diff options
-rw-r--r-- | usr.sbin/httpd/support/Makefile | 52 | ||||
-rw-r--r-- | usr.sbin/httpd/support/Makefile.tmpl | 35 | ||||
-rw-r--r-- | usr.sbin/httpd/support/cls.c | 165 | ||||
-rw-r--r-- | usr.sbin/httpd/support/dbmmanage | 126 | ||||
-rw-r--r-- | usr.sbin/httpd/support/dbmmanage.new | 140 | ||||
-rw-r--r-- | usr.sbin/httpd/support/dbmmanage.readme | 7 | ||||
-rw-r--r-- | usr.sbin/httpd/support/htdigest.c | 187 | ||||
-rw-r--r-- | usr.sbin/httpd/support/htpasswd.1 | 88 | ||||
-rw-r--r-- | usr.sbin/httpd/support/htpasswd.c | 198 | ||||
-rw-r--r-- | usr.sbin/httpd/support/httpd.8 | 125 | ||||
-rw-r--r-- | usr.sbin/httpd/support/httpd_monitor.c | 307 | ||||
-rw-r--r-- | usr.sbin/httpd/support/log_server_status | 110 | ||||
-rw-r--r-- | usr.sbin/httpd/support/logresolve.c | 369 | ||||
-rw-r--r-- | usr.sbin/httpd/support/phf_abuse_log.cgi | 21 | ||||
-rw-r--r-- | usr.sbin/httpd/support/rotatelogs.c | 84 | ||||
-rw-r--r-- | usr.sbin/httpd/support/suexec.c | 491 | ||||
-rw-r--r-- | usr.sbin/httpd/support/suexec.h | 137 |
17 files changed, 0 insertions, 2642 deletions
diff --git a/usr.sbin/httpd/support/Makefile b/usr.sbin/httpd/support/Makefile deleted file mode 100644 index 6270d87db1e..00000000000 --- a/usr.sbin/httpd/support/Makefile +++ /dev/null @@ -1,52 +0,0 @@ -############### -# Platform: OpenBSD -# Final Rules: -# Rule WANTHSREGEX=no -############### -CC=gcc -OPTIM=-O2 -CFLAGS1= -INCLUDES1= -LIBS1= -LFLAGS1= -BROKEN_BPRINTF_FLAGS= -REGLIB= -RANLIB=ranlib -SHELL=/bin/sh - -#### End of Configure created section #### -# Apache makefile template (well, suffix). - -# This is combined with the information in the "Configuration" file -# by the configure script to make the actual Makefile. - -CFLAGS=$(OPTIM) $(CFLAGS1) $(EXTRA_CFLAGS) -LIBS=$(EXTRA_LIBS) $(LIBS1) -INCLUDES=-I../src -I../src/regex $(INCLUDES1) $(EXTRA_INCLUDES) -LFLAGS=$(LFLAGS1) $(EXTRA_LFLAGS) - -.c.o: - $(CC) -c $(CFLAGS) $(INCLUDES) $< - -TARGETS=htpasswd htdigest httpd_monitor rotatelogs logresolve - -all: $(TARGETS) - -htpasswd: htpasswd.c - $(CC) $(CFLAGS) htpasswd.c -o htpasswd $(LIBS) - -htdigest: htdigest.c - $(CC) $(CFLAGS) htdigest.c -o htdigest - -httpd_monitor: httpd_monitor.c - $(CC) $(INCLUDES) $(CFLAGS) httpd_monitor.c -o httpd_monitor - -rotatelogs: rotatelogs.c - $(CC) $(INCLUDES) $(CFLAGS) rotatelogs.c -o rotatelogs - -logresolve: logresolve.c - $(CC) $(INCLUDES) $(CFLAGS) logresolve.c -o logresolve $(LIBS) - -clean: - rm -f $(TARGETS) - diff --git a/usr.sbin/httpd/support/Makefile.tmpl b/usr.sbin/httpd/support/Makefile.tmpl deleted file mode 100644 index 84aebc02014..00000000000 --- a/usr.sbin/httpd/support/Makefile.tmpl +++ /dev/null @@ -1,35 +0,0 @@ -# Apache makefile template (well, suffix). - -# This is combined with the information in the "Configuration" file -# by the configure script to make the actual Makefile. - -CFLAGS=$(OPTIM) $(CFLAGS1) $(EXTRA_CFLAGS) -LIBS=$(EXTRA_LIBS) $(LIBS1) -INCLUDES=-I../src -I../src/regex $(INCLUDES1) $(EXTRA_INCLUDES) -LFLAGS=$(LFLAGS1) $(EXTRA_LFLAGS) - -.c.o: - $(CC) -c $(CFLAGS) $(INCLUDES) $< - -TARGETS=htpasswd htdigest httpd_monitor rotatelogs logresolve - -all: $(TARGETS) - -htpasswd: htpasswd.c - $(CC) $(CFLAGS) htpasswd.c -o htpasswd $(LIBS) - -htdigest: htdigest.c - $(CC) $(CFLAGS) htdigest.c -o htdigest - -httpd_monitor: httpd_monitor.c - $(CC) $(INCLUDES) $(CFLAGS) httpd_monitor.c -o httpd_monitor - -rotatelogs: rotatelogs.c - $(CC) $(INCLUDES) $(CFLAGS) rotatelogs.c -o rotatelogs - -logresolve: logresolve.c - $(CC) $(INCLUDES) $(CFLAGS) logresolve.c -o logresolve $(LIBS) - -clean: - rm -f $(TARGETS) - diff --git a/usr.sbin/httpd/support/cls.c b/usr.sbin/httpd/support/cls.c deleted file mode 100644 index 2c553cec93d..00000000000 --- a/usr.sbin/httpd/support/cls.c +++ /dev/null @@ -1,165 +0,0 @@ -#include <ctype.h> -#include <dirent.h> -#include <stdio.h> -#include <string.h> -#include <time.h> - -/* - * Compare a string to a mask - * Mask characters: - * @ - uppercase letter - * # - lowercase letter - * & - hex digit - * # - digit - * * - swallow remaining characters - * <x> - exact match for any other character - */ -static int -checkmask(const char *data, const char *mask) -{ - int i, ch, d; - - for (i=0; mask[i] != '\0' && mask[i] != '*'; i++) - { - ch = mask[i]; - d = data[i]; - if (ch == '@') - { - if (!isupper(d)) return 0; - } else if (ch == '$') - { - if (!islower(d)) return 0; - } else if (ch == '#') - { - if (!isdigit(d)) return 0; - } else if (ch == '&') - { - if (!isxdigit(d)) return 0; - } else if (ch != d) return 0; - } - - if (mask[i] == '*') return 1; - else return (data[i] == '\0'); -} - -/* - * Converts 8 hex digits to a time integer - */ -static int -hex2sec(const char *x) -{ - int i, ch; - unsigned int j; - - for (i=0, j=0; i < 8; i++) - { - ch = x[i]; - j <<= 4; - if (isdigit(ch)) j |= ch - '0'; - else if (isupper(ch)) j |= ch - ('A' - 10); - else j |= ch - ('a' - 10); - } - if (j == 0xffffffff) return -1; /* so that it works with 8-byte ints */ - else return j; -} - -int -main(int argc, char **argv) -{ - int i, ver; - DIR *d; - struct dirent *e; - const char *s; - FILE *fp; - char path[FILENAME_MAX+1]; - char line[1035]; - time_t date, lmod, expire; - unsigned int len; - struct tm ts; - char sdate[30], slmod[30], sexpire[30]; - const char time_format[]="%e %b %Y %R"; - - if (argc != 2) - { - printf("Usage: cls directory\n"); - exit(0); - } - - d = opendir(argv[1]); - if (d == NULL) - { - perror("opendir"); - exit(1); - } - - for (;;) - { - e = readdir(d); - if (e == NULL) break; - s = e->d_name; - if (s[0] == '.' || s[0] == '#') continue; - sprintf(path, "%s/%s", argv[1], s); - fp = fopen(path, "r"); - if (fp == NULL) - { - perror("fopen"); - continue; - } - if (fgets(line, 1034, fp) == NULL) - { - perror("fgets"); - fclose(fp); - continue; - } - if (!checkmask(line, "&&&&&&&& &&&&&&&& &&&&&&&& &&&&&&&& &&&&&&&&\n")) - { - fprintf(stderr, "Bad cache file\n"); - fclose(fp); - continue; - } - date = hex2sec(line); - lmod = hex2sec(line+9); - expire = hex2sec(line+18); - ver = hex2sec(line+27); - len = hex2sec(line+35); - if (fgets(line, 1034, fp) == NULL) - { - perror("fgets"); - fclose(fp); - continue; - } - fclose(fp); - i = strlen(line); - if (strncmp(line, "X-URL: ", 7) != 0 || line[i-1] != '\n') - { - fprintf(stderr, "Bad cache file\n"); - continue; - } - line[i-1] = '\0'; - if (date != -1) - { - ts = *gmtime(&date); - strftime(sdate, 30, time_format, &ts); - } else - strcpy(sdate, "-"); - - if (lmod != -1) - { - ts = *gmtime(&lmod); - strftime(slmod, 30, time_format, &ts); - } else - strcpy(slmod, "-"); - - if (expire != -1) - { - ts = *gmtime(&expire); - strftime(sexpire, 30, time_format, &ts); - } else - strcpy(sexpire, "-"); - - printf("%s: %d; %s %s %s\n", line+7, ver, sdate, slmod, sexpire); - } - - closedir(d); - return 0; -} diff --git a/usr.sbin/httpd/support/dbmmanage b/usr.sbin/httpd/support/dbmmanage deleted file mode 100644 index 8afc45f0045..00000000000 --- a/usr.sbin/httpd/support/dbmmanage +++ /dev/null @@ -1,126 +0,0 @@ -#!/usr/local/bin/perl - -# ==================================================================== -# Copyright (c) 1995-1997 The Apache Group. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# 3. All advertising materials mentioning features or use of this -# software must display the following acknowledgment: -# "This product includes software developed by the Apache Group -# for use in the Apache HTTP server project (http://www.apache.org/)." -# -# 4. The names "Apache Server" and "Apache Group" must not be used to -# endorse or promote products derived from this software without -# prior written permission. -# -# 5. Redistributions of any form whatsoever must retain the following -# acknowledgment: -# "This product includes software developed by the Apache Group -# for use in the Apache HTTP server project (http://www.apache.org/)." -# -# THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY -# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR -# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -# OF THE POSSIBILITY OF SUCH DAMAGE. -# ==================================================================== -# -# This software consists of voluntary contributions made by many -# individuals on behalf of the Apache Group and was originally based -# on public domain software written at the National Center for -# Supercomputing Applications, University of Illinois, Urbana-Champaign. -# For more information on the Apache Group and the Apache HTTP server -# project, please see <http://www.apache.org/>. - - -# usage: dbmmanage <DBMfile> <command> <key> <value> <group> -# -# commands: add, delete, view, adduser -# -# no values needed for delete, no keys or values needed for view. -# to change a value, simply use "add". -# adduser encrypts the password: -# dbmmanage <dbm file> adduser <person> <password> -# -# <group> is optional, and may also be supplied to add the user -# to a specified group: -# dbmmanage <dbm file> adduser <person> <password> <group> - -if (scalar(@ARGV) < 2) { - print "Too few arguments.\n"; - exit; -} - -$file=$ARGV[0]; -$command=$ARGV[1]; -$key=$ARGV[2]; -$value=$ARGV[3]; -$group=$ARGV[4]; - -# create a random salt -@range=('0'..'9','a'..'z','A'..'Z'); -srand($$|time); -$salt=$range[rand(int($#range)+1)] . $range[rand(int($#range)+1)]; - -if ($command eq "add") { - dbmopen(%DB, $file, 0664) || die "Error: $!\n"; - $value .= ":$group" if $group ne ""; - $DB{$key} = $value; - dbmclose(%DB); - print "Entry $key added with value $value.\n"; - exit; -} - -if ($command eq "adduser") { - $hash = crypt($value, "$salt"); - dbmopen(%DB, $file, 0664) || die "Error: $!\n"; - $hash .= ":$group" if $group ne ""; - $value .= ":$group" if $group ne ""; - $DB{$key} = $hash; - dbmclose(%DB); - print "User $key added with password $value, encrypted to $hash\n"; - exit; -} - -if ($command eq "delete") { - dbmopen(%DB, $file, 0664) || die "Error: $!\n"; - delete($DB{$key}); - dbmclose(%DB); - exit; -} - -if ($command eq "view") { - dbmopen(%DB, $file, undef) || die "Error: $!\n"; - $return_status = 1; - unless ($key) { - while (($nkey,$val) = each %DB) { - print "$nkey = $val\n"; - } - } else { - $return_status = 0 if defined $DB{$key}; - print "$key = $DB{$key}\n"; - } - dbmclose(%DB); - exit($return_status); -} - -print "Command unrecognized - must be one of: view, add, adduser, delete.\n"; - diff --git a/usr.sbin/httpd/support/dbmmanage.new b/usr.sbin/httpd/support/dbmmanage.new deleted file mode 100644 index 48d9f26d7ee..00000000000 --- a/usr.sbin/httpd/support/dbmmanage.new +++ /dev/null @@ -1,140 +0,0 @@ -#!/usr/local/bin/perl - -# ==================================================================== -# Copyright (c) 1995-1997 The Apache Group. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# 3. All advertising materials mentioning features or use of this -# software must display the following acknowledgment: -# "This product includes software developed by the Apache Group -# for use in the Apache HTTP server project (http://www.apache.org/)." -# -# 4. The names "Apache Server" and "Apache Group" must not be used to -# endorse or promote products derived from this software without -# prior written permission. -# -# 5. Redistributions of any form whatsoever must retain the following -# acknowledgment: -# "This product includes software developed by the Apache Group -# for use in the Apache HTTP server project (http://www.apache.org/)." -# -# THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY -# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR -# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -# OF THE POSSIBILITY OF SUCH DAMAGE. -# ==================================================================== -# -# This software consists of voluntary contributions made by many -# individuals on behalf of the Apache Group and was originally based -# on public domain software written at the National Center for -# Supercomputing Applications, University of Illinois, Urbana-Champaign. -# For more information on the Apache Group and the Apache HTTP server -# project, please see <http://www.apache.org/>. - - -# usage: dbmmanage <DBMfile> <command> <key> <value> -# -# commands: add, delete, view, adduser -# -# no values needed for delete, no keys or values needed for view. -# to change a value, simply use "add". -# adduser encrypts the password: -# dbmmanage <dbm file> adduser <person> <password> - -if (@ARGV < 2) { - die "Too few arguments.\ - Usage: dbmmanage <DBMfile> <command> [<key> [<value>]]\ - where command is add, delete, view or adduser.\ - No value required for \"delete\", no key or value for \"view\".\ - To change a value, simply use \"add\".\ - \"adduser\" encrypts the value and uses it as the user's password\n"; -} - -($file,$command,$key,$value) = @ARGV; - -$file =~ s/\.db.?$//; # remove ".db" or ".dbX" extension if any -$file =~ s/\.pag$//; # remove ".pag" and ".dir" as well. -$file =~ s/\.dir$//; # these are all common DBM extensions. - -if ($command eq "add") { - dbmopen(%DB, $file, 0664) || die "Error: $!\n"; - $DB{$key} = $value; - dbmclose(%DB); - print "Entry $key added with value $value.\n"; -} elsif ($command eq "adduser") { - srand; # needs to be done only once. - $salt = &compute_salt(0); # change to compute_salt(1) for new crypt() - $hash = crypt($value, $salt); - dbmopen(%DB, $file, 0664) || die "Error: $!\n"; - $DB{$key} = $hash; - dbmclose(%DB); - print "User $key added with password ``$value'', encrypted to $hash\n"; -} elsif ($command eq "delete") { - dbmopen(%DB, $file, 0664) || die "Error: $!\n"; - delete($DB{$key}); - dbmclose(%DB); -} elsif ($command eq "view") { - dbmopen(%DB, $file, undef) || die "Error: $!\n"; - unless ($key) { - while (($nkey,$val) = each %DB) { - print "$nkey = $val\n"; - } - } else { - print "$key = $DB{$key}\n"; - } - dbmclose(%DB); -} else { - print "Command unrecognized - must be one of: view, add, adduser, delete.\n"; -} - -exit(0); - -# if $newstyle is 1, then use new style salt (starts with '_' and contains -# four bytes of iteration count and four bytes of salt). Otherwise, just use -# the traditional two-byte salt. -# see the man page on your system to decide if you have a newer crypt() lib. -# I believe that 4.4BSD derived systems do (at least BSD/OS 2.0 does). -# The new style crypt() allows up to 20 characters of the password to be -# significant rather than only 8. -sub compute_salt { - local($newstyle) = @_; - local($salt); - if ($newstyle) { - $salt = "_" . &randchar(1) . "a.." . &randchar(4); - } else { - $salt = &randchar(2); - } - $salt; -} - -# return $count random characters -sub randchar { - local($count) = @_; - local($str) = ""; - local($enc) = - "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; - while ($count--) { - # 64 = length($enc) in call to rand() below - $str .= substr($enc,int(rand(64)),1); - } - $str; -} diff --git a/usr.sbin/httpd/support/dbmmanage.readme b/usr.sbin/httpd/support/dbmmanage.readme deleted file mode 100644 index 8ef9e688864..00000000000 --- a/usr.sbin/httpd/support/dbmmanage.readme +++ /dev/null @@ -1,7 +0,0 @@ - -Two versions of the dbmmanage script are included with this release. -One is the old faithful version, which should continue to work if you've -been using it; the other is a newer cut, which can be easily modified to -support the newer extended crypt routines which are present on some -systems (including 4.4BSD derivatives); this newer version is, for the -nonce, experimental... diff --git a/usr.sbin/httpd/support/htdigest.c b/usr.sbin/httpd/support/htdigest.c deleted file mode 100644 index 9d35b44a948..00000000000 --- a/usr.sbin/httpd/support/htdigest.c +++ /dev/null @@ -1,187 +0,0 @@ -/* - * htdigest.c: simple program for manipulating digest passwd file for Apache - * - * by Alexei Kosut, based on htpasswd.c, by Rob McCool - */ - -#include <sys/types.h> -#include <stdio.h> -#include <string.h> -#ifdef MPE -#include <signal.h> -#else -#include <sys/signal.h> -#endif -#include <stdlib.h> -#include <time.h> -#include <unistd.h> - -/* This is probably the easiest way to do it */ -#include "../src/md5c.c" - -#define LF 10 -#define CR 13 - -#define MAX_STRING_LEN 256 - -char *tn; - -char *strd(char *s) { - char *d; - - d=(char *)malloc(strlen(s) + 1); - strcpy(d,s); - return(d); -} - -void getword(char *word, char *line, char stop) { - int x = 0,y; - - for(x=0;((line[x]) && (line[x] != stop));x++) - word[x] = line[x]; - - word[x] = '\0'; - if(line[x]) ++x; - y=0; - - while((line[y++] = line[x++])); -} - -int getline(char *s, int n, FILE *f) { - register int i=0; - - while(1) { - s[i] = (char)fgetc(f); - - if(s[i] == CR) - s[i] = fgetc(f); - - if((s[i] == 0x4) || (s[i] == LF) || (i == (n-1))) { - s[i] = '\0'; - return (feof(f) ? 