1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 #include "http_config.h"
19 #include "http_core.h"
21 #include "http_request.h"
22 #include "apr_strings.h"
24 #include "mpm_common.h"
25 #include "mod_suexec.h"
27 module AP_MODULE_DECLARE_DATA suexec_module
;
30 * Create a configuration specific to this module for a server or directory
31 * location, and fill it with the default settings.
33 static void *mkconfig(apr_pool_t
*p
)
35 suexec_config_t
*cfg
= apr_palloc(p
, sizeof(suexec_config_t
));
42 * Respond to a callback to create configuration record for a server or
45 static void *create_mconfig_for_server(apr_pool_t
*p
, server_rec
*s
)
51 * Respond to a callback to create a config record for a specific directory.
53 static void *create_mconfig_for_directory(apr_pool_t
*p
, char *dir
)
58 static const char *set_suexec_ugid(cmd_parms
*cmd
, void *mconfig
,
59 const char *uid
, const char *gid
)
61 suexec_config_t
*cfg
= (suexec_config_t
*) mconfig
;
62 const char *err
= ap_check_cmd_context(cmd
, NOT_IN_DIR_LOC_FILE
);
67 if (ap_unixd_config
.suexec_enabled
) {
68 cfg
->ugid
.uid
= ap_uname2id(uid
);
69 cfg
->ugid
.gid
= ap_gname2id(gid
);
70 cfg
->ugid
.userdir
= 0;
75 "Warning: SuexecUserGroup directive requires SUEXEC wrapper.\n");
80 static ap_unix_identity_t
*get_suexec_id_doer(const request_rec
*r
)
82 suexec_config_t
*cfg
=
83 (suexec_config_t
*) ap_get_module_config(r
->per_dir_config
, &suexec_module
);
85 return cfg
->active
? &cfg
->ugid
: NULL
;
88 #define SUEXEC_POST_CONFIG_USERDATA "suexec_post_config_userdata"
89 static int suexec_post_config(apr_pool_t
*p
, apr_pool_t
*plog
,
90 apr_pool_t
*ptemp
, server_rec
*s
)
94 apr_pool_userdata_get(&reported
, SUEXEC_POST_CONFIG_USERDATA
,
97 if ((reported
== NULL
) && ap_unixd_config
.suexec_enabled
) {
98 ap_log_error(APLOG_MARK
, APLOG_NOTICE
, 0, s
,
99 "suEXEC mechanism enabled (wrapper: %s)", SUEXEC_BIN
);
101 apr_pool_userdata_set((void *)1, SUEXEC_POST_CONFIG_USERDATA
,
102 apr_pool_cleanup_null
, s
->process
->pool
);
107 #undef SUEXEC_POST_CONFIG_USERDATA
110 * Define the directives specific to this module. This structure is referenced
111 * later by the 'module' structure.
113 static const command_rec suexec_cmds
[] =
115 /* XXX - Another important reason not to allow this in .htaccess is that
116 * the ap_[ug]name2id() is not thread-safe */
117 AP_INIT_TAKE2("SuexecUserGroup", set_suexec_ugid
, NULL
, RSRC_CONF
,
118 "User and group for spawned processes"),
122 static void suexec_hooks(apr_pool_t
*p
)
124 ap_hook_get_suexec_identity(get_suexec_id_doer
,NULL
,NULL
,APR_HOOK_MIDDLE
);
125 ap_hook_post_config(suexec_post_config
,NULL
,NULL
,APR_HOOK_MIDDLE
);
128 module AP_MODULE_DECLARE_DATA suexec_module
=
130 STANDARD20_MODULE_STUFF
,
131 create_mconfig_for_directory
, /* create per-dir config */
132 NULL
, /* merge per-dir config */
133 create_mconfig_for_server
, /* server config */
134 NULL
, /* merge server config */
135 suexec_cmds
, /* command table */
136 suexec_hooks
/* register hooks */