static const char *vhost_group(cmd_parms *cmd, void *dir, const char *arg)
{
priv_cfg *cfg = ap_get_module_config(cmd->server->module_config,
&privileges_module);
cfg->gid = ap_gname2id(arg);
if (cfg->uid == 0) {
return apr_pstrcat(cmd->pool, "Invalid groupid for VHostGroup: ",
arg, NULL);
}
return NULL;
}
AP_DECLARE(const char *) unixd_set_group(cmd_parms *cmd, void *dummy,
const char *arg)
{
const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
if (err != NULL) {
return err;
}
unixd_config.group_id = ap_gname2id(arg);
return NULL;
}
static const char *set_defuidgid(cmd_parms *cmd, void *mconfig, const char *uid, const char *gid)
{
process_security_config_t *conf = ap_get_module_config(cmd->server->module_config, &process_security_module);
const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE | NOT_IN_LIMIT);
if (err != NULL)
return err;
conf->default_uid = ap_uname2id(uid);
conf->default_gid = ap_gname2id(gid);
return NULL;
}
static const char *set_uidgid (cmd_parms *cmd, void *mconfig, const char *uid, const char *gid)
{
ruid_dir_config_t *dconf = (ruid_dir_config_t *) mconfig;
const char *err = ap_check_cmd_context (cmd, NOT_IN_FILES | NOT_IN_LIMIT);
if (err != NULL) {
return err;
}
dconf->ruid_uid = ap_uname2id(uid);
dconf->ruid_gid = ap_gname2id(gid);
return NULL;
}
static const char *set_minuidgid (cmd_parms *cmd, void *mconfig, const char *uid, const char *gid)
{
UNUSED(mconfig);
ruid_config_t *conf = ap_get_module_config (cmd->server->module_config, &ruid2_module);
const char *err = ap_check_cmd_context (cmd, NOT_IN_DIR_LOC_FILE | NOT_IN_LIMIT);
if (err != NULL) {
return err;
}
conf->min_uid = ap_uname2id(uid);
conf->min_gid = ap_gname2id(gid);
return NULL;
}
AP_DECLARE(void) unixd_pre_config(apr_pool_t *ptemp)
{
apr_finfo_t wrapper;
unixd_config.user_name = DEFAULT_USER;
unixd_config.user_id = ap_uname2id(DEFAULT_USER);
unixd_config.group_id = ap_gname2id(DEFAULT_GROUP);
/* Check for suexec */
unixd_config.suexec_enabled = 0;
if ((apr_stat(&wrapper, SUEXEC_BIN,
APR_FINFO_NORM, ptemp)) != APR_SUCCESS) {
return;
}
if ((wrapper.protection & APR_USETID) && wrapper.user == 0) {
unixd_config.suexec_enabled = 1;
}
}
static const char *set_suexec_ugid(cmd_parms *cmd, void *mconfig,
const char *uid, const char *gid)
{
suexec_config_t *cfg = (suexec_config_t *) mconfig;
const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
if (err != NULL) {
return err;
}
if (unixd_config.suexec_enabled) {
cfg->ugid.uid = ap_uname2id(uid);
cfg->ugid.gid = ap_gname2id(gid);
cfg->ugid.userdir = 0;
cfg->active = 1;
}
else {
fprintf(stderr,
"Warning: SuexecUserGroup directive requires SUEXEC wrapper.\n");
}
return NULL;
}
static const char *set_groups (cmd_parms *cmd, void *mconfig, const char *arg)
{
ruid_dir_config_t *dconf = (ruid_dir_config_t *) mconfig;
const char *err = ap_check_cmd_context (cmd, NOT_IN_FILES | NOT_IN_LIMIT);
if (err != NULL) {
return err;
}
if (strcasecmp(arg,"@none") == 0) {
dconf->groupsnr=NONE;
}
if (dconf->groupsnr == UNSET) {
dconf->groupsnr = 0;
}
if ((dconf->groupsnr < RUID_MAXGROUPS) && (dconf->groupsnr >= 0)) {
dconf->groups[dconf->groupsnr++] = ap_gname2id (arg);
}
return NULL;
}
static const char *set_suexec_ugid(cmd_parms *cmd, void *mconfig,
const char *uid, const char *gid)
{
suexec_config_t *cfg = (suexec_config_t *) mconfig;
const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_CONTEXT);
if (err != NULL) {
return err;
}
if (!ap_unixd_config.suexec_enabled) {
return apr_pstrcat(cmd->pool, "SuexecUserGroup configured, but "
"suEXEC is disabled: ",
ap_unixd_config.suexec_disabled_reason, NULL);
}
cfg->ugid.uid = ap_uname2id(uid);
cfg->ugid.gid = ap_gname2id(gid);
cfg->ugid.userdir = 0;
cfg->active = 1;
return NULL;
}
/*******************************************************************************
* Configure a static FastCGI server that is started/managed elsewhere.
*/
const char *fcgi_config_new_external_server(cmd_parms *cmd, void *dummy, const char *arg)
{
fcgi_server *s;
pool * const p = cmd->pool, *tp = cmd->temp_pool;
const char * const name = cmd->cmd->name;
char *fs_path = ap_getword_conf(p, &arg);
const char *option, *err;
err = ap_check_cmd_context(cmd, NOT_IN_LIMIT|NOT_IN_DIR_LOC_FILE);
if (err) {
return err;
}
if (!*fs_path) {
return ap_pstrcat(tp, name, " requires a path and either a -socket or -host option", NULL);
}
#ifdef APACHE2
if (apr_filepath_merge(&fs_path, "", fs_path, 0, p))
return ap_psprintf(tp, "%s %s: invalid filepath", name, fs_path);
#else
fs_path = ap_os_canonical_filename(p, fs_path);
#endif
fs_path = ap_server_root_relative(p, fs_path);
ap_getparents(fs_path);
ap_no2slash(fs_path);
/* See if we've already got one of these bettys configured */
s = fcgi_util_fs_get_by_id(fs_path, fcgi_util_get_server_uid(cmd->server),
fcgi_util_get_server_gid(cmd->server));
if (s != NULL) {
if (fcgi_wrapper) {
return ap_psprintf(tp,
"%s: redefinition of a previously defined class \"%s\" "
"with uid=%ld and gid=%ld",
name, fs_path, (long) fcgi_util_get_server_uid(cmd->server),
(long) fcgi_util_get_server_gid(cmd->server));
}
else
{
return ap_psprintf(tp,
"%s: redefinition of previously defined class \"%s\"", name, fs_path);
}
}
s = fcgi_util_fs_new(p);
s->fs_path = fs_path;
s->directive = APP_CLASS_EXTERNAL;
/* Parse directive arguments */
while (*arg != '\0') {
option = ap_getword_conf(tp, &arg);
if (strcasecmp(option, "-host") == 0) {
if ((err = get_host_n_port(p, &arg, &s->host, &s->port)))
return invalid_value(tp, name, fs_path, option, err);
}
else if (strcasecmp(option, "-socket") == 0) {
s->socket_path = ap_getword_conf(tp, &arg);
if (*s->socket_path == '\0')
return invalid_value(tp, name, fs_path, option, "\"\"");
}
else if (strcasecmp(option, "-appConnTimeout") == 0) {
if ((err = get_u_int(tp, &arg, &s->appConnectTimeout, 0)))
return invalid_value(tp, name, fs_path, option, err);
}
else if (strcasecmp(option, "-idle-timeout") == 0) {
if ((err = get_u_int(tp, &arg, &s->idle_timeout, 1)))
return invalid_value(tp, name, fs_path, option, err);
}
else if (strcasecmp(option, "-nph") == 0) {
s->nph = 1;
}
else if (strcasecmp(option, "-pass-header") == 0) {
if ((err = get_pass_header(p, &arg, &s->pass_headers)))
return invalid_value(tp, name, fs_path, option, err);
}
else if (strcasecmp(option, "-flush") == 0) {
s->flush = 1;
}
else if (strcasecmp(option, "-user") == 0) {
#ifdef WIN32
return ap_psprintf(tp,
"%s %s: the -user option isn't supported on WIN", name, fs_path);
#else
s->user = ap_getword_conf(tp, &arg);
if (*s->user == '\0')
return invalid_value(tp, name, fs_path, option, "\"\"");
#endif
}
else if (strcasecmp(option, "-group") == 0) {
#ifdef WIN32
return ap_psprintf(tp,
"%s %s: the -group option isn't supported on WIN", name, fs_path);
#else
s->group = ap_getword_conf(tp, &arg);
if (*s->group == '\0')
return invalid_value(tp, name, fs_path, option, "\"\"");
#endif
}
else if (strcasecmp(option, "-fixPaths") == 0) {
s->fixPaths = 1;
}
else {
return ap_psprintf(tp, "%s %s: invalid option: %s", name, fs_path, option);
}
} /* while */
#ifndef WIN32
if (fcgi_wrapper)
{
if (s->group == NULL)
{
s->group = ap_psprintf(tp, "#%ld", (long)fcgi_util_get_server_gid(cmd->server));
}
if (s->user == NULL)
{
s->user = ap_psprintf(p, "#%ld", (long)fcgi_util_get_server_uid(cmd->server));
}
s->uid = ap_uname2id(s->user);
s->gid = ap_gname2id(s->group);
}
else if (s->user || s->group)
{
ap_log_error(FCGI_LOG_WARN, cmd->server, "FastCGI: there is no "
"fastcgi wrapper set, user/group options are ignored");
}
if ((err = fcgi_util_fs_set_uid_n_gid(p, s, s->uid, s->gid)))
{
return ap_psprintf(tp,
"%s %s: invalid user or group: %s", name, fs_path, err);
}
#endif /* !WIN32 */
/* Require one of -socket or -host, but not both */
if (s->socket_path != NULL && s->port != 0) {
return ap_psprintf(tp,
"%s %s: -host and -socket are mutually exclusive options",
name, fs_path);
}
if (s->socket_path == NULL && s->port == 0) {
return ap_psprintf(tp,
"%s %s: -socket or -host option missing", name, fs_path);
}
/* Build the appropriate sockaddr structure */
if (s->port != 0) {
err = fcgi_util_socket_make_inet_addr(p, (struct sockaddr_in **)&s->socket_addr,
&s->socket_addr_len, s->host, s->port);
if (err != NULL)
return ap_psprintf(tp, "%s %s: %s", name, fs_path, err);
} else {
if (fcgi_socket_dir == NULL)
{
#ifdef WIN32
fcgi_socket_dir = DEFAULT_SOCK_DIR;
#else
fcgi_socket_dir = ap_server_root_relative(p, DEFAULT_SOCK_DIR);
#endif
}
s->socket_path = fcgi_util_socket_make_path_absolute(p, s->socket_path, 0);
#ifndef WIN32
err = fcgi_util_socket_make_domain_addr(p, (struct sockaddr_un **)&s->socket_addr,
&s->socket_addr_len, s->socket_path);
if (err != NULL)
return ap_psprintf(tp, "%s %s: %s", name, fs_path, err);
#endif
}
/* Add it to the list of FastCGI servers */
fcgi_util_fs_add(s);
return NULL;
}
/*******************************************************************************
* Configure a static FastCGI server.
*/
const char *fcgi_config_new_static_server(cmd_parms *cmd, void *dummy, const char *arg)
{
fcgi_server *s;
pool *p = cmd->pool, *tp = cmd->temp_pool;
const char *name = cmd->cmd->name;
char *fs_path = ap_getword_conf(p, &arg);
const char *option, *err;
/* Allocate temp storage for the array of initial environment variables */
char **envp = ap_pcalloc(tp, sizeof(char *) * (MAX_INIT_ENV_VARS + 3));
unsigned int envc = 0;
#ifdef WIN32
HANDLE mutex;
#endif
err = ap_check_cmd_context(cmd, NOT_IN_LIMIT|NOT_IN_DIR_LOC_FILE);
if (err)
{
return err;
}
if (*fs_path == '\0')
return "AppClass requires a pathname!?";
if ((err = fcgi_config_set_fcgi_uid_n_gid(1)) != NULL)
return ap_psprintf(tp, "%s %s: %s", name, fs_path, err);
#ifdef APACHE2
if (apr_filepath_merge(&fs_path, "", fs_path, 0, p))
return ap_psprintf(tp, "%s %s: invalid filepath", name, fs_path);
#else
fs_path = ap_os_canonical_filename(p, fs_path);
#endif
fs_path = ap_server_root_relative(p, fs_path);
ap_getparents(fs_path);
ap_no2slash(fs_path);
/* See if we've already got one of these configured */
s = fcgi_util_fs_get_by_id(fs_path, fcgi_util_get_server_uid(cmd->server),
fcgi_util_get_server_gid(cmd->server));
if (s != NULL) {
if (fcgi_wrapper) {
return ap_psprintf(tp,
"%s: redefinition of a previously defined FastCGI "
"server \"%s\" with uid=%ld and gid=%ld",
name, fs_path, (long) fcgi_util_get_server_uid(cmd->server),
(long) fcgi_util_get_server_gid(cmd->server));
}
else {
return ap_psprintf(tp,
"%s: redefinition of a previously defined FastCGI server \"%s\"",
name, fs_path);
}
}
err = fcgi_util_fs_is_path_ok(tp, fs_path, NULL);
if (err != NULL) {
return ap_psprintf(tp, "%s: \"%s\" %s", name, fs_path, err);
}
s = fcgi_util_fs_new(p);
s->fs_path = fs_path;
s->directive = APP_CLASS_STANDARD;
s->restartOnExit = TRUE;
s->numProcesses = 1;
#ifdef WIN32
/* TCP FastCGI applications require SystemRoot be present in the environment
* Put it in both for consistency to the application */
fcgi_config_set_env_var(p, envp, &envc, "SystemRoot");
mutex = CreateMutex(NULL, FALSE, fs_path);
if (mutex == NULL)
{
ap_log_error(FCGI_LOG_ALERT, fcgi_apache_main_server,
"FastCGI: CreateMutex() failed");
return "failed to create FastCGI application accept mutex";
}
SetHandleInformation(mutex, HANDLE_FLAG_INHERIT, TRUE);
s->mutex_env_string = ap_psprintf(p, "_FCGI_MUTEX_=%ld", mutex);
#endif
/* Parse directive arguments */
while (*arg) {
option = ap_getword_conf(tp, &arg);
if (strcasecmp(option, "-processes") == 0) {
if ((err = get_u_int(tp, &arg, &s->numProcesses, 1)))
return invalid_value(tp, name, fs_path, option, err);
}
else if (strcasecmp(option, "-restart-delay") == 0) {
if ((err = get_u_int(tp, &arg, &s->restartDelay, 0)))
return invalid_value(tp, name, fs_path, option, err);
}
else if (strcasecmp(option, "-init-start-delay") == 0) {
if ((err = get_int(tp, &arg, &s->initStartDelay, 0)))
return invalid_value(tp, name, fs_path, option, err);
}
else if (strcasecmp(option, "-min-server-life") == 0) {
if ((err = get_u_int(tp, &arg, &s->minServerLife, 0)))
return invalid_value(tp, name, NULL, option, err);
}
else if (strcasecmp(option, "-priority") == 0) {
if ((err = get_u_int(tp, &arg, &s->processPriority, 0)))
return invalid_value(tp, name, fs_path, option, err);
}
else if (strcasecmp(option, "-listen-queue-depth") == 0) {
if ((err = get_u_int(tp, &arg, &s->listenQueueDepth, 1)))
return invalid_value(tp, name, fs_path, option, err);
}
else if (strcasecmp(option, "-appConnTimeout") == 0) {
if ((err = get_u_int(tp, &arg, &s->appConnectTimeout, 0)))
return invalid_value(tp, name, fs_path, option, err);
}
else if (strcasecmp(option, "-idle-timeout") == 0) {
if ((err = get_u_int(tp, &arg, &s->idle_timeout, 1)))
return invalid_value(tp, name, fs_path, option, err);
}
else if (strcasecmp(option, "-port") == 0) {
if ((err = get_u_short(tp, &arg, &s->port, 1)))
return invalid_value(tp, name, fs_path, option, err);
}
else if (strcasecmp(option, "-socket") == 0) {
s->socket_path = ap_getword_conf(tp, &arg);
if (*s->socket_path == '\0')
return invalid_value(tp, name, fs_path, option, "\"\"");
}
else if (strcasecmp(option, "-initial-env") == 0) {
if ((err = get_env_var(p, &arg, envp, &envc)))
return invalid_value(tp, name, fs_path, option, err);
}
else if (strcasecmp(option, "-pass-header") == 0) {
if ((err = get_pass_header(p, &arg, &s->pass_headers)))
return invalid_value(tp, name, fs_path, option, err);
}
else if (strcasecmp(option, "-flush") == 0) {
s->flush = 1;
}
else if (strcasecmp(option, "-nph") == 0) {
s->nph = 1;
}
else if (strcasecmp(option, "-user") == 0) {
#ifdef WIN32
return ap_psprintf(tp,
"%s %s: the -user option isn't supported on WIN", name, fs_path);
#else
s->user = ap_getword_conf(tp, &arg);
if (*s->user == '\0')
return invalid_value(tp, name, fs_path, option, "\"\"");
#endif
}
else if (strcasecmp(option, "-group") == 0) {
#ifdef WIN32
return ap_psprintf(tp,
"%s %s: the -group option isn't supported on WIN", name, fs_path);
#else
s->group = ap_getword_conf(tp, &arg);
if (*s->group == '\0')
return invalid_value(tp, name, fs_path, option, "\"\"");
#endif
}
else {
return ap_psprintf(tp, "%s %s: invalid option: %s", name, fs_path, option);
}
} /* while */
#ifndef WIN32
if (fcgi_wrapper)
{
if (s->group == NULL)
{
s->group = ap_psprintf(tp, "#%ld", (long)fcgi_util_get_server_gid(cmd->server));
}
if (s->user == NULL)
{
s->user = ap_psprintf(p, "#%ld", (long)fcgi_util_get_server_uid(cmd->server));
}
s->uid = ap_uname2id(s->user);
s->gid = ap_gname2id(s->group);
}
else if (s->user || s->group)
{
ap_log_error(FCGI_LOG_WARN, cmd->server, "FastCGI: there is no "
"fastcgi wrapper set, user/group options are ignored");
}
if ((err = fcgi_util_fs_set_uid_n_gid(p, s, s->uid, s->gid)))
{
return ap_psprintf(tp,
"%s %s: invalid user or group: %s", name, fs_path, err);
}
#endif /* !WIN32 */
if (s->socket_path != NULL && s->port != 0) {
return ap_psprintf(tp,
"%s %s: -port and -socket are mutually exclusive options",
name, fs_path);
}
/* Move env array to a surviving pool */
s->envp = (char **)ap_pcalloc(p, sizeof(char *) * (envc + 4));
memcpy(s->envp, envp, sizeof(char *) * envc);
/* Initialize process structs */
s->procs = fcgi_util_fs_create_procs(p, s->numProcesses);
/* Build the appropriate sockaddr structure */
if (s->port != 0) {
err = fcgi_util_socket_make_inet_addr(p, (struct sockaddr_in **)&s->socket_addr,
&s->socket_addr_len, NULL, s->port);
if (err != NULL)
return ap_psprintf(tp, "%s %s: %s", name, fs_path, err);
#ifdef WIN32
err = fcgi_util_socket_make_inet_addr(p, (struct sockaddr_in **)&s->dest_addr,
&s->socket_addr_len, "localhost", s->port);
if (err != NULL)
return ap_psprintf(tp, "%s %s: %s", name, fs_path, err);
#endif
} else {
if (s->socket_path == NULL)
s->socket_path = fcgi_util_socket_hash_filename(tp, fs_path, s->user, s->group);
if (fcgi_socket_dir == NULL)
{
#ifdef WIN32
fcgi_socket_dir = DEFAULT_SOCK_DIR;
#else
fcgi_socket_dir = ap_server_root_relative(p, DEFAULT_SOCK_DIR);
#endif
}
s->socket_path = fcgi_util_socket_make_path_absolute(p, s->socket_path, 0);
#ifndef WIN32
err = fcgi_util_socket_make_domain_addr(p, (struct sockaddr_un **)&s->socket_addr,
&s->socket_addr_len, s->socket_path);
if (err != NULL)
return ap_psprintf(tp, "%s %s: %s", name, fs_path, err);
#endif
}
/* Add it to the list of FastCGI servers */
fcgi_util_fs_add(s);
return NULL;
}
