(p);
  56 }
  57
  58 static const char *set_suexec_ugid(cmd_parms *cmd, void *mconfig,
  59                                    const char *uid, const char *gid)
  60 {
  61     suexec_config_t *cfg = (suexec_config_t *) mconfig;
  62     const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE);
  63
  64     if (err != NULL) {
  65         return err;
  66     }
  67     if (ap_unixd_config.suexec_enabled) {
  68         cfg->ugid.uid = ap_uname2id(uid);
  69         cfg->ugid.gid = ap_gname2id(gid);
  70         cfg->ugid.userdir = 0;
  71         cfg->active = 1;
  72     }
  73     else {
  74         fprintf(stderr,
  75                 "Warning: SuexecUserGroup directive requires SUEXEC wrapper.\n");
  76     }
  77     return NULL;
  78 }
  79
  80 static ap_unix_identity_t *get_suexec_id_doer(const request_rec *r)
  81 {
  82     suexec_config_t *cfg =
  83     (suexec_config_t *) ap_get_module_config(r->per_dir_config, &suexec_module);
  84
  85     return cfg->active ? &cfg->ugid : NULL;
  86 }
  87
  88 #define SUEXEC_POST_CONFIG_USERDATA "suexec_post_config_userdata"
  89 static int suexec_post_config(apr_pool_t *p, apr_pool_t *plog,
  90                               apr_pool_t *ptemp, server_rec *s)
  91 {
  92     void *reported;
  93
  94     apr_pool_userdata_get(&reported, SUEXEC_POST_CONFIG_USERDATA,
  95                           s->process->pool);
  96
  97     if ((reported == NULL) && ap_unixd_config.suexec_enabled) {
  98         ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
  99                      "suEXEC mechanism enabled (wrapper: %s)", SUEXEC_BIN);
 100
 101         apr_pool_userdata_set((void *)1, SUEXEC_POST_CONFIG_USERDATA,
 102                               apr_pool_cleanup_null, s->process->pool);
 103     }
 104
 105     return OK;
 106 }
 107 #undef SUEXEC_POST_CONFIG_USERDATA
 108
 109 /*
 110  * Define the directives specific to this module.  This structure is referenced
 111  * later by the 'module' structure.
 112  */
 113 static const command_rec suexec_cmds[] =
 114 {
 115     /* XXX - Another important reason not to allow this in .htaccess is that
 116      * the ap_[ug]name2id() is not thread-safe */
 117     AP_INIT_TAKE2("SuexecUserGroup", set_suexec_ugid, NULL, RSRC_CONF,
 118       "User and group for spawned processes"),
 119     { NULL }
 120 };
 121
 122 static void suexec_hooks(apr_pool_t *p)
 123 {
 124     ap_hook_get_suexec_identity(get_suexec_id_doer,NULL,NULL,APR_HOOK_MIDDLE);
 125     ap_hook_post_config(suexec_post_config,NULL,NULL,APR_HOOK_MIDDLE);
 126 }
 127
 128 module AP_MODULE_DECLARE_DATA suexec_module =
 129 {
 130     STANDARD20_MODULE_STUFF,
 131     create_mconfig_for_directory,   /* create per-dir config */
 132     NULL,                       /* merge per-dir config */
 133     create_mconfig_for_server,  /* server config */
 134     NULL,                       /* merge server config */
 135     suexec_cmds,                /* command table */
 136     suexec_hooks                /* register hooks */
 137 };