diff options
| author | Steve Price <steve@FreeBSD.org> | 1998-11-10 01:56:01 +0000 |
|---|---|---|
| committer | Steve Price <steve@FreeBSD.org> | 1998-11-10 01:56:01 +0000 |
| commit | 3352fe72738192c46b94c03033618e083a1d27de (patch) | |
| tree | 4421d229d9a9f0a5663acaeff3ba266c43c1151a /www | |
| parent | Dummy commit because I forgot to explain what this port does (diff) | |
Fixup port to provide Apache version 1.3.3 with FrontPage extensions.
PR: 8522
Submitted by: maintainer
Notes
Notes:
svn path=/head/; revision=14435
Diffstat (limited to 'www')
| -rw-r--r-- | www/apache13-fp/Makefile | 124 | ||||
| -rw-r--r-- | www/apache13-fp/distinfo | 5 | ||||
| -rw-r--r-- | www/apache13-fp/files/apache.sh.tmpl | 47 | ||||
| -rw-r--r-- | www/apache13-fp/files/mod_frontpage.c | 784 | ||||
| -rw-r--r-- | www/apache13-fp/files/patch-aa | 184 | ||||
| -rw-r--r-- | www/apache13-fp/files/patch-ab | 198 | ||||
| -rw-r--r-- | www/apache13-fp/files/patch-ag | 72 | ||||
| -rw-r--r-- | www/apache13-fp/files/patch-ak | 40 | ||||
| -rw-r--r-- | www/apache13-fp/files/patch-al | 50 | ||||
| -rw-r--r-- | www/apache13-fp/files/patch-fd | 127 | ||||
| -rw-r--r-- | www/apache13-fp/files/patch-fe | 267 | ||||
| -rw-r--r-- | www/apache13-fp/files/patch-ff | 42 | ||||
| -rw-r--r-- | www/apache13-fp/files/patch-fh | 24 | ||||
| -rw-r--r-- | www/apache13-fp/files/patch-fi | 23 | ||||
| -rw-r--r-- | www/apache13-fp/files/patch-fj | 19 | ||||
| -rw-r--r-- | www/apache13-fp/pkg-descr | 16 | ||||
| -rw-r--r-- | www/apache13-fp/pkg-plist | 136 |
17 files changed, 1584 insertions, 574 deletions
diff --git a/www/apache13-fp/Makefile b/www/apache13-fp/Makefile index dbaac7d3b08a..23060f7c53e8 100644 --- a/www/apache13-fp/Makefile +++ b/www/apache13-fp/Makefile @@ -1,32 +1,38 @@ -# New ports collection makefile for: apache HTTPD w/FrontPage -# Version required: 1.2.6 3.0.4 (3.0.2.1330) -# Date created: Fri Oct 17 13:36:00 CDT 1997 +# New ports collection makefile for: apache HTTPD w/FrontPage Module +# Version required: 1.3* 3.0.4 (3.0.2.1330) +# Date created: Sat Oct 31 16:30:00 CDT 1997 # Whom: hetzels@westbend.net # -# $Id: Makefile,v 1.1.1.1 1998/05/29 04:46:49 mph Exp $ +# $Id$ # -BROKEN= awaiting upgrade after repository copy - -DISTNAME= apache_1.2.6 -PKGNAME= apache_fp-1.2.6 +DISTNAME= apache_1.3.3 +PKGNAME= apache_fp-1.3.3 CATEGORIES= www MASTER_SITES= ftp://www.apache.org/apache/dist/ \ - ftp://ftp.microsoft.com/products/frontpage/\ + ftp://ftp.microsoft.com/products/frontpage/ -MAINTAINER= hetzels@westbend.net +PATCH_SITES= ftp://www.apache.org/apache/dist/patches/apply_to_1.3.3/ \ + http://www.apache.org/dist/patches/apply_to_1.3.3/ -APACHE= ${DISTNAME}${EXTRACT_SUFX} -FRONTPAGE= fp30.bsdi3 +PATCHFILES= core_404_log_bug.txt proxy_segv.txt -DISTFILES= ${APACHE} ${FRONTPAGE}.tar.Z +# This file will not apply, fails on hunk 2 for main/http_protocol.c +#PATCHFILES+= server_error_filename.txt .if defined(PATCH_DEBUG) -PATCH_DIST_ARGS= -d ${WRKSRC}/src -E ${PATCH_DIST_STRIP} +PATCH_DIST_ARGS= -d ${WRKSRC}/src -E ${PATCH_DIST_STRIP} .else -PATCH_DIST_ARGS= -d ${WRKSRC}/src --forward --quiet -E ${PATCH_DIST_STRIP} +PATCH_DIST_ARGS= -d ${WRKSRC}/src --forward --quiet -E ${PATCH_DIST_STRIP} .endif +MAINTAINER= hetzels@westbend.net + +APACHE= ${DISTNAME}${EXTRACT_SUFX} +FRONTPAGE= fp30.bsdi3.tar.Z + +DISTFILES= ${APACHE} ${FRONTPAGE} + EXTRACT_ONLY= ${APACHE} IS_INTERACTIVE= YES @@ -35,53 +41,85 @@ NO_PACKAGE= \ FPINSTALL= frontpage/version3.0/fp_install.sh CHANGESERVER= frontpage/version3.0/change_server.sh -FPPATCH= frontpage/version3.0/apache-fp/fp-patch-apache_1.2.5 +MOD_FP= ${FILESDIR}/mod_frontpage.c INSTALL_FILE=${INSTALL} -c -m 555 -o bin -g bin -MAN1= htpasswd.1 -MAN8= httpd.8 -DOCDIR= ${PREFIX}/share/doc/apache +# +# Set APACHE_PERF_TUNING env. variable to YES to get maximum performance +# + +GNU_CONFIGURE= yes +CONFIGURE_ARGS= \ + --sysconfdir=${PREFIX}/etc/apache \ + --includedir=${PREFIX}/include/apache \ + --logfiledir=/var/log \ + --runtimedir=/var/run \ + --datadir=${PREFIX}/www \ + --proxycachedir=${PREFIX}/www/proxy \ + --libexecdir=${PREFIX}/libexec/apache \ + --without-confadjust \ + --enable-shared=remain \ + --enable-module=most \ + --enable-module=auth_db \ + --disable-module=auth_dbm \ + --add-module=${MOD_FP} \ + --enable-shared=frontpage + +# Currently perl version doesn't matter +# --with-perl=${PERL5} + +OPTIM=-DHARD_SERVER_LIMIT=512 \ +-DDOCUMENT_LOCATION=\\"${PREFIX}/www/data/\\" \ +-DDEFAULT_PATH=\\"/bin:/usr/bin:${PREFIX}/bin\\" + +.if defined(APACHE_PERF_TUNING) && ${APACHE_PERF_TUNING} == YES +OPTIM+= -DBUFFERED_LOGS +CFLAGS+= -O6 -fomit-frame-pointer +.endif + +CONFIGURE_ENV= OPTIM='${OPTIM}' + +MAN1= ab.1 apachectl.1 dbmmanage.1 htdigest.1 htpasswd.1 +MAN8= apxs.8 httpd.8 logresolve.8 rotatelogs.8 + +.if defined(SUEXEC) +HTTPD_USER?=www +USER_DIR?=public_html +CONFIGURE_ARGS+= --enable-suexec \ + --suexec-caller=${HTTPD_USER} \ + --suexec-userdir=${USER_DIR} +MAN8+= suexec.8 +.endif pre-fetch: - @if [ ! -f /usr/lib/libdescrypt.a -a ! -f /usr/lib/libdescrypt.so.* ] ; then \ + @if ! ${LDCONFIG} -r | ${GREP} -q -e "-ldescrypt"; then \ ${ECHO} ; \ - ${ECHO} "WARNING: MS Frontpage Extentions require the DES Library"; \ + ${ECHO} "WARNING: MS FrontPage Extentions require the DES Library"; \ ${ECHO} "WARNING: Install the DES Library, then build apache-fp"; \ ${ECHO} ; \ ${FALSE} ; \ fi post-extract: - @${ECHO} "===> Extracting FrontPage patch, and install scripts" + @${ECHO} "===> Extracting FrontPage install scripts" @cd ${WRKSRC} && \ - ${EXTRACT_CMD} ${EXTRACT_BEFORE_ARGS} ${DISTDIR}/${FRONTPAGE}.tar.Z ${FPINSTALL} ${FPPATCH} ${CHANGESERVER} - -pre-patch: - @${ECHO} "===> Applying FrontPage patch" - @cd ${WRKSRC} && ${PATCH} ${PATCH_DIST_ARGS} < ${WRKSRC}/${FPPATCH} + ${EXTRACT_CMD} ${EXTRACT_BEFORE_ARGS} ${DISTDIR}/${FRONTPAGE} ${FPINSTALL} ${CHANGESERVER} post-install: + @${ECHO} "Installing ${PREFIX}/etc/rc.d/apache.sh.tmpl file." + @${CAT} ${FILESDIR}/apache.sh.tmpl | \ + ${SED} -e 's;PREFIX;${PREFIX};' -e 's;PERL5;${PERL};' \ + > ${PREFIX}/etc/rc.d/apache.sh.tmpl @if [ ! -f ${PREFIX}/etc/rc.d/apache.sh ]; then \ ${ECHO} "Installing ${PREFIX}/etc/rc.d/apache.sh startup file."; \ - ${ECHO} "#!