1 : 0); - } - ++i; - } -} - -void putline(FILE *f,char *l) { - int x; - - for(x=0;l[x];x++) fputc(l[x],f); - fputc('\n',f); -} - - -void add_password(char *user, char *realm, FILE *f) { - char *pw; - MD5_CTX context; - unsigned char digest[16]; - char string[MAX_STRING_LEN]; - unsigned int i; - - pw = strd((char *) getpass("New password:")); - if(strcmp(pw,(char *) getpass("Re-type new password:"))) { - fprintf(stderr,"They don't match, sorry.\n"); - if(tn) - unlink(tn); - exit(1); - } - fprintf(f,"%s:%s:",user,realm); - - /* Do MD5 stuff */ - sprintf(string, "%s:%s:%s", user, realm, pw); - - MD5Init (&context); - MD5Update (&context, (unsigned char *) string, strlen(string)); - MD5Final (digest, &context); - - for (i = 0; i < 16; i++) - fprintf(f, "%02x", digest[i]); - - fprintf(f, "\n"); -} - -void usage() { - fprintf(stderr,"Usage: htdigest [-c] passwordfile realm username\n"); - fprintf(stderr,"The -c flag creates a new file.\n"); - exit(1); -} - -void interrupted() { - fprintf(stderr,"Interrupted.\n"); - if(tn) unlink(tn); - exit(1); -} - -void main(int argc, char *argv[]) { - FILE *tfp,*f; - char user[MAX_STRING_LEN]; - char realm[MAX_STRING_LEN]; - char line[MAX_STRING_LEN]; - char l[MAX_STRING_LEN]; - char w[MAX_STRING_LEN]; - char x[MAX_STRING_LEN]; - char command[MAX_STRING_LEN]; - int found; - - tn = NULL; - signal(SIGINT,(void (*)())interrupted); - if(argc == 5) { - if(strcmp(argv[1],"-c")) - usage(); - if(!(tfp = fopen(argv[2],"w"))) { - fprintf(stderr,"Could not open passwd file %s for writing.\n", - argv[2]); - perror("fopen"); - exit(1); - } - printf("Adding password for %s in realm %s.\n",argv[4], argv[3]); - add_password(argv[4],argv[3],tfp); - fclose(tfp); - exit(0); - } else if(argc != 4) usage(); - - tn = tmpnam(NULL); - if(!(tfp = fopen(tn,"w"))) { - fprintf(stderr,"Could not open temp file.\n"); - exit(1); - } - - if(!(f = fopen(argv[1],"r"))) { - fprintf(stderr, - "Could not open passwd file %s for reading.\n",argv[1]); - fprintf(stderr,"Use -c option to create new one.\n"); - exit(1); - } - strcpy(user,argv[3]); - strcpy(realm,argv[2]); - - found = 0; - while(!(getline(line,MAX_STRING_LEN,f))) { - if(found || (line[0] == '#') || (!line[0])) { - putline(tfp,line); - continue; - } - strcpy(l,line); - getword(w,l,':'); - getword(x,l,':'); - if(strcmp(user,w) || strcmp(realm,x)) { - putline(tfp,line); - continue; - } - else { - printf("Changing password for user %s in realm %s\n",user,realm); - add_password(user,realm,tfp); - found = 1; - } - } - if(!found) { - printf("Adding user %s in realm %s\n",user,realm); - add_password(user,realm,tfp); - } - fclose(f); - fclose(tfp); - sprintf(command,"cp %s %s",tn,argv[1]); - system(command); - unlink(tn); -} diff --git a/usr.sbin/httpd/support/htpasswd.1 b/usr.sbin/httpd/support/htpasswd.1 deleted file mode 100644 index a3819ca17c2..00000000000 --- a/usr.sbin/httpd/support/htpasswd.1 +++ /dev/null @@ -1,88 +0,0 @@ -.TH htpasswd 1 "February 1997" -.\" Copyright (c) 1997 The Apache Group. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the Apache Group -.\" for use in the Apache HTTP server project (http://www.apache.org/)." -.\" -.\" 4. The names "Apache Server" and "Apache Group" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. -.\" -.\" 5. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the Apache Group -.\" for use in the Apache HTTP server project (http://www.apache.org/)." -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" ==================================================================== -.\" -.\" This software consists of voluntary contributions made by many -.\" individuals on behalf of the Apache Group and was originally based -.\" on public domain software written at the National Center for -.\" Supercomputing Applications, University of Illinois, Urbana-Champaign. -.\" For more information on the Apache Group and the Apache HTTP server -.\" project, please see <http://www.apache.org/>. -.SH NAME -htpasswd \- Create and update user authentication files -.SH SYNOPSIS -.B htpasswd -[ -.B \-c -] -.I passwdfile -.I username -.SH DESCRIPTION -.B htpasswd -is used to create and update the flat-files used to store -usernames and password for basic authentication of HTTP users. -Resources available from the -.B httpd -Apache web server can be restricted to just the users listed -in the files created by htpasswd. This program can only be used -when the usernames are stored in a flat-file. To use a -DBM database see -\fBdbmmanage\fP and \fBdbmmanage.new\fP. -.PP -This manual page only lists the command line arguments. For details of -the directives necessary to configure user authentication in httpd see -the Apache manual, which is part of the Apache distribution or can be -found at http://www.apache.org/. -.SH OPTIONS -.IP \-c -Create the \fIpasswdfile\fP. If \fIpasswdfile\fP already exists, it -is deleted first. -.IP \fB\fIpasswdfile\fP -Name of the file to contain the user name and password. If \-c -is given, this file is created if it does not already exist, -or deleted and recreated if it does exist. -.IP \fB\fIusername\fP -The username to create or update in \fBpasswdfile\fP. If -\fIusername\fP does not exist is this file, an entry is added. If it -does exist, the password is changed. -.SH SEE ALSO -httpd(8) diff --git a/usr.sbin/httpd/support/htpasswd.c b/usr.sbin/httpd/support/htpasswd.c deleted file mode 100644 index 17efe5b004a..00000000000 --- a/usr.sbin/httpd/support/htpasswd.c +++ /dev/null @@ -1,198 +0,0 @@ -/* - * htpasswd.c: simple program for manipulating password file for NCSA httpd - * - * Rob McCool - */ - -#include <sys/types.h> -#include <stdio.h> -#include <string.h> -#ifdef MPE -#include <signal.h> -#else -#include <sys/signal.h> -#endif -#include <stdlib.h> -#include <time.h> -#include <unistd.h> - -#define LF 10 -#define CR 13 - -#define MAX_STRING_LEN 256 - -char *tn; - -char *strd(char *s) { - char *d; - - d=(char *)malloc(strlen(s) + 1); - strcpy(d,s); - return(d); -} - -void getword(char *word, char *line, char stop) { - int x = 0,y; - - for(x=0;((line[x]) && (line[x] != stop));x++) - word[x] = line[x]; - - word[x] = '\0'; - if(line[x]) ++x; - y=0; - - while((line[y++] = line[x++])); -} - -int getline(char *s, int n, FILE *f) { - register int i=0; - - while(1) { - s[i] = (char)fgetc(f); - - if(s[i] == CR) - s[i] = fgetc(f); - - if((s[i] == 0x4) || (s[i] == LF) || (i == (n-1))) { - s[i] = '\0'; - return (feof(f) ? 1 : 0); - } - ++i; - } -} - -void putline(FILE *f,char *l) { - int x; - - for(x=0;l[x];x++) fputc(l[x],f); - fputc('\n',f); -} - - -/* From local_passwd.c (C) Regents of Univ. of California blah blah */ -static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */ - "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; - -void to64(register char *s, register long v, register int n) { - while (--n >= 0) { - *s++ = itoa64[v&0x3f]; - v >>= 6; - } -} - -#ifdef MPE -/* MPE lacks getpass() and a way to suppress stdin echo. So for now, just -issue the prompt and read the results with echo. (Ugh). */ - -char *getpass(const char *prompt) { - -static char password[81]; - -fputs(prompt,stderr); -gets((char *)&password); - -if (strlen((char *)&password) > 8) { - password[8]='\0'; -} - -return (char *)&password; -} -#endif - -void add_password(char *user, FILE *f) { - char *pw, *cpw, salt[3]; - - pw = strd((char *) getpass("New password:")); - if(strcmp(pw,(char *) getpass("Re-type new password:"))) { - fprintf(stderr,"They don't match, sorry.\n"); - if(tn) - unlink(tn); - exit(1); - } - (void)srand((int)time((time_t *)NULL)); - to64(&salt[0],rand(),2); - cpw = crypt(pw,salt); - free(pw); - fprintf(f,"%s:%s\n",user,cpw); -} - -void usage() { - fprintf(stderr,"Usage: htpasswd [-c] passwordfile username\n"); - fprintf(stderr,"The -c flag creates a new file.\n"); - exit(1); -} - -void interrupted() { - fprintf(stderr,"Interrupted.\n"); - if(tn) unlink(tn); - exit(1); -} - -void main(int argc, char *argv[]) { - FILE *tfp,*f; - char user[MAX_STRING_LEN]; - char line[MAX_STRING_LEN]; - char l[MAX_STRING_LEN]; - char w[MAX_STRING_LEN]; - char command[MAX_STRING_LEN]; - int found; - - tn = NULL; - signal(SIGINT,(void (*)())interrupted); - if(argc == 4) { - if(strcmp(argv[1],"-c")) - usage(); - if(!(tfp = fopen(argv[2],"w"))) { - fprintf(stderr,"Could not open passwd file %s for writing.\n", - argv[2]); - perror("fopen"); - exit(1); - } - printf("Adding password for %s.\n",argv[3]); - add_password(argv[3],tfp); - fclose(tfp); - exit(0); - } else if(argc != 3) usage(); - - tn = tmpnam(NULL); - if(!(tfp = fopen(tn,"w"))) { - fprintf(stderr,"Could not open temp file.\n"); - exit(1); - } - - if(!(f = fopen(argv[1],"r"))) { - fprintf(stderr, - "Could not open passwd file %s for reading.\n",argv[1]); - fprintf(stderr,"Use -c option to create new one.\n"); - exit(1); - } - strcpy(user,argv[2]); - - found = 0; - while(!(getline(line,MAX_STRING_LEN,f))) { - if(found || (line[0] == '#') || (!line[0])) { - putline(tfp,line); - continue; - } - strcpy(l,line); - getword(w,l,':'); - if(strcmp(user,w)) { - putline(tfp,line); - continue; - } - else { - printf("Changing password for user %s\n",user); - add_password(user,tfp); - found = 1; - } - } - if(!found) { - printf("Adding user %s\n",user); - add_password(user,tfp); - } - fclose(f); - fclose(tfp); - sprintf(command,"cp %s %s",tn,argv[1]); - system(command); - unlink(tn); -} diff --git a/usr.sbin/httpd/support/httpd.8 b/usr.sbin/httpd/support/httpd.8 deleted file mode 100644 index d456e38b101..00000000000 --- a/usr.sbin/httpd/support/httpd.8 +++ /dev/null @@ -1,125 +0,0 @@ -.TH httpd 8 "February 1997" -.\" Copyright (c) 1995-1997 David Robinson. All rights reserved. -.\" Copyright (c) 1997 The Apache Group. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the Apache Group -.\" for use in the Apache HTTP server project (http://www.apache.org/)." -.\" -.\" 4. The names "Apache Server" and "Apache Group" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. -.\" -.\" 5. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the Apache Group -.\" for use in the Apache HTTP server project (http://www.apache.org/)." -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" ==================================================================== -.\" -.\" This software consists of voluntary contributions made by many -.\" individuals on behalf of the Apache Group and was originally based -.\" on public domain software written at the National Center for -.\" Supercomputing Applications, University of Illinois, Urbana-Champaign. -.\" For more information on the Apache Group and the Apache HTTP server -.\" project, please see <http://www.apache.org/>. -.SH NAME -httpd \- Apache hypertext transfer protocol server -.SH SYNOPSIS -.B httpd -[ -.B \-hlvX? -] [ -.BI \-d " serverroot" -] [ -.BI \-f " config" -] -.SH DESCRIPTION -.B httpd -is the Apache HyperText Transfer Protocol (HTTP) server program. It is -designed to be run as a standalone daemon process. When used like this -is will create a pool of child processes to handle requests. To stop -it, send a TERM signal to the initial (parent) process. The PID of -this process is written to a file as given in the configuration file. -Alternatively -.B httpd -may be invoked by the Internet daemon inetd(8) each -time a connection to the HTTP service is made. -.PP -This manual page only lists the command line arguments. For details -of the directives necessary to configure httpd see the Apache manual, -which is part of the Apache distribution or can be found at -http://www.apache.org/. Paths in this manual may not reflect those -compiled into httpd. -.SH OPTIONS -.TP 12 -.BI \-d " serverroot" -Set the initial value for the ServerRoot directive to \fIserverroot\fP. This -can be overridden by the ServerRoot command in the configuration file. The -default is \fB/usr/local/etc/httpd\fP. -.TP -.BI \-f " config" -Execute the commands in the file \fIconfig\fP on startup. If \fIconfig\fP -does not begin with a /, then it is taken to be a path relative to -the ServerRoot. The default is \fBconf/httpd.conf\fP. -.TP -.B \-h -Output a list of directives together with expected arguments and -places where the directive is valid. -.TP -.B \-l -Output a list of modules compiled into the server. -.TP -.B \-X -Run in single-process mode, for internal debugging purposes only; the daemon -does not detach from the terminal or fork any children. Do NOT use this mode -to provide ordinary web service. -.TP -.B \-v -Print the version of httpd, and then exit. -.TP -.B \-? -Print a list of the httpd options, and then exit. -.SH FILES -.PD 0 -.B /usr/local/etc/httpd/conf/httpd.conf -.br -.B /usr/local/etc/httpd/conf/srm.conf -.br -.B /usr/local/etc/httpd/conf/access.conf -.br -.B /usr/local/etc/httpd/conf/mime.types -.br -.B /usr/local/etc/httpd/logs/error_log -.br -.B /usr/local/etc/httpd/logs/access_log -.br -.B /usr/local/etc/httpd/logs/httpd.pid -.PD -.SH SEE ALSO -.BR inetd (8). diff --git a/usr.sbin/httpd/support/httpd_monitor.c b/usr.sbin/httpd/support/httpd_monitor.c deleted file mode 100644 index f580a464824..00000000000 --- a/usr.sbin/httpd/support/httpd_monitor.c +++ /dev/null @@ -1,307 +0,0 @@ -/* ==================================================================== - * Copyright (c) 1995-1997 The Apache Group. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the Apache Group - * for use in the Apache HTTP server project (http://www.apache.org/)." - * - * 4. The names "Apache Server" and "Apache Group" must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 5. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the Apache Group - * for use in the Apache HTTP server project (http://www.apache.org/)." - * - * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR - * IT'S CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This software consists of voluntary contributions made by many - * individuals on behalf of the Apache Group and was originally based - * on public domain software written at the National Center for - * Supercomputing Applications, University of Illinois, Urbana-Champaign. - * For more information on the Apache Group and the Apache HTTP server - * project, please see <http://www.apache.org/>. - - - * simple script to monitor the child Apache processes - * Usage: - * httpd_monitor [ -d serverdir | -f conffile ] [ -s sleep_time ] - * -d/-f options specify server dir or config files, as per - * httpd. - * -s specifies how long to pause between screen updates - * If you choose 0, it might chew up lots of CPU time. - * - * Output explanation.. - * - * s = sleeping but "ready to go" child (this is '_' in mod_status) - * R = active child - writing to client - * W = active child - reading from client - * K = active child - waiting for additional request on kept-alive connection - * D = active child - doing DNS lookup - * L = active child - logging - * _ = dead child (no longer needed) (this is '.' in mod_status) - * t = just starting (this is 'S' in mod_status) - * - * - * Jim Jagielski <jim@jaguNET.com> - * v1.0 Notes: - * This code is much more ugly and complicated than it - * needs to be. - * - * v1.1: - * Minor fixes - * - * v1.2: - * Handles Apache 1.1.* scoreboard format (W/K/D/L states) -- PCS 09Jul96 - */ - -#include <stdio.h> -#include <string.h> -#include <sys/types.h> -#include <sys/stat.h> -#include "../src/httpd.h" -#include "../src/scoreboard.h" - -#define DEFAULT_SLEEPTIME 2 -#define ASIZE 1024 -#define MAX_PROC HARD_SERVER_LIMIT - -int -main(argc, argv) -int argc; -char **argv; -{ - short_score scoreboard_image; - FILE *afile; - char conf_name[ASIZE]; - char pid_name[ASIZE]; - char score_name[ASIZE]; - char tbuf[ASIZE]; - char *ptmp; - static char kid_stat[] = { '_', 's', 'R', 't', 'W', 'K', 'L', 'D' }; - int achar; - long thepid; - int score_fd; - int sleep_time = DEFAULT_SLEEPTIME; - int last_len = 0; - int kiddies; - int running, dead, total, loop; - short got_config = 0; - struct stat statbuf; - time_t last_time = 0; - extern char *optarg; - extern int optind, opterr; - void lookfor(); - - int usage(); - - /* - * Handle the options. Using getopt() is most probably overkill, - * but let's think about the future! - */ - strcpy(conf_name, HTTPD_ROOT); - while((achar = getopt(argc,argv,"s:d:f:")) != -1) { - switch(achar) { - case 'd': - strcpy(conf_name, optarg); - break; - case 'f': - strcpy(conf_name, optarg); - got_config = 1; - break; - case 's': - sleep_time = atoi(optarg); - break; - case '?': - usage(argv[0]); - } - } - - /* - * Now build the name of the httpd.conf file - */ - if (!got_config) { - strcat(conf_name, "/"); - strcat(conf_name, SERVER_CONFIG_FILE); - } - - /* - * Make sure we have the right file... Barf if not - */ - if (!(afile = fopen(conf_name, "r"))) { - perror("httpd_monitor"); - fprintf(stderr, "Can't open config file: %s\n", conf_name); - exit(1); - } - /* - * now scan thru the ConfigFile to look for the items that - * interest us - */ - lookfor(pid_name, score_name, afile); - fclose(afile); - - /* - * now open the PidFile and then the ScoreBoardFile - */ - if (!(afile = fopen(pid_name, "r"))) { - perror("httpd_monitor"); - fprintf(stderr, "Can't open PIDfile: %s\n", pid_name); - exit(1); - } - fscanf(afile, "%ld", &thepid); - fclose(afile); - - /* - * Enough taters, time for the MEAT! - */ - for(;;sleep(sleep_time)) { - if (stat(score_name, &statbuf)) { - perror("httpd_monitor"); - fprintf(stderr, "Can't stat scoreboard file: %s\n", score_name); - exit(1); - } - if (last_time == statbuf.st_mtime) - continue; /* tricky ;) */ - last_time = statbuf.st_mtime; /* for next time */ - if ((score_fd = open(score_name, 0)) == -1 ) { - perror("httpd_monitor"); - fprintf(stderr, "Can't open scoreboard file: %s\n", score_name); - exit(1); - } - /* - * all that for _this_ - */ - running = dead = total = 0; - ptmp = tbuf; - *ptmp = '\0'; - for(kiddies=0;kiddies<MAX_PROC; kiddies++) { - read(score_fd, (char *)&scoreboard_image, sizeof(short_score)); - achar = kid_stat[(int)scoreboard_image.status]; - if (scoreboard_image.pid != 0 && scoreboard_image.pid != thepid) { - total++; - if (scoreboard_image.status != SERVER_DEAD && - scoreboard_image.status != SERVER_READY) - running++; - *ptmp = achar; - *++ptmp = '\0'; - } - } - close(score_fd); - sprintf(ptmp, " (%d/%d)", running, total); - for(loop=1;loop<=last_len;loop++) - putchar('\010'); - if (last_len > strlen(tbuf)) { - for(loop=1;loop<=last_len;loop++) - putchar(' '); - for(loop=1;loop<=last_len;loop++) - putchar('\010'); - } - printf("%s", tbuf); - fflush(stdout); - last_len = strlen(tbuf); - } /* for */ -} - -int -usage(arg) -char *arg; -{ - printf("httpd_monitor: Usage\n"); - printf(" httpd_monitor [ -d config-dir] [ -s sleep-time ]\n"); - printf(" Defaults: config-dir = %s\n", HTTPD_ROOT); - printf(" sleep-time = %d seconds\n", DEFAULT_SLEEPTIME); - exit(0); -} - -/* - * This function uses some hard-wired knowledge about the - * Apache httpd.conf file setup (basically names of the 3 - * parameters we are interested in) - * - * We basically scan thru the file and grab the 3 values we - * need. This could be done better... - */ -void -lookfor(pidname, scorename, thefile) -char *pidname, *scorename; -FILE *thefile; -{ - char line[ASIZE], param[ASIZE], value[ASIZE]; - char sroot[ASIZE], pidfile[ASIZE], scorefile[ASIZE]; - - *sroot = *pidfile = *scorefile = '\0'; - while (!(feof(thefile))) { - fgets(line, ASIZE-1, thefile); - *value = '\0'; /* protect braindead sscanf() */ - sscanf(line, "%1023s %1023s", param, value); - if (strcmp(param, "PidFile")==0 && *value) - strcpy(pidfile, value); - if (strcmp(param, "ScoreBoardFile")==0 && *value) - strcpy(scorefile, value); - if (strcmp(param, "ServerRoot")==0 && *value) - strcpy(sroot, value); - } - - /* - * We've reached EOF... we should have encountered the - * ServerRoot line... if not, we bail out - */ - if (!*sroot) { - fprintf(stderr, "Can't find ServerRoot!\n"); - exit(1); - } - - /* - * Not finding PidFile or ScoreBoardFile is OK, since - * we have defaults for them - */ - if (!*pidfile) - strcpy(pidfile, DEFAULT_PIDLOG); - if (!*scorefile) - strcpy(scorefile, DEFAULT_SCOREBOARD); - - /* - * Relative or absolute? Handle both - */ - if (*pidfile == '/') - strcpy(pidname, pidfile); - else { - strcpy(pidname, sroot); - strcat(pidname, "/"); - strcat(pidname, pidfile); - } - if (*scorefile == '/') - strcpy(scorename, scorefile); - else { - strcpy(scorename, sroot); - strcat(scorename, "/"); - strcat(scorename, scorefile); - } -} - diff --git a/usr.sbin/httpd/support/log_server_status b/usr.sbin/httpd/support/log_server_status deleted file mode 100644 index 4f972591cff..00000000000 --- a/usr.sbin/httpd/support/log_server_status +++ /dev/null @@ -1,110 +0,0 @@ -#!/usr/local/bin/perl - -# ==================================================================== -# Copyright (c) 1995-1997 The Apache Group. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# 3. All advertising materials mentioning features or use of this -# software must display the following acknowledgment: -# "This product includes software developed by the Apache Group -# for use in the Apache HTTP server project (http://www.apache.org/)." -# -# 4. The names "Apache Server" and "Apache Group" must not be used to -# endorse or promote products derived from this software without -# prior written permission. -# -# 5. Redistributions of any form whatsoever must retain the following -# acknowledgment: -# "This product includes software developed by the Apache Group -# for use in the Apache HTTP server project (http://www.apache.org/)." -# -# THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY -# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR -# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -# OF THE POSSIBILITY OF SUCH DAMAGE. -# ==================================================================== -# -# This software consists of voluntary contributions made by many -# individuals on behalf of the Apache Group and was originally based -# on public domain software written at the National Center for -# Supercomputing Applications, University of Illinois, Urbana-Champaign. -# For more information on the Apache Group and the Apache HTTP server -# project, please see <http://www.apache.org/>. - - -# Log Server Status -# Mark J Cox, UK Web Ltd 1996, mark@ukweb.com -# -# This script is designed to be run at a frequent interval by something -# like cron. It connects to the server and downloads the status -# information. It reformats the information to a single line and logs -# it to a file. Make sure the directory $wherelog is writable by the -# user who runs this script. -# -require 'sys/socket.ph'; - -$wherelog = "/var/log/graph/"; # Logs will be like "/var/log/graph/960312" -$server = "localhost"; # Name of server, could be "www.foo.com" -$port = "80"; # Port on server -$request = "/status/?auto"; # Request to send - -sub tcp_connect -{ - local($host,$port) =@_; - $sockaddr='S n a4 x8'; - chop($hostname=`hostname`); - $port=(getservbyname($port, 'tcp'))[2] unless $port =~ /^\d+$/; - $me=pack($sockaddr,&AF_INET,0,(gethostbyname($hostname))[4]); - $them=pack($sockaddr,&AF_INET,$port,(gethostbyname($host))[4]); - socket(S,&PF_INET,&SOCK_STREAM,(getprotobyname('tcp'))[2]) || - die "socket: $!"; - bind(S,$me) || return "bind: $!"; - connect(S,$them) || return "connect: $!"; - select(S); - $| = 1; - select(stdout); - return ""; -} - -### Main - -{ - $date=`date +%y%m%d:%H%M%S`; - chop($date); - ($day,$time)=split(/:/,$date); - $res=&tcp_connect($server,$port); - open(OUT,">>$wherelog$day"); - if ($res) { - print OUT "$time:-1:-1:-1:-1:$res\n"; - exit 1; - } - print S "GET $request\n"; - while (<S>) { - $requests=$1 if ( m|^BusyServers:\ (\S+)|); - $idle=$1 if ( m|^IdleServers:\ (\S+)|); - $number=$1 if ( m|sses:\ (\S+)|); - $cpu=$1 if (m|^CPULoad:\ (\S+)|); - } - print OUT "$time:$requests:$idle:$number:$cpu\n"; -} - - diff --git a/usr.sbin/httpd/support/logresolve.c b/usr.sbin/httpd/support/logresolve.c deleted file mode 100644 index 86f979947a0..00000000000 --- a/usr.sbin/httpd/support/logresolve.c +++ /dev/null @@ -1,369 +0,0 @@ -/*** ***\ - logresolve 1.1 - - Tom Rathborne - tomr@uunet.ca - http://www.uunet.ca/~tomr/ - UUNET Canada, April 16, 1995 - - Rewritten by David Robinson. (drtr@ast.cam.ac.uk) - - Usage: logresolve [-s filename] [-c] < access_log > new_log - - Arguments: - -s filename name of a file to record statistics - -c check the DNS for a matching A record for the host. - - Notes: - - To generate meaningful statistics from an HTTPD log file, it's good - to have the domain name of each machine that accessed your site, but - doing this on the fly can slow HTTPD down. - - Compiling NCSA HTTPD with the -DMINIMAL_DNS flag turns IP#->hostname - resolution off. Before running your stats program, just run your log - file through this program (logresolve) and all of your IP numbers will - be resolved into hostnames (where possible). - - logresolve takes an HTTPD access log (in the COMMON log file format, - or any other format that has the IP number/domain name as the first - field for that matter), and outputs the same file with all of the - domain names looked up. Where no domain name can be found, the IP - number is left in. - - To minimize impact on your nameserver, logresolve has its very own - internal hash-table cache. This means that each IP number will only - be looked up the first time it is found in the log file. - - The -c option causes logresolve to apply the same check as httpd - compiled with -DMAXIMUM_DNS; after finding the hostname from the IP - address, it looks up the IP addresses for the hostname and checks - that one of these matches the original address. - -\*** ***/ - -#include <sys/types.h> - -#include <ctype.h> -#include <netdb.h> -#include <string.h> -#include <stdio.h> -#include <stdlib.h> - -#include <sys/socket.h> - -#include <netinet/in.h> -#ifndef MPE -#include <arpa/inet.h> -#endif - -static void cgethost(struct in_addr ipnum, char *string, int check); -static int getline(char *s, int n); -static void stats(FILE *output); - - -/* maximum line length */ -#define MAXLINE 1024 - -/* maximum length of a domain name */ -#ifndef MAXDNAME -#define MAXDNAME 256 -#endif - -/* number of buckets in cache hash table */ -#define BUCKETS 256 - -#ifdef MPE -char *strdup (const char *str) -{ - char *dup; - - if(!