static const char *vhost_group(cmd_parms *cmd, void *dir, const char *arg) { priv_cfg *cfg = ap_get_module_config(cmd->server->module_config, &privileges_module); cfg->gid = ap_gname2id(arg); if (cfg->uid == 0) { return apr_pstrcat(cmd->pool, "Invalid groupid for VHostGroup: ", arg, NULL); } return NULL; }
AP_DECLARE(const char *) unixd_set_group(cmd_parms *cmd, void *dummy, const char *arg) { const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); if (err != NULL) { return err; } unixd_config.group_id = ap_gname2id(arg); return NULL; }
static const char *set_defuidgid(cmd_parms *cmd, void *mconfig, const char *uid, const char *gid) { process_security_config_t *conf = ap_get_module_config(cmd->server->module_config, &process_security_module); const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE | NOT_IN_LIMIT); if (err != NULL) return err; conf->default_uid = ap_uname2id(uid); conf->default_gid = ap_gname2id(gid); return NULL; }
static const char *set_uidgid (cmd_parms *cmd, void *mconfig, const char *uid, const char *gid) { ruid_dir_config_t *dconf = (ruid_dir_config_t *) mconfig; const char *err = ap_check_cmd_context (cmd, NOT_IN_FILES | NOT_IN_LIMIT); if (err != NULL) { return err; } dconf->ruid_uid = ap_uname2id(uid); dconf->ruid_gid = ap_gname2id(gid); return NULL; }
static const char *set_minuidgid (cmd_parms *cmd, void *mconfig, const char *uid, const char *gid) { UNUSED(mconfig); ruid_config_t *conf = ap_get_module_config (cmd->server->module_config, &ruid2_module); const char *err = ap_check_cmd_context (cmd, NOT_IN_DIR_LOC_FILE | NOT_IN_LIMIT); if (err != NULL) { return err; } conf->min_uid = ap_uname2id(uid); conf->min_gid = ap_gname2id(gid); return NULL; }
AP_DECLARE(void) unixd_pre_config(apr_pool_t *ptemp) { apr_finfo_t wrapper; unixd_config.user_name = DEFAULT_USER; unixd_config.user_id = ap_uname2id(DEFAULT_USER); unixd_config.group_id = ap_gname2id(DEFAULT_GROUP); /* Check for suexec */ unixd_config.suexec_enabled = 0; if ((apr_stat(&wrapper, SUEXEC_BIN, APR_FINFO_NORM, ptemp)) != APR_SUCCESS) { return; } if ((wrapper.protection & APR_USETID) && wrapper.user == 0) { unixd_config.suexec_enabled = 1; } }
static const char *set_suexec_ugid(cmd_parms *cmd, void *mconfig, const char *uid, const char *gid) { suexec_config_t *cfg = (suexec_config_t *) mconfig; const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT); if (err != NULL) { return err; } if (unixd_config.suexec_enabled) { cfg->ugid.uid = ap_uname2id(uid); cfg->ugid.gid = ap_gname2id(gid); cfg->ugid.userdir = 0; cfg->active = 1; } else { fprintf(stderr, "Warning: SuexecUserGroup directive requires SUEXEC wrapper.\n"); } return NULL; }
static const char *set_groups (cmd_parms *cmd, void *mconfig, const char *arg) { ruid_dir_config_t *dconf = (ruid_dir_config_t *) mconfig; const char *err = ap_check_cmd_context (cmd, NOT_IN_FILES | NOT_IN_LIMIT); if (err != NULL) { return err; } if (strcasecmp(arg,"@none") == 0) { dconf->groupsnr=NONE; } if (dconf->groupsnr == UNSET) { dconf->groupsnr = 0; } if ((dconf->groupsnr < RUID_MAXGROUPS) && (dconf->groupsnr >= 0)) { dconf->groups[dconf->groupsnr++] = ap_gname2id (arg); } return NULL; }