${SH}" > ${PREFIX}/etc/rc.d/apache.sh; \ - ${ECHO} "[ -x ${PREFIX}/sbin/httpd ] && ${PREFIX}/sbin/httpd && ${ECHO} -n ' httpd'" >> ${PREFIX}/etc/rc.d/apache.sh; \ + ${CP} ${PREFIX}/etc/rc.d/apache.sh.tmpl ${PREFIX}/etc/rc.d/apache.sh; \ chmod 751 ${PREFIX}/etc/rc.d/apache.sh; \ + else \ + ${ECHO} "apache.sh exists, please compare with apache.sh.tmpl."; \ + ${ECHO} "The template will regenerate the FrontPage suidkey"; \ + ${ECHO} "file when the apache server is started/restarted."; \ fi -.for i in ${MAN1} - ${INSTALL_MAN} ${WRKSRC}/support/$i ${PREFIX}/man/man1 -.endfor -.for i in ${MAN8} - ${INSTALL_MAN} ${WRKSRC}/support/$i ${PREFIX}/man/man8 -.endfor -.if !defined(NOPORTDOCS) - ${MKDIR} ${DOCDIR} -.for i in README LICENSE ABOUT_APACHE - ${INSTALL_DATA} ${WRKSRC}/$i ${DOCDIR} -.endfor - @cd ${WRKSRC}/htdocs; ${EXTRACT_CMD} cf - . | (cd ${DOCDIR} ; \ - ${EXTRACT_CMD} xf -) -.endif @${SH} ${WRKSRC}/${FPINSTALL} @${INSTALL_FILE} ${WRKSRC}/${FPINSTALL} ${PREFIX}/${FPINSTALL} @${INSTALL_FILE} ${WRKSRC}/${CHANGESERVER} ${PREFIX}/${CHANGESERVER} diff --git a/www/apache13-fp/distinfo b/www/apache13-fp/distinfo index aafeef823bb0..9b80e937c314 100644 --- a/www/apache13-fp/distinfo +++ b/www/apache13-fp/distinfo @@ -1,3 +1,4 @@ -MD5 (apache_1.2.6.tar.gz) = ff292bc21fe4f53b0e39dc8024019f44 +MD5 (apache_1.3.3.tar.gz) = bb6f14bbb369097a55969482d395d1ae MD5 (fp30.bsdi3.tar.Z) = 2aa4396e8bf9a349a946f726f861f97d -MD5 (suexec+.1.0.tgz) = 580f942cd90e44de97cc89fe0dd92c6f +MD5 (core_404_log_bug.txt) = ae7472c857937be679bc1224317a0654 +MD5 (proxy_segv.txt) = 2131d636c758e58e753777e0658fd51f diff --git a/www/apache13-fp/files/apache.sh.tmpl b/www/apache13-fp/files/apache.sh.tmpl new file mode 100644 index 000000000000..95855ce9f36c --- /dev/null +++ b/www/apache13-fp/files/apache.sh.tmpl @@ -0,0 +1,47 @@ +#!/bin/sh +# + +# +# Create New FrontPage suidkey +# + +new_key() { + + skdir=PREFIX/frontpage/currentversion/apache-fp + PERL=PERL5 + + #NOTE: We need Perl 5, to generate a new key + if [ -x ${PERL} ] + then + ${PERL} -e '@a=(split(//, "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*-=_+")); print((map {$a[rand(scalar @a)]} (1..128)), "\n");' > $skdir/suidkey + fi + +} + +# +# Main +# + +case "$1" in + +start) + if [ -x PREFIX/sbin/apachectl ] + then + new_key + PREFIX/sbin/apachectl start && echo -n ' httpd' + fi + ;; + +stop) + if [ -r /var/run/httpd.pid ] + then + PREFIX/sbin/apachectl stop && echo -n ' httpd' + fi + ;; + +*) + echo "usage: $0 {start|stop}" 1>&2 + exit 64 + ;; + +esac diff --git a/www/apache13-fp/files/mod_frontpage.c b/www/apache13-fp/files/mod_frontpage.c new file mode 100644 index 000000000000..bf3cea39f36a --- /dev/null +++ b/www/apache13-fp/files/mod_frontpage.c @@ -0,0 +1,784 @@ +/* ==================================================================== + * + * Apache FrontPage module. + * + * Copyright (c) 1996-1997 Microsoft Corporation -- All Rights Reserved. + * + * NO WARRANTIES. Microsoft expressly disclaims any warranty for this code and + * information. This code and information and any related documentation is + * provided "as is" without warranty of any kind, either express or implied, + * including, without limitation, the implied warranties or merchantability, + * fitness for a particular purpose, or noninfringement. The entire risk + * arising out of use or performance of this code and information remains with + * you. + * + * NO LIABILITY FOR DAMAGES. In no event shall Microsoft or its suppliers be + * liable for any damages whatsoever (including, without limitation, damages + * for loss of business profits, business interruption, loss of business + * information, or any other pecuniary loss) arising out of the use of or + * inability to use this Microsoft product, even if Microsoft has been advised + * of the possibility of such damages. Because some states/jurisdictions do not + * allow the exclusion or limitation of liability for consequential or + * incidental damages, the above limitation may not apply to you. + * + * $Revision: 1.3 $ + * $Date: 1997/10/15 17:23:46 $ + * + */ + + +/* + * User configurable items. We will not run the server extensions with any + * UID/GID less than LOWEST_VALID_UID/LOWEST_VALID_GID. + */ + +#if defined(LINUX) +#define LOWEST_VALID_UID 15 +#else +#define LOWEST_VALID_UID 11 +#endif + +#if defined(HPUX) || defined(IRIX) || defined(SUNOS4) +#define LOWEST_VALID_GID 20 +#else +#if defined(SCO) +#define LOWEST_VALID_GID 24 +#else +#define LOWEST_VALID_GID 21 /* Solaris, AIX, Alpha, Bsdi, *BSD, etc. */ +#endif +#endif + +/* + * End of user configurable items + */ + + +#include "httpd.h" +#include "http_config.h" +#include "http_conf_globals.h" +#include "http_log.h" + +#include <stdio.h> +#include <sys/time.h> + +#if defined(UWARE7) || UW==700 +#define Vstat stat32 +#define Vlstat lstat32 +#else +#define Vstat stat +#define Vlstat lstat +#endif + +#ifndef TRUE +#define TRUE 1 +#endif + +#ifndef FALSE +#define FALSE 0 +#endif + +#ifndef MAXPATHLEN +#define MAXPATHLEN 1024 +#endif +#if (MAXPATHLEN < 1024) +#undef MAXPATHLEN +#define MAXPATHLEN 1024 +#endif + +#define KEYLEN 128 /* Should be a multiple of sizeof(int) */ + +static char gszKeyVal[KEYLEN+1]; /* SUID key value used by this module */ +static int gfdKeyPipe[2]; /* Pipe to fpexe stub CGI */ +static int gbKeyPipeActive = FALSE;/* Pipe to fpexe stub CGI is active */ +static int gbEnabled = FALSE; /* TRUE when SUID scheme is enabled */ +#if !defined(SHARED_MODULE) +static int giInitializeCount = 0; /* FrontPageInit called previously */ +#endif + +static const char* FP = + "/usr/local/frontpage/currentversion"; +static const char* FPKEYDIR = + "/usr/local/frontpage/currentversion/apache-fp"; +static const char* KEYFILEXOR = + "/usr/local/frontpage/currentversion/apache-fp/suidkey"; +static const char* KEYFILE = + "/usr/local/frontpage/currentversion/apache-fp/suidkey.%d"; +static const char* FPSTUBDIR = + "/usr/local/frontpage/currentversion/apache-fp/_vti_bin"; +static const char* FPSTUB = + "/usr/local/frontpage/currentversion/apache-fp/_vti_bin/fpexe"; +static const char* SHTML = + "/_vti_bin/shtml.exe"; +static const char* SHTML2 = + "/_vti_bin/shtml.dll"; +static const char* VTI_BIN = + "/_vti_bin"; +static const char* FPCOUNT = + "/_vti_bin/fpcount.exe"; +static const char* AUTHOR = + "/_vti_bin/_vti_aut/author.exe" ; +static const char* ADMIN = + "/_vti_bin/_vti_adm/admin.exe" ; + +MODULE_VAR_EXPORT module frontpage_module; + +/* + * Print a descriptive error in the httpd's error_log. The format string + * should be length limited so that it is no longer than 1800 bytes. + */ +static void LogFrontPageError( + server_rec* s, + const char* szFormat, + const char* szFile, + const char* szRoutine, + int bIsDisabled) +{ + char szBuf[MAXPATHLEN * 2]; + sprintf(szBuf, szFormat, szFile); + strcat(szBuf, " in "); + strcat(szBuf, szRoutine); + strcat(szBuf, "."); + if (bIsDisabled) + { + strcat(szBuf, " Until this problem is fixed, the FrontPage security patch is disabled and the FrontPage extensions may not work correctly."); + gbEnabled = FALSE; /* Make double sure we're not enabled */ + } + ap_log_error(APLOG_MARK, APLOG_ERR, s, szBuf); +} + + +/* + * Clean up stale keyfiles. Failure to clean up stale keyfiles does not + * stop the FrontPage SUID scheme. + */ +static void FrontPageCleanup(server_rec *s) +{ + DIR *d; + struct DIR_TYPE *dstruct; + int myPid = getpid(); + + if (!