(dup = (char *)malloc (strlen (str) + 1))) - return NULL; - dup = strcpy (dup, str); - - return dup; -} -#endif - -/* - * struct nsrec - record of nameservice for cache linked list - * - * ipnum - IP number hostname - hostname noname - nonzero if IP number has no - * hostname, i.e. hostname=IP number - */ - -struct nsrec { - struct in_addr ipnum; - char *hostname; - int noname; - struct nsrec *next; -} *nscache[BUCKETS]; - -/* - * statistics - obvious - */ - -/* largeste value for h_errno */ -#define MAX_ERR (NO_ADDRESS) -#define UNKNOWN_ERR (MAX_ERR+1) -#define NO_REVERSE (MAX_ERR+2) - -static int cachehits = 0; -static int cachesize = 0; -static int entries = 0; -static int resolves = 0; -static int withname = 0; -static int errors[MAX_ERR+3]; - -/* - * cgethost - gets hostname by IP address, caching, and adding unresolvable - * IP numbers with their IP number as hostname, setting noname flag - */ - -static void -cgethost(ipnum, string, check) -struct in_addr ipnum; -char *string; -int check; -{ - struct nsrec **current, *new; - struct hostent *hostdata; - char *name; - extern int h_errno; /* some machines don't have this in their headers */ - - current = &nscache[((ipnum.s_addr + (ipnum.s_addr >> 8) + - (ipnum.s_addr >> 16) + (ipnum.s_addr >> 24)) % BUCKETS)]; - - while (*current != NULL && ipnum.s_addr != (*current)->ipnum.s_addr) - current = & (*current)->next; - - if (*current == NULL) - { - cachesize++; - new = (struct nsrec *) malloc(sizeof(struct nsrec)); - if (new == NULL) - { - perror("malloc"); - fprintf(stderr, "Insufficient memory\n"); - exit(1); - } - *current = new; - new->next = NULL; - - new->ipnum = ipnum; - - hostdata = gethostbyaddr((const char *) &ipnum, sizeof(struct in_addr), - AF_INET); - if (hostdata == NULL) - { - if (h_errno > MAX_ERR) errors[UNKNOWN_ERR]++; - else errors[h_errno]++; - new->noname = h_errno; - name = strdup(inet_ntoa(ipnum)); - } else - { - new->noname = 0; - name = strdup(hostdata->h_name); - if (check) - { - if (name == NULL) - { - perror("strdup"); - fprintf(stderr, "Insufficient memory\n"); - exit(1); - } - hostdata = gethostbyname(name); - if (hostdata != NULL) - { - char **hptr; - - for (hptr=hostdata->h_addr_list; *hptr != NULL; hptr++) - if(((struct in_addr *)(*hptr))->s_addr == ipnum.s_addr) - break; - if (*hptr == NULL) hostdata = NULL; - } - if (hostdata == NULL) - { - fprintf(stderr, "Bad host: %s != %s\n", name, - inet_ntoa(ipnum)); - new->noname = NO_REVERSE; - free(name); - name = strdup(inet_ntoa(ipnum)); - errors[NO_REVERSE]++; - } - } - } - new->hostname = name; - if (new->hostname == NULL) - { - perror("strdup"); - fprintf(stderr, "Insufficient memory\n"); - exit(1); - } - } else - cachehits++; - - /* size of string == MAXDNAME +1 */ - strncpy(string, (*current)->hostname, MAXDNAME); - string[MAXDNAME] = '\0'; -} - -/* - * prints various statistics to output - */ - -static void -stats(output) -FILE *output; -{ - int i; - char *ipstring; - struct nsrec *current; - char *errstring[MAX_ERR+3]; - - for (i=0; i < MAX_ERR+3; i++) errstring[i] = "Unknown error"; - errstring[HOST_NOT_FOUND] = "Host not found"; - errstring[TRY_AGAIN] = "Try again"; - errstring[NO_RECOVERY] = "Non recoverable error"; - errstring[NO_DATA] = "No data record"; - errstring[NO_ADDRESS] = "No address"; - errstring[NO_REVERSE] = "No reverse entry"; - - fprintf(output, "logresolve Statistics:\n"); - - fprintf(output, "Entries: %d\n", entries); - fprintf(output, " With name : %d\n", withname); - fprintf(output, " Resolves : %d\n", resolves); - if (errors[HOST_NOT_FOUND]) - fprintf(output, " - Not found : %d\n", errors[HOST_NOT_FOUND]); - if (errors[TRY_AGAIN]) - fprintf(output, " - Try again : %d\n", errors[TRY_AGAIN]); - if (errors[NO_DATA]) - fprintf(output, " - No data : %d\n", errors[NO_DATA]); - if (errors[NO_ADDRESS]) - fprintf(output, " - No address: %d\n", errors[NO_ADDRESS]); - if (errors[NO_REVERSE]) - fprintf(output, " - No reverse: %d\n", errors[NO_REVERSE]); - fprintf(output, "Cache hits : %d\n", cachehits); - fprintf(output, "Cache size : %d\n", cachesize); - fprintf(output, "Cache buckets : IP number * hostname\n"); - - for (i = 0; i < BUCKETS; i++) - for (current = nscache[i]; current != NULL; current = current->next) - { - ipstring = inet_ntoa(current->ipnum); - if (current->noname == 0) - fprintf(output, " %3d %15s - %s\n", i, ipstring, - current->hostname); - else - { - if (current->noname > MAX_ERR+2) - fprintf(output, " %3d %15s : Unknown error\n", i, - ipstring); - else - fprintf(output, " %3d %15s : %s\n", i, ipstring, - errstring[current->noname]); - } - } -} - - -/* - * gets a line from stdin - */ - -static int -getline(s, n) -char *s; -int n; -{ - char *cp; - - if (!fgets(s, n, stdin)) - return (0); - cp = strchr(s, '\n'); - if (cp) - *cp = '\0'; - return (1); -} - -int -main(argc, argv) -int argc; -char *argv[]; -{ - struct in_addr ipnum; - char *bar, hoststring[MAXDNAME+1], line[MAXLINE], *statfile; - int i, check; - - check = 0; - statfile = NULL; - for (i=1; i < argc; i++) - { - if (strcmp(argv[i], "-c") == 0) check = 1; - else if (strcmp(argv[i], "-s") == 0) - { - if (i == argc-1) - { - fprintf(stderr, "logresolve: missing filename to -s\n"); - exit(1); - } - i++; - statfile = argv[i]; - } - else - { - fprintf(stderr, "Usage: logresolve [-s statfile] [-c] < input > output"); - exit(0); - } - } - - - for (i = 0; i < BUCKETS; i++) nscache[i] = NULL; - for (i=0; i < MAX_ERR+2; i++) errors[i] = 0; - - while (getline(line, MAXLINE)) - { - if (line[0] == '\0') continue; - entries++; - if (!isdigit(line[0])) - { /* short cut */ - puts(line); - withname++; - continue; - } - bar = strchr(line, ' '); - if (bar != NULL) *bar = '\0'; - ipnum.s_addr = inet_addr(line); - if (ipnum.s_addr == 0xffffffffu) - { - if (bar != NULL) *bar = ' '; - puts(line); - withname++; - continue; - } - - resolves++; - - cgethost(ipnum, hoststring, check); - if (bar != NULL) - printf("%s %s\n", hoststring, bar+1); - else - puts(hoststring); - } - - if (statfile != NULL) - { - FILE *fp; - fp = fopen(statfile, "w"); - if (fp == NULL) - { - fprintf(stderr, "logresolve: could not open statistics file '%s'\n" - , statfile); - exit(1); - } - stats(fp); - fclose(fp); - } - - return (0); -} diff --git a/usr.sbin/httpd/support/phf_abuse_log.cgi b/usr.sbin/httpd/support/phf_abuse_log.cgi deleted file mode 100644 index 9ce2749c571..00000000000 --- a/usr.sbin/httpd/support/phf_abuse_log.cgi +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/local/bin/perl - -# This script can be used to detect people trying to abuse the security hole which -# existed in A CGI script direstributed with Apache 1.0.3 and earlier versions. -# You can redirect them to here using the "<Location /cgi-bin/phf*>" suggestion in -# httpd.conf. -# -# The format logged to is "[date] remote_addr remote_host [date] referrer user_agent". - -$LOG = "/var/log/phf_log"; - -require "ctime.pl"; -$when = &ctime(time); -$when =~ s/\n//go; -$ENV{HTTP_USER_AGENT} .= " via $ENV{HTTP_VIA}" if($ENV{HTTP_VIA}); - -open(LOG, ">>$LOG") || die "boo hoo, phf_log $!"; -print LOG "[$when] $ENV{REMOTE_ADDR} $ENV{REMOTE_HOST} $ENV{$HTTP_REFERER} $ENV{HTTP_USER_AGENT}\n"; -close(LOG); - -print "Content-type: text/html\r\n\r\n<BLINK>Smile, you're on Candid Camera.</BLINK>\n"; diff --git a/usr.sbin/httpd/support/rotatelogs.c b/usr.sbin/httpd/support/rotatelogs.c deleted file mode 100644 index 08066923854..00000000000 --- a/usr.sbin/httpd/support/rotatelogs.c +++ /dev/null @@ -1,84 +0,0 @@ -/* - -Simple program to rotate Apache logs without having to kill the server. - -Contributed by Ben Laurie <ben@algroup.co.uk> - -12 Mar 1996 - -*/ - -#define BUFSIZE 65536 -#define MAX_PATH 1024 - -#include <stdio.h> -#include <stdlib.h> -#include <time.h> -#include <errno.h> -#include <fcntl.h> -#include <unistd.h> - -void main(int argc,char **argv) - { - char buf[BUFSIZE],buf2[MAX_PATH]; - time_t tLogEnd; - time_t tRotation; - int nLogFD=-1; - int nRead; - char *szLogRoot; - - if(argc != 3) - { - fprintf(stderr,"%s <logfile> <rotation time in seconds>\n\n",argv[0]); -#ifdef __EMX__ - fprintf(stderr,"Add this:\n\nTransferLog \"|%s.exe /some/where 86400\"\n\n",argv[0]); -#else - fprintf(stderr,"Add this:\n\nTransferLog \"|%s /some/where 86400\"\n\n",argv[0]); -#endif - fprintf(stderr,"to httpd.conf. The generated name will be /some/where.nnnn where nnnn is the\n"); - fprintf(stderr,"system time at which the log nominally starts (N.B. this time will always be a\n"); - fprintf(stderr,"multiple of the rotation time, so you can synchronize cron scripts with it).\n"); - fprintf(stderr,"At the end of each rotation time a new log is started.\n"); - exit(1); - } - - szLogRoot=argv[1]; - tRotation=atoi(argv[2]); - if(tRotation <= 0) - { - fprintf(stderr,"Rotation time must be > 0\n"); - exit(6); - } - - for( ; ; ) - { - nRead=read(0,buf,sizeof buf); - if(nRead == 0) - exit(3); - if(nRead < 0) - if(errno != EINTR) - exit(4); - if(nLogFD >= 0 && (time(NULL) >= tLogEnd || nRead < 0)) - { - close(nLogFD); - nLogFD=-1; - } - if(nLogFD < 0) - { - time_t tLogStart=(time(NULL)/tRotation)*tRotation; - sprintf(buf2,"%s.%010d",szLogRoot,(int)tLogStart); - tLogEnd=tLogStart+tRotation; - nLogFD=open(buf2,O_WRONLY|O_CREAT|O_APPEND,0666); - if(nLogFD < 0) - { - perror(buf2); - exit(2); - } - } - if(write(nLogFD,buf,nRead) != nRead) - { - perror(buf2); - exit(5); - } - } - } diff --git a/usr.sbin/httpd/support/suexec.c b/usr.sbin/httpd/support/suexec.c deleted file mode 100644 index 3e04a095b88..00000000000 --- a/usr.sbin/httpd/support/suexec.c +++ /dev/null @@ -1,491 +0,0 @@ -/* ==================================================================== - * Copyright (c) 1995-1997 The Apache Group. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the Apache Group - * for use in the Apache HTTP server project (http://www.apache.org/)." - * - * 4. The names "Apache Server" and "Apache Group" must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 5. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the Apache Group - * for use in the Apache HTTP server project (http://www.apache.org/)." - * - * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This software consists of voluntary contributions made by many - * individuals on behalf of the Apache Group and was originally based - * on public domain software written at the National Center for - * Supercomputing Applications, University of Illinois, Urbana-Champaign. - * For more information on the Apache Group and the Apache HTTP server - * project, please see <http://www.apache.org/>. - * - */ - -/* - * suexec.c -- "Wrapper" support program for suEXEC behaviour for Apache - * - *********************************************************************** - * - * NOTE! : DO NOT edit this code!!! Unless you know what you are doing, - * editing this code might open up your system in unexpected - * ways to would-be crackers. Every precaution has been taken - * to make this code as safe as possible; alter it at your own - * risk. - * - *********************************************************************** - * - * - */ - - -#include "suexec.h" - -#include <sys/param.h> -#include <stdlib.h> -#include <unistd.h> -#include <sys/types.h> -#include <stdio.h> -#include <stdarg.h> -#include <string.h> -#include <pwd.h> -#include <grp.h> -#include <time.h> -#include <sys/stat.h> - -#if defined(PATH_MAX) -#define AP_MAXPATH PATH_MAX -#elif defined(MAXPATHLEN) -#define AP_MAXPATH MAXPATHLEN -#else -#define AP_MAXPATH 8192 -#endif - -#define AP_ENVBUF 256 - -extern char **environ; -static FILE *log; - -char *safe_env_lst[] = -{ - "AUTH_TYPE", - "CONTENT_LENGTH", - "CONTENT_TYPE", - "DATE_GMT", - "DATE_LOCAL", - "DOCUMENT_NAME", - "DOCUMENT_PATH_INFO", - "DOCUMENT_ROOT", - "DOCUMENT_URI", - "FILEPATH_INFO", - "GATEWAY_INTERFACE", - "LAST_MODIFIED", - "PATH_INFO", - "PATH_TRANSLATED", - "QUERY_STRING", - "QUERY_STRING_UNESCAPED", - "REMOTE_ADDR", - "REMOTE_HOST", - "REMOTE_IDENT", - "REMOTE_PORT", - "REMOTE_USER", - "REDIRECT_QUERY_STRING", - "REDIRECT_STATUS", - "REDIRECT_URL", - "REQUEST_METHOD", - "SCRIPT_FILENAME", - "SCRIPT_NAME", - "SCRIPT_URI", - "SCRIPT_URL", - "SERVER_ADMIN", - "SERVER_NAME", - "SERVER_PORT", - "SERVER_PROTOCOL", - "SERVER_SOFTWARE", - "USER_NAME", - "TZ", - NULL -}; - - -static void err_output(const char *fmt, va_list ap) -{ -#ifdef LOG_EXEC - time_t timevar; - struct tm *lt; - - if (!log) - if ((log = fopen(LOG_EXEC, "a")) == NULL) { - fprintf(stderr, "failed to open log file\n"); - perror("fopen"); - exit(1); - } - - time(&timevar); - lt = localtime(&timevar); - - fprintf(log, "[%.2d:%.2d:%.2d %.2d-%.2d-%.2d]: ", lt->tm_hour, lt->tm_min, - lt->tm_sec, lt->tm_mday, (lt->tm_mon + 1), lt->tm_year); - - vfprintf(log, fmt, ap); - - fflush(log); -#endif /* LOG_EXEC */ - return; -} - -void log_err(const char *fmt, ...) -{ -#ifdef LOG_EXEC - va_list ap; - - va_start(ap, fmt); - err_output(fmt, ap); - va_end(ap); -#endif /* LOG_EXEC */ - return; -} - -void clean_env() -{ - char pathbuf[512]; - char **cleanenv; - char **ep; - int cidx = 0; - int idx; - - - if ((cleanenv = (char **)calloc(AP_ENVBUF, sizeof(char *))) == NULL) { - log_err("failed to malloc env mem\n"); - exit(120); - } - - for (ep = environ; *ep && cidx < AP_ENVBUF; ep++) { - if (!strncmp(*ep, "HTTP_", 5)) { - cleanenv[cidx] = *ep; - cidx++; - } - else { - for (idx = 0; safe_env_lst[idx]; idx++) { - if (!strncmp(*ep, safe_env_lst[idx], strlen(safe_env_lst[idx]))) { - cleanenv[cidx] = *ep; - cidx++; - break; - } - } - } - } - - sprintf(pathbuf, "PATH=%s", SAFE_PATH); - cleanenv[cidx] = strdup(pathbuf); - cleanenv[++cidx] = NULL; - - environ = cleanenv; -} - -int main(int argc, char *argv[]) -{ - int userdir = 0; /* ~userdir flag */ - uid_t uid; /* user information */ - gid_t gid; /* target group placeholder */ - char *target_uname; /* target user name */ - char *target_gname; /* target group name */ - char *target_homedir; /* target home directory */ - char *actual_uname; /* actual user name */ - char *actual_gname; /* actual group name */ - char *prog; /* name of this program */ - char *cmd; /* command to be executed */ - char cwd[AP_MAXPATH]; /* current working directory */ - char dwd[AP_MAXPATH]; /* docroot working directory */ - struct passwd *pw; /* password entry holder */ - struct group *gr; /* group entry holder */ - struct stat dir_info; /* directory info holder */ - struct stat prg_info; /* program info holder */ - - - - /* - * If there are a proper number of arguments, set - * all of them to variables. Otherwise, error out. - */ - prog = argv[0]; - if (argc < 4) { - log_err("too few arguments\n"); - exit(101); - } - target_uname = argv[1]; - target_gname = argv[2]; - cmd = argv[3]; - - /* - * Check existence/validity of the UID of the user - * running this program. Error out if invalid. - */ - uid = getuid(); - if ((pw = getpwuid(uid)) == NULL) { - log_err("invalid uid: (%ld)\n", uid); - exit(102); - } - - /* - * Check to see if the user running this program - * is the user allowed to do so as defined in - * suexec.h. If not the allowed user, error out. - */ - if (strcmp(HTTPD_USER, pw->pw_name)) { - log_err("user mismatch (%s)\n", pw->pw_name); - exit(103); - } - - /* - * Check for a leading '/' (absolute path) in the command to be executed, - * or attempts to back up out of the current directory, - * to protect against attacks. If any are - * found, error out. Naughty naughty crackers. - */ - if ( - (cmd[0] == '/') || - (! strncmp (cmd, "../", 3)) || - (strstr (cmd, "/../") != NULL) - ) { - log_err("invalid command (%s)\n", cmd); - exit(104); - } - - /* - * Check to see if this is a ~userdir request. If - * so, set the flag, and remove the '~' from the - * target username. - */ - if (!strncmp("~", target_uname, 1)) { - target_uname++; - userdir = 1; - } - - /* - * Error out if the target username is invalid. - */ - if ((pw = getpwnam(target_uname)) == NULL) { - log_err("invalid target user name: (%s)\n", target_uname); - exit(105); - } - - /* - * Error out if the target group name is invalid. - */ - if (strspn(target_gname, "1234567890") != strlen(target_gname)) { - if ((gr = getgrnam(target_gname)) == NULL) { - log_err("invalid target group name: (%s)\n", target_gname); - exit(106); - } - gid = gr->gr_gid; - actual_gname = strdup(gr->gr_name); - } - else { - gid = atoi(target_gname); - actual_gname = strdup(target_gname); - } - - /* - * Save these for later since initgroups will hose the struct - */ - uid = pw->pw_uid; - actual_uname = strdup(pw->pw_name); - target_homedir = strdup(pw->pw_dir); - - /* - * Log the transaction here to be sure we have an open log - * before we setuid(). - */ - log_err("uid: (%s/%s) gid: (%s/%s) %s\n", - target_uname, actual_uname, - target_gname, actual_gname, - cmd); - - /* - * Error out if attempt is made to execute as root or as - * a UID less than UID_MIN. Tsk tsk. - */ - if ((uid == 0) || - (uid < UID_MIN)) { - log_err("cannot run as forbidden uid (%d/%s)\n", uid, cmd); - exit(107); - } - - /* - * Error out if attempt is made to execute as root group - * or as a GID less than GID_MIN. Tsk tsk. - */ - if ((gid == 0) || - (gid < GID_MIN)) { - log_err("cannot run as forbidden gid (%d/%s)\n", gid, cmd); - exit(108); - } - - /* - * Change UID/GID here so that the following tests work over NFS. - * - * Initialize the group access list for the target user, - * and setgid() to the target group. If unsuccessful, error out. - */ - if (((setgid(gid)) != 0) || (initgroups(actual_uname,gid) != 0)) { - log_err("failed to setgid (%ld: %s)\n", gid, cmd); - exit(109); - } - - /* - * setuid() to the target user. Error out on fail. - */ - if ((setuid(uid)) != 0) { - log_err("failed to setuid (%ld: %s)\n", uid, cmd); - exit(110); - } - - /* - * Get the current working directory, as well as the proper - * document root (dependant upon whether or not it is a - * ~userdir request). Error out if we cannot get either one, - * or if the current working directory is not in the docroot. - * Use chdir()s and getcwd()s to avoid problems with symlinked - * directories. Yuck. - */ - if (getcwd(cwd, AP_MAXPATH) == NULL) { - log_err("cannot get current working directory\n"); - exit(111); - } - - if (userdir) { - if (((chdir(target_homedir)) != 0) || - ((chdir(USERDIR_SUFFIX)) != 0) || - ((getcwd(dwd, AP_MAXPATH)) == NULL) || - ((chdir(cwd)) != 0)) - { - log_err("cannot get docroot information (%s)\n", target_homedir); - exit(112); - } - } - else { - if (((chdir(DOC_ROOT)) != 0) || - ((getcwd(dwd, AP_MAXPATH)) == NULL) || - ((chdir(cwd)) != 0)) - { - log_err("cannot get docroot information (%s)\n", DOC_ROOT); - exit(113); - } - } - - if ((strncmp(cwd, dwd, strlen(dwd))) != 0) { - log_err("command not in docroot (%s/%s)\n", cwd, cmd); - exit(114); - } - - /* - * Stat the cwd and verify it is a directory, or error out. - */ - if (((lstat(cwd, &dir_info)) != 0) || !(S_ISDIR(dir_info.st_mode))) { - log_err("cannot stat directory: (%s)\n", cwd); - exit(115); - } - - /* - * Error out if cwd is writable by others. - */ - if ((dir_info.st_mode & S_IWOTH) || (dir_info.st_mode & S_IWGRP)) { - log_err("directory is writable by others: (%s)\n", cwd); - exit(116); - } - - /* - * Error out if we cannot stat the program. - */ - if (((lstat(cmd, &prg_info)) != 0) || (S_ISLNK(prg_info.st_mode))) { - log_err("cannot stat program: (%s)\n", cmd); - exit(117); - } - - /* - * Error out if the program is writable by others. - */ - if ((prg_info.st_mode & S_IWOTH) || (prg_info.st_mode & S_IWGRP)) { - log_err("file is writable by others: (%s/%s)\n", cwd, cmd); - exit(118); - } - - /* - * Error out if the file is setuid or setgid. - */ - if ((prg_info.st_mode & S_ISUID) || (prg_info.st_mode & S_ISGID)) { - log_err("file is either setuid or setgid: (%s/%s)\n",cwd,cmd); - exit(119); - } - - /* - * Error out if the target name/group is different from - * the name/group of the cwd or the program. - */ - if ((uid != dir_info.st_uid) || - (gid != dir_info.st_gid) || - (uid != prg_info.st_uid) || - (gid != prg_info.st_gid)) - { - log_err("target uid/gid (%ld/%ld) mismatch with directory (%ld/%ld) or program (%ld/%ld)\n", - uid, gid, - dir_info.st_uid, dir_info.st_gid, - prg_info.st_uid, prg_info.st_gid); - exit(120); - } - - clean_env(); - - /* - * Be sure to close the log file so the CGI can't - * mess with it. If the exec fails, it will be reopened - * automatically when log_err is called. - */ - fclose(log); - log = NULL; - - /* - * Execute the command, replacing our image with its own. - */ - execv(cmd, &argv[3]); - - /* - * (I can't help myself...sorry.) - * - * Uh oh. Still here. Where's the kaboom? There was supposed to be an - * EARTH-shattering kaboom! - * - * Oh well, log the failure and error out. - */ - log_err("exec failed (%s)\n", cmd); - exit(255); -} diff --git a/usr.sbin/httpd/support/suexec.h b/usr.sbin/httpd/support/suexec.h deleted file mode 100644 index 91cbc86950a..00000000000 --- a/usr.sbin/httpd/support/suexec.h +++ /dev/null @@ -1,137 +0,0 @@ -/* ==================================================================== - * Copyright (c) 1995-1997 The Apache Group. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the Apache Group - * for use in the Apache HTTP server project (http://www.apache.org/)." - * - * 4. The names "Apache Server" and "Apache Group" must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 5. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the Apache Group - * for use in the Apache HTTP server project (http://www.apache.org/)." - * - * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This software consists of voluntary contributions made by many - * individuals on behalf of the Apache Group and was originally based - * on public domain software written at the National Center for - * Supercomputing Applications, University of Illinois, Urbana-Champaign. - * For more information on the Apache Group and the Apache HTTP server - * project, please see <http://www.apache.org/>. - * - */ - -/* - * suexec.h -- user-definable variables for the suexec wrapper code. - */ - - -#ifndef _SUEXEC_H -#define _SUEXEC_H - -/* - * HTTPD_USER -- Define as the username under which Apache normally - * runs. This is the only user allowed to execute - * this program. - */ -#ifndef HTTPD_USER -#define HTTPD_USER "www" -#endif - -/* - * UID_MIN -- Define this as the lowest UID allowed to be a target user - * for suEXEC. For most systems, 500 or 100 is common. - */ -#ifndef UID_MIN -#define UID_MIN 100 -#endif - -/* - * GID_MIN -- Define this as the lowest GID allowed to be a target group - * for suEXEC. For most systems, 100 is common. - */ -#ifndef GID_MIN -#define GID_MIN 100 -#endif - -/* - * USERDIR_SUFFIX -- Define to be the subdirectory under users' - * home directories where suEXEC access should - * be allowed. All executables under this directory - * will be executable by suEXEC as the user so - * they should be "safe" programs. If you are - * using a "simple" UserDir directive (ie. one - * without a "*" in it) this should be set to - * the same value. suEXEC will not work properly - * in cases where the UserDir directive points to - * a location that is not the same as the user's - * home directory as referenced in the passwd file. - * - * If you have VirtualHosts with a different - * UserDir for each, you will need to define them to - * all reside in one parent directory; then name that - * parent directory here. IF THIS IS NOT DEFINED - * PROPERLY, ~USERDIR CGI REQUESTS WILL NOT WORK! - * See the suEXEC documentation for more detailed - * information. - */ -#ifndef USERDIR_SUFFIX -#define USERDIR_SUFFIX "public_html" -#endif - -/* - * LOG_EXEC -- Define this as a filename if you want all suEXEC - * transactions and errors logged for auditing and - * debugging purposes. - */ -#ifndef LOG_EXEC -#define LOG_EXEC "/usr/local/etc/httpd/logs/cgi.log" /* Need me? */ -#endif - -/* - * DOC_ROOT -- Define as the DocumentRoot set for Apache. This - * will be the only hierarchy (aside from UserDirs) - * that can be used for suEXEC behavior. - */ -#ifndef DOC_ROOT -#define DOC_ROOT "/usr/local/etc/httpd/htdocs" -#endif - -/* - * SAFE_PATH -- Define a safe PATH environment to pass to CGI executables. - * - */ -#ifndef SAFE_PATH -#define SAFE_PATH "/usr/local/bin:/usr/bin:/bin" -#endif - -#endif /* _SUEXEC_H */ |