Changeset 2591 for trunk/server/common


Ignore:
Timestamp:
Aug 27, 2014, 10:06:17 PM (8 years ago)
Author:
achernya
Message:
Reintegrate fc20-dev into trunk
Location:
trunk
Files:
19 deleted
11 edited
4 copied

Legend:

Unmodified
Added
Removed
  • trunk

  • trunk/server/common/oursrc/accountadm/Makefile.in

    r2299 r2591  
    1010all-local: admof
    1111
    12 admof: LDLIBS = -lafsauthent_pic -lafsrpc_pic -lresolv -lkrb5 -lpthread
     12admof: LDLIBS = -lafsauthent_pic -lafsrpc_pic -lresolv -lkrb5 -lpthread -lk5crypto
    1313admof: admof.o
    1414
  • trunk/server/common/oursrc/httpdmods/mod_authz_afsgroup.c

    r236 r2591  
    1313
    1414#include "ap_config.h"
     15#include "ap_provider.h"
    1516#include "httpd.h"
    1617#include "http_config.h"
     
    1920#include "http_protocol.h"
    2021#include "http_request.h"
     22
     23#include "mod_auth.h"
    2124
    2225#include <unistd.h>
     
    4851module AP_MODULE_DECLARE_DATA authz_afsgroup_module;
    4952
    50 static int check_afsgroup_access(request_rec *r)
     53static authz_status is_user_in_afsgroup(request_rec *r, char* user, char* afsgroup)
     54{
     55    int pfd[2];
     56    pid_t cpid;
     57    int status;
     58    FILE *fp;
     59    char *line = NULL;
     60    char buf[256];
     61    size_t len = 0;
     62    ssize_t read;
     63    int found = 0;
     64    if (pipe(pfd) == -1) {
     65        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
     66                      "pipe() failed!");
     67        return AUTHZ_GENERAL_ERROR;
     68    }
     69    cpid = fork();
     70    if (cpid == -1) {
     71        close(pfd[0]);
     72        close(pfd[1]);
     73        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
     74                      "fork() failed!");
     75        return AUTHZ_GENERAL_ERROR;
     76    }
     77    if (cpid == 0) {
     78        close(pfd[0]);
     79        dup2(pfd[1], STDOUT_FILENO);
     80        execve("/usr/bin/pts",
     81               (char *const[])
     82               { "pts", "membership", "-nameorid", afsgroup, NULL },
     83               NULL);
     84        _exit(1);
     85    }
     86    close(pfd[1]);
     87    fp = fdopen(pfd[0], "r");
     88    if (fp == NULL) {
     89        close(pfd[0]);
     90        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
     91                      "fdopen() failed!");
     92        return AUTHZ_GENERAL_ERROR;
     93    }
     94    if (snprintf(buf, sizeof(buf), "  %s\n", user) >= sizeof(buf)) {
     95        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
     96                      "access to %s failed, reason: username '%s' "
     97                      "is too long!",
     98                      r->uri, user);
     99        return AUTHZ_DENIED;
     100    }
     101    while ((read = getline(&line, &len, fp)) != -1) {
     102        if (strcmp(line, buf) == 0)
     103            found = 1;
     104    }
     105    if (line)
     106        free(line);
     107    fclose(fp);
     108    if (waitpid(cpid, &status, 0) == -1) {
     109        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
     110                      "waitpid() failed!");
     111        return AUTHZ_GENERAL_ERROR;
     112    }
     113    if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
     114        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
     115                      "`pts membership -nameorid %s` failed!",
     116                      afsgroup);
     117        return AUTHZ_GENERAL_ERROR;
     118    }
     119    if (found)
     120        return AUTHZ_GRANTED;
     121
     122    return AUTHZ_DENIED;
     123}
     124
     125static authz_status check_afsgroup_access(request_rec *r,
     126                                 const char *require_line,
     127                                 const void *parsed_require_line)
    51128{
    52129    authz_afsgroup_config_rec *conf = ap_get_module_config(r->per_dir_config,
    53130                                                           &authz_afsgroup_module);
    54     char *user = r->user;
    55     int m = r->method_number;
    56     int required_afsgroup = 0;
    57     register int x;
    58131    const char *t;
    59132    char *w;
    60     const apr_array_header_t *reqs_arr = ap_requires(r);
    61     require_line *reqs;
     133    authz_status pergroup;
    62134
    63     if (!reqs_arr) {
    64         return DECLINED;
    65     }
    66     reqs = (require_line *)reqs_arr->elts;
    67 
    68     for (x = 0; x < reqs_arr->nelts; x++) {
