1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 #include "http_config.h"
19 #include "http_core.h"
21 #include "http_request.h"
22 #include "apr_strings.h"
24 #include "mpm_common.h"
25 #include "mod_suexec.h"
27 module AP_MODULE_DECLARE_DATA suexec_module;
30 * Create a configuration specific to this module for a server or directory
31 * location, and fill it with the default settings.
33 static void *mkconfig(apr_pool_t *p)
35 suexec_config_t *cfg = apr_palloc(p, sizeof(suexec_config_t));
42 * Respond to a callback to create configuration record for a server or
45 static void *create_mconfig_for_server(apr_pool_t *p, server_rec *s)
51 * Respond to a callback to create a config record for a specific directory.
53 static void *create_mconfig_for_directory(apr_pool_t *p, char *dir)
58 static const char *set_suexec_ugid(cmd_parms *cmd, void *mconfig,
59 const char *uid, const char *gid)
61 suexec_config_t *cfg = (suexec_config_t *) mconfig;
62 const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE);
68 if (!ap_unixd_config.suexec_enabled) {
69 return apr_pstrcat(cmd->pool, "SuexecUserGroup configured, but "
70 "suEXEC is disabled: ",
71 ap_unixd_config.suexec_disabled_reason, NULL);
74 cfg->ugid.uid = ap_uname2id(uid);
75 cfg->ugid.gid = ap_gname2id(gid);
76 cfg->ugid.userdir = 0;
82 static ap_unix_identity_t *get_suexec_id_doer(const request_rec *r)
84 suexec_config_t *cfg =
85 (suexec_config_t *) ap_get_module_config(r->per_dir_config, &suexec_module);
87 return cfg->active ? &cfg->ugid : NULL;
90 #define SUEXEC_POST_CONFIG_USERDATA "suexec_post_config_userdata"
91 static int suexec_post_config(apr_pool_t *p, apr_pool_t *plog,
92 apr_pool_t *ptemp, server_rec *s)
96 apr_pool_userdata_get(&reported, SUEXEC_POST_CONFIG_USERDATA,
99 if ((reported == NULL) && ap_unixd_config.suexec_enabled) {
100 ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
101 "suEXEC mechanism enabled (wrapper: %s)", SUEXEC_BIN);
103 apr_pool_userdata_set((void *)1, SUEXEC_POST_CONFIG_USERDATA,
104 apr_pool_cleanup_null, s->process->pool);
109 #undef SUEXEC_POST_CONFIG_USERDATA
112 * Define the directives specific to this module. This structure is referenced
113 * later by the 'module' structure.
115 static const command_rec suexec_cmds[] =
117 /* XXX - Another important reason not to allow this in .htaccess is that
118 * the ap_[ug]name2id() is not thread-safe */
119 AP_INIT_TAKE2("SuexecUserGroup", set_suexec_ugid, NULL, RSRC_CONF,
120 "User and group for spawned processes"),
124 static void suexec_hooks(apr_pool_t *p)
126 ap_hook_get_suexec_identity(get_suexec_id_doer,NULL,NULL,APR_HOOK_MIDDLE);
127 ap_hook_post_config(suexec_post_config,NULL,NULL,APR_HOOK_MIDDLE);
130 AP_DECLARE_MODULE(suexec) =
132 STANDARD20_MODULE_STUFF,
133 create_mconfig_for_directory, /* create per-dir config */
134 NULL, /* merge per-dir config */
135 create_mconfig_for_server, /* server config */
136 NULL, /* merge server config */
137 suexec_cmds, /* command table */
138 suexec_hooks /* register hooks */