[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-cvs
Subject: cvs commit: apache-1.3/src/os/mpeix Makefile.tmpl dlopen.c os-inline.c
From: wrowe () locus ! apache ! org
Date: 2000-09-28 13:32:44
[Download RAW message or body]
wrowe 00/09/28 06:32:44
Modified: . configure
src CHANGES Configure
src/include ap_config.h
src/main http_main.c
src/modules/proxy proxy_cache.c proxy_util.c
src/os/mpeix Makefile.tmpl dlopen.c os-inline.c
Log:
Updating the MPE DSO code to be compatible with an OS patch fixing an
earlier DSO problem.
Refining how MPE deals with UID/GID management and dealing with some MPE
limitations in this area.
First-time support for mod_proxy.
#include tweakage required for using apxs to build modules without access
to the full source tree.
Other minor tweaks.
PR: 6587
Obtained from: <87FB8F5CE210D311B60500A0C9F4871C073DA372@xcup01.cup.hp.com>
Submitted by: [Mark Bixby <mark_bixby@hp.com>]
Reviewed by: William Rowe
Revision Changes Path
1.126 +3 -3 apache-1.3/configure
Index: configure
===================================================================
RCS file: /home/cvs/apache-1.3/configure,v
retrieving revision 1.125
retrieving revision 1.126
diff -u -r1.125 -r1.126
--- configure 2000/09/25 23:45:54 1.125
+++ configure 2000/09/28 13:32:28 1.126
@@ -351,9 +351,9 @@
iflags_core="${iflags_core} -e .exe"
;;
*MPE/iX* )
- default_layout="Apache"
- iflags_program="-m 755"
- ;;
+ default_layout="Apache"
+ iflags_program="-m 755"
+ ;;
*)
default_layout="Apache"
;;
1.1582 +12 -0 apache-1.3/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.1581
retrieving revision 1.1582
diff -u -r1.1581 -r1.1582
--- CHANGES 2000/09/28 09:25:56 1.1581
+++ CHANGES 2000/09/28 13:32:31 1.1582
@@ -1,5 +1,17 @@
Changes with Apache 1.3.13
+ *) Initial support added for mod_proxy under MPE/iX.
+ [Mark Bixby <mark_bixby@hp.com>]
+
+ *) Refined UID/GID management and permissions on MPE/iX to deal
+ with some limitations. [Mark Bixby <mark_bixby@hp.com>]
+
+ *) Updated the MPE DSO code to be compatible with an OS patch that
+ fixed an earlier DSO problem, #include tweakage required for
+ using apxs to build modules without access to the full source
+ tree, and other minor MPE tweaks.
+ [Mark Bixby <mark_bixby@hp.com>]
+
*) Tighten up the syntax checking of Host: headers to fix a
security bug in some mass virtual hosting configurations
that can allow a remote attacker to retrieve some files
1.403 +0 -1 apache-1.3/src/Configure
Index: Configure
===================================================================
RCS file: /home/cvs/apache-1.3/src/Configure,v
retrieving revision 1.402
retrieving revision 1.403
diff -u -r1.402 -r1.403
--- Configure 2000/09/13 20:49:42 1.402
+++ Configure 2000/09/28 13:32:32 1.403
@@ -1032,7 +1032,6 @@
LD_SHLIB=ld
LDFLAGS_SHLIB='-b -a archive'
LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
- LIBS_SHLIB='$(OSDIR)/mpe_dl_stub.o'
;;
*-linux1)
CFLAGS_SHLIB="-fpic"
1.293 +12 -3 apache-1.3/src/include/ap_config.h
Index: ap_config.h
===================================================================
RCS file: /home/cvs/apache-1.3/src/include/ap_config.h,v
retrieving revision 1.292
retrieving revision 1.293
diff -u -r1.292 -r1.293
--- ap_config.h 2000/07/15 15:55:34 1.292
+++ ap_config.h 2000/09/28 13:32:35 1.293
@@ -135,8 +135,16 @@
#define NO_WRITEV
#define HAVE_SHMGET 1
#define USE_SHMGET_SCOREBOARD
-#define SHM_R 0400 /* Read permission */
-#define SHM_W 0200 /* Write permission */
+/*
+ UID/GID isn't a native concept for MPE, and it's definitely not a 100%
+ Unix implementation. There isn't a traditional superuser concept either,
+ so we're forced to liberalize SHM security a bit so the parent & children
+ can communicate when they're running with different UIDs within the same
+ GID (the GID will *always* be the same on MPE). Thus the weird SHM_R and
+ SHM_W below.
