Hi, Sorry, there was a copy&paste error in the attached patch. Here's a fixed version.
Best regards, Roland
diff --unified -r suphp-0.7.1/src/apache2/mod_suphp.c suphp-0.7.1.new/src/apache2/mod_suphp.c --- suphp-0.7.1/src/apache2/mod_suphp.c 2007-03-14 15:50:55.000000000 +0100 +++ suphp-0.7.1.new/src/apache2/mod_suphp.c 2010-09-01 11:26:15.000000000 +0200 @@ -121,6 +121,7 @@ #ifdef SUPHP_USE_USERGROUP char *target_user; char *target_group; + char *process_user; #endif apr_table_t *handlers; char *php_path; @@ -139,6 +140,7 @@ #ifdef SUPHP_USE_USERGROUP cfg->target_user = NULL; cfg->target_group = NULL; + cfg->process_user = NULL; #endif /* Create table with 0 initial elements */ @@ -184,7 +186,14 @@ merged->target_group = apr_pstrdup(p, parent->target_group); else merged->target_group = NULL; -#endif + + if (child->process_user) + merged->process_user = apr_pstrdup(p, child->process_user); + else if (parent->process_user) + merged->process_user = apr_pstrdup(p, parent->process_user); + else + merged->process_user = NULL; + #endif merged->handlers = apr_table_overlay(p, child->handlers, parent->handlers); @@ -239,6 +248,13 @@ merged->target_group = apr_pstrdup(p, parent->target_group); else merged->target_group = NULL; + + if (child->process_user) + merged->process_user = apr_pstrdup(p, child->process_user); + else if (parent->target_user) + merged->process_user = apr_pstrdup(p, parent->process_user); + else + merged->process_user = NULL; #endif merged->handlers = apr_table_overlay(p, child->handlers, parent->handlers); @@ -290,12 +306,13 @@ #ifdef SUPHP_USE_USERGROUP static const char *suphp_handle_cmd_user_group(cmd_parms *cmd, void *mconfig, - const char *arg1, const char *arg2) + const char *arg1, const char *arg2, const char *arg3) { suphp_conf *cfg = (suphp_conf *) mconfig; cfg->target_user = apr_pstrdup(cmd->pool, arg1); cfg->target_group = apr_pstrdup(cmd->pool, arg2); + cfg->process_user = apr_pstrdup(cmd->pool, arg3 ? arg3 : arg1); return NULL; } @@ -355,7 +372,7 @@ AP_INIT_TAKE1("suPHP_ConfigPath", suphp_handle_cmd_config, NULL, OR_OPTIONS, "Wheres the php.ini resides, default is the PHP default"), #ifdef SUPHP_USE_USERGROUP - AP_INIT_TAKE2("suPHP_UserGroup", suphp_handle_cmd_user_group, NULL, RSRC_CONF | ACCESS_CONF, + AP_INIT_TAKE23("suPHP_UserGroup", suphp_handle_cmd_user_group, NULL, RSRC_CONF | ACCESS_CONF, "User and group scripts shall be run as"), #endif AP_INIT_ITERATE("suPHP_AddHandler", suphp_handle_cmd_add_handler, NULL, RSRC_CONF | ACCESS_CONF, "Tells mod_suphp to handle these MIME-types"), @@ -910,7 +927,23 @@ apr_table_setn(r->subprocess_env, "SUPHP_GROUP", apr_pstrdup(r->pool, ud_group)); } -#endif + + if (dconf->process_user) + { + apr_table_setn(r->subprocess_env, "SUPHP_PROCESS_USER", + apr_pstrdup(r->pool, dconf->process_user)); + } + else if (sconf->process_user) + { + apr_table_setn(r->subprocess_env, "SUPHP_PROCESS_USER", + apr_pstrdup(r->pool, sconf->process_user)); + } + else + { + apr_table_setn(r->subprocess_env, "SUPHP_PROCESS_USER", + apr_pstrdup(r->pool, ud_user)); + } + #endif env = ap_create_environment(p, r->subprocess_env); diff --unified -r suphp-0.7.1/src/Application.cpp suphp-0.7.1.new/src/Application.cpp --- suphp-0.7.1/src/Application.cpp 2009-03-14 18:55:25.000000000 +0100 +++ suphp-0.7.1.new/src/Application.cpp 2010-09-01 11:16:25.000000000 +0200 @@ -66,6 +66,7 @@ std::string