Fixup port to provide Apache version 1.3.3 with FrontPage extensions.

PR:		8522
Submitted by:	maintainer

1 files changed, 83 insertions, 184 deletions

diff --git a/www/apache13-fp/files/patch-fe b/www/apache13-fp/files/patch-fe
index f2877b36197c..03fc4063b108 100644
--- a/www/apache13-fp/files/patch-fe
+++ b/www/apache13-fp/files/patch-fe
@@ -1,11 +1,11 @@
-*** support/suexec.c.orig	Fri Jan 30 08:45:44 1998
---- support/suexec.c	Fri Apr 24 17:32:21 1998
+*** src/support/suexec.c.orig	Tue Apr 21 15:14:06 1998
+--- src/support/suexec.c	Fri May 22 17:59:43 1998
 ***************
-*** 66,71 ****
---- 66,94 ----
+*** 70,75 ****
+--- 70,98 ----
+   *
    *
    */
-  
 + /*
 +  * "System" CGI modification 97.05.10 by Rick Franchuk (rickf@netnation.com)
 +  *
@@ -19,8 +19,8 @@
 +  * The docroot check had to be bypassed to allow functionality for VirtualHost
 +  * entries. I'm somewhat suprised noone encountered that behavior before.
 +  */
-+ 
-+ /* "FPEXE modification made on 98.04.24 by Scot Hetzel (hetzels@westbend.net)
++  /*
++  * "FPEXE modification made on 98.05.19 by Scot Hetzel (hetzels@westbend.net)
 +  * based on previous FPEXE modifications supplied by Mark Wormgoor
 +  * (riddles@ipe.nl)
 +  *
@@ -28,127 +28,13 @@
 +  * After we change to the target_uid and target_gid.  We check if cmd = FPEXE,
 +  * if it does then we execute the cmd without performing any further tests.
 +  *
-+  */
-  
-  #include "suexec.h"
-  
-***************
-*** 75,81 ****
-  #include <sys/types.h>
-  #include <stdio.h>
-  #include <stdarg.h>
-! #include <string.h>
-  #include <pwd.h>
-  #include <grp.h>
-  #include <time.h>
---- 98,104 ----
-  #include <sys/types.h>
-  #include <stdio.h>
-  #include <stdarg.h>
-! #include <strings.h>
-  #include <pwd.h>
-  #include <grp.h>
-  #include <time.h>
-***************
-*** 138,144 ****
-  
-  static void err_output(const char *fmt, va_list ap)
-  {
-- #ifdef LOG_EXEC
-      time_t timevar;
-      struct tm *lt;
++  */ 
   
---- 161,166 ----
-***************
-*** 158,164 ****
-      vfprintf(log, fmt, ap);
-  
-      fflush(log);
-- #endif /* LOG_EXEC */
-      return;
-  }
-  
---- 180,185 ----
-***************
-*** 264,270 ****
-  	log_err("user mismatch (%s)\n", pw->pw_name);
-  	exit(103);
-      }
-!     
-      /*
-       * Check for a leading '/' (absolute path) in the command to be executed,
-       * or attempts to back up out of the current directory,
---- 285,291 ----
-  	log_err("user mismatch (%s)\n", pw->pw_name);
-  	exit(103);
-      }
-! 
-      /*
-       * Check for a leading '/' (absolute path) in the command to be executed,
-       * or attempts to back up out of the current directory,
+  #include "conf.h"
+  #include <sys/param.h>
 ***************
-*** 301,306 ****
---- 322,328 ----
-      /*
-       * Error out if the target group name is invalid.
-       */
-+ 
-      if (strspn(target_gname, "1234567890") != strlen(target_gname)) {
-  	if ((gr = getgrnam(target_gname)) == NULL) {
-  	    log_err("invalid target group name: (%s)\n", target_gname);
-***************
-*** 325,331 ****
-       * Log the transaction here to be sure we have an open log 
-       * before we setuid().
-       */
-!     log_err("uid: (%s/%s) gid: (%s/%s) %s\n",
-               target_uname, actual_uname,
-               target_gname, actual_gname,
-               cmd);
---- 347,353 ----
-       * Log the transaction here to be sure we have an open log 
-       * before we setuid().
-       */
-!     log_err("uid: (%s/%s) gid: (%s/%s) cmd: %s\n",
-               target_uname, actual_uname,
-               target_gname, actual_gname,
-               cmd);
-***************
-*** 357,363 ****
-       * and setgid() to the target group. If unsuccessful, error out.
-       */
-      if (((setgid(gid)) != 0) || (initgroups(actual_uname,gid) != 0)) {
-!         log_err("failed to setgid (%ld: %s)\n", gid, cmd);
-          exit(109);
-      }
-  
---- 379,385 ----
-       * and setgid() to the target group. If unsuccessful, error out.
-       */
-      if (((setgid(gid)) != 0) || (initgroups(actual_uname,gid) != 0)) {
-!         log_err("failed to setgid (%ld: %s/%s)\n", gid, cwd, cmd);
-          exit(109);
-      }
-  
-***************
-*** 365,375 ****
-       * setuid() to the target user.  Error out on fail.
-       */
-      if ((setuid(uid)) != 0) {
-! 	log_err("failed to setuid (%ld: %s)\n", uid, cmd);
-  	exit(110);
-      }
-  
-      /*
-       * Get the current working directory, as well as the proper
-       * document root (dependant upon whether or not it is a
-       * ~userdir request).  Error out if we cannot get either one,
---- 387,405 ----
-       * setuid() to the target user.  Error out on fail.
-       */
-      if ((setuid(uid)) != 0) {
-! 	log_err("failed to setuid (%ld: %s/%s)\n", uid, cwd, cmd);
-  	exit(110);
+*** 393,398 ****
+--- 416,429 ----
       }
   
       /*
@@ -156,17 +42,17 @@
 +      * user is ok.  We run fpexe now and bail out before anything goes wrong.
 +      */
 + #ifdef FPEXE
-+     if ((strcmp(cmd, FPEXE)) != NULL) {
-+ #endif
++      if ((strcmp(cmd, FPEXE)) != NULL) {
++ #endif 
 + 
 +     /*
        * Get the current working directory, as well as the proper
        * document root (dependant upon whether or not it is a
        * ~userdir request).  Error out if we cannot get either one,
 ***************
-*** 402,411 ****
---- 432,446 ----
-          }
+*** 423,432 ****
+--- 454,468 ----
+  	}
       }
   
 +     /*
@@ -174,74 +60,87 @@
 +      * VirtualHosts running CGI in thier own directories.
 +      *
       if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
-          log_err("command not in docroot (%s/%s)\n", cwd, cmd);
-          exit(114);
+  	log_err("command not in docroot (%s/%s)\n", cwd, cmd);
+  	exit(114);
       }
 +      */
   
       /*
        * Stat the cwd and verify it is a directory, or error out.
 ***************
-*** 451,470 ****
+*** 472,477 ****
+--- 508,516 ----
        * Error out if the target name/group is different from
        * the name/group of the cwd or the program.
        */
-!     if ((uid != dir_info.st_uid) ||
-! 	(gid != dir_info.st_gid) ||
-! 	(uid != prg_info.st_uid) ||
-! 	(gid != prg_info.st_gid))
-!     {
-! 	log_err("target uid/gid (%ld/%ld) mismatch with directory (%ld/%ld) or program (%ld/%ld)\n",
-! 		 uid, gid,
-! 		 dir_info.st_uid, dir_info.st_gid,
-! 		 prg_info.st_uid, prg_info.st_gid);
-! 	exit(120);
-      }
-  
-      clean_env();
-  
-      /* 
-       * Be sure to close the log file so the CGI can't
-       * mess with it.  If the exec fails, it will be reopened 
---- 486,516 ----
-       * Error out if the target name/group is different from
-       * the name/group of the cwd or the program.
-       */
-! 
-! #ifdef SYSTEM_CGI
-!     if (strncmp(cwd, SYSTEM_CGI, strlen(SYSTEM_CGI))) {
-! #endif
-! 	if ((uid != dir_info.st_uid) ||
-! 	    (gid != dir_info.st_gid) ||
-! 	    (uid != prg_info.st_uid) ||
-! 	    (gid != prg_info.st_gid))
-! 	{
-! 	    log_err("target uid/gid (%ld/%ld) mismatch with directory %s(%ld/%ld) or program %s(%ld/%ld)\n",
-! 		uid, gid,
-! 		cwd, dir_info.st_uid, dir_info.st_gid,
-! 		cmd, prg_info.st_uid, prg_info.st_gid);
-! 	    exit(120);
-! 	}
-! #ifdef SYSTEM_CGI
++ #ifdef SYSTEM_CGI
++     if (strncmp(cwd, SYSTEM_CGI, strlen(SYSTEM_CGI))) {
++ #endif
+      if ((uid != dir_info.st_uid) ||
+  	(gid != dir_info.st_gid) ||
+  	(uid != prg_info.st_uid) ||
+***************
+*** 482,487 ****
+--- 521,530 ----
+  		prg_info.st_uid, prg_info.st_gid);
+  	exit(120);
       }
++ #ifdef SYSTEM_CGI
++     }
 + #endif
++ 
+      /*
+       * Error out if the program is not executable for the user.
+       * Otherwise, she won't find any error in the logs except for
+***************
+*** 493,498 ****
+--- 536,584 ----
+      }
   
       clean_env();
-  
++ 
 + #ifdef FPEXE
 +     }
-+ #endif
++     else {
++ 
++         /* The following taken from mod_frontpage.c to check permissions */
 + 
++         /*
++          * We can't stat the stub dir.  Make sure the stub directory is not
++          * owned by root and not group/world writable
++          */
++         if ((lstat(FPSTUBDIR, &dir_info) == -1       ||
++             dir_info.st_uid                          ||
++             (dir_info.st_mode & (S_IWGRP | S_IWOTH)) ||
++             (!S_ISDIR(dir_info.st_mode)))) {
++             /*
++              * User recovery: set directory to be owned by by root with
++              * permissions r*x*-x*-x.
++              */
++             log_err("Incorrect permissions on stub directory \"%-.1024s\"",
++                     FPSTUBDIR);
++             exit (250);
++         }
++ 
++         /*
++ 	 * We can't stat the stub.  Make sure the stub is not owned by root,
++          * set-uid, set-gid, and is not group/world writable or executable.
++          */
++         if ((stat(cmd, &prg_info) == -1    ||
++             prg_info.st_uid                          ||
++             !(prg_info.st_mode & S_ISUID)            ||
++             (prg_info.st_mode & S_ISGID)             ||
++             (prg_info.st_mode & (S_IWGRP | S_IWOTH)) ||
++             !(prg_info.st_mode & (S_IXGRP | S_IXOTH)))) {
++             /*
++              * User recovery: set stub to be owned by by root with permissions
++              * r*s*-x*-x.
++              */
++             log_err("Incorrect permissions on stub \"%-.1024s\"", cmd);
++             exit (251);
++         }
++     }
++ #endif  
+  
       /* 
        * Be sure to close the log file so the CGI can't
-       * mess with it.  If the exec fails, it will be reopened 
-***************
-*** 486,491 ****
---- 532,538 ----
-       *
-       * Oh well, log the failure and error out.
-       */
-+ 
-      log_err("exec failed (%s)\n", cmd);
-      exit(255);
-  }