/* BS2000 requires a "special" version of fork() before a setuid() call */
pid_t os_fork(const char *user)
{
pid_t pid;
char username[USER_LEN+1];
switch (os_forktype(0)) {
case bs2_FORK:
pid = fork();
break;
case bs2_UFORK:
apr_cpystrn(username, user, sizeof username);
/* Make user name all upper case - for some versions of ufork() */
ap_str_toupper(username);
pid = ufork(username);
if (pid == -1 && errno == EPERM) {
ap_log_error(APLOG_MARK, APLOG_EMERG, errno, ap_server_conf,
APLOGNO(02181) "ufork: Possible mis-configuration "
"for user %s - Aborting.", user);
exit(1);
}
break;
default:
pid = 0;
break;
}
return pid;
}
/* This routine complements the setuid() call: it causes the BS2000 job
* environment to be switched to the target user's user id.
* That is important if CGI scripts try to execute native BS2000 commands.
*/
int os_init_job_environment(server_rec *server, const char *user_name, int one_process)
{
bs2_ForkType type = os_forktype(one_process);
/* We can be sure that no change to uid==0 is possible because of
* the checks in http_core.c:set_user()
*/
if (one_process) {
type = forktype = bs2_noFORK;
ap_log_error(APLOG_MARK, APLOG_ERR, 0, server, APLOGNO(02180)
"The debug mode of Apache should only "
"be started by an unprivileged user!");
return 0;
}
return 0;
}
/* This routine complements the setuid() call: it causes the BS2000 job
* environment to be switched to the target user's user id.
* That is important if CGI scripts try to execute native BS2000 commands.
*/
int os_init_job_environment(server_rec *server, const char *user_name, int one_process)
{
_rini_struct inittask;
char username[USER_LEN+1];
bs2_ForkType type = os_forktype();
/* We can be sure that no change to uid==0 is possible because of
* the checks in http_core.c:set_user()
*/
/* The _rini() function works only after a prior _rfork().
* In the case of one_process, it would fail.
*/
if (one_process) {
type = forktype = bs2_noFORK;
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, server,
"The debug mode of Apache should only "
"be started by an unprivileged user!");
return 0;
}
/* If no _rini() is required, then return quickly. */
if (type != bs2_RFORK_RINI && type != bs2_FORK_RINI)
return 0;
/* An Account is required for _rini() */
if (bs2000_account == NULL)
{
ap_log_error(APLOG_MARK, APLOG_ALERT|APLOG_NOERRNO, server,
"No BS2000Account configured - cannot switch to User %s",
user_name);
exit(APEXIT_CHILDFATAL);
}
ap_cpystrn(username, user_name, sizeof username);
/* Make user name all upper case */
ap_str_toupper(username);
/* Pad to length 8 */
ap_pad(username, sizeof username, ' ');
inittask.username = username;
inittask.account = bs2000_account;
inittask.processor_name = " ";
/* Switch to the new logon user (setuid() and setgid() are done later) */
/* Only the super user can switch identities. */
if (_rini(&inittask) != 0) {
ap_log_error(APLOG_MARK, APLOG_ALERT, server,
"_rini: BS2000 auth failed for user \"%s\" acct \"%s\"",
inittask.username, inittask.account);
exit(APEXIT_CHILDFATAL);
}
return 0;
}
