Fix suexec invocations from userdir - the ~ was not being prepended to the

uid per our convention.  Therefore, bad things would happen (like we
wouldn't cd to the right directory).

Add a flag to the ap_unix_identity_t structure to indicate if we are in
a userdir - if so, prefix the ~.

(Modified by Justin, but Colm's patch pointed me in the right direction.)

PR: 7810
Submitted by:	Colm <colmmacc@redbrick.dcu.ie>
Reviewed by:	Justin Erenkrantz

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94791 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 4054518ecc04c00257afb79e1e986ebba02fd719..8b0cf39c73d0dda81fa4232c73082e135906af9b 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,8 @@
 Changes with Apache 2.0.36
 
+  *) Fix suexec behavior with user directories.  PR 7810.
+     [Colm <colmmacc@redbrick.dcu.ie>]
+
   *) Reject a blank UserDir directive since it is ambiguous.  PR 8472.
      [Justin Erenkrantz]
 

diff --git a/modules/generators/mod_suexec.c b/modules/generators/mod_suexec.c
index 14d87ae9e0516074ddb7a26d027edf51856a5a8a..7057773ca8010596f6e975dedfd565598a52e51f 100644 (file)
--- a/modules/generators/mod_suexec.c
+++ b/modules/generators/mod_suexec.c
@@ -110,6 +110,7 @@ static const char *set_suexec_ugid(cmd_parms *cmd, void *mconfig,
     if (unixd_config.suexec_enabled) {
         cfg->ugid.uid = ap_uname2id(uid);
         cfg->ugid.gid = ap_gname2id(gid);
+        cfg->ugid.userdir = 0;
         cfg->active = 1;
     }
     else {

diff --git a/modules/mappers/mod_userdir.c b/modules/mappers/mod_userdir.c
index 151ac35920c3be3bb2a075f2b5b5c54e50fcace0..d8b36fdfb01e2f363da7ae302d0c9281b41a7ccf 100644 (file)
--- a/modules/mappers/mod_userdir.c
+++ b/modules/mappers/mod_userdir.c
@@ -379,6 +379,7 @@ static ap_unix_identity_t *get_suexec_id_doer(const request_rec *r)
         return NULL;
     }
 
+    ugid->userdir = 1;
 #endif 
     return ugid;
 }

diff --git a/os/unix/unixd.c b/os/unix/unixd.c
index b0f927a4bafad47a6ca79df34256a97ac6b5e7aa..5b655d36e436e8327b34c4ede503be59178eaf3e 100644 (file)
--- a/os/unix/unixd.c
+++ b/os/unix/unixd.c
@@ -331,7 +331,12 @@ static apr_status_t ap_unix_create_privileged_process(
         return apr_proc_create(newproc, progname, args, env, attr, p);
     }
 
-    execuser = apr_psprintf(p, "%ld", (long) ugid->uid);
+    if (ugid->userdir) {
+        execuser = apr_psprintf(p, "~%ld", (long) ugid->uid);
+    }
+    else {
+        execuser = apr_psprintf(p, "%ld", (long) ugid->uid);
+    }
     execgroup = apr_psprintf(p, "%ld", (long) ugid->gid);
 
     if (!execuser || !execgroup) {

diff --git a/os/unix/unixd.h b/os/unix/unixd.h
index ec777624333bddf3e73515228fe0c8028e8b0c4a..144cdf979fb63d89d198c8d3d5bdfa8fa4614f11 100644 (file)
--- a/os/unix/unixd.h
+++ b/os/unix/unixd.h
@@ -84,6 +84,7 @@
 typedef struct {
     uid_t uid;
     gid_t gid;
+    int userdir;
 } ap_unix_identity_t;
 
 AP_DECLARE_HOOK(ap_unix_identity_t *, get_suexec_identity,(const request_rec *r))