summaryrefslogtreecommitdiff
path: root/usr.sbin
diff options
context:
space:
mode:
authorHenning Brauer <henning@cvs.openbsd.org>2002-07-15 09:40:50 +0000
committerHenning Brauer <henning@cvs.openbsd.org>2002-07-15 09:40:50 +0000
commitb18afd6bb502a4fbce5d8276c6a2e14b0d57826a (patch)
tree1a0043d79da6fd2ad80ef35f2a29bca723d67a04 /usr.sbin
parent3125fbda45c032ef151749c174356de87a827688 (diff)
don't try things we are not able to do if chrooted on graceful restarts.
this does not mean a chrooted httpd survives a graceful restart (yet).
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/httpd/src/main/http_config.c12
-rw-r--r--usr.sbin/httpd/src/main/http_core.c64
-rw-r--r--usr.sbin/httpd/src/main/http_main.c86
-rw-r--r--usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c6
4 files changed, 119 insertions, 49 deletions
diff --git a/usr.sbin/httpd/src/main/http_config.c b/usr.sbin/httpd/src/main/http_config.c
index 6a2191b086f..effe5397e8b 100644
--- a/usr.sbin/httpd/src/main/http_config.c
+++ b/usr.sbin/httpd/src/main/http_config.c
@@ -1,3 +1,5 @@
+/* $OpenBSD: http_config.c,v 1.10 2002/07/15 09:40:49 henning Exp $ */
+
/* ====================================================================
* The Apache Software License, Version 1.1
*
@@ -1264,6 +1266,9 @@ CORE_EXPORT(void) ap_process_resource_config(server_rec *s, char *fname, pool *p
fname = ap_server_root_relative(p, fname);
+ /* if we are already chrooted here, it's a restart. strip chroot then. */
+ ap_server_strip_chroot(fname, 0);
+
if (!(strcmp(fname, ap_server_root_relative(p, RESOURCE_CONFIG_FILE))) ||
!(strcmp(fname, ap_server_root_relative(p, ACCESS_CONFIG_FILE)))) {
if (stat(fname, &finfo) == -1)
@@ -1554,8 +1559,11 @@ static void init_config_globals(pool *p)
ap_standalone = 1;
ap_user_name = DEFAULT_USER;
- ap_user_id = ap_uname2id(DEFAULT_USER);
- ap_group_id = ap_gname2id(DEFAULT_GROUP);
+ if (!ap_server_is_chrooted()) {
+ /* can't work, just keep old setting */
+ ap_user_id = ap_uname2id(DEFAULT_USER);
+ ap_group_id = ap_gname2id(DEFAULT_GROUP);
+ }
ap_daemons_to_start = DEFAULT_START_DAEMON;
ap_daemons_min_free = DEFAULT_MIN_FREE_DAEMON;
ap_daemons_max_free = DEFAULT_MAX_FREE_DAEMON;
diff --git a/usr.sbin/httpd/src/main/http_core.c b/usr.sbin/httpd/src/main/http_core.c
index 5397eff2316..0b09e4f646a 100644
--- a/usr.sbin/httpd/src/main/http_core.c
+++ b/usr.sbin/httpd/src/main/http_core.c
@@ -1,3 +1,5 @@
+/* $OpenBSD: http_core.c,v 1.11 2002/07/15 09:40:49 henning Exp $ */
+
/* ====================================================================
* The Apache Software License, Version 1.1
*
@@ -2098,13 +2100,29 @@ static const char *set_user(cmd_parms *cmd, void *dummy, char *arg)
return err;
}
+ /*
+ * This is, again, tricky. on restarts, we cannot use uname2id.
+ * keep the old settings for the main server.
+ * barf out on user directives in <VirtualHost> sections.
+ */
+
if (!cmd->server->is_virtual) {
- ap_user_name = arg;
- cmd->server->server_uid = ap_user_id = ap_uname2id(arg);
+ if (!ap_server_is_chrooted()) {
+ ap_user_name = arg;
+ ap_user_id = ap_uname2id(arg);
+ }
+ cmd->server->server_uid = ap_user_id;
}
else {
if (ap_suexec_enabled) {
- cmd->server->server_uid = ap_uname2id(arg);
+ if (ap_server_is_chrooted()) {
+ fprintf(stderr, "cannot look up uids once chrooted. Thus, User "
+ "directives inside <VirtualHost> and restarts aren't "
+ "possible together. Please stop httpd and start a new "
+ "one\n");
+ exit(1);
+ } else
+ cmd->server->server_uid = ap_uname2id(arg);
}
else {
cmd->server->server_uid = ap_user_id;
@@ -2141,11 +2159,21 @@ static const char *set_group(cmd_parms *cmd, void *dummy, char *arg)
}
if (!cmd->server->is_virtual) {
- cmd->server->server_gid = ap_group_id = ap_gname2id(arg);
+ if (!ap_server_is_chrooted()) {
+ ap_group_id = ap_gname2id(arg);
+ }
+ cmd->server->server_gid = ap_group_id;
}
else {
if (ap_suexec_enabled) {
- cmd->server->server_gid = ap_gname2id(arg);
+ if (ap_server_is_chrooted()) {
+ fprintf(stderr, "cannot look up gids once chrooted. Thus, Group"
+ " directives inside <VirtualHost> and restarts aren't "
+ "possible together. Please stop httpd and start a new "
+ "one\n");
+ exit(1);
+ } else
+ cmd->server->server_gid = ap_gname2id(arg);
}
else {
cmd->server->server_gid = ap_group_id;
@@ -2168,14 +2196,26 @@ static const char *set_server_root(cmd_parms *cmd, void *dummy, char *arg)
arg = ap_os_canonical_filename(cmd->pool, arg);
- if (!ap_is_directory(arg)) {
- return "ServerRoot must be a valid directory";
+ /*
+ * This is a bit tricky. On startup we are not chrooted here.
+ * On restarts (graceful or not) we are (unless we're in unsecure mode).
+ * if we would strip off the chroot prefix, nothing (not even "/")
+ * would last.
+ * it's pointless to test wether ServerRoot is a directory if we are
+ * already chrooted into that.
+ * Of course it's impossible to change ServerRoot without a full restart.
+ * should we abort with an error if ap_server_root != arg?
+ */
+
+ if (!ap_server_is_chrooted()) {
+ if (!ap_is_directory(arg)) {
+ return "ServerRoot must be a valid directory";
+ }
+ /* ServerRoot is never '/' terminated */
+ while (strlen(ap_server_root) > 1 && ap_server_root[strlen(ap_server_root)-1] == '/')
+ ap_server_root[strlen(ap_server_root)-1] = '\0';
+ ap_cpystrn(ap_server_root, arg, sizeof(ap_server_root));
}
- /* ServerRoot is never '/' terminated */
- while (strlen(ap_server_root) > 1 && ap_server_root[strlen(ap_server_root)-1] == '/')
- ap_server_root[strlen(ap_server_root)-1] = '\0';
- ap_cpystrn(ap_server_root, arg,
- sizeof(ap_server_root));
return NULL;
}
diff --git a/usr.sbin/httpd/src/main/http_main.c b/usr.sbin/httpd/src/main/http_main.c
index 49fc0d25ad1..5affe32135d 100644
--- a/usr.sbin/httpd/src/main/http_main.c
+++ b/usr.sbin/httpd/src/main/http_main.c
@@ -1,3 +1,5 @@
+/* $OpenBSD: http_main.c,v 1.15 2002/07/15 09:40:49 henning Exp $ */
+
/* ====================================================================
* The Apache Software License, Version 1.1
*
@@ -4340,7 +4342,9 @@ static void child_main(int child_num_arg)
signal(SIGURG, timeout);
#endif
#endif
- signal(SIGALRM, alrm_handler);
+ if (signal(SIGALRM, alrm_handler) == SIG_ERR) {
+ fprintf(stderr, "installing signal handler for SIGALRM failed, errno %u\n", errno);
+ }
#ifdef TPF
signal(SIGHUP, just_die);
signal(SIGTERM, just_die);
@@ -5140,46 +5144,57 @@ static void standalone_main(int argc, char **argv)
server_conf = ap_read_config(pconf, ptrans, ap_server_confname);
setup_listeners(pconf);
ap_clear_pool(plog);
- ap_open_logs(server_conf, plog);
- ap_log_pid(pconf, ap_pid_fname);
+
+ /*
+ * we cannot reopen the logfiles once we dropped permissions,
+ * we cannot write the pidfile (pointless anyway), and we can't
+ * reload & reinit the modules.
+ */
+
+ if (!is_chrooted) {
+ ap_open_logs(server_conf, plog);
+ ap_log_pid(pconf, ap_pid_fname);
+ }
ap_set_version(); /* create our server_version string */
ap_init_modules(pconf, server_conf);
version_locked++; /* no more changes to server_version */
- if(!is_graceful && ap_server_chroot) {
-
- /* initialize /dev/crypto, XXX check for -DSSL option */
- OpenSSL_add_all_algorithms();
+ if(!is_graceful)
+ if (ap_server_chroot) {
+ if (geteuid()) {
+ ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
+ "can't run in secure mode if not started with "
+ "root privs.");
+ exit(1);
+ }
- if (geteuid()) {
- ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
- "can't run in secure mode if not started with root privs.");
- exit(1);
- }
+ /* initialize /dev/crypto, XXX check for -DSSL option */
+ OpenSSL_add_all_algorithms();
- if (chroot(ap_server_root) < 0) {
- ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
- "unable to chroot into %s!", ap_server_root);
- exit(1);
- }
- ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
- "chrooted in %s", ap_server_root);
- chdir("/");
- is_chrooted = 1;
- setproctitle("parent [chroot %s]", ap_server_root);
-
- if (setgroups(1, &ap_group_id) || setegid(ap_group_id) ||
- setgid(ap_group_id) || seteuid(ap_user_id) ||
- setuid(ap_user_id)) {
+ if (chroot(ap_server_root) < 0) {
ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
- "can't drop priviliges!");
+ "unable to chroot into %s!", ap_server_root);
exit(1);
- } else
- ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE,
- server_conf, "changed to uid %ld, gid %ld",
- (long)ap_user_id, (long)ap_group_id);
- } else
- setproctitle("parent");
+ }
+ ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE,
+ server_conf, "chrooted in %s", ap_server_root);
+ chdir("/");
+ is_chrooted = 1;
+ setproctitle("parent [chroot %s]", ap_server_root);
+
+ if (setgroups(1, &ap_group_id) || setegid(ap_group_id) ||
+ setgid(ap_group_id) || seteuid(ap_user_id) ||
+ setuid(ap_user_id)) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
+ "can't drop priviliges!");
+ exit(1);
+ } else
+ ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE,
+ server_conf, "changed to uid %ld, gid %ld",
+ (long)ap_user_id, (long)ap_group_id);
+ } else
+ setproctitle("parent");
+
SAFE_ACCEPT(accept_mutex_init(pconf));
if (!is_graceful) {
@@ -8025,3 +8040,8 @@ API_EXPORT(int) ap_server_strip_chroot(char *src, int force)
}
}
+API_EXPORT(int) ap_server_is_chrooted()
+{
+ return(is_chrooted);
+}
+
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c
index 866039b463c..dec62cc17cf 100644
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c
+++ b/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c
@@ -1,3 +1,5 @@
+/* $OpenBSD: ssl_engine_init.c,v 1.18 2002/07/15 09:40:49 henning Exp $ */
+
/* _ _
** _ __ ___ ___ __| | ___ ___| | mod_ssl
** | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
@@ -164,7 +166,8 @@ void ssl_init_Module(server_rec *s, pool *p)
sc->nPassPhraseDialogType = SSL_PPTYPE_BUILTIN;
/* Open the dedicated SSL logfile */
- ssl_log_open(s, s2, p);
+ if (!ap_server_is_chrooted())
+ ssl_log_open(s, s2, p);
}
/*
@@ -1116,4 +1119,3 @@ void ssl_init_ModuleKill(void *data)
return;
}
-