static const char *set_suexec_ugid(cmd_parms *cmd, void *mconfig, const char *uid, const char *gid) { suexec_config_t *cfg = (suexec_config_t *) mconfig; const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_CONTEXT); if (err != NULL) { return err; } if (!ap_unixd_config.suexec_enabled) { return apr_pstrcat(cmd->pool, "SuexecUserGroup configured, but " "suEXEC is disabled: ", ap_unixd_config.suexec_disabled_reason, NULL); } cfg->ugid.uid = ap_uname2id(uid); cfg->ugid.gid = ap_gname2id(gid); cfg->ugid.userdir = 0; cfg->active = 1; return NULL; }
/******************************************************************************* * Configure a static FastCGI server that is started/managed elsewhere. */ const char *fcgi_config_new_external_server(cmd_parms *cmd, void *dummy, const char *arg) { fcgi_server *s; pool * const p = cmd->pool, *tp = cmd->temp_pool; const char * const name = cmd->cmd->name; char *fs_path = ap_getword_conf(p, &arg); const char *option, *err; err = ap_check_cmd_context(cmd, NOT_IN_LIMIT|NOT_IN_DIR_LOC_FILE); if (err) { return err; } if (!*fs_path) { return ap_pstrcat(tp, name, " requires a path and either a -socket or -host option", NULL); } #ifdef APACHE2 if (apr_filepath_merge(&fs_path, "", fs_path, 0, p)) return ap_psprintf(tp, "%s %s: invalid filepath", name, fs_path); #else fs_path = ap_os_canonical_filename(p, fs_path); #endif fs_path = ap_server_root_relative(p, fs_path); ap_getparents(fs_path); ap_no2slash(fs_path); /* See if we've already got one of these bettys configured */ s = fcgi_util_fs_get_by_id(fs_path, fcgi_util_get_server_uid(cmd->server), fcgi_util_get_server_gid(cmd->server)); if (s != NULL) { if (fcgi_wrapper) { return ap_psprintf(tp, "%s: redefinition of a previously defined class \"%s\" " "with uid=%ld and gid=%ld", name, fs_path, (long) fcgi_util_get_server_uid(cmd->server), (long) fcgi_util_get_server_gid(cmd->server)); } else { return ap_psprintf(tp, "%s: redefinition of previously defined class \"%s\"", name, fs_path); } } s = fcgi_util_fs_new(p); s->fs_path = fs_path; s->directive = APP_CLASS_EXTERNAL; /* Parse directive arguments */ while (*arg != '\0') { option = ap_getword_conf(tp, &arg); if (strcasecmp(option, "-host") == 0) { if ((err = get_host_n_port(p, &arg, &s->host, &s->port))) return invalid_value(tp, name, fs_path, option, err); } else if (strcasecmp(option, "-socket") == 0) { s->socket_path = ap_getword_conf(tp, &arg); if (*s->socket_path == '\0') return invalid_value(tp, name, fs_path, option, "\"\""); } else if (strcasecmp(option, "-appConnTimeout") == 0) { if ((err = get_u_int(tp, &arg, &s->appConnectTimeout, 0))) return invalid_value(tp, name, fs_path, option, err); } else if (strcasecmp(option, "-idle-timeout") == 0) { if ((err = get_u_int(tp, &arg, &s->idle_timeout, 1))) return invalid_value(tp, name, fs_path, option, err); } else if (strcasecmp(option, "-nph") == 0) { s->nph = 1; } else if (strcasecmp(option, "-pass-header") == 0) { if ((err = get_pass_header(p, &arg, &s->pass_headers))) return invalid_value(tp, name, fs_path, option, err); } else if (strcasecmp(option, "-flush") == 0) { s->flush = 1; } else if (strcasecmp(option, "-user") == 0) { #ifdef WIN32 return ap_psprintf(tp, "%s %s: the -user option isn't supported on WIN", name, fs_path); #else s->user = ap_getword_conf(tp, &arg); if (*s->user == '\0') return invalid_value(tp, name, fs_path, option, "\"\""); #endif } else if (strcasecmp(option, "-group") == 0) { #ifdef WIN32 return ap_psprintf(tp, "%s %s: the -group option isn't supported on WIN", name, fs_path); #else s->group = ap_getword_conf(tp, &arg); if (*s->group == '\0') return invalid_value(tp, name, fs_path, option, "\"\""); #endif } else if (strcasecmp(option, "-fixPaths") == 0) { s->fixPaths = 1; } else { return ap_psprintf(tp, "%s %s: invalid option: %s", name, fs_path, option); } } /* while */ #ifndef WIN32 if (fcgi_wrapper) { if (s->group == NULL) { s->group = ap_psprintf(tp, "#%ld", (long)fcgi_util_get_server_gid(cmd->server)); } if (s->user == NULL) { s->user = ap_psprintf(p, "#%ld", (long)fcgi_util_get_server_uid(cmd->server)); } s->uid = ap_uname2id(s->user); s->gid = ap_gname2id(s->group); } else if (s->user || s->group) { ap_log_error(FCGI_LOG_WARN, cmd->server, "FastCGI: there is no " "fastcgi wrapper set, user/group options are ignored"); } if ((err = fcgi_util_fs_set_uid_n_gid(p, s, s->uid, s->gid))) { return ap_psprintf(tp, "%s %s: invalid user or group: %s", name, fs_path, err); } #endif /* !WIN32 */ /* Require one of -socket or -host, but not both */ if (s->socket_path != NULL && s->port != 0) { return ap_psprintf(tp, "%s %s: -host and -socket are mutually exclusive options", name, fs_path); } if (s->socket_path == NULL && s->port == 0) { return ap_psprintf(tp, "%s %s: -socket or -host option missing", name, fs_path); } /* Build the appropriate sockaddr structure */ if (s->port != 0) { err = fcgi_util_socket_make_inet_addr(p, (struct sockaddr_in **)&s->socket_addr, &s->socket_addr_len, s->host, s->port); if (err != NULL) return ap_psprintf(tp, "%s %s: %s", name, fs_path, err); } else { if (fcgi_socket_dir == NULL) { #ifdef WIN32 fcgi_socket_dir = DEFAULT_SOCK_DIR; #else fcgi_socket_dir = ap_server_root_relative(p, DEFAULT_SOCK_DIR); #endif } s->socket_path = fcgi_util_socket_make_path_absolute(p, s->socket_path, 0); #ifndef WIN32 err = fcgi_util_socket_make_domain_addr(p, (struct sockaddr_un **)&s->socket_addr, &s->socket_addr_len, s->socket_path); if (err != NULL) return ap_psprintf(tp, "%s %s: %s", name, fs_path, err); #endif } /* Add it to the list of FastCGI servers */ fcgi_util_fs_add(s); return NULL; }
/******************************************************************************* * Configure a static FastCGI server. */ const char *fcgi_config_new_static_server(cmd_parms *cmd, void *dummy, const char *arg) { fcgi_server *s; pool *p = cmd->pool, *tp = cmd->temp_pool; const char *name = cmd->cmd->name; char *fs_path = ap_getword_conf(p, &arg); const char *option, *err; /* Allocate temp storage for the array of initial environment variables */ char **envp = ap_pcalloc(tp, sizeof(char *) * (MAX_INIT_ENV_VARS + 3)); unsigned int envc = 0; #ifdef WIN32 HANDLE mutex; #endif err = ap_check_cmd_context(cmd, NOT_IN_LIMIT|NOT_IN_DIR_LOC_FILE); if (err) { return err; } if (*fs_path == '\0') return "AppClass requires a pathname!?"; if ((err = fcgi_config_set_fcgi_uid_n_gid(1)) != NULL) return ap_psprintf(tp, "%s %s: %s", name, fs_path, err); #ifdef APACHE2 if (apr_filepath_merge(&fs_path, "", fs_path, 0, p)) return ap_psprintf(tp, "%s %s: invalid filepath", name, fs_path); #else fs_path = ap_os_canonical_filename(p, fs_path); #endif fs_path = ap_server_root_relative(p, fs_path); ap_getparents(fs_path); ap_no2slash(fs_path); /* See if we've already got one of these configured */ s = fcgi_util_fs_get_by_id(fs_path, fcgi_util_get_server_uid(cmd->server), fcgi_util_get_server_gid(cmd->server)); if (s != NULL) { if (fcgi_wrapper) { return ap_psprintf(tp, "%s: redefinition of a previously defined FastCGI " "server \"%s\" with uid=%ld and gid=%ld", name, fs_path, (long) fcgi_util_get_server_uid(cmd->server), (long) fcgi_util_get_server_gid(cmd->server)); } else { return ap_psprintf(tp, "%s: redefinition of a previously defined FastCGI server \"%s\"", name, fs_path); } } err = fcgi_util_fs_is_path_ok(tp, fs_path, NULL); if (err != NULL) { return ap_psprintf(tp, "%s: \"%s\" %s", name, fs_path, err); } s = fcgi_util_fs_new(p); s->fs_path = fs_path; s->directive = APP_CLASS_STANDARD; s->restartOnExit = TRUE; s->numProcesses = 1; #ifdef WIN32 /* TCP FastCGI applications require SystemRoot be present in the environment * Put it in both for consistency to the application */ fcgi_config_set_env_var(p, envp, &envc, "SystemRoot"); mutex = CreateMutex(NULL, FALSE, fs_path); if (mutex == NULL) { ap_log_error(FCGI_LOG_ALERT, fcgi_apache_main_server, "FastCGI: CreateMutex() failed"); return "failed to create FastCGI application accept mutex"; } SetHandleInformation(mutex, HANDLE_FLAG_INHERIT, TRUE); s->mutex_env_string = ap_psprintf(p, "_FCGI_MUTEX_=%ld", mutex); #endif /* Parse directive arguments */ while (*arg) { option = ap_getword_conf(tp, &arg); if (strcasecmp(option, "-processes") == 0) { if ((err = get_u_int(tp, &arg, &s->numProcesses, 1))) return invalid_value(tp, name, fs_path, option, err); } else if (strcasecmp(option, "-restart-delay") == 0) { if ((err = get_u_int(tp, &arg, &s->restartDelay, 0))) return invalid_value(tp, name, fs_path, option, err); } else if (strcasecmp(option, "-init-start-delay") == 0) { if ((err = get_int(tp, &arg, &s->initStartDelay, 0))) return invalid_value(tp, name, fs_path, option, err); } else if (strcasecmp(option, "-min-server-life") == 0) { if ((err = get_u_int(tp, &arg, &s->minServerLife, 0))) return invalid_value(tp, name, NULL, option, err); } else if (strcasecmp(option, "-priority") == 0) { if ((err = get_u_int(tp, &arg, &s->processPriority, 0))) return invalid_value(tp, name, fs_path, option, err); } else if (strcasecmp(option, "-listen-queue-depth") == 0) { if ((err = get_u_int(tp, &arg, &s->listenQueueDepth, 1))) return invalid_value(tp, name, fs_path, option, err); } else if (strcasecmp(option, "-appConnTimeout") == 0) { if ((err = get_u_int(tp, &arg, &s->appConnectTimeout, 0))) return invalid_value(tp, name, fs_path, option, err); } else if (strcasecmp(option, "-idle-timeout") == 0) { if ((err = get_u_int(tp, &arg, &s->idle_timeout, 1))) return invalid_value(tp, name, fs_path, option, err); } else if (strcasecmp(option, "-port") == 0) { if ((err = get_u_short(tp, &arg, &s->port, 1))) return invalid_value(tp, name, fs_path, option, err); } else if (strcasecmp(option, "-socket") == 0) { s->socket_path = ap_getword_conf(tp, &arg); if (*s->socket_path == '\0') return invalid_value(tp, name, fs_path, option, "\"\""); } else if (strcasecmp(option, "-initial-env") == 0) { if ((err = get_env_var(p, &arg, envp, &envc))) return invalid_value(tp, name, fs_path, option, err); } else if (strcasecmp(option, "-pass-header") == 0) { if ((err = get_pass_header(p, &arg, &s->pass_headers))) return invalid_value(tp, name, fs_path, option, err); } else if (strcasecmp(option, "-flush") == 0) { s->flush = 1; } else if (strcasecmp(option, "-nph") == 0) { s->nph = 1; } else if (strcasecmp(option, "-user") == 0) { #ifdef WIN32 return ap_psprintf(tp, "%s %s: the -user option isn't supported on WIN", name, fs_path); #else s->user = ap_getword_conf(tp, &arg); if (*s->user == '\0') return invalid_value(tp, name, fs_path, option, "\"\""); #endif } else if (strcasecmp(option, "-group") == 0) { #ifdef WIN32 return ap_psprintf(tp, "%s %s: the -group option isn't supported on WIN", name, fs_path); #else s->group = ap_getword_conf(tp, &arg); if (*s->group == '\0') return invalid_value(tp, name, fs_path, option, "\"\""); #endif } else { return ap_psprintf(tp, "%s %s: invalid option: %s", name, fs_path, option); } } /* while */ #ifndef WIN32 if (fcgi_wrapper) { if (s->group == NULL) { s->group = ap_psprintf(tp, "#%ld", (long)fcgi_util_get_server_gid(cmd->server)); } if (s->user == NULL) { s->user = ap_psprintf(p, "#%ld", (long)fcgi_util_get_server_uid(cmd->server)); } s->uid = ap_uname2id(s->user); s->gid = ap_gname2id(s->group); } else if (s->user || s->group) { ap_log_error(FCGI_LOG_WARN, cmd->server, "FastCGI: there is no " "fastcgi wrapper set, user/group options are ignored"); } if ((err = fcgi_util_fs_set_uid_n_gid(p, s, s->uid, s->gid))) { return ap_psprintf(tp, "%s %s: invalid user or group: %s", name, fs_path, err); } #endif /* !WIN32 */ if (s->socket_path != NULL && s->port != 0) { return ap_psprintf(tp, "%s %s: -port and -socket are mutually exclusive options", name, fs_path); } /* Move env array to a surviving pool */ s->envp = (char **)ap_pcalloc(p, sizeof(char *) * (envc + 4)); memcpy(s->envp, envp, sizeof(char *) * envc); /* Initialize process structs */ s->procs = fcgi_util_fs_create_procs(p, s->numProcesses); /* Build the appropriate sockaddr structure */ if (s->port != 0) { err = fcgi_util_socket_make_inet_addr(p, (struct sockaddr_in **)&s->socket_addr, &s->socket_addr_len, NULL, s->port); if (err != NULL) return ap_psprintf(tp, "%s %s: %s", name, fs_path, err); #ifdef WIN32 err = fcgi_util_socket_make_inet_addr(p, (struct sockaddr_in **)&s->dest_addr, &s->socket_addr_len, "localhost", s->port); if (err != NULL) return ap_psprintf(tp, "%s %s: %s", name, fs_path, err); #endif } else { if (s->socket_path == NULL) s->socket_path = fcgi_util_socket_hash_filename(tp, fs_path, s->user, s->group); if (fcgi_socket_dir == NULL) { #ifdef WIN32 fcgi_socket_dir = DEFAULT_SOCK_DIR; #else fcgi_socket_dir = ap_server_root_relative(p, DEFAULT_SOCK_DIR); #endif } s->socket_path = fcgi_util_socket_make_path_absolute(p, s->socket_path, 0); #ifndef WIN32 err = fcgi_util_socket_make_domain_addr(p, (struct sockaddr_un **)&s->socket_addr, &s->socket_addr_len, s->socket_path); if (err != NULL) return ap_psprintf(tp, "%s %s: %s", name, fs_path, err); #endif } /* Add it to the list of FastCGI servers */ fcgi_util_fs_add(s); return NULL; }