    69 
    70         if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) {
    71             continue;
    72         }
    73 
    74         t = reqs[x].requirement;
    75         w = ap_getword_white(r->pool, &t);
    76         if (!strcasecmp(w, "afsgroup")) {
    77             required_afsgroup = 1;
    78             while (t[0]) {
    79                 int pfd[2];
    80                 pid_t cpid;
    81                 int status;
    82                 FILE *fp;
    83                 char *line = NULL;
    84                 char buf[256];
    85                 size_t len = 0;
    86                 ssize_t read;
    87                 int found = 0;
    88                 w = ap_getword_conf(r->pool, &t);
    89                 if (pipe(pfd) == -1) {
    90                     ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
    91                                   "pipe() failed!");
    92                     return HTTP_INTERNAL_SERVER_ERROR;
    93                 }
    94                 cpid = fork();
    95                 if (cpid == -1) {
    96                     close(pfd[0]);
    97                     close(pfd[1]);
    98                     ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
    99                                   "fork() failed!");
    100                     return HTTP_INTERNAL_SERVER_ERROR;
    101                 }
    102                 if (cpid == 0) {
    103                     close(pfd[0]);
    104                     dup2(pfd[1], STDOUT_FILENO);
    105                     execve("/usr/bin/pts",
    106                            (char *const[]) {
    107                                "pts", "membership", "-nameorid", w, NULL
    108                            },
    109                            NULL);
    110                     _exit(1);
    111                 }
    112                 close(pfd[1]);
    113                 fp = fdopen(pfd[0], "r");
    114                 if (fp == NULL) {
    115                     close(pfd[0]);
    116                     ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
    117                                   "fdopen() failed!");
    118                     return HTTP_INTERNAL_SERVER_ERROR;
    119                 }
    120                 if (snprintf(buf, sizeof(buf), "  %s\n", user) >= sizeof(buf)) {
    121                     ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
    122                                   "access to %s failed, reason: username '%s' "
    123                                   "is too long!",
    124                                   r->uri, user);
    125                     continue;
    126                 }
    127                 while ((read = getline(&line, &len, fp)) != -1) {
    128                     if (strcmp(line, buf) == 0)
    129                         found = 1;
    130                 }
    131                 if (line)
    132                     free(line);
    133                 fclose(fp);
    134                 if (waitpid(cpid, &status, 0) == -1) {
    135                     ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
    136                                   "waitpid() failed!");
    137                     return HTTP_INTERNAL_SERVER_ERROR;
    138                 }
    139                 if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
    140                     ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
    141                                   "`pts membership -nameorid %s` failed!",
    142                                   w);
    143                     return HTTP_INTERNAL_SERVER_ERROR;
    144                 }
    145                 if (found)
    146                     return OK;
    147             }
    148         }
     135    if (!r->user) {
     136        return AUTHZ_DENIED_NO_USER;
    149137    }
    150138
    151     if (!required_afsgroup) {
    152         return DECLINED;
     139    t = require_line;
     140    while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
     141        if ((pergroup = is_user_in_afsgroup(r, r->user, w)) != AUTHZ_DENIED) {
     142            // If we got some return value other than AUTHZ_DENIED, it
     143            // means we either got GRANTED, or some sort of error, and
     144            // we need to bubble that up.
     145            return pergroup;
     146        }
    153147    }
    154148
    155149    if (!conf->authoritative) {
    156         return DECLINED;
     150        return AUTHZ_NEUTRAL;
    157151    }
    158152
     
    160154                  "access to %s failed, reason: user '%s' does not meet "
    161155                  "'require'ments for afsgroup to be allowed access",
    162                   r->uri, user);
     156                  r->uri, r->user);
    163157
    164     ap_note_auth_failure(r);
    165     return HTTP_FORBIDDEN;
     158    return AUTHZ_DENIED;
    166159}
     160
     161static const authz_provider authz_afsgroup_provider =
     162{
     163    &check_afsgroup_access,
     164    NULL,
     165};
    167166
    168167static void register_hooks(apr_pool_t *p)
    169168{
    170     ap_hook_auth_checker(check_afsgroup_access, NULL, NULL, APR_HOOK_MIDDLE);
     169    ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "afsgroup",
     170                              AUTHZ_PROVIDER_VERSION,
     171                              &authz_afsgroup_provider, AP_AUTH_INTERNAL_PER_CONF);
     172
    171173}
    172174
  • trunk/server/common/oursrc/httpdmods/mod_original_dst.c

    r1796 r2591  
    1616#include "ap_config.h"
    1717#include "ap_listen.h"
     18#include "apr_portable.h"
    1819#include "http_config.h"
    1920#include "http_log.h"
    2021#include "httpd.h"
    21 #include "mpm.h"
     22#include "unixd.h"
     23
     24#define MPM_ACCEPT_FUNC ap_unixd_accept
    2225
    2326extern void apr_sockaddr_vars_set(apr_sockaddr_t *, int, apr_port_t);
  • trunk/server/common/oursrc/tokensys/scripts-afsagent-startup.in

    r2246 r2591  
    33/sbin/sysctl -q afs.GCPAGs=0
    44@fs_path@ setcrypt on
    5 @fs_path@ sysname 'amd64_fedora17_scripts' 'amd64_fedora15_scripts' 'amd64_fedora13_scripts' 'amd64_fedora11_scripts' 'amd64_fedora9_scripts' 'amd64_fedora7_scripts' 'scripts' 'amd64_fedora17' 'amd64_fedora15' 'amd64_fedora13' 'amd64_fedora11' 'amd64_fedora9' 'amd64_fedora7' 'amd64_linux26' 'i386_deb60' 'i386_deb50' 'i386_deb40' 'i386_rhel4' 'i386_rhel3' 'i386_rh9' 'i386_linux26' 'i386_linux24' 'i386_linux22' 'i386_linux3' 'i386_linux2'
     5@fs_path@ sysname 'amd64_fedora20_scripts' 'amd64_fedora17_scripts' 'amd64_fedora15_scripts' 'amd64_fedora13_scripts' 'amd64_fedora11_scripts' 'amd64_fedora9_scripts' 'amd64_fedora7_scripts' 'scripts' 'amd64_fedora20' 'amd64_fedora17' 'amd64_fedora15' 'amd64_fedora13' 'amd64_fedora11' 'amd64_fedora9' 'amd64_fedora7' 'amd64_linux26' 'i386_deb60' 'i386_deb50' 'i386_deb40' 'i386_rhel4' 'i386_rhel3' 'i386_rh9' 'i386_linux26' 'i386_linux24' 'i386_linux22' 'i386_linux3' 'i386_linux2'
    66
    77@fs_path@ setcell -nosuid -c athena
  • trunk/server/common/oursrc/tokensys/scripts-afsagent-startup.service

    r2561 r2591  
    22Description=Scripts AFS Configuration Service
    33After=syslog.target openafs-client.service
    4 Before=crond.service
     4Before=remote-fs.target
    55Requires=openafs-client.service
    66
     
    1010
    1111[Install]
    12 WantedBy=multi-user.target remote-fs.target crond.service
     12WantedBy=multi-user.target remote-fs.target
  • trunk/server/common/oursrc/tokensys/scripts-afsagent.service

    r2561 r2591  
    22Description=Scripts afsagent Service
    33After=syslog.target openafs-client.service
    4 Before=crond.service
     4Before=remote-fs.target
    55Requires=openafs-client.service
    66
     
    1111
    1212[Install]
    13 WantedBy=multi-user.target remote-fs.target crond.service
     13WantedBy=multi-user.target remote-fs.target
  • trunk/server/common/patches/httpd-fixup-vhost.patch

    r1602 r2591  
    1 commit 3b081163d6250d893838d69d9a83f217c341d657
    2 Author: Greg Brockman <gdb@mit.edu>
    3 Date:   Fri Aug 6 23:19:15 2010 -0400
     1From e90c8e59a93e5dde747e6dec7b960d2a6f2523ab Mon Sep 17 00:00:00 2001
     2From: Alexander Chernyakhovsky <achernya@mit.edu>
     3Date: Fri, 3 May 2013 22:43:28 -0400
     4Subject: [PATCH] Export method to fixup a single virtual host
    45
    5     Add method to merge virtual host with a main server_rec
     6Apache normally provides ap_fixup_virtual_hosts, which merges the
     7configuration from the main server into each virtual host.  Refactor
     8this code to allow merging the configuration into a single virtual
     9host, and export this method for use in mod_vhost_ldap.
     10
     11Additionally, call the newly created method in the loop in
     12ap_fixup_virtual_hosts.
     13---
     14 include/http_config.h |  9 ++++++++
     15 server/config.c       | 58 ++++++++++++++++++++++++++++-----------------------
     16 2 files changed, 41 insertions(+), 26 deletions(-)
    617
    718diff --git a/include/http_config.h b/include/http_config.h
    8 index 5e9fd51..8e6f247 100644
     19index 7ee3760..e3657ea 100644
    920--- a/include/http_config.h
    1021+++ b/include/http_config.h
    11 @@ -827,6 +827,16 @@ AP_DECLARE(void) ap_register_hooks(module *m, apr_pool_t *p);
    12  AP_DECLARE(void) ap_fixup_virtual_hosts(apr_pool_t *p,
     22@@ -1012,6 +1012,15 @@ AP_DECLARE(void) ap_register_hooks(module *m, apr_pool_t *p);
     23  */
     24 AP_DECLARE(void) ap_fixup_virtual_hosts(apr_pool_t *p,
    1325                                         server_rec *main_server);
    14  
    1526+/**
    16 + * Setup a single virtual host by merging the main server_rec into it.
     27+ * Setup all virtual hosts
    1728+ * @param p The pool to allocate from
    18 + * @param main_server The server_rec with which to merge
    19 + * @param virt The virtual host server_rec with some set of directives to override already set
     29+ * @param main_server The head of the server_rec list
     30+ * @param virt The individual virtual host to fix
    2031+ */
    2132+AP_DECLARE(void) ap_fixup_virtual_host(apr_pool_t *p,
    2233+                                      server_rec *main_server,
    2334+                                      server_rec *virt);
    24 +
    25  /* For http_request.c... */
    2635 
    2736 /**
     37  * Reserve some modules slots for modules loaded by other means than
    2838diff --git a/server/config.c b/server/config.c
    29 index 101d0e4..ef0f2ba 100644
     39index c1aae17..254c5d2 100644
    3040--- a/server/config.c
    3141+++ b/server/config.c
    32 @@ -1902,38 +1902,43 @@ AP_CORE_DECLARE(const char *) ap_init_virtual_host(apr_pool_t *p,
     42@@ -2245,46 +2245,52 @@ AP_DECLARE(void) ap_merge_log_config(const struct ap_logconf *old_conf,
     43     }
    3344 }
    34  
    3545 
    3646-AP_DECLARE(void) ap_fixup_virtual_hosts(apr_pool_t *p, server_rec *main_server)
    3747+AP_DECLARE(void) ap_fixup_virtual_host(apr_pool_t *p, server_rec *main_server,
    38 +                                       server_rec *virt)
     48+                                      server_rec *virt)
    3949 {
    4050-    server_rec *virt;
    41 +    merge_server_configs(p, main_server->module_config,
    42 +                         virt->module_config);
     51     core_dir_config *dconf =
     52         ap_get_core_module_config(main_server->lookup_defaults);
     53     dconf->log = &main_server->log;
    4354 
    4455-    for (virt = main_server->next; virt; virt = virt->next) {
    4556-        merge_server_configs(p, main_server->module_config,
    4657-                             virt->module_config);
    47 +    virt->lookup_defaults =
    48 +        ap_merge_per_dir_configs(p, main_server->lookup_defaults,
    49 +                                 virt->lookup_defaults);
     58+    merge_server_configs(p, main_server->module_config,
     59+                        virt->module_config);
    5060 
    5161-        virt->lookup_defaults =
    5262-            ap_merge_per_dir_configs(p, main_server->lookup_defaults,
    5363-                                     virt->lookup_defaults);
    54 +    if (virt->server_admin == NULL)
    55 +        virt->server_admin = main_server->server_admin;
     64+    virt->lookup_defaults =
     65+       ap_merge_per_dir_configs(p, main_server->lookup_defaults,
     66+                                virt->lookup_defaults);
    5667 
    5768-        if (virt->server_admin == NULL)
    5869-            virt->server_admin = main_server->server_admin;
    59 +    if (virt->timeout == 0)
    60 +        virt->timeout = main_server->timeout;
     70+    if (virt->server_admin == NULL)
     71+       virt->server_admin = main_server->server_admin;
    6172 
    6273-        if (virt->timeout == 0)
    6374-            virt->timeout = main_server->timeout;
    64 +    if (virt->keep_alive_timeout == 0)
    65 +        virt->keep_alive_timeout = main_server->keep_alive_timeout;
     75+    if (virt->timeout == 0)
     76+       virt->timeout = main_server->timeout;
    6677 
    6778-        if (virt->keep_alive_timeout == 0)
    6879-            virt->keep_alive_timeout = main_server->keep_alive_timeout;
    69 +    if (virt->keep_alive == -1)
    70 +        virt->keep_alive = main_server->keep_alive;
     80+    if (virt->keep_alive_timeout == 0)
     81+       virt->keep_alive_timeout = main_server->keep_alive_timeout;
    7182 
    7283-        if (virt->keep_alive == -1)
    7384-            virt->keep_alive = main_server->keep_alive;
    74 +    if (virt->keep_alive_max == -1)
    75 +        virt->keep_alive_max = main_server->keep_alive_max;
     85+    if (virt->keep_alive == -1)
     86+       virt->keep_alive = main_server->keep_alive;
    7687 
    7788-        if (virt->keep_alive_max == -1)
    7889-            virt->keep_alive_max = main_server->keep_alive_max;
    79 +    /* XXX: this is really something that should be dealt with by a
    80 +     * post-config api phase
    81 +     */
    82 +    ap_core_reorder_directories(p, virt);
    83 +}
     90+    if (virt->keep_alive_max == -1)
     91+       virt->keep_alive_max = main_server->keep_alive_max;
     92 
     93-        ap_merge_log_config(&main_server->log, &virt->log);
     94+    ap_merge_log_config(&main_server->log, &virt->log);
     95 
     96-        dconf = ap_get_core_module_config(virt->lookup_defaults);
     97-        dconf->log = &virt->log;
     98+    dconf = ap_get_core_module_config(virt->lookup_defaults);
     99+    dconf->log = &virt->log;
    84100 
    85101-        /* XXX: this is really something that should be dealt with by a
     
    88104-        ap_core_reorder_directories(p, virt);
    89105-    }
     106+    /* XXX: this is really something that should be dealt with by a
     107+     * post-config api phase
     108+     */
     109+    ap_core_reorder_directories(p, virt);
     110+}
     111+
    90112+AP_DECLARE(void) ap_fixup_virtual_hosts(apr_pool_t *p, server_rec *main_server)
    91113+{
    92114+    server_rec *virt;
    93 +
     115+   
    94116+    for (virt = main_server->next; virt; virt = virt->next)
    95117+        ap_fixup_virtual_host(p, main_server, virt);
     
    97119     ap_core_reorder_directories(p, main_server);
    98120 }
     121--
     1221.8.1.2
     123
  • trunk/server/common/patches/httpd-suexec-scripts.patch

    r2186 r2591  
    1 # scripts.mit.edu httpd suexec patch
    2 # Copyright (C) 2006, 2007, 2008  Jeff Arnold <jbarnold@mit.edu>,
    3 #                                 Joe Presbrey <presbrey@mit.edu>,
    4 #                                 Anders Kaseorg <andersk@mit.edu>,
    5 #                                 Geoffrey Thomas <geofft@mit.edu>
    6 #
    7 # This program is free software; you can redistribute it and/or
    8 # modify it under the terms of the GNU General Public License
    9 # as published by the Free Software Foundation; either version 2
    10 # of the License, or (at your option) any later version.
    11 #
    12 # This program is distributed in the hope that it will be useful,
    13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
    14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    15 # GNU General Public License for more details.
    16 #
    17 # You should have received a copy of the GNU General Public License
    18 # along with this program; if not, write to the Free Software
    19 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
    20 #
    21 # See /COPYRIGHT in this repository for more information.
    22 #
    23 --- httpd-2.2.2/support/Makefile.in.old 2005-07-06 19:15:34.000000000 -0400
    24 +++ httpd-2.2.2/support/Makefile.in     2007-01-20 17:12:51.000000000 -0500
    25 @@ -60,7 +60,7 @@
    26 
    27  suexec_OBJECTS = suexec.lo
    28  suexec: $(suexec_OBJECTS)
    29 -       $(LINK) $(suexec_OBJECTS)
    30 +       $(LINK) -lselinux $(suexec_OBJECTS)
    31 
    32  htcacheclean_OBJECTS = htcacheclean.lo
    33  htcacheclean: $(htcacheclean_OBJECTS)
    34 --- httpd-2.2.2/configure.in.old        2007-07-17 10:48:25.000000000 -0400
    35 +++ httpd-2.2.2/configure.in    2008-08-29 08:15:41.000000000 -0400
    36 @@ -559,6 +559,10 @@
     1From 427d432a56df94d69a11cc438b08adb070615005 Mon Sep 17 00:00:00 2001
     2From: Alexander Chernyakhovsky <achernya@mit.edu>
     3Date: Fri, 3 May 2013 21:38:58 -0400
     4Subject: [PATCH] Add scripts-specific support to suexec
     5
     6This patch make suexec aware of static-cat, Scripts' tool to serve
     7static content out of AFS.  Specifically, this introduces a whitelist
     8of extensions for which suexec is supposed to invoke static-cat as a
     9content-handler.
     10
     11Additionally, this patch also sets JAVA_TOOL_OPTIONS, to allow the JVM
     12to start up in Scripts' limited memory environment.
     13
     14Furthermore, this patch deals with some of suexec's paranoia being
     15incorrect in an AFS world, by ignoring some of the irrelevant stat
     16results.
     17
     18Finally, add support for invoking php-cgi for php files, in a safe
     19manner that will strip arguments passed by Apache to php-cgi.
     20---
     21 configure.in     |   4 ++
     22 support/suexec.c | 172 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
     23 2 files changed, 173 insertions(+), 3 deletions(-)
     24
     25diff --git a/configure.in b/configure.in
     26index 811aace..a95349f 100644
     27--- a/configure.in
     28+++ b/configure.in
     29@@ -721,6 +721,10 @@ AC_ARG_WITH(suexec-userdir,
    3730 APACHE_HELP_STRING(--with-suexec-userdir,User subdirectory),[
    3831   AC_DEFINE_UNQUOTED(AP_USERDIR_SUFFIX, "$withval", [User subdirectory] ) ] )
     
    4538 APACHE_HELP_STRING(--with-suexec-docroot,SuExec root directory),[
    4639   AC_DEFINE_UNQUOTED(AP_DOC_ROOT, "$withval", [SuExec root directory] ) ] )
    47 --- httpd-2.2.11/support/suexec.c.old   2008-11-30 10:47:31.000000000 -0500
    48 +++ httpd-2.2.11/support/suexec.c       2009-06-08 09:02:17.000000000 -0400
     40diff --git a/support/suexec.c b/support/suexec.c
     41index 32e7320..3a4d802 100644
     42--- a/support/suexec.c
     43+++ b/support/suexec.c
    4944@@ -30,6 +30,9 @@
    5045  *
     
    5752 #include "ap_config.h"
    5853 #include "suexec.h"
    59 @@ -46,6 +49,7 @@
    60  #include <stdio.h>
    61  #include <stdarg.h>
    62  #include <stdlib.h>
    63 +#include <selinux/selinux.h>
    64  
    65  #ifdef HAVE_PWD_H
    66  #include <pwd.h>
    67 @@ -95,6 +99,7 @@
     54@@ -92,6 +95,7 @@ static const char *const safe_env_lst[] =
    6855 {
    6956     /* variable name starts with */
     
    7360 
    7461     /* variable name is */
    75 @@ -245,9 +250,108 @@
     62@@ -268,9 +272,108 @@ static void clean_env(void)
    7663     environ = cleanenv;
    7764 }
     
    182169     gid_t gid;              /* target group placeholder  */
    183170     char *target_uname;     /* target user name          */
    184 @@ -268,6 +368,7 @@
     171@@ -290,6 +393,7 @@ int main(int argc, char *argv[])
    185172      * Start with a "clean" environment
    186173      */
     
    188175+    setenv("JAVA_TOOL_OPTIONS", "-Xmx128M", 1); /* scripts.mit.edu local hack */
    189176 
    190      prog = argv[0];
    191      /*
    192 @@ -350,6 +451,20 @@
     177     /*
     178      * Check existence/validity of the UID of the user
     179@@ -373,6 +477,20 @@ int main(int argc, char *argv[])
    193180 #endif /*_OSD_POSIX*/
    194181 
     
    211198      * or attempts to back up out of the current directory,
    212199      * to protect against attacks.  If any are
    213 @@ -371,6 +486,7 @@
     200@@ -394,6 +512,7 @@ int main(int argc, char *argv[])
    214201         userdir = 1;
    215202     }
     
    219206      * Error out if the target username is invalid.
    220207      */
    221 @@ -452,7 +568,7 @@
     208@@ -482,7 +601,7 @@ int main(int argc, char *argv[])
    222209      * Error out if attempt is made to execute as root or as
    223210      * a UID less than AP_UID_MIN.  Tsk tsk.
     
    225212-    if ((uid == 0) || (uid < AP_UID_MIN)) {
    226213+    if ((uid == 0) || (uid < AP_UID_MIN && uid != 102)) { /* uid 102 = signup  */
    227          log_err("cannot run as forbidden uid (%d/%s)\n", uid, cmd);
     214         log_err("cannot run as forbidden uid (%lu/%s)\n", (unsigned long)uid, cmd);
    228215         exit(107);
    229216     }
    230 @@ -484,6 +599,7 @@
    231          log_err("failed to setuid (%ld: %s)\n", uid, cmd);
     217@@ -514,6 +633,7 @@ int main(int argc, char *argv[])
     218         log_err("failed to setuid (%lu: %s)\n", (unsigned long)uid, cmd);
    232219         exit(110);
    233220     }
     
    236223     /*
    237224      * Get the current working directory, as well as the proper
    238 @@ -506,6 +637,21 @@
     225@@ -536,6 +656,21 @@ int main(int argc, char *argv[])
    239226             log_err("cannot get docroot information (%s)\n", target_homedir);
    240227             exit(112);
     
    258245     else {
    259246         if (((chdir(AP_DOC_ROOT)) != 0) ||
    260 @@ -532,15 +678,17 @@
     247@@ -562,15 +697,17 @@ int main(int argc, char *argv[])
    261248     /*
    262249      * Error out if cwd is writable by others.
     
    277264         exit(117);
    278265     }
    279 @@ -548,10 +696,12 @@
     266@@ -578,10 +715,12 @@ int main(int argc, char *argv[])
    280267     /*
    281268      * Error out if the program is writable by others.
     
    290277     /*
    291278      * Error out if the file is setuid or setgid.
    292 @@ -565,6 +715,7 @@
     279@@ -595,6 +734,7 @@ int main(int argc, char *argv[])
    293280      * Error out if the target name/group is different from
    294281      * the name/group of the cwd or the program.
     
    298285         (gid != dir_info.st_gid) ||
    299286         (uid != prg_info.st_uid) ||
    300 @@ -576,12 +727,14 @@
    301                  prg_info.st_uid, prg_info.st_gid);
     287@@ -606,12 +746,14 @@ int main(int argc, char *argv[])
     288                 (unsigned long)prg_info.st_uid, (unsigned long)prg_info.st_gid);
    302289         exit(120);
    303290     }
     
    314301         exit(121);
    315302     }
    316 @@ -614,6 +767,30 @@
     303@@ -660,6 +802,30 @@ int main(int argc, char *argv[])
    317304     /*
    318305      * Execute the command, replacing our image with its own.
     
    345332     /* We need the #! emulation when we want to execute scripts */
    346333     {
     334--
     3351.8.1.2
     336
  • trunk/server/common/patches/openafs-scripts.patch

    r2066 r2591  
    4646#
    4747diff --git a/src/afs/LINUX/osi_vnodeops.c b/src/afs/LINUX/osi_vnodeops.c
    48 index 7c7705e..0d0e94f 100644
     48index 03caf1c..699b2ce 100644
    4949--- a/src/afs/LINUX/osi_vnodeops.c
    5050+++ b/src/afs/LINUX/osi_vnodeops.c
    51 @@ -904,6 +904,28 @@ afs_linux_dentry_revalidate(struct dentry *dp, int flags)
     51@@ -1207,6 +1207,28 @@ afs_linux_dentry_revalidate(struct dentry *dp, int flags)
    5252        /* should we always update the attributes at this point? */
    5353        /* unlikely--the vcache entry hasn't changed */
     
    7979 #ifdef notyet
    8080diff --git a/src/afs/VNOPS/afs_vnop_access.c b/src/afs/VNOPS/afs_vnop_access.c
    81 index eabcfeb..6390850 100644
     81index feb0ca7..ba818c7 100644
    8282--- a/src/afs/VNOPS/afs_vnop_access.c
    8383+++ b/src/afs/VNOPS/afs_vnop_access.c
     
    119119 }
    120120diff --git a/src/afs/VNOPS/afs_vnop_attrs.c b/src/afs/VNOPS/afs_vnop_attrs.c
    121 index b3931e5..71ef05c 100644
     121index d01aff2..0a38c1c 100644
    122122--- a/src/afs/VNOPS/afs_vnop_attrs.c
    123123+++ b/src/afs/VNOPS/afs_vnop_attrs.c
     
    134134 #elif defined(AFS_DARWIN80_ENV)
    135135diff --git a/src/afs/VNOPS/afs_vnop_lookup.c b/src/afs/VNOPS/afs_vnop_lookup.c
    136 index 8e7af1c..7e984e9 100644
     136index 5d96f75..7957eee 100644
    137137--- a/src/afs/VNOPS/afs_vnop_lookup.c
    138138+++ b/src/afs/VNOPS/afs_vnop_lookup.c
    139 @@ -1877,6 +1877,12 @@ afs_lookup(OSI_VC_DECL(adp), char *aname, struct vcache **avcp, afs_ucred_t *acr
     139@@ -1915,6 +1915,12 @@ afs_lookup(OSI_VC_DECL(adp), char *aname, struct vcache **avcp, afs_ucred_t *acr
    140140     }
    141141 
     
    151151        osi_FreeLargeSpace(tname);
    152152diff --git a/src/afs/afs.h b/src/afs/afs.h
    153 index fcc4c70..0d53af6 100644
     153index 88d5f77..61d3ee9 100644
    154154--- a/src/afs/afs.h
    155155+++ b/src/afs/afs.h
     
    171171     afs_int32 flags;           /* things like O_SYNC, O_NONBLOCK go here */
    172172     char initd;                        /* if non-zero, Error fields meaningful */
    173 @@ -887,6 +895,7 @@ struct vcache {
    174  #ifdef AFS_SUN5_ENV
     173@@ -896,6 +904,7 @@ struct vcache {
    175174     struct afs_q multiPage;    /* list of multiPage_range structs */
    176175 #endif
     176     afs_uint32 lastBRLWarnTime; /* last time we warned about byte-range locks */
    177177+    int apache_access;         /* whether or not Apache has access to a file */
    178178 };
     
    180180 #define        DONT_CHECK_MODE_BITS    0
    181181diff --git a/src/afs/afs_analyze.c b/src/afs/afs_analyze.c
    182 index 1834e6d..673a8e6 100644
     182index 2ecd38e..95aafcd 100644
    183183--- a/src/afs/afs_analyze.c
    184184+++ b/src/afs/afs_analyze.c
    185 @@ -368,7 +368,7 @@ afs_Analyze(struct afs_conn *aconn, afs_int32 acode,
     185@@ -478,7 +478,7 @@ afs_Analyze(struct afs_conn *aconn, struct rx_connection *rxconn,
    186186                         (afid ? afid->Fid.Volume : 0));
    187187        }
     
    193193            areq->volumeError = VOLBUSY;
    194194diff --git a/src/afs/afs_osi_pag.c b/src/afs/afs_osi_pag.c
    195 index c888605..ff5cf2d 100644
     195index efce229..c1c1871 100644
    196196--- a/src/afs/afs_osi_pag.c
    197197+++ b/src/afs/afs_osi_pag.c
     
    206206  * representation is '41XXXXXX' hex are used to represent the pags.
    207207@@ -484,6 +486,15 @@ afs_InitReq(struct vrequest *av, afs_ucred_t *acred)
    208         av->uid = afs_cr_uid(acred);    /* default when no pag is set */
     208        av->uid = afs_cr_ruid(acred);   /* default when no pag is set */
    209209 #endif
    210210     }
     
    222222 
    223223diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c
    224 index f282510..00f1360 100644
     224index e0a744d..c1c8c8c 100644
    225225--- a/src/afs/afs_pioctl.c
    226226+++ b/src/afs/afs_pioctl.c
    227 @@ -1406,6 +1406,10 @@ DECL_PIOCTL(PSetAcl)
     227@@ -1420,6 +1420,10 @@ DECL_PIOCTL(PSetAcl)
    228228     struct rx_connection *rxconn;
    229229     XSTATS_DECLS;
     
    236236     if (!avc)
    237237        return EINVAL;
    238 @@ -1790,6 +1794,10 @@ DECL_PIOCTL(PSetTokens)
     238@@ -1806,6 +1810,10 @@ DECL_PIOCTL(PSetTokens)
    239239     struct vrequest treq;
    240240     afs_int32 flag, set_parent_pag = 0;
     
    247247     if (!afs_resourceinit_flag) {
    248248        return EIO;
    249 @@ -2231,6 +2239,11 @@ DECL_PIOCTL(PGetTokens)
     249@@ -2266,6 +2274,11 @@ DECL_PIOCTL(PGetTokens)
    250250     int newStyle;
    251251     int code = E2BIG;
     
    259259     if (!afs_resourceinit_flag)        /* afs daemons haven't started yet */
    260260        return EIO;             /* Inappropriate ioctl for device */
    261 @@ -2341,6 +2354,10 @@ DECL_PIOCTL(PUnlog)
     261@@ -2376,6 +2389,10 @@ DECL_PIOCTL(PUnlog)
    262262     afs_int32 i;
    263263     struct unixuser *tu;
  • trunk/server/common/patches/openafs-systemd-crond.patch

    r2561 r2591  
    11diff --git a/src/packaging/RedHat/openafs-client.service b/src/packaging/RedHat/openafs-client.service
    2 index bc95057..9627280 100644
     2index 936762e..c0558b2 100644
    33--- a/src/packaging/RedHat/openafs-client.service
    44+++ b/src/packaging/RedHat/openafs-client.service
    5 @@ -1,5 +1,6 @@
     5@@ -1,6 +1,7 @@
    66 [Unit]
    77 Description=OpenAFS Client Service
    8 +Before=crond.service
    9  After=syslog.target network.target
     8-After=syslog.target network.target
     9+After=syslog.target network-online.target
     10+Before=remote-fs.target
    1011 
    1112 [Service]
    12 @@ -15,4 +16,4 @@ ExecStop=/sbin/rmmod openafs
    13  KillMode=none
    14  
    15  [Install]
    16 -WantedBy=multi-user.target remote-fs.target
    17 +WantedBy=multi-user.target remote-fs.target crond.service
     13 Type=forking
Note: See TracChangeset for help on using the changeset viewer.