martin 98/09/17 13:23:48
Modified: htdocs/manual/mod directives.html core.html htdocs/manual ebcdic.html src/include ap_mmn.h httpd.h src/main http_core.c src/os/bs2000 bs2login.c src CHANGES Log: BS2000 only: Change nasty BS2000AuthFile to less dangerous BS2000Account (no need to store a password anywhere) Revision Changes Path 1.51 +1 -1 apache-1.3/htdocs/manual/mod/directives.html Index: directives.html =================================================================== RCS file: /export/home/cvs/apache-1.3/htdocs/manual/mod/directives.html,v retrieving revision 1.50 retrieving revision 1.51 diff -u -r1.50 -r1.51 --- directives.html 1998/08/12 00:29:14 1.50 +++ directives.html 1998/09/17 20:23:38 1.51 @@ -67,7 +67,7 @@ <LI><A HREF="core.html#bindaddress">BindAddress</A> <LI><A HREF="mod_setenvif.html#BrowserMatch">BrowserMatch</A> <LI><A HREF="mod_setenvif.html#BrowserMatchNoCase">BrowserMatchNoCase</A> -<LI><A HREF="core.html#bs2000authfile">BS2000AuthFile</A> +<LI><A HREF="core.html#bs2000account">BS2000Account</A> <LI><A HREF="mod_proxy.html#cachedefaultexpire">CacheDefaultExpire</A> <LI><A HREF="mod_proxy.html#cachedirlength">CacheDirLength</A> <LI><A HREF="mod_proxy.html#cachedirlevels">CacheDirLevels</A> 1.138 +14 -16 apache-1.3/htdocs/manual/mod/core.html Index: core.html =================================================================== RCS file: /export/home/cvs/apache-1.3/htdocs/manual/mod/core.html,v retrieving revision 1.137 retrieving revision 1.138 diff -u -r1.137 -r1.138 --- core.html 1998/09/17 14:14:56 1.137 +++ core.html 1998/09/17 20:23:38 1.138 @@ -28,7 +28,7 @@ <LI><A HREF="#authname">AuthName</A> <LI><A HREF="#authtype">AuthType</A> <LI><A HREF="#bindaddress">BindAddress</A> -<LI><A HREF="#bs2000authfile">BS2000AuthFile</A> +<LI><A HREF="#bs2000account">BS2000Account</A> <LI><A HREF="#clearmodulelist">ClearModuleList</A> <LI><A HREF="#contentdigest">ContentDigest</A> <LI><A HREF="#coredumpdirectory">CoreDumpDirectory</A> @@ -363,12 +363,12 @@ <HR> -<H2><A NAME="bs2000authfile">BS2000AuthFile directive</A></H2> -<!--%plaintext <?INDEX {\tt BS2000AuthFile} directive> --> +<H2><A NAME="bs2000account">BS2000Account directive</A></H2> +<!--%plaintext <?INDEX {\tt BS2000Account} directive> --> <A HREF="directive-dict.html#Syntax" REL="Help" -><STRONG>Syntax:</STRONG></A> BS2000AuthFile <EM>authfile</EM><BR> +><STRONG>Syntax:</STRONG></A> BS2000Account <EM>account</EM><BR> <A HREF="directive-dict.html#Default" REL="Help" @@ -384,20 +384,18 @@ <A HREF="directive-dict.html#Compatibility" REL="Help" -><STRONG>Compatibility:</STRONG></A> BS2000AuthFile is only available for +><STRONG>Compatibility:</STRONG></A> BS2000Account is only available for BS2000 machines, as of Apache 1.3 and later.<P> -The <CODE>BS2000AuthFile</CODE> directive is available for BS2000 hosts -only. It must be used to define the password file which is used to -change the BS2000 task environment of the server to the non-privileged -account specified by the <A HREF="#user">User</A> directive. This is -required in the BS2000 POSIX subsystem (by performing a sub-LOGON) to -prevent CGI scripts from accessing resources of the privileged account -which started the server, usually <SAMP>TSOS</SAMP>.<BR> -Note that the specified <EM>authfile</EM> must be owned by the super -user and must not be readable or writable by anyone else, otherwise -Apache will refuse to start and exit with an error message.