(d = opendir(FPKEYDIR))) + { + /* + * This should be a rare occurrence, because we're running as root and + * should have access to the directory. Stale key files can be + * exploited. User recovery: Check that the directory exists and is + * properly protected (owned by root, permissions rwx--x--x), and that + * there are no stale key files in it (suidkey.*, where * is a + * non-existant PID). + */ + LogFrontPageError(s, "Can't clean stale key files from directory \"%-.1024s\"", + FPKEYDIR, "FrontPageCleanup()", FALSE); + return; + } + + while ((dstruct = readdir(d))) + { + if (strncmp("suidkey.", dstruct->d_name, 8) == 0) + { + /* + * Make sure the key file contains a pid number - otherwise + * it is harmless and you can ignore it. + */ + char* pEnd = 0; + int pid = strtol(dstruct->d_name + 8, &pEnd, 10); + if (!pEnd || *pEnd) + continue; + + /* + * Make sure there isn't some other server using this key file. + * If the process group isn't alive, then the file is stale + * and we want to remove it. + */ + if (pid == myPid || kill(pid, 0) == -1) + { + char szBuf[MAXPATHLEN]; + sprintf(szBuf, "%-.500s/%-.500s", FPKEYDIR, dstruct->d_name); + if (unlink(szBuf) == -1) + { + /* + * This should be a rare occurrence, because we're running + * as root and should always have permission to delete the + * file. Stale key files can be exploited. User recovery: + * delete the offending file. + */ + LogFrontPageError(s, "Can't unlink stale key file \"%-.1024s\"", + szBuf, "FrontPageCleanup()", FALSE); + } + } + } + } + + closedir(d); +} + +/* + * Checks that all the permissions are currently correct for the FrontPage + * fpexe SUID stub to run correctly. If not, it logs an error and aborts + * initialization, effectively disabling the FrontPage SUID scheme. + * It checks both the file permissions (owned by root and not writable to + * group, other) and that the directory is not writable. + */ +static int FrontPageCheckup(server_rec *s) +{ + struct stat fs; + + if (geteuid() != 0) + { + /* + * We need to be root to have the security scheme work correctly. + * User recovery: run the server as root. + */ + LogFrontPageError(s, "Not running as root", + 0, "FrontPageCheckup()", TRUE); + return (FALSE); + } + + if (Vlstat(FPKEYDIR, &fs) == -1 || /* We can't stat the key dir */ + fs.st_uid || /* key dir not owned by root */ + (fs.st_mode & (S_IRGRP | S_IROTH)) || /* key dir is readable */ + (fs.st_mode & (S_IWGRP | S_IWOTH)) || /* key dir is writable */ + !(fs.st_mode & (S_IXGRP | S_IXOTH)) || /* key dir is not executable */ + !