scriptFilename; UserInfo targetUser; GroupInfo targetGroup; + UserInfo processUser; // If caller is super-user, print info message and exit if (api.getRealProcessUser().isSuperUser()) { @@ -95,7 +96,7 @@ this->checkScriptFileStage1(scriptFilename, config, env); // Find out target user - this->checkProcessPermissions(scriptFilename, config, env, targetUser, targetGroup); + this->checkProcessPermissions(scriptFilename, config, env, targetUser, targetGroup, processUser); // Now do checks that might require user info this->checkScriptFileStage2(scriptFilename, config, env, targetUser, targetGroup); @@ -108,7 +109,7 @@ api.chroot(chrootPath); } - this->changeProcessPermissions(config, targetUser, targetGroup); + this->changeProcessPermissions(config, processUser, targetGroup); interpreter = this->getInterpreter(env, config); targetMode = this->getTargetMode(interpreter); @@ -323,7 +324,8 @@ const Configuration& config, const Environment& environment, UserInfo& targetUser, - GroupInfo& targetGroup) const + GroupInfo& targetGroup, + UserInfo& processUser) const throw (SystemException, SoftException, SecurityException) { File scriptFile = File(scriptFilename); @@ -359,10 +361,11 @@ // Paranoid and force mode #if (defined(OPT_USERGROUP_PARANOID) || defined(OPT_USERGROUP_FORCE)) - std::string targetUsername, targetGroupname; + std::string targetUsername, targetGroupname, processUsername; try { targetUsername = environment.getVar("SUPHP_USER"); targetGroupname = environment.getVar("SUPHP_GROUP"); + processUsername = environment.getVar("SUPHP_PROCESS_USER"); } catch (KeyNotFoundException& e) { throw SecurityException( "Environment variable SUPHP_USER or SUPHP_GROUP not set", @@ -383,6 +386,14 @@ } else { targetGroup = api.getGroupInfo(targetGroupname); } + + if (processUsername[0] == '#' && processUsername.find_first_not_of( + "0123456789", 1) == std::string::npos) { + processUser = api.getUserInfo(Util::strToInt(processUsername.substr(1))); + } else { + processUser = api.getUserInfo(processUsername); + } + #endif // OPT_USERGROUP_PARANOID || OPT_USERGROUP_FORCE // Owner mode only @@ -390,6 +401,7 @@ #ifdef OPT_USERGROUP_OWNER targetUser = scriptFile.getUser(); targetGroup = scriptFile.getGroup(); + processUser = targetUser; #endif // OPT_USERGROUP_OWNER // Paranoid mode only @@ -417,7 +429,7 @@ void suPHP::Application::changeProcessPermissions( const Configuration& config, - const UserInfo& targetUser, + const UserInfo& processUser, const GroupInfo& targetGroup) const throw (SystemException, SoftException, SecurityException) { API& api = API_Helper::getSystemAPI(); @@ -427,7 +439,7 @@ api.setProcessGroup(targetGroup); // Then set new user - api.setProcessUser(targetUser); + api.setProcessUser(processUser); api.setUmask(config.getUmask()); } diff --unified -r suphp-0.7.1/src/Application.hpp suphp-0.7.1.new/src/Application.hpp --- suphp-0.7.1/src/Application.hpp 2008-03-29 18:48:59.000000000 +0100 +++ suphp-0.7.1.new/src/Application.hpp 2010-08-31 22:15:07.000000000 +0200 @@ -89,7 +89,8 @@ const Configuration& config, const Environment& environment, UserInfo& targetUser, - GroupInfo& targetGroup) const + GroupInfo& targetGroup, + UserInfo& processUser) const throw (SystemException, SoftException, SecurityException); /**
_______________________________________________ suPHP mailing list suPHP@lists.marsching.com https://lists.marsching.com/mailman/listinfo/suphp