<BR> -Only one <CODE>BS2000AuthFile</CODE> directive can be used. <P> +The <CODE>BS2000Account</CODE> directive is available for BS2000 hosts +only. It must be used to define the account number for the non-privileged +apache server user (which was configured using the +<A HREF="#user">User</A> directive). +This is required by the BS2000 POSIX subsystem (to change the underlying +BS2000 task environment by performing a sub-LOGON) to prevent CGI scripts +from accessing resources of the privileged account which started the +server, usually <SAMP>SYSROOT</SAMP>.<BR> +Only one <CODE>BS2000Account</CODE> directive can be used. <P> <P><STRONG>See Also:</STRONG> <A HREF="../ebcdic.html">Apache EBCDIC port</A></P> 1.7 +1 -1 apache-1.3/htdocs/manual/ebcdic.html Index: ebcdic.html =================================================================== RCS file: /export/home/cvs/apache-1.3/htdocs/manual/ebcdic.html,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- ebcdic.html 1998/09/17 14:14:48 1.6 +++ ebcdic.html 1998/09/17 20:23:40 1.7 @@ -473,7 +473,7 @@ <TR> <TD ALIGN=LEFT><A HREF="http://www.php.net/">mod_php3</A> <TD ALIGN=CENTER>+ - <TD>mod_php3 runs fine + <TD>mod_php3 runs fine, with LDAP and GD libraries </TR> <TR> 1.8 +2 -1 apache-1.3/src/include/ap_mmn.h Index: ap_mmn.h =================================================================== RCS file: /export/home/cvs/apache-1.3/src/include/ap_mmn.h,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- ap_mmn.h 1998/09/06 19:23:51 1.7 +++ ap_mmn.h 1998/09/17 20:23:41 1.8 @@ -177,10 +177,11 @@ * request_rec* instead of pool* * (for implementing better error reporting). * 19980906 (1.3.2-dev) - added ap_md5_binary() + * 19980917 (1.3.2-dev) - bs2000: changed os_set_authfile() to os_set_account() */ #ifndef MODULE_MAGIC_NUMBER_MAJOR -#define MODULE_MAGIC_NUMBER_MAJOR 19980906 +#define MODULE_MAGIC_NUMBER_MAJOR 19980917 #endif #define MODULE_MAGIC_NUMBER_MINOR 0 /* 0...n */ #define MODULE_MAGIC_NUMBER MODULE_MAGIC_NUMBER_MAJOR /* backward compat */ 1.241 +2 -2 apache-1.3/src/include/httpd.h Index: httpd.h =================================================================== RCS file: /export/home/cvs/apache-1.3/src/include/httpd.h,v retrieving revision 1.240 retrieving revision 1.241 diff -u -r1.240 -r1.241 --- httpd.h 1998/09/17 15:56:03 1.240 +++ httpd.h 1998/09/17 20:23:42 1.241 @@ -984,12 +984,12 @@ #endif #ifdef _OSD_POSIX -extern const char *os_set_authfile(pool *p, const char *filename); +extern const char *os_set_account(pool *p, const char *account); extern int os_init_job_environment(server_rec *s, const char *user_name); #endif /* _OSD_POSIX */ char *ap_get_local_host(pool *); -unsigned long ap_get_virthost_addr(char *hostname, unsigned short *port); +unsigned long ap_get_virthost_addr(const char *hostname, unsigned short *port); extern API_VAR_EXPORT time_t ap_restart_time; 1.230 +4 -4 apache-1.3/src/main/http_core.c Index: http_core.c =================================================================== RCS file: /export/home/cvs/apache-1.3/src/main/http_core.c,v retrieving revision 1.229 retrieving revision 1.230 diff -u -r1.229 -r1.230 --- http_core.c 1998/09/10 17:36:15 1.229 +++ http_core.c 1998/09/17 20:23:45 1.230 @@ -2302,14 +2302,14 @@ } #ifdef _OSD_POSIX /* BS2000 Logon Passwd file */ -static const char *set_bs2000_authfile(cmd_parms *cmd, void *dummy, char *name) +static const char *set_bs2000_account(cmd_parms *cmd, void *dummy, char *name) { const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); if (err != NULL) { return err; } - return os_set_authfile(cmd->pool, name); + return os_set_account(cmd->pool, name); } #endif /*_OSD_POSIX*/ @@ -2624,8 +2624,8 @@ { "NameVirtualHost", ap_set_name_virtual_host, NULL, RSRC_CONF, TAKE1, "A numeric IP address:port, or the name of a host" }, #ifdef _OSD_POSIX -{ "BS2000AuthFile", set_bs2000_authfile, NULL, RSRC_CONF, TAKE1, - "Name of server User's bs2000 logon password file (read-protected)" }, +{ "BS2000Account", set_bs2000_account, NULL, RSRC_CONF, TAKE1, + "Name of server User's bs2000 logon account name" }, #endif { "ServerTokens", set_serv_tokens, NULL, RSRC_CONF, TAKE1, "Determine tokens displayed in the Server: header - Min(imal), OS or Full" }, 1.4 +22 -98 apache-1.3/src/os/bs2000/bs2login.c Index: bs2login.c =================================================================== RCS file: /export/home/cvs/apache-1.3/src/os/bs2000/bs2login.c,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- bs2login.c 1998/07/08 17:47:24 1.3 +++ bs2login.c 1998/09/17 20:23:46 1.4 @@ -60,125 +60,49 @@ #include "http_config.h" #include "http_log.h" -static const char *bs2000_authfile = NULL; +static const char *bs2000_account = NULL; -/* This routine is called by http_core for the BS2000AuthFile directive */ -/* It stores the file name (after a quick check for validity) for later use */ -const char *os_set_authfile(pool *p, const char *name) +/* This routine is called by http_core for the BS2000Account directive */ +/* It stores the account name for later use */ +const char *os_set_account(pool *p, const char *account) { - struct stat stbuf; - char *filename; + if (bs2000_account != NULL && strcasecmp(bs2000_account, account) != 0) + return "BS2000Account: can be defined only once."; - filename = ap_server_root_relative(p, name); - - /* auth file must exist */ - if (stat(filename, &stbuf) != 0) { - return ap_pstrcat(p, "Unable to access bs2000 auth file ", - filename, NULL); - exit(APEXIT_CHILDFATAL); - } - - /* auth file must be owned by root, and not readable/writable by everyone else */ - if (stbuf.st_uid != 0) { - return ap_pstrcat(p, "BS2000 auth file ", filename, - " is not owned by SYSROOT - " - "change owner!", NULL); - } - - if (stbuf.st_mode & (S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH)) { - return ap_pstrcat(p, "BS2000 auth file ", filename, - " is readable/writable by others - " - "check permissions!", NULL); - } - - bs2000_authfile = filename; + bs2000_account = ap_pstrdup(p, account); return NULL; } int os_init_job_environment(server_rec *server, const char *user_name) { - _checkuser_struct chk_usr; _rini_struct inittask; - struct { - char username[8+1]; /* Length of a user name including \0 */ - char password[8+1]; /* Length of a password including \0 */ - char account [8+1]; /* Length of a account number including \0 */ - char exp_date[10+1]; /* Length of a date including \0 */ - char exp_pass[10+1]; /* Length of a date including \0 */ - char processor[8+1]; - } lcl_data; - char *cp; - FILE *pwfile; - struct stat stbuf; - - memset (&lcl_data, '\0', sizeof lcl_data); - - /* BS2000 requires the user name to be in upper case for authentication */ - ap_snprintf(lcl_data.username, sizeof lcl_data.username, - "%s", user_name); - for (cp = lcl_data.username; *cp; ++cp) { - *cp = ap_toupper(*cp); - } - if (bs2000_authfile == NULL) { + /* We can be sure that no change to uid==0 is possible because of + * the checks in http_core.c:set_user() + */ + + /* An Account is required for _rini() */ + if (bs2000_account == NULL) + { ap_log_error(APLOG_MARK, APLOG_ALERT|APLOG_NOERRNO, server, - "Use the 'BS2000AuthFile <passwdfile>' directive to specify " - "an authorization file for User %s", + "No BS2000Account configured - cannot switch to User %S", user_name); exit(APEXIT_CHILDFATAL); } - if ((pwfile = fopen(bs2000_authfile, "r")) == NULL) { - ap_log_error(APLOG_MARK, APLOG_ALERT, server, - "Unable to open bs2000 auth file %s for User %s", - bs2000_authfile, user_name); - exit(APEXIT_CHILDFATAL); - } + inittask.username = user_name; + inittask.account = bs2000_account; + inittask.processor_name = " "; - if (fgets(lcl_data.password, sizeof lcl_data.password, pwfile) == NULL - || strlen(lcl_data.password) == 0) { - ap_log_error(APLOG_MARK, APLOG_ALERT|APLOG_NOERRNO, server, - "Unable ro read BS2000 auth file %s", - bs2000_authfile); - exit(APEXIT_CHILDFATAL); - } - - fclose(pwfile); - - chk_usr.username = lcl_data.username; - chk_usr.password = lcl_data.password; - chk_usr.account = lcl_data.account; /* Account and Expiration go here*/ - chk_usr.logon_expdate = lcl_data.exp_date; - chk_usr.pw_expdate = lcl_data.exp_pass; - - /* Now perform validity check of user and password, filling in account */ - if(_checkuser(&chk_usr) != 0) { - ap_log_error(APLOG_MARK, APLOG_ALERT, server, - "_checkuser: BS2000 auth failed for user %s", chk_usr.username); - exit(APEXIT_CHILDFATAL); - } - - inittask.username = chk_usr.username; - inittask.account = chk_usr.account; - inittask.processor_name = strncpy(lcl_data.processor, - " ", - sizeof lcl_data.processor); - - /* And switch to the new logon user (setuid() and setgid() are done later) */ + /* Switch to the new logon user (setuid() and setgid() are done later) */ + /* Only the super use can switch identities. */ if (_rini(&inittask) != 0) { ap_log_error(APLOG_MARK, APLOG_ALERT, server, - "_rini: BS2000 auth failed for user %s", - inittask.username); + "_rini: BS2000 auth failed for user \"%s\" acct \"%s\"", + inittask.username, inittask.account); exit(APEXIT_CHILDFATAL); } - - /*ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, server, - "BS2000 logon for user %s account=%s completed, pid=%d.", - inittask.username, inittask.account, getpid());*/ - - /* Don't leave the password on the stack */ - memset (&lcl_data, '\0', sizeof lcl_data); return 0; } 1.1067 +5 -0 apache-1.3/src/CHANGES Index: CHANGES =================================================================== RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v retrieving revision 1.1066 retrieving revision 1.1067 diff -u -r1.1066 -r1.1067 --- CHANGES 1998/09/17 14:43:18 1.1066 +++ CHANGES 1998/09/17 20:23:47 1.1067 @@ -1,5 +1,10 @@ Changes with Apache 1.3.2 + *) BS2000 platform only: get rid of the nasty BS2000AuthFile. + You now must define a BS2000Account name for the server User. + This has fewer security implications than the old approach. + [Martin Kraemer] + *) Fix SHARED_CORE feature for HPUX platform: We now use extension `.sl' instead of `.so' and `SHLIB_PATH' instead of `LD_LIBRARY_PATH' on this platform to make the braindead HPUX linker happy. Notice, for the module