Commit fd035804 authored by ale's avatar ale
Browse files

Read per-user configs

Read per-user configuration files from
/etc/apache2/suexec-sandbox.d/UID, that can override directives from
the global (default) config.
parent aff4f24a
......@@ -24,7 +24,8 @@
#include <time.h>
#include <unistd.h>
#define SUEXEC_CONFIGURATION "/etc/apache2/suexec-sandbox.conf"
#define SUEXEC_CONFIG "/etc/apache2/suexec-sandbox.conf"
#define SUEXEC_CONFIG_DIR "/etc/apache2/suexec-sandbox.d"
#define DEFAULT_SAFE_PATH "/bin:/usr/bin"
#define MAX_ENV_SIZE 256
......@@ -32,6 +33,7 @@
struct config {
char *path;
char *root;
char **allowed_cmds;
int num_allowed_cmds;
char **docroots;
......@@ -127,9 +129,6 @@ static int read_config(const char *path, struct config *config) {
int r = 0, lineno = 1;
FILE *fp = NULL;
// Set defaults.
config->path = DEFAULT_SAFE_PATH;
fp = fopen(path, "r");
if (!fp) {
log_printf("Could not open configuration file %s", path);
......@@ -148,6 +147,8 @@ static int read_config(const char *path, struct config *config) {
if (!strcmp(key, "path")) {
config->path = strdup(value);
} else if (!strcmp(key, "root")) {
config->root = strdup(value);
} else if (!strcmp(key, "allowed_cmd")) {
r = config_add_allowed_cmd(config, value);
} else if (!strcmp(key, "docroot")) {
......@@ -176,7 +177,9 @@ static int read_config(const char *path, struct config *config) {
static const char *const safe_env_lst[] = {
/* variable name starts with */
"HTTP_", "SSL_",
"HTTP_", "SSL_",
"PHPRC=",
/* variable name is */
"AUTH_TYPE=", "CONTENT_LENGTH=", "CONTENT_TYPE=", "CONTEXT_DOCUMENT_ROOT=",
......@@ -226,7 +229,7 @@ static int clear_env(struct config *config) {
return -1;
}
sprintf(pathbuf, "PATH=%s", config->path);
sprintf(pathbuf, "PATH=%s", config->path ? config->path : DEFAULT_SAFE_PATH);
cleanenv[cidx] = strdup(pathbuf);
if (cleanenv[cidx] == NULL) {
log_println("failed to malloc memory for environment");
......@@ -333,6 +336,7 @@ int main(int argc, char **argv) {
int target_uid;
int target_gid;
char *cmd, *real_cmd;
char user_config[512];
// Create a new config and initialize it to nil.
struct config config = (const struct config){0};
......@@ -378,7 +382,7 @@ int main(int argc, char **argv) {
}
// Read configuration file.
if (read_config(SUEXEC_CONFIGURATION, &config) < 0)
if (read_config(SUEXEC_CONFIG, &config) < 0)
exit(102);
// Clean the environment.
......@@ -395,6 +399,10 @@ int main(int argc, char **argv) {
exit(104);
}
// Read the user-specific configuration, if any.
snprintf(user_config, sizeof(user_config), SUEXEC_CONFIG_DIR "/%d", target_uid);
read_config(user_config, &config);
if (check_cwd(&config) < 0)
exit(105);
......@@ -406,7 +414,8 @@ int main(int argc, char **argv) {
real_cmd, (argv + 3)) < 0)
exit(106);
// sandbox_config.mount_dir = "/home/ale";
if (config.root)
sandbox_config.new_root_dir = config.root;
if (sandbox_start(&sandbox_config) < 0)
exit(107);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment