[packages/apache.git] / apache-suexec_fcgi.patch

diff -urNp httpd-2.2.8.orig/support/suexec.c httpd-2.2.8/support/suexec.c
--- httpd-2.2.8.orig/support/suexec.c	2006-07-12 05:38:44.000000000 +0200
+++ httpd-2.2.8/support/suexec.c	2008-05-13 21:04:25.000000000 +0200
@@ -245,6 +245,21 @@ static void clean_env(void)
     environ = cleanenv;
 }
 
+/*
+ * Return the `basename' of the pathname in STRING (the stuff after
+ * the last '/').  If STRING is `/', just return it. Taken from bash.
+ */
+char *base_pathname(char *string)
+{
+    char *p;
+
+    if (string[0] == '/' && string[1] == 0)
+        return (string);
+
+    p = (char *)strrchr (string, '/');
+        return (p ? ++p : string);
+}
+
 int main(int argc, char *argv[])
 {
     int userdir = 0;        /* ~userdir flag             */
@@ -261,6 +276,7 @@ int main(int argc, char *argv[])
     char dwd[AP_MAXPATH];   /* docroot working directory */
     struct passwd *pw;      /* password entry holder     */
     struct group *gr;       /* group entry holder        */
+    struct passwd tpw;      /* tmp password entry holder */
     struct stat dir_info;   /* directory info holder     */
     struct stat prg_info;   /* program info holder       */
 
@@ -270,6 +286,7 @@ int main(int argc, char *argv[])
     clean_env();
 
     prog = argv[0];
+
     /*
      * Check existence/validity of the UID of the user
      * running this program.  Error out if invalid.
@@ -382,8 +399,23 @@ int main(int argc, char *argv[])
     }
     else {
         if ((pw = getpwuid(atoi(target_uname))) == NULL) {
-            log_err("invalid target user id: (%s)\n", target_uname);
-            exit(121);
+            /*
+             * If called as suexec.fcgi ignore if there is no passwd
+             * entry for specified UID. Also bail out if UID = 0.
+             */
+            if(!strcmp(base_pathname(prog),"suexec.fcgi")) {
+                tpw.pw_name = strdup(target_uname);
+                tpw.pw_uid = atoi(target_uname);
+                tpw.pw_dir = (char *)"/tmp";
+                pw = &tpw;
+                if (tpw.pw_uid <= 0) {
+                    log_err("invalid target user id: (%s)\n", target_uname);
+                    exit(121);
+                }
+            } else {
+                log_err("invalid target user id: (%s)\n", target_uname);
+                exit(121);
+            }
         }
     }
 
@@ -560,20 +592,24 @@ int main(int argc, char *argv[])
     }
 
     /*
-     * Error out if the target name/group is different from
-     * the name/group of the cwd or the program.
-     */
-    if ((uid != dir_info.st_uid) ||
-        (gid != dir_info.st_gid) ||
-        (uid != prg_info.st_uid) ||
-        (gid != prg_info.st_gid)) {
-        log_err("target uid/gid (%ld/%ld) mismatch "
-                "with directory (%ld/%ld) or program (%ld/%ld)\n",
-                uid, gid,
-                dir_info.st_uid, dir_info.st_gid,
-                prg_info.st_uid, prg_info.st_gid);
-        exit(120);
+     * If not called as suexec.fcgi error out if the target
+     * name/group is different from the name/group of the cwd
+     * or the program.
+     */
+    if(strcmp(base_pathname(prog),"suexec.fcgi")) {
+        if ((uid != dir_info.st_uid) ||
+            (gid != dir_info.st_gid) ||
+            (uid != prg_info.st_uid) ||
+            (gid != prg_info.st_gid)) {
+            log_err("target uid/gid (%ld/%ld) mismatch "
+                    "with directory (%ld/%ld) or program (%ld/%ld)\n",
+                    uid, gid,
+                    dir_info.st_uid, dir_info.st_gid,
+                    prg_info.st_uid, prg_info.st_gid);
+            exit(120);
+        }
     }
+
     /*
      * Error out if the program is not executable for the user.
      * Otherwise, she won't find any error in the logs except for
Commit	Line	Data
0f5c61f6	1	diff -urNp httpd-2.2.8.orig/support/suexec.c httpd-2.2.8/support/suexec.c
	2	--- httpd-2.2.8.orig/support/suexec.c 2006-07-12 05:38:44.000000000 +0200
	3	+++ httpd-2.2.8/support/suexec.c 2008-05-13 21:04:25.000000000 +0200
	4	@@ -245,6 +245,21 @@ static void clean_env(void)
	5	environ = cleanenv;
	6	}
	7
	8	+/*
	9	+ * Return the `basename' of the pathname in STRING (the stuff after
	10	+ * the last '/'). If STRING is `/', just return it. Taken from bash.
	11	+ */
	12	+char base_pathname(char string)
	13	+{
	14	+ char *p;
	15	+
	16	+ if (string[0] == '/' && string[1] == 0)
	17	+ return (string);
	18	+
	19	+ p = (char *)strrchr (string, '/');
	20	+ return (p ? ++p : string);
	21	+}
	22	+
	23	int main(int argc, char *argv[])
	24	{
	25	int userdir = 0; /* ~userdir flag */
	26	@@ -261,6 +276,7 @@ int main(int argc, char *argv[])
	27	char dwd[AP_MAXPATH]; /* docroot working directory */
	28	struct passwd pw; / password entry holder */
	29	struct group gr; / group entry holder */
	30	+ struct passwd tpw; /* tmp password entry holder */
	31	struct stat dir_info; /* directory info holder */
	32	struct stat prg_info; /* program info holder */
	33
	34	@@ -270,6 +286,7 @@ int main(int argc, char *argv[])
	35	clean_env();
	36
	37	prog = argv[0];
	38	+
	39	/*
	40	* Check existence/validity of the UID of the user
	41	* running this program. Error out if invalid.
	42	@@ -382,8 +399,23 @@ int main(int argc, char *argv[])
	43	}
	44	else {
	45	if ((pw = getpwuid(atoi(target_uname))) == NULL) {
	46	- log_err("invalid target user id: (%s)\n", target_uname);
	47	- exit(121);
	48	+ /*
	49	+ * If called as suexec.fcgi ignore if there is no passwd
	50	+ * entry for specified UID. Also bail out if UID = 0.
	51	+ */
	52	+ if(!strcmp(base_pathname(prog),"suexec.fcgi")) {
	53	+ tpw.pw_name = strdup(target_uname);
	54	+ tpw.pw_uid = atoi(target_uname);
	55	+ tpw.pw_dir = (char *)"/tmp";
	56	+ pw = &tpw;
	57	+ if (tpw.pw_uid <= 0) {
	58	+ log_err("invalid target user id: (%s)\n", target_uname);
	59	+ exit(121);
	60	+ }
	61	+ } else {
	62	+ log_err("invalid target user id: (%s)\n", target_uname);
	63	+ exit(121);
	64	+ }
65	}
66	}
67
68	@@ -560,20 +592,24 @@ int main(int argc, char *argv[])
69	}
70
71	/*
72	- * Error out if the target name/group is different from
73	- * the name/group of the cwd or the program.
74	- */
75	- if ((uid != dir_info.st_uid) \|\|
76	- (gid != dir_info.st_gid) \|\|
77	- (uid != prg_info.st_uid) \|\|
78	- (gid != prg_info.st_gid)) {
79	- log_err("target uid/gid (%ld/%ld) mismatch "
80	- "with directory (%ld/%ld) or program (%ld/%ld)\n",
81	- uid, gid,
82	- dir_info.st_uid, dir_info.st_gid,
83	- prg_info.st_uid, prg_info.st_gid);
84	- exit(120);
85	+ * If not called as suexec.fcgi error out if the target
86	+ * name/group is different from the name/group of the cwd
87	+ * or the program.
88	+ */
8955c9de	89	+ if(strcmp(base_pathname(prog),"suexec.fcgi")) {
0f5c61f6	90	+ if ((uid != dir_info.st_uid) \|\|
	91	+ (gid != dir_info.st_gid) \|\|
	92	+ (uid != prg_info.st_uid) \|\|
	93	+ (gid != prg_info.st_gid)) {
	94	+ log_err("target uid/gid (%ld/%ld) mismatch "
	95	+ "with directory (%ld/%ld) or program (%ld/%ld)\n",
	96	+ uid, gid,
	97	+ dir_info.st_uid, dir_info.st_gid,
	98	+ prg_info.st_uid, prg_info.st_gid);
	99	+ exit(120);
	100	+ }
	101	}
	102	+
	103	/*
	104	* Error out if the program is not executable for the user.
	105	* Otherwise, she won't find any error in the logs except for