(S_ISDIR(fs.st_mode))) + { + /* + * User recovery: set directory to be owned by by root with permissions + * rwx--x--x. Note you need the execute bit for group and other so + * that non-root programs can run apache-fp/_vti_bin/fpexe (even though + * non-root cannot list the directory). + */ + LogFrontPageError(s, "Incorrect permissions on key directory \"%-.1024s\", needs root ownership and perms rwx--x--x", + FPKEYDIR, "FrontPageCheckup()", TRUE); + return (FALSE); + } + + if (Vlstat(FPSTUBDIR, &fs) == -1 || /* We can't stat the stub dir */ + fs.st_uid || /* stub dir not owned by root */ + (fs.st_mode & (S_IWGRP | S_IWOTH)) || /* stub dir is writable */ + (!S_ISDIR(fs.st_mode))) + { + /* + * User recovery: set directory to be owned by by root with permissions + * r*x*-x*-x. + */ + LogFrontPageError(s, "Incorrect permissions on stub directory \"%-.1024s\", needs root ownership and perms r*x*-x*-x", + FPSTUBDIR, "FrontPageCheckup()", TRUE); + return (FALSE); + } + + if (Vstat(FPSTUB, &fs) == -1 || /* We can't stat the stub */ + fs.st_uid || /* stub not owned by root */ + !(fs.st_mode & S_ISUID) || /* stub is not set-uid */ + (fs.st_mode & S_ISGID) || /* stub is set-gid */ + (fs.st_mode & (S_IWGRP | S_IWOTH)) || /* stub is writable */ + !(fs.st_mode & (S_IXGRP | S_IXOTH))) /* stub is not executable */ + { + /* + * User recovery: set stub to be owned by by root with permissions + * r*s*-x*-x. + */ + LogFrontPageError(s, "Incorrect permissions on stub \"%-.1024s\", needs root ownership and perms r*s*-x*-x", + FPSTUB, "FrontPageCheckup()", TRUE); + return (FALSE); + } + + return (TRUE); +} + + +/* + * Module-initializer: Create the suidkey file and local value. + * Everything needs to be just right, or we don't create the key file, and + * therefore, the fpexe SUID stub refuses to run. + */ +static void FrontPageInit(server_rec *s, pool *p) +{ + int fdPipe[2]; + pid_t pid; + FILE *f; + struct stat fs; + int fd; + char szKeyFile[MAXPATHLEN]; + int iRandom[5]; + char* szRandom = (char*)iRandom; + struct timeval tp; + struct timezone tz; + + (void)p; /* p is unused */ + +#if !defined(SHARED_MODULE) + /* + * Standalone servers call initialization twice: once in main() and again + * in standalone_main(). The fully initializing on the the first call is a + * waste of time, and a race condition can leave a stale suidkey.pgrpid + * file around. + */ + if (ap_standalone && !giInitializeCount++) + return; +#endif + + /* + * Disable the suid scheme until everything falls perfectly into place. + */ + gbEnabled = FALSE; + gbKeyPipeActive = FALSE; + + /* + * Clean up old key files before we start + */ + FrontPageCleanup(s); + if (!FrontPageCheckup(s)) + return; + + if (pipe(fdPipe) == -1) + { + /* + * This should be a rare occurrence. User recovery: check to see why + * the system cannot allocate a pipe (is the file table full from + * run-away processes?), and fix the problem or reboot, then try again. + */ + LogFrontPageError(s, "pipe() failed", 0, "FrontPageInit()", TRUE); + return; + } + + gettimeofday(&tp, &tz); + iRandom[0] = tp.tv_sec; + iRandom[1] = tp.tv_usec | tp.tv_usec << 20; + + pid = fork(); + if (pid == -1) + { + /* + * This should be a rare occurrence. User recovery: check to see why + * the system cannot allocate a process (is the process table full from + * run-away processes?), and fix the problem or reboot, then try again. + */ + LogFrontPageError(s, "fork() failed", 0, "FrontPageInit()", TRUE); + return; + } + + if (pid) + { + /* + * I am the parent process. Try to read a random number from the + * child process. + */ + + unsigned int npos = (unsigned int)-1; + unsigned int v1 = npos, v2 = npos, v3 = npos, v4 = npos; + int stat; + int iCount; + + close(fdPipe[1]); + if (waitpid(pid, &stat, 0) == -1 || + (!WIFEXITED(stat) || WIFEXITED(stat) && WEXITSTATUS(stat))) + { + /* + * This should be a rare occurrence. User recovery: Make sure you + * have a /bin/sh, or change the shell location in the execl + * command below. Try the commands defined in RAND_CMD in a + * /bin/sh session to make sure they work properly. Rebuild this + * module and your httpd with the proper commands. + */ + LogFrontPageError(s, "Random number generator exited abnormally", 0, + "FrontPageInit()", TRUE); + return; + } + + iCount = read(fdPipe[0], gszKeyVal, KEYLEN); + close(fdPipe[0]); + if (iCount < 0) + { + /* + * This should be a rare occurrence. See the above comment under + * the waitpid failure condition for user recovery steps. + */ + LogFrontPageError(s, "Could not read random numbers", 0, + "FrontPageInit()", TRUE); + return; + } + gszKeyVal[iCount] = 0; + + sscanf(gszKeyVal, "%u %u %u %u", &v2, &v1, &v4, &v3); + if (v1 == npos || v2 == npos || v3 == npos || v4 == npos) + { + /* + * This should be a rare occurrence. See the above comment under + * the waitpid failure condition for user recovery steps. + */ + LogFrontPageError(s, "Could not scan random numbers", 0, + "FrontPageInit()", TRUE); + return; + } + + iRandom[2] = (v1 << 16) + v2 + (v4 << 12) + v3; + } + else + { + /* + * I am the child process. Create a random number which shouldn't + * be easily duplicated. + */ + + if (dup2(fdPipe[1], 1) == -1) + exit(1); /* Parent picks up the error */ + + close(fdPipe[0]); + +#ifdef LINUX +#define RAND_CMD "/bin/ps laxww | /usr/bin/sum ; /bin/ps laxww | /usr/bin/sum" +#else +#if defined ( bsdi ) || ( defined ( BSD ) && ( BSD >=199103 )) +#define RAND_CMD "/bin/ps laxww | /usr/bin/cksum -o 1 ; /bin/ps laxww | /usr/bin/cksum -o 1" +#else +#define RAND_CMD "/bin/ps -ea | /bin/sum ; /bin/ps -ea | /bin/sum" +#endif +#endif + execl("/bin/sh", "/bin/sh", "-c", RAND_CMD, NULL); + exit(1); + } + + gettimeofday(&tp, &tz); + iRandom[3] = tp.tv_sec; + iRandom[4] = tp.tv_usec | tp.tv_usec << 20; + + /* + * See if there is an 'suidkey' file to merge into our key. + */ + if (Vstat(KEYFILEXOR, &fs) == -1) + { + /* + * It's a security violation if the key file is not present. User + * recovery: Make sure the key file is present and properly protected + * (owned by root, permissions r**------). + */ + LogFrontPageError(s, "The key file \"%-.1024s\" does not exist", + KEYFILEXOR, "FrontPageInit()", TRUE); + return; + } + else + { + int i, iCount; + char szBuf[KEYLEN]; + + if ((fs.st_mode & (S_IRWXG | S_IRWXO)) || fs.st_uid) + { + /* + * It's a security violation if the key file is not owned by root, + * and is not protected from all other group. User recovery: Make + * sure the key file is properly protected (owned by root, + * permissions r**------). + */ + LogFrontPageError(s, "The key file \"%-.1024s\" must be owned by root and have permissions r**------", + KEYFILEXOR, "FrontPageInit()", TRUE); + return; + } + + if ((fd = open(KEYFILEXOR, O_RDONLY)) == -1) + { + /* + * This should be a rare occurrence. User recovery: Make sure + * the key file exists, is properly owned and protected, and is + * readable. + */ + LogFrontPageError(s, "Cannot open key file \"%-.1024s\"", + KEYFILEXOR, "FrontPageInit()", TRUE); + return; + } + + iCount = read(fd, szBuf, KEYLEN); + if (iCount < 8) + { + /* + * The keyfile must be at least 8 bytes. If it longