Read per-user configs

Read per-user configuration files from /etc/apache2/suexec-sandbox.d/UID, that can override directives from the global (default) config.

Read per-user configs
fd035804 · ale · aff4f24a · fd035804
Commit fd035804 authored 7 years ago by ale
--- a/suexec.c
+++ b/suexec.c
@@ -24,7 +24,8 @@
 #include <time.h>
 #include <unistd.h>
-#define SUEXEC_CONFIGURATION "/etc/apache2/suexec-sandbox.conf"
+#define SUEXEC_CONFIG "/etc/apache2/suexec-sandbox.conf"
+#define SUEXEC_CONFIG_DIR "/etc/apache2/suexec-sandbox.d"
 #define DEFAULT_SAFE_PATH "/bin:/usr/bin"
 #define MAX_ENV_SIZE 256
@@ -32,6 +33,7 @@
 struct config {
  char *path;
+  char *root;
  char **allowed_cmds;
  int num_allowed_cmds;
  char **docroots;
@@ -127,9 +129,6 @@ static int read_config(const char *path, struct config *config) {
  int r = 0, lineno = 1;
  FILE *fp = NULL;
-  // Set defaults.
-  config->path = DEFAULT_SAFE_PATH;
  fp = fopen(path, "r");
  if (!fp) {
    log_printf("Could not open configuration file %s", path);
@@ -148,6 +147,8 @@ static int read_config(const char *path, struct config *config) {
    if (!strcmp(key, "path")) {
      config->path = strdup(value);
+    } else if (!strcmp(key, "root")) {
+      config->root = strdup(value);
    } else if (!strcmp(key, "allowed_cmd")) {
      r = config_add_allowed_cmd(config, value);
    } else if (!strcmp(key, "docroot")) {
@@ -178,6 +179,8 @@ static const char *const safe_env_lst[] = {
    /* variable name starts with */
  "HTTP_", "SSL_",
+  "PHPRC=",
    /* variable name is */
    "AUTH_TYPE=", "CONTENT_LENGTH=", "CONTENT_TYPE=", "CONTEXT_DOCUMENT_ROOT=",
    "CONTEXT_PREFIX=", "DATE_GMT=", "DATE_LOCAL=", "DOCUMENT_ARGS=",
@@ -226,7 +229,7 @@ static int clear_env(struct config *config) {
    return -1;
  }
-  sprintf(pathbuf, "PATH=%s", config->path);
+  sprintf(pathbuf, "PATH=%s", config->path ? config->path : DEFAULT_SAFE_PATH);
  cleanenv[cidx] = strdup(pathbuf);
  if (cleanenv[cidx] == NULL) {
    log_println("failed to malloc memory for environment");
@@ -333,6 +336,7 @@ int main(int argc, char **argv) {
  int target_uid;
  int target_gid;
  char *cmd, *real_cmd;
+  char user_config[512];
  // Create a new config and initialize it to nil.
  struct config config = (const struct config){0};
@@ -378,7 +382,7 @@ int main(int argc, char **argv) {
  }
  // Read configuration file.
-  if (read_config(SUEXEC_CONFIGURATION, &config) < 0)
+  if (read_config(SUEXEC_CONFIG, &config) < 0)
    exit(102);
  // Clean the environment.
@@ -395,6 +399,10 @@ int main(int argc, char **argv) {
    exit(104);
  }
+  // Read the user-specific configuration, if any.
+  snprintf(user_config, sizeof(user_config), SUEXEC_CONFIG_DIR "/%d", target_uid);
+  read_config(user_config, &config);
  if (check_cwd(&config) < 0)
    exit(105);
@@ -406,7 +414,8 @@ int main(int argc, char **argv) {
                          real_cmd, (argv + 3)) < 0)
    exit(106);
-  // sandbox_config.mount_dir = "/home/ale";
+  if (config.root)
+    sandbox_config.new_root_dir = config.root;
  if (sandbox_start(&sandbox_config) < 0)
    exit(107);