Re: [peruser] peruser 0.2.0 released

Thu, 09 Mar 2006 23:30:56 -0800 

Hi!
I make a little patch wich clear the enviroment varibles of each child and then add the following: 

setenv("LOGNAME",senv->user_name,1);
setenv("HOME","/",1);
setenv("PWD","/",1);
setenv("CHILD_USER",senv->user_name,1);
setenv("CHILD_GROUP",senv->group_name,1);
setenv("CHILD_CHROOT",senv->chroot,1);

The next thing is that I modify the mod_log_config.c
In this file I add the log variables:
%c = child user
%g = child group
%R = child Chroot

In my httpd.conf my LogFormat line is the following:


LogFormat "%t [%h] [EMAIL PROTECTED] %>s \"%r\" (\"%{Referer}i\", 
"%{User-Agent}i\")" combined


Here is an example log entry:

[10/Mar/2006:08:26:32 +0100] [212.202.38.108] 
[EMAIL PROTECTED] 200 "GET / HTTP/1.1" ("-", "Mozilla/5.0 
(Windows; U; Windows NT 5.1; de; rv:1.8.0.1) Gecko/20060111 
Firefox/1.5.0.1")



In this entry you can see the client who has send the query and the 
domain and the domain-user.


I hope someone can need this patch ;)


PS: patch the apache2.0.55 at first with the 
httpd-2.0.55-peruser-0.2.0.patch!


/ Blaubaer


diff -x CVS -Nr --unified=5 httpd-2.0.55.orig/modules/loggers/mod_log_config.c 
httpd-2.0.55/modules/loggers/mod_log_config.c
--- httpd-2.0.55.orig/modules/loggers/mod_log_config.c  2005-02-04 
21:21:18.000000000 +0100
+++ httpd-2.0.55/modules/loggers/mod_log_config.c       2006-03-09 
12:56:02.000000000 +0100
@@ -576,10 +576,25 @@
 static const char *log_server_name(request_rec *r, char *a)
 {
     return ap_escape_logitem(r->pool, ap_get_server_name(r));
 }
 
+static const char *log_child_user(request_rec *r, char *a)
+{
+    return ap_escape_logitem(r->pool, getenv("CHILD_USER"));
+}
+
+static const char *log_child_group(request_rec *r, char *a)
+{
+    return ap_escape_logitem(r->pool, getenv("CHILD_GROUP"));
+}
+
+static const char *log_child_chroot(request_rec *r, char *a)
+{
+    return ap_escape_logitem(r->pool, getenv("CHILD_CHROOT"));
+}
+
 static const char *log_pid_tid(request_rec *r, char *a)
 {
     if (*a == '\0' || !strcmp(a, "pid")) {
         return apr_psprintf(r->pool, "%" APR_PID_T_FMT, getpid());
     }
@@ -1398,10 +1413,13 @@
         log_pfn_register(p, "n", log_note, 0);
         log_pfn_register(p, "e", log_env_var, 0);
         log_pfn_register(p, "V", log_server_name, 0);
         log_pfn_register(p, "v", log_virtual_host, 0);
         log_pfn_register(p, "p", log_server_port, 0);
+        log_pfn_register(p, "c", log_child_user, 0);
+        log_pfn_register(p, "g", log_child_group, 0);
+        log_pfn_register(p, "R", log_child_chroot, 0);
         log_pfn_register(p, "P", log_pid_tid, 0);
         log_pfn_register(p, "H", log_request_protocol, 0);
         log_pfn_register(p, "m", log_request_method, 0);
         log_pfn_register(p, "q", log_request_query, 0);
         log_pfn_register(p, "X", log_connection_status, 0);
diff -x CVS -Nr --unified=5 
httpd-2.0.55.orig/server/mpm/experimental/peruser/peruser.c 
httpd-2.0.55/server/mpm/experimental/peruser/peruser.c
--- httpd-2.0.55.orig/server/mpm/experimental/peruser/peruser.c 2006-03-09 
12:51:04.127147264 +0100
+++ httpd-2.0.55/server/mpm/experimental/peruser/peruser.c      2006-03-09 
12:47:27.000000000 +0100
@@ -219,10 +219,12 @@
 
     /* security settings */
     uid_t uid;          /* user id */
     gid_t gid;          /* group id */
     const char *chroot; /* directory to chroot() to, can be null */
+    const char *user_name;     /* username of the child process */
+    const char *group_name;    /* groupname of the child process */
 
