freebsd-ports/www/apache13-fp/files/patch-fe

--- src/support/suexec.c.orig	Tue Jan 11 13:47:59 2000
+++ src/support/suexec.c	Sun Feb 20 17:38:47 2000
@@ -82,11 +82,35 @@
  * info:   Normal activity message
  * debug:  Self-explanatory
  */
+/*
+ * "System" CGI modification 97.05.10 by Rick Franchuk (rickf@netnation.com)
+ *
+ * I found that while it's great to make scripts run under the UID and GID
+ * specified in httpd.conf or what /etc/passwd says is 'cool', suEXEC can
+ * really put a damper on 'System' cgi's, forcing copies of the scripts
+ * to be installed into users' home directories. That didn't seem very
+ * fitting... so I changed it so that the target UID check is disabled in
+ * a system directory #defined in suexec+.h. I hope you all find it useful.
+ *
+ * The docroot check had to be bypassed to allow functionality for VirtualHost
+ * entries. I'm somewhat suprised noone encountered that behavior before.
+ */
+ /*
+ * "FPEXE modification made on 98.05.19 by Scot Hetzel (hetzels@westbend.net)
+ * based on previous FPEXE modifications supplied by Mark Wormgoor
+ * (riddles@ipe.nl)
+ *
+ * Changes were made in order to use Suexec and Frontpage 98 at the same time.
+ * After we change to the target_uid and target_gid.  We check if cmd = FPEXE,
+ * if it does then we execute the cmd without performing any further tests.
+ *
+ */ 
 
 #include "ap_config.h"
 #include <sys/param.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#include <login_cap.h>
 
 #include <stdarg.h>
 
@@ -262,6 +286,7 @@
     char *cmd;			/* command to be executed    */
     char cwd[AP_MAXPATH];	/* current working directory */
     char dwd[AP_MAXPATH];	/* docroot working directory */
+    login_cap_t *lc;		/* user resource limits      */
     struct passwd *pw;		/* password entry holder     */
     struct group *gr;		/* group entry holder        */
     struct stat dir_info;	/* directory info holder     */
@@ -420,6 +445,19 @@
     }
 
     /*
+     * Apply user resource limits based on login class.
+     */
+    if ((lc = login_getclassbyname(pw->pw_class, pw)) == NULL) {
+	log_err("login_getclassbyname() failed\n");
+	exit(248);
+    }
+
+    if ((setusercontext(lc, pw, uid, LOGIN_SETRESOURCES)) != 0) {
+	log_err("setusercontext() failed\n");
+	exit(249);
+    }
+
+    /*
      * Change UID/GID here so that the following tests work over NFS.
      *
      * Initialize the group access list for the target user,
@@ -439,6 +477,14 @@
     }
 
     /*
+     * We logged everything, changed to the target uid/gid, and know the
+     * user is ok.  We run fpexe now and bail out before anything goes wrong.
+     */
+#ifdef FPEXE
+     if ((strcmp(cmd, FPEXE)) != NULL) {
+#endif 
+
+    /*
      * Get the current working directory, as well as the proper
      * document root (dependant upon whether or not it is a
      * ~userdir request).  Error out if we cannot get either one,
@@ -470,10 +516,16 @@
 	}
     }
 
+    /*
+     * This section must be commented out to work properly with
+     * VirtualHosts running CGI in thier own directories.
+     *
+
     if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
 	log_err("error: command not in docroot (%s/%s)\n", cwd, cmd);
 	exit(114);
     }
+     */
 
     /*
      * Stat the cwd and verify it is a directory, or error out.
@@ -519,6 +571,9 @@
      * Error out if the target name/group is different from
      * the name/group of the cwd or the program.
      */
+#ifdef SYSTEM_CGI
+    if (strncmp(cwd, SYSTEM_CGI, strlen(SYSTEM_CGI))) {
+#endif
     if ((uid != dir_info.st_uid) ||
 	(gid != dir_info.st_gid) ||
 	(uid != prg_info.st_uid) ||
@@ -530,6 +585,10 @@
 		prg_info.st_uid, prg_info.st_gid);
 	exit(120);
     }
+#ifdef SYSTEM_CGI
+    }
+#endif
+
     /*
      * Error out if the program is not executable for the user.
      * Otherwise, she won't find any error in the logs except for
@@ -551,6 +610,49 @@
     umask(SUEXEC_UMASK);
 #endif /* SUEXEC_UMASK */
     clean_env();
+
+#ifdef FPEXE
+    }
+    else {
+
+        /* The following taken from mod_frontpage.c to check permissions */
+
+        /*
+         * We can't stat the stub dir.  Make sure the stub directory is not
+         * owned by root and not group/world writable
+         */
+        if ((lstat(FPSTUBDIR, &dir_info) == -1       ||
+            dir_info.st_uid                          ||
+            (dir_info.st_mode & (S_IWGRP | S_IWOTH)) ||
+            (!S_ISDIR(dir_info.st_mode)))) {
+            /*
+             * User recovery: set directory to be owned by by root with
+             * permissions r*x*-x*-x.
+             */
+            log_err("Incorrect permissions on stub directory \"%-.1024s\"",
+                    FPSTUBDIR);
+            exit (250);
+        }
+
+        /*
+	 * We can't stat the stub.  Make sure the stub is not owned by root,
+         * set-uid, set-gid, and is not group/world writable or executable.
+         */
+        if ((stat(cmd, &prg_info) == -1    ||
+            prg_info.st_uid                          ||
+            !(prg_info.st_mode & S_ISUID)            ||
+            (prg_info.st_mode & S_ISGID)             ||
+            (prg_info.st_mode & (S_IWGRP | S_IWOTH)) ||
+            !(prg_info.st_mode & (S_IXGRP | S_IXOTH)))) {
+            /*
+             * User recovery: set stub to be owned by by root with permissions
+             * r*s*-x*-x.
+             */
+            log_err("Incorrect permissions on stub \"%-.1024s\"", cmd);
+            exit (251);
+        }
+    }
+#endif  
 
     /* 
      * Be sure to close the log file so the CGI can't