progname="$withval" ], [
progname="httpd"] )
+# SuExec parameters
+AC_ARG_WITH(suexec-caller,
+[ --with-suexec-caller=User allowed to call SuExec],[
+ AC_DEFINE_UNQUOTED(AP_HTTPD_USER, $withval, [User allowed to call SuExec] ) ] )
+
+AC_ARG_WITH(suexec-userdir,
+[ --with-suexec-userdir=User subdirectory],[
+ AC_DEFINE_UNQUOTED(AP_USERDIR_SUFFIX, $withval, [User subdirectory] ) ] )
+
+AC_ARG_WITH(suexec-docroot,
+[ --with-suexec-docroot=SuExec root directory],[
+ AC_DEFINE_UNQUOTED(AP_DOC_ROOT, $withval, [SuExec root directory] ) ] )
+
+AC_ARG_WITH(suexec-uidmin,
+[ --with-suexec-uidmin=Minimal allowed UID],[
+ AC_DEFINE_UNQUOTED(AP_UID_MIN, $withval, [Minimal allowed UID] ) ] )
+
+AC_ARG_WITH(suexec-gidmin,
+[ --with-suexec-gidmin=Minimal allowed GID],[
+ AC_DEFINE_UNQUOTED(AP_GID_MIN, $withval, [Minimal allowed GID] ) ] )
+
+AC_ARG_WITH(suexec-logfile,
+[ --with-suexec-logfile=Set the logfile],[
+ AC_DEFINE_UNQUOTED(AP_LOG_EXEC, $withval, [SuExec log file] ) ] )
+
+AC_ARG_WITH(suexec-safepath,
+[ --with-suexec-safepath=Set the safepath],[
+ AC_DEFINE_UNQUOTED(AP_SAFE_PATH, $withval, [safe shell path for SuExec] ) ] )
+
dnl ### util_xml is always included, so we always need Expat (for now)
apache_need_expat=yes
*
*/
+#include "ap_config_auto.h"
#include "ap_config.h"
#include <sys/param.h>
#include <sys/stat.h>
static void err_output(const char *fmt, va_list ap)
{
-#ifdef LOG_EXEC
+#ifdef AP_LOG_EXEC
time_t timevar;
struct tm *lt;
if (!log) {
- if ((log = fopen(LOG_EXEC, "a")) == NULL) {
+ if ((log = fopen(AP_LOG_EXEC, "a")) == NULL) {
fprintf(stderr, "failed to open log file\n");
perror("fopen");
exit(1);
vfprintf(log, fmt, ap);
fflush(log);
-#endif /* LOG_EXEC */
+#endif /* AP_LOG_EXEC */
return;
}
static void log_err(const char *fmt,...)
{
-#ifdef LOG_EXEC
+#ifdef AP_LOG_EXEC
va_list ap;
va_start(ap, fmt);
err_output(fmt, ap);
va_end(ap);
-#endif /* LOG_EXEC */
+#endif /* AP_LOG_EXEC */
return;
}
exit(120);
}
- sprintf(pathbuf, "PATH=%s", SAFE_PATH);
+ sprintf(pathbuf, "PATH=%s", AP_SAFE_PATH);
cleanenv[cidx] = strdup(pathbuf);
cidx++;
*/
#ifdef _OSD_POSIX
/* User name comparisons are case insensitive on BS2000/OSD */
- if (strcasecmp(HTTPD_USER, pw->pw_name)) {
- log_err("user mismatch (%s instead of %s)\n", pw->pw_name, HTTPD_USER);
+ if (strcasecmp(AP_HTTPD_USER, pw->pw_name)) {
+ log_err("user mismatch (%s instead of %s)\n", pw->pw_name, AP_HTTPD_USER);
exit(103);
}
#else /*_OSD_POSIX*/
- if (strcmp(HTTPD_USER, pw->pw_name)) {
- log_err("user mismatch (%s instead of %s)\n", pw->pw_name, HTTPD_USER);
+ if (strcmp(AP_HTTPD_USER, pw->pw_name)) {
+ log_err("user mismatch (%s instead of %s)\n", pw->pw_name, AP_HTTPD_USER);
exit(103);
}
#endif /*_OSD_POSIX*/
/*
* Error out if attempt is made to execute as root or as
- * a UID less than UID_MIN. Tsk tsk.
+ * a UID less than AP_UID_MIN. Tsk tsk.
*/
- if ((uid == 0) || (uid < UID_MIN)) {
+ if ((uid == 0) || (uid < AP_UID_MIN)) {
log_err("cannot run as forbidden uid (%d/%s)\n", uid, cmd);
exit(107);
}
/*
* Error out if attempt is made to execute as root group
- * or as a GID less than GID_MIN. Tsk tsk.
+ * or as a GID less than AP_GID_MIN. Tsk tsk.
*/
- if ((gid == 0) || (gid < GID_MIN)) {
+ if ((gid == 0) || (gid < AP_GID_MIN)) {
log_err("cannot run as forbidden gid (%d/%s)\n", gid, cmd);
exit(108);
}
if (userdir) {
if (((chdir(target_homedir)) != 0) ||
- ((chdir(USERDIR_SUFFIX)) != 0) ||
+ ((chdir(AP_USERDIR_SUFFIX)) != 0) ||
((getcwd(dwd, AP_MAXPATH)) == NULL) ||
((chdir(cwd)) != 0)) {
log_err("cannot get docroot information (%s)\n", target_homedir);
}
}
else {
- if (((chdir(DOC_ROOT)) != 0) ||
+ if (((chdir(AP_DOC_ROOT)) != 0) ||
((getcwd(dwd, AP_MAXPATH)) == NULL) ||
((chdir(cwd)) != 0)) {
- log_err("cannot get docroot information (%s)\n", DOC_ROOT);
+ log_err("cannot get docroot information (%s)\n", AP_DOC_ROOT);
exit(113);
}
}
* Be sure to close the log file so the CGI can't
* mess with it. If the exec fails, it will be reopened
* automatically when log_err is called. Note that the log
- * might not actually be open if LOG_EXEC isn't defined.
+ * might not actually be open if AP_LOG_EXEC isn't defined.
* However, the "log" cell isn't ifdef'd so let's be defensive
* and assume someone might have done something with it
- * outside an ifdef'd LOG_EXEC block.
+ * outside an ifdef'd AP_LOG_EXEC block.
*/
if (log != NULL) {
fclose(log);
* runs. This is the only user allowed to execute
* this program.
*/
-#ifndef HTTPD_USER
-#define HTTPD_USER "www"
+#ifndef AP_HTTPD_USER
+#define AP_HTTPD_USER "www"
#endif
/*
* UID_MIN -- Define this as the lowest UID allowed to be a target user
* for suEXEC. For most systems, 500 or 100 is common.
*/
-#ifndef UID_MIN
-#define UID_MIN 100
+#ifndef AP_UID_MIN
+#define AP_UID_MIN 100
#endif
/*
* GID_MIN -- Define this as the lowest GID allowed to be a target group
* for suEXEC. For most systems, 100 is common.
*/
-#ifndef GID_MIN
-#define GID_MIN 100
+#ifndef AP_GID_MIN
+#define AP_GID_MIN 100
#endif
/*
* See the suEXEC documentation for more detailed
* information.
*/
-#ifndef USERDIR_SUFFIX
-#define USERDIR_SUFFIX "public_html"
+#ifndef AP_USERDIR_SUFFIX
+#define AP_USERDIR_SUFFIX "public_html"
#endif
/*
* transactions and errors logged for auditing and
* debugging purposes.
*/
-#ifndef LOG_EXEC
-#define LOG_EXEC "/usr/local/apache/logs/cgi.log" /* Need me? */
+#ifndef AP_LOG_EXEC
+#define AP_LOG_EXEC "/usr/local/apache/logs/cgi.log" /* Need me? */
#endif
/*
* will be the only hierarchy (aside from UserDirs)
* that can be used for suEXEC behavior.
*/
-#ifndef DOC_ROOT
-#define DOC_ROOT "/usr/local/apache/htdocs"
+#ifndef AP_DOC_ROOT
+#define AP_DOC_ROOT "/usr/local/apache/htdocs"
#endif
/*
* SAFE_PATH -- Define a safe PATH environment to pass to CGI executables.
*
*/
-#ifndef SAFE_PATH
-#define SAFE_PATH "/usr/local/bin:/usr/bin:/bin"
+#ifndef AP_SAFE_PATH
+#define AP_SAFE_PATH "/usr/local/bin:/usr/bin:/bin"
#endif
#endif /* _SUEXEC_H */
projects / apache / commitdiff