void
fetch_sandbox_init(void)
{
fscb = calloc(1, sizeof(struct sandbox_cb));
if(!fscb) {
DPRINTF("[XXX] fscb wasn't initialized!");
exit(-1);
}
sandbox_create(fscb, &ssl_sandbox);
}
/* Determine user ID, and check if it really is that user, for HTTP
* basic authentication...
*/
static int authenticate_basic_user(request_rec *r)
{
auth_basic_config_rec *conf = ap_get_module_config(r->per_dir_config,
&auth_basic_module);
const char *sent_user, *sent_pw, *current_auth;
int res;
authn_status auth_result;
authn_provider_list *current_provider;
/* Are we configured to be Basic auth? */
current_auth = ap_auth_type(r);
if (!current_auth || strcasecmp(current_auth, "Basic")) {
return DECLINED;
}
/* We need an authentication realm. */
if (!ap_auth_name(r)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR,
0, r, APLOGNO(01615) "need AuthName: %s", r->uri);
return HTTP_INTERNAL_SERVER_ERROR;
}
r->ap_auth_type = (char*)current_auth;
res = get_basic_auth(r, &sent_user, &sent_pw);
if (res) {
return res;
}
current_provider = conf->providers;
do {
const authn_provider *provider;
/* For now, if a provider isn't set, we'll be nice and use the file
* provider.
*/
if (!current_provider) {
provider = ap_lookup_provider(AUTHN_PROVIDER_GROUP,
AUTHN_DEFAULT_PROVIDER,
AUTHN_PROVIDER_VERSION);
if (!provider || !provider->check_password) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01616)
"No Authn provider configured");
auth_result = AUTH_GENERAL_ERROR;
break;
}
apr_table_setn(r->notes, AUTHN_PROVIDER_NAME_NOTE, AUTHN_DEFAULT_PROVIDER);
}
else {
provider = current_provider->provider;
apr_table_setn(r->notes, AUTHN_PROVIDER_NAME_NOTE, current_provider->provider_name);
}
auth_result = provider->check_password(r, sent_user, sent_pw);
apr_table_unset(r->notes, AUTHN_PROVIDER_NAME_NOTE);
/* Something occured. Stop checking. */
if (auth_result != AUTH_USER_NOT_FOUND) {
break;
}
/* If we're not really configured for providers, stop now. */
if (!conf->providers) {
break;
}
current_provider = current_provider->next;
} while (current_provider);
if (auth_result != AUTH_GRANTED) {
int return_code;
/* If we're not authoritative, then any error is ignored. */
if (!(conf->authoritative) && auth_result != AUTH_DENIED) {
return DECLINED;
}
switch (auth_result) {
case AUTH_DENIED:
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01617)
"user %s: authentication failure for \"%s\": "
"Password Mismatch",
sent_user, r->uri);
return_code = HTTP_UNAUTHORIZED;
break;
case AUTH_USER_NOT_FOUND:
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01618)
"user %s not found: %s", sent_user, r->uri);
return_code = HTTP_UNAUTHORIZED;
break;
case AUTH_GENERAL_ERROR:
default:
/* We'll assume that the module has already said what its error
* was in the logs.
*/
return_code = HTTP_INTERNAL_SERVER_ERROR;
break;
}
/* If we're returning 403, tell them to try again. */
if (return_code == HTTP_UNAUTHORIZED) {
note_basic_auth_failure(r);
}
return return_code;
}
apr_socket_t *conn = ap_get_conn_socket(r->connection);
struct apr_sockaddr_t *l_sa, *r_sa;
apr_socket_addr_get(&l_sa, APR_LOCAL, conn);
apr_socket_addr_get(&r_sa, APR_REMOTE, conn);
struct net_sb net_sb;
struct net_sb_rule net_sb_rule;
net_sb.nrules = 1;
net_sb.rules = &net_sb_rule;
net_sb_rule.l_addrlen = l_sa->ipaddr_len;
net_sb_rule.l_addr = l_sa->ipaddr_ptr;
net_sb_rule.r_addrlen = r_sa->ipaddr_len;
net_sb_rule.r_addr = r_sa->ipaddr_ptr;
if (sandbox_create(SANDBOX_FS|SANDBOX_NET|SANDBOX_RPC,
ap_document_root(r),
&net_sb) < 0)
return HTTP_INTERNAL_SERVER_ERROR;
return OK;
}
int main(int argc, char **argv) {
sudo(argc, argv);
message_init(*argv);
const char *optstring = "qh";
static struct option longopts[] = {
{"quiet", 0, 0, 0},
{"help", 0, 0, 0},
{0, 0, 0, 0}
};
int c = -1, longindex = 0;
while (-1 != (c = getopt_long(
argc, argv, optstring, longopts, &longindex
))) {
switch (c) {
case 0:
switch (longindex) {
case 0: /* --quiet */
message_quiet_default(1);
message_quiet(1);
break;
case 1: /* --help */
usage(*argv);
help();
exit(0);
}
break;
case 'q': /* -q */
message_quiet_default(1);
message_quiet(1);
break;
case 'h': /* -h */
usage(*argv);
help();
exit(0);
break;
case '?':
usage(*argv);
exit(1);
break;
}
}
char *name;
switch (argc - optind) {
case 1:
name = argv[optind];
break;
default:
usage(*argv);
exit(1);
break;
}
if (!sandbox_valid(name)) {
message_loud("invalid sandbox name %s\n", name);
exit(1);
}
int result = sandbox_create(name);
message_free();
return result;
}
