Hi again!
I've modified the patch so that it looks for suPHP_HttpAuthUser directive. If
it is enabled, and AUTH_TYPE is equal to "Basic", and SUPHP_AUTH_USER is set
it will change targetUser to the loged in username.
If suPHP_HttpAuthUser is true, but authorisation has not been enabled, the
behaviour is just like suPHP_HttpAuthUser has been disabled.
If you want to merge this patch, i would suggest to add an configure-switch
for this feature, because i'm still not convinced that this patch is
harmless.
Greets,
Roland
--- suphp-0.6.1-orig/src/apache2/mod_suphp.c 2005-11-26 20:45:49.000000000 +0100
+++ suphp-0.6.1/src/apache2/mod_suphp.c 2007-07-28 19:31:42.000000000 +0200
@@ -102,6 +102,10 @@
#define SUPHP_ENGINE_ON 1
#define SUPHP_ENGINE_UNDEFINED 2
+#define SUPHP_HTTP_AUTH_USER_OFF 0
+#define SUPHP_HTTP_AUTH_USER_ON 1
+#define SUPHP_HTTP_AUTH_USER_UNDEFINED 2
+
#ifndef SUPHP_PATH_TO_SUPHP
#define SUPHP_PATH_TO_SUPHP "/usr/sbin/suphp"
#endif
@@ -110,6 +114,7 @@
int engine; // Status of suPHP_Engine
char *php_config;
int cmode; // Server of directory configuration?
+ int http_auth_user;
#ifdef SUPHP_USE_USERGROUP
char *target_user;
char *target_group;
@@ -124,6 +129,7 @@
cfg->php_config = NULL;
cfg->engine = SUPHP_ENGINE_UNDEFINED;
+ cfg->http_auth_user = SUPHP_HTTP_AUTH_USER_UNDEFINED;
cfg->cmode = SUPHP_CONFIG_MODE_DIRECTORY;
#ifdef SUPHP_USE_USERGROUP
@@ -160,6 +166,11 @@
else
merged->engine = parent->engine;
+ if (child->http_auth_user != SUPHP_HTTP_AUTH_USER_UNDEFINED)
+ merged->http_auth_user = child->http_auth_user;
+ else
+ merged->http_auth_user = parent->http_auth_user;
+
#ifdef SUPHP_USE_USERGROUP
if (child->target_user)
merged->target_user = apr_pstrdup(p, child->target_user);
@@ -204,6 +215,11 @@
merged->engine = child->engine;
else
merged->engine = parent->engine;
+
+ if (child->http_auth_user != SUPHP_HTTP_AUTH_USER_UNDEFINED)
+ merged->http_auth_user = child->http_auth_user;
+ else
+ merged->http_auth_user = parent->http_auth_user;
#ifdef SUPHP_USE_USERGROUP
if (child->target_user)
@@ -266,6 +282,19 @@
}
+static const char *suphp_handle_cmd_http_auth_user(cmd_parms *cmd, void *mconfig,
+ int flag)
+{
+ suphp_conf *cfg = (suphp_conf *) mconfig;
+ if (flag)
+ cfg->http_auth_user = SUPHP_HTTP_AUTH_USER_ON;
+ else
+ cfg->http_auth_user = SUPHP_HTTP_AUTH_USER_OFF;
+
+ return NULL;
+}
+
+
#ifdef SUPHP_USE_USERGROUP
static const char *suphp_handle_cmd_user_group(cmd_parms *cmd, void *mconfig,
const char *arg1, const char *arg2)
@@ -309,6 +338,8 @@
"Whether suPHP is on or off, default is off"),
AP_INIT_TAKE1("suPHP_ConfigPath", suphp_handle_cmd_config, NULL, OR_OPTIONS,
"Wheres the php.ini resides, default is the PHP default"),
+ AP_INIT_FLAG("suPHP_HttpAuthUser", suphp_handle_cmd_http_auth_user, NULL, RSRC_CONF | ACCESS_CONF,
+ "Run script as user loged in by http auth? Dangerous!"),
#ifdef SUPHP_USE_USERGROUP
AP_INIT_TAKE2("suPHP_UserGroup", suphp_handle_cmd_user_group, NULL, RSRC_CONF | ACCESS_CONF,
"User and group scripts shall be run as"),
@@ -426,6 +457,7 @@
apr_table_unset(r->subprocess_env, "SUPHP_PHP_CONFIG");
apr_table_unset(r->subprocess_env, "SUPHP_AUTH_USER");
apr_table_unset(r->subprocess_env, "SUPHP_AUTH_PW");
+ apr_table_unset(r->subprocess_env, "SUPHP_USER_FROM_HTTP_AUTH");
#ifdef SUPHP_USE_USERGROUP
apr_table_unset(r->subprocess_env, "SUPHP_USER");
@@ -467,6 +499,10 @@
apr_table_setn(r->subprocess_env, "SUPHP_AUTH_PW", auth_pass);
}
+ if (dconf->http_auth_user == SUPHP_HTTP_AUTH_USER_ON) {
+ apr_table_setn(r->subprocess_env, "SUPHP_USER_FROM_HTTP_AUTH", "1");
+ }
+
#ifdef SUPHP_USE_USERGROUP
if (dconf->target_user)
{
--- suphp-0.6.1-orig/src/Application.cpp 2005-11-26 20:45:49.000000000 +0100
+++ suphp-0.6.1/src/Application.cpp 2007-07-28 19:05:57.000000000 +0200
@@ -333,6 +333,16 @@
targetGroup = scriptFile.getGroup();
#endif // OPT_USERGROUP_OWNER
+ // HttpAuthMode
+ if (environment.hasVar("SUPHP_USER_FROM_HTTP_AUTH") &&
+ environment.getVar("SUPHP_USER_FROM_HTTP_AUTH") == "1" &&
+ environment.hasVar("AUTH_TYPE") &&
+ environment.getVar("AUTH_TYPE") == "Basic" &&
+ environment.hasVar("SUPHP_AUTH_USER"))
+ {
+ targetUser = api.getUserInfo(environment.getVar("SUPHP_AUTH_USER"));
+ }
+
// Paranoid mode only
#ifdef OPT_USERGROUP_PARANOID
@@ -391,6 +401,8 @@
env.deleteVar("SUPHP_AUTH_PW");
if (env.hasVar("SUPHP_PHP_CONFIG"))
env.deleteVar("SUPHP_PHP_CONFIG");
+ if (env.hasVar("SUPHP_USER_FROM_HTTP_AUTH"))
+ env.deleteVar("SUPHP_USER_FROM_HTTP_AUTH");
// Reset PATH
env.putVar("PATH", config.getEnvPath());
_______________________________________________
suPHP mailing list
[email protected]
http://lists.marsching.biz/mailman/listinfo/suphp