     /* resource settings */
     int min_processors;
     int min_free_processors;
     int max_processors;
@@ -1378,10 +1380,14 @@
         ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,
                      "setuid: unable to change to uid: %ld",
                      (long) senv->uid);
         return -1;
     }
+
+    clearenv();
+
+    setenv("LOGNAME",senv->user_name,1);
+    setenv("HOME","/",1);
+    setenv("PWD","/",1);
+
+    setenv("CHILD_USER",senv->user_name,1);
+    setenv("CHILD_GROUP",senv->group_name,1);
+    setenv("CHILD_CHROOT",senv->chroot,1);
+    
     return 0;
 }
 
 static int check_signal(int signum)
 {
@@ -1740,11 +1746,11 @@
 
     _DBG("clean_child_exit(0)");
     clean_child_exit(0);
 }
 
-static server_env_t* senv_add(int uid, int gid, const char* chroot)
+static server_env_t* senv_add(int uid, int gid, const char* chroot, const 
char* user_name, const char* group_name)
 {
     int i;
     int socks[2];
 
     _DBG("Searching for matching senv...");
@@ -1768,10 +1774,12 @@
     _DBG("Creating new senv");
 
     SENV[NUM_SENV].uid = uid;
     SENV[NUM_SENV].gid = gid;
     SENV[NUM_SENV].chroot = chroot;
+    SENV[NUM_SENV].user_name = user_name;
+    SENV[NUM_SENV].group_name = group_name;
 
     SENV[NUM_SENV].min_processors = ap_min_processors;
     SENV[NUM_SENV].min_free_processors = ap_min_free_processors;
     SENV[NUM_SENV].max_processors = ap_max_processors;
 
@@ -1814,21 +1822,21 @@
     if(i == NUM_CHILDS) child_info_image->control->num++;
     return NULL;
 }
 
 static const char* child_add(int type, int status,
-                             uid_t uid, gid_t gid, const char* chroot)
+                             uid_t uid, gid_t gid, const char* chroot, const 
char* user_name, const char* group_name)
 {
     _DBG("adding child #%d", NUM_CHILDS);
 
     if(NUM_CHILDS >= server_limit)
     {
         return "Trying to use more child ID's than NumServers.  "
                "Increase NumServers in your config file.";
     }
 
-    CHILD_INFO_TABLE[NUM_CHILDS].senv = senv_add(uid, gid, chroot);
+    CHILD_INFO_TABLE[NUM_CHILDS].senv = senv_add(uid, gid, chroot, user_name, 
group_name);
 
     if(CHILD_INFO_TABLE[NUM_CHILDS].senv == NULL)
     {
         return "Trying to use more server environments than NumServers.  "
                "Increase NumServers in your config file.";
@@ -2675,11 +2683,11 @@
 
     _DBG("user=%s:%d group=%s:%d chroot=%s",
         user_name, uid, group_name, gid, chroot);
 
     return child_add(CHILD_TYPE_PROCESSOR, CHILD_STATUS_STANDBY,
-                     uid, gid, chroot);
+                     uid, gid, chroot, user_name, group_name);
 }
 
 /* we define an Multiplexer child w/ specific uid/gid */
 static const char *cf_Multiplexer(cmd_parms *cmd, void *dummy,
     const char *user_name, const char *group_name, const char *chroot)
@@ -2689,11 +2697,11 @@
 
     _DBG("user=%s:%d group=%s:%d chroot=%s [multiplexer id %d]",
         user_name, uid, group_name, gid, chroot, NUM_CHILDS);
 
     return child_add(CHILD_TYPE_MULTIPLEXER, CHILD_STATUS_STARTING,
-                     uid, gid, chroot);
+                     uid, gid, chroot, user_name, group_name);
 }
 
 static const char* cf_ServerEnvironment(cmd_parms *cmd, void *dummy,
     const char *user_name, const char *group_name, const char *chroot)
 {
@@ -2701,11 +2709,11 @@
     int gid = ap_gname2id(group_name);
     peruser_server_conf *sconf = 
PERUSER_SERVER_CONF(cmd->server->module_config);
 
     _DBG("function entered", 0);
 
-    sconf->senv = senv_add(uid, gid, chroot);
+    sconf->senv = senv_add(uid, gid, chroot,user_name, group_name);
 
     _DBG("user=%s:%d group=%s:%d chroot=%s numchilds=%d",
         user_name, uid, group_name, gid, chroot, NUM_CHILDS);
 
     return NULL;

_______________________________________________
Peruser mailing list
[email protected]
http://www.telana.com/mailman/listinfo/peruser























					Reply via email to