+*/
+#define SHM_R 0440 /* Read permission */
+#define SHM_W 0220 /* Write permission */
#define NEED_INITGROUPS
#define NEED_STRCASECMP
#define NEED_STRDUP
@@ -149,6 +157,7 @@
#define S_IREAD S_IRUSR
#define S_IWRITE S_IWUSR
#define PF_INET AF_INET
+#define USE_FCNTL_SERIALIZED_ACCEPT
#elif defined(SUNOS4)
#define HAVE_GMTOFF 1
@@ -1133,7 +1142,7 @@
#undef NSIG
#endif
#include <errno.h>
-#if !defined(QNX) && !defined(CONVEXOS11) && !defined(NEXT) && !defined(TPF) && \
!defined(NETWARE) +#if !defined(QNX) && !defined(CONVEXOS11) && !defined(NEXT) && \
!defined(TPF) && !defined(NETWARE) && !defined(MPE) #include <memory.h>
#endif
1.510 +31 -18 apache-1.3/src/main/http_main.c
Index: http_main.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/main/http_main.c,v
retrieving revision 1.509
retrieving revision 1.510
diff -u -r1.509 -r1.510
--- http_main.c 2000/08/19 01:52:52 1.509
+++ http_main.c 2000/09/28 13:32:36 1.510
@@ -3137,12 +3137,21 @@
* Set the GID before initgroups(), since on some platforms
* setgid() is known to zap the group list.
*/
+#ifdef MPE
+ GETPRIVMODE();
+#endif
if (setgid(ap_group_id) == -1) {
+#ifdef MPE
+ GETUSERMODE();
+#endif
ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
"setgid: unable to set group id to Group %u",
(unsigned)ap_group_id);
clean_child_exit(APEXIT_CHILDFATAL);
}
+#ifdef MPE
+ GETUSERMODE();
+#endif
/* Reset `groups' attributes. */
@@ -3843,17 +3852,15 @@
set_group_privs();
#ifdef MPE
- /* Only try to switch if we're running as MANAGER.SYS */
- if (geteuid() == 1 && ap_user_id > 1) {
- GETPRIVMODE();
- if (setuid(ap_user_id) == -1) {
- GETUSERMODE();
- ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
- "setuid: unable to change to uid: %d", ap_user_id);
- exit(1);
- }
+ /* No such thing as root on MPE, so try to switch unconditionally */
+ GETPRIVMODE();
+ if (setuid(ap_user_id) == -1) {
GETUSERMODE();
+ ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
+ "setuid: unable to change to uid: %d", ap_user_id);
+ exit(1);
}
+ GETUSERMODE();
#else
/* Only try to switch if we're running as root */
if (!geteuid() && (
@@ -5040,17 +5047,15 @@
set_group_privs();
#ifdef MPE
- /* Only try to switch if we're running as MANAGER.SYS */
- if (geteuid() == 1 && ap_user_id > 1) {
- GETPRIVMODE();
- if (setuid(ap_user_id) == -1) {
- GETUSERMODE();
- ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
- "setuid: unable to change to uid: %d", ap_user_id);
- exit(1);
- }
+ /* No such thing as root on MPE, so try to switch unconditionally */
+ GETPRIVMODE();
+ if (setuid(ap_user_id) == -1) {
GETUSERMODE();
+ ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
+ "setuid: unable to change to uid: %d", ap_user_id);
+ exit(1);
}
+ GETUSERMODE();
#else
/* Only try to switch if we're running as root */
if (!geteuid() && setuid(ap_user_id) == -1) {
@@ -7132,6 +7137,14 @@
}
}
+#ifdef MPE
+ /*
+ * MPE doesn't currently initialize the envp parameter. Instead, we must
+ * use the global variable environ.
+ */
+ envp = environ;
+#endif
+
/*
* create path to SHARED_CORE_EXECUTABLE_PROGRAM
*/
1.71 +1 -1 apache-1.3/src/modules/proxy/proxy_cache.c
Index: proxy_cache.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/modules/proxy/proxy_cache.c,v
retrieving revision 1.70
retrieving revision 1.71
diff -u -r1.70 -r1.71
--- proxy_cache.c 2000/06/22 23:49:50 1.70
+++ proxy_cache.c 2000/09/28 13:32:39 1.71
@@ -1206,7 +1206,7 @@
*p = '/';
++p;
}
-#if defined(OS2) || defined(WIN32) || defined(NETWARE)
+#if defined(OS2) || defined(WIN32) || defined(NETWARE) || defined(MPE)
/* Under OS/2 use rename. */
if (rename(c->tempfile, c->filename) == -1)
ap_log_error(APLOG_MARK, APLOG_ERR, s,
1.91 +1 -1 apache-1.3/src/modules/proxy/proxy_util.c
Index: proxy_util.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/modules/proxy/proxy_util.c,v
retrieving revision 1.90
retrieving revision 1.91
diff -u -r1.90 -r1.91
--- proxy_util.c 2000/06/02 18:01:59 1.90
+++ proxy_util.c 2000/09/28 13:32:39 1.91
@@ -740,7 +740,7 @@
char tmp[22];
int i, k, d;
unsigned int x;
-#if defined(AIX) && defined(__ps2__)
+#if defined(MPE) || (defined(AIX) && defined(__ps2__))
/* Believe it or not, AIX 1.x does not allow you to name a file '@',
* so hack around it in the encoding. */
static const char enc_table[64] =
1.2 +2 -3 apache-1.3/src/os/mpeix/Makefile.tmpl
Index: Makefile.tmpl
===================================================================
RCS file: /home/cvs/apache-1.3/src/os/mpeix/Makefile.tmpl,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- Makefile.tmpl 1999/12/10 11:03:57 1.1
+++ Makefile.tmpl 2000/09/28 13:32:41 1.2
@@ -4,11 +4,11 @@
LDFLAGS=$(LDFLAGS1) $(EXTRA_LDFLAGS)
LIBOBJS= os.o os-inline.o dlopen.o gettimeofday.o
-OBJS= $(LIBOBJS) mpe_dl_stub.o
+OBJS= $(LIBOBJS)
LIB= libos.a
-all: $(LIB) mpe_dl_stub.o
+all: $(LIB)
$(LIB): $(LIBOBJS)
rm -f $@
@@ -41,7 +41,6 @@
# DO NOT REMOVE
dlopen.o: dlopen.c
gettimeofday.o: gettimeofday.c
-mpe_dl_stub.o: mpe_dl_stub.c
os-inline.o: os-inline.c $(INCDIR)/ap_config.h \
$(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
$(OSDIR)/os.h $(INCDIR)/ap_ctype.h $(INCDIR)/hsregex.h
1.2 +9 -1 apache-1.3/src/os/mpeix/dlopen.c
Index: dlopen.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/os/mpeix/dlopen.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- dlopen.c 1999/12/10 11:03:44 1.1
+++ dlopen.c 2000/09/28 13:32:42 1.2
@@ -79,6 +79,8 @@
} else
ap_snprintf(library, sizeof(library), " %s ", libname);
+#define MPE_WITHOUT_MPELX44
+#ifdef MPE_WITHOUT_MPELX44
/*
Unfortunately if we simply tried to load the module structure data item
directly in dlsym(), it would complain about unresolved function pointer
@@ -86,6 +88,9 @@
However, if we first load an actual dummy procedure, we can then subsequently
load the data item without trouble. Go figure.
+
+This bug is fixed by patch MPELX44A on MPE/iX 6.0 and patch MPELX44B on
+MPE/iX 6.5.
*/
/* Load the dummy procedure mpe_dl_stub */
@@ -100,7 +105,10 @@
mpe_dl_symtype, &datalen, 1, 0, 0);
/* We consider it to be a failure if the dummy procedure doesn't exist */
-if (mpe_dl_status != 0) return NULL;
+/* if (mpe_dl_status != 0) return NULL; */
+/* Or not. If we failed to load mpe_dl_stub, press on and try to load the
+ real data item later in dlsym(). */
+#endif /* MPE_WITHOUT_MPELX44 */
mpe_dl_symtype = 2;
1.2 +31 -1 apache-1.3/src/os/mpeix/os-inline.c
Index: os-inline.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/os/mpeix/os-inline.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- os-inline.c 1999/12/10 11:03:47 1.1
+++ os-inline.c 2000/09/28 13:32:42 1.2
@@ -1 +1,31 @@
-#include "../unix/os-inline.c"
+/*
+ * This file contains functions which can be inlined if the compiler
+ * has an "inline" modifier. Because of this, this file is both a
+ * header file and a compilable module.
+ *
+ * Only inlineable functions should be defined in here. They must all
+ * include the INLINE modifier.
+ *
+ * If the compiler supports inline, this file will be #included as a
+ * header file from os.h to create all the inline function
+ * definitions. INLINE will be defined to whatever is required on
+ * function definitions to make them inline declarations.
+ *
+ * If the compiler does not support inline, this file will be compiled
+ * as a normal C file into libos.a (along with os.c). In this case
+ * INLINE will _not_ be set so we can use this to test if we are
+ * compiling this source file.
+ */
+
+#ifndef INLINE
+#define INLINE
+
+/* Anything required only when compiling */
+#include "ap_config.h"
+
+#endif
+
+INLINE int ap_os_is_path_absolute(const char *file)
+{
+ return file[0] == '/';
+}
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic