diff options
author | Henning Brauer <henning@cvs.openbsd.org> | 2002-07-15 09:40:50 +0000 |
---|---|---|
committer | Henning Brauer <henning@cvs.openbsd.org> | 2002-07-15 09:40:50 +0000 |
commit | b18afd6bb502a4fbce5d8276c6a2e14b0d57826a (patch) | |
tree | 1a0043d79da6fd2ad80ef35f2a29bca723d67a04 /usr.sbin | |
parent | 3125fbda45c032ef151749c174356de87a827688 (diff) |
don't try things we are not able to do if chrooted on graceful restarts.
this does not mean a chrooted httpd survives a graceful restart (yet).
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/httpd/src/main/http_config.c | 12 | ||||
-rw-r--r-- | usr.sbin/httpd/src/main/http_core.c | 64 | ||||
-rw-r--r-- | usr.sbin/httpd/src/main/http_main.c | 86 | ||||
-rw-r--r-- | usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c | 6 |
4 files changed, 119 insertions, 49 deletions
diff --git a/usr.sbin/httpd/src/main/http_config.c b/usr.sbin/httpd/src/main/http_config.c index 6a2191b086f..effe5397e8b 100644 --- a/usr.sbin/httpd/src/main/http_config.c +++ b/usr.sbin/httpd/src/main/http_config.c @@ -1,3 +1,5 @@ +/* $OpenBSD: http_config.c,v 1.10 2002/07/15 09:40:49 henning Exp $ */ + /* ==================================================================== * The Apache Software License, Version 1.1 * @@ -1264,6 +1266,9 @@ CORE_EXPORT(void) ap_process_resource_config(server_rec *s, char *fname, pool *p fname = ap_server_root_relative(p, fname); + /* if we are already chrooted here, it's a restart. strip chroot then. */ + ap_server_strip_chroot(fname, 0); + if (!(strcmp(fname, ap_server_root_relative(p, RESOURCE_CONFIG_FILE))) || !(strcmp(fname, ap_server_root_relative(p, ACCESS_CONFIG_FILE)))) { if (stat(fname, &finfo) == -1) @@ -1554,8 +1559,11 @@ static void init_config_globals(pool *p) ap_standalone = 1; ap_user_name = DEFAULT_USER; - ap_user_id = ap_uname2id(DEFAULT_USER); - ap_group_id = ap_gname2id(DEFAULT_GROUP); + if (!ap_server_is_chrooted()) { + /* can't work, just keep old setting */ + ap_user_id = ap_uname2id(DEFAULT_USER); + ap_group_id = ap_gname2id(DEFAULT_GROUP); + } ap_daemons_to_start = DEFAULT_START_DAEMON; ap_daemons_min_free = DEFAULT_MIN_FREE_DAEMON; ap_daemons_max_free = DEFAULT_MAX_FREE_DAEMON; diff --git a/usr.sbin/httpd/src/main/http_core.c b/usr.sbin/httpd/src/main/http_core.c index 5397eff2316..0b09e4f646a 100644 --- a/usr.sbin/httpd/src/main/http_core.c +++ b/usr.sbin/httpd/src/main/http_core.c @@ -1,3 +1,5 @@ +/* $OpenBSD: http_core.c,v 1.11 2002/07/15 09:40:49 henning Exp $ */ + /* ==================================================================== * The Apache Software License, Version 1.1 * @@ -2098,13 +2100,29 @@ static const char *set_user(cmd_parms *cmd, void *dummy, char *arg) return err; } + /* + * This is, again, tricky. on restarts, we cannot use uname2id. + * keep the old settings for the main server. + * barf out on user directives in <VirtualHost> sections. + */ + if (!cmd->server->is_virtual) { - ap_user_name = arg; - cmd->server->server_uid = ap_user_id = ap_uname2id(arg); + if (!ap_server_is_chrooted()) { + ap_user_name = arg; + ap_user_id = ap_uname2id(arg); + } + cmd->server->server_uid = ap_user_id; } else { if (ap_suexec_enabled) { - cmd->server->server_uid = ap_uname2id(arg); + if (ap_server_is_chrooted()) { + fprintf(stderr, "cannot look up uids once chrooted. Thus, User " + "directives inside <VirtualHost> and restarts aren't " + "possible together. Please stop httpd and start a new " + "one\n"); + exit(1); + } else + cmd->server->server_uid = ap_uname2id(arg); } else { cmd->server->server_uid = ap_user_id; @@ -2141,11 +2159,21 @@ static const char *set_group(cmd_parms *cmd, void *dummy, char *arg) } if (!cmd->server->is_virtual) { - cmd->server->server_gid = ap_group_id = ap_gname2id(arg); + if (!ap_server_is_chrooted()) { + ap_group_id = ap_gname2id(arg); + } + cmd->server->server_gid = ap_group_id; } else { if (ap_suexec_enabled) { - cmd->server->server_gid = ap_gname2id(arg); + if (ap_server_is_chrooted()) { + fprintf(stderr, "cannot look up gids once chrooted. Thus, Group" + " directives inside <VirtualHost> and restarts aren't " + "possible together. Please stop httpd and start a new " + "one\n"); + exit(1); + } else + cmd->server->server_gid = ap_gname2id(arg); } else { cmd->server->server_gid = ap_group_id; @@ -2168,14 +2196,26 @@ static const char *set_server_root(cmd_parms *cmd, void *dummy, char *arg) arg = ap_os_canonical_filename(cmd->pool, arg); - if (!ap_is_directory(arg)) { - return "ServerRoot must be a valid directory"; + /* + * This is a bit tricky. On startup we are not chrooted here. + * On restarts (graceful or not) we are (unless we're in unsecure mode). + * if we would strip off the chroot prefix, nothing (not even "/") + * would last. + * it's pointless to test wether ServerRoot is a directory if we are + * already chrooted into that. + * Of course it's impossible to change ServerRoot without a full restart. + * should we abort with an error if ap_server_root != arg? + */ + + if (!ap_server_is_chrooted()) { + if (!ap_is_directory(arg)) { + return "ServerRoot must be a valid directory"; + } + /* ServerRoot is never '/' terminated */ + while (strlen(ap_server_root) > 1 && ap_server_root[strlen(ap_server_root)-1] == '/') + ap_server_root[strlen(ap_server_root)-1] = '\0'; + ap_cpystrn(ap_server_root, arg, sizeof(ap_server_root)); } - /* ServerRoot is never '/' terminated */ - while (strlen(ap_server_root) > 1 && ap_server_root[strlen(ap_server_root)-1] == '/') - ap_server_root[strlen(ap_server_root)-1] = '\0'; - ap_cpystrn(ap_server_root, arg, - sizeof(ap_server_root)); return NULL; } diff --git a/usr.sbin/httpd/src/main/http_main.c b/usr.sbin/httpd/src/main/http_main.c index 49fc0d25ad1..5affe32135d 100644 --- a/usr.sbin/httpd/src/main/http_main.c +++ b/usr.sbin/httpd/src/main/http_main.c @@ -1,3 +1,5 @@ +/* $OpenBSD: http_main.c,v 1.15 2002/07/15 09:40:49 henning Exp $ */ + /* ==================================================================== * The Apache Software License, Version 1.1 * @@ -4340,7 +4342,9 @@ static void child_main(int child_num_arg) signal(SIGURG, timeout); #endif #endif - signal(SIGALRM, alrm_handler); + if (signal(SIGALRM, alrm_handler) == SIG_ERR) { + fprintf(stderr, "installing signal handler for SIGALRM failed, errno %u\n", errno); + } #ifdef TPF signal(SIGHUP, just_die); signal(SIGTERM, just_die); @@ -5140,46 +5144,57 @@ static void standalone_main(int argc, char **argv) server_conf = ap_read_config(pconf, ptrans, ap_server_confname); setup_listeners(pconf); ap_clear_pool(plog); - ap_open_logs(server_conf, plog); - ap_log_pid(pconf, ap_pid_fname); + + /* + * we cannot reopen the logfiles once we dropped permissions, + * we cannot write the pidfile (pointless anyway), and we can't + * reload & reinit the modules. + */ + + if (!is_chrooted) { + ap_open_logs(server_conf, plog); + ap_log_pid(pconf, ap_pid_fname); + } ap_set_version(); /* create our server_version string */ ap_init_modules(pconf, server_conf); version_locked++; /* no more changes to server_version */ - if(!is_graceful && ap_server_chroot) { - - /* initialize /dev/crypto, XXX check for -DSSL option */ - OpenSSL_add_all_algorithms(); + if(!is_graceful) + if (ap_server_chroot) { + if (geteuid()) { + ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf, + "can't run in secure mode if not started with " + "root privs."); + exit(1); + } - if (geteuid()) { - ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf, - "can't run in secure mode if not started with root privs."); - exit(1); - } + /* initialize /dev/crypto, XXX check for -DSSL option */ + OpenSSL_add_all_algorithms(); - if (chroot(ap_server_root) < 0) { - ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf, - "unable to chroot into %s!", ap_server_root); - exit(1); - } - ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf, - "chrooted in %s", ap_server_root); - chdir("/"); - is_chrooted = 1; - setproctitle("parent [chroot %s]", ap_server_root); - - if (setgroups(1, &ap_group_id) || setegid(ap_group_id) || - setgid(ap_group_id) || seteuid(ap_user_id) || - setuid(ap_user_id)) { + if (chroot(ap_server_root) < 0) { ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf, - "can't drop priviliges!"); + "unable to chroot into %s!", ap_server_root); exit(1); - } else - ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, - server_conf, "changed to uid %ld, gid %ld", - (long)ap_user_id, (long)ap_group_id); - } else - setproctitle("parent"); + } + ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, + server_conf, "chrooted in %s", ap_server_root); + chdir("/"); + is_chrooted = 1; + setproctitle("parent [chroot %s]", ap_server_root); + + if (setgroups(1, &ap_group_id) || setegid(ap_group_id) || + setgid(ap_group_id) || seteuid(ap_user_id) || + setuid(ap_user_id)) { + ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf, + "can't drop priviliges!"); + exit(1); + } else + ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, + server_conf, "changed to uid %ld, gid %ld", + (long)ap_user_id, (long)ap_group_id); + } else + setproctitle("parent"); + SAFE_ACCEPT(accept_mutex_init(pconf)); if (!is_graceful) { @@ -8025,3 +8040,8 @@ API_EXPORT(int) ap_server_strip_chroot(char *src, int force) } } +API_EXPORT(int) ap_server_is_chrooted() +{ + return(is_chrooted); +} + diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c index 866039b463c..dec62cc17cf 100644 --- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c +++ b/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c @@ -1,3 +1,5 @@ +/* $OpenBSD: ssl_engine_init.c,v 1.18 2002/07/15 09:40:49 henning Exp $ */ + /* _ _ ** _ __ ___ ___ __| | ___ ___| | mod_ssl ** | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL @@ -164,7 +166,8 @@ void ssl_init_Module(server_rec *s, pool *p) sc->nPassPhraseDialogType = SSL_PPTYPE_BUILTIN; /* Open the dedicated SSL logfile */ - ssl_log_open(s, s2, p); + if (!ap_server_is_chrooted()) + ssl_log_open(s, s2, p); } /* @@ -1116,4 +1119,3 @@ void ssl_init_ModuleKill(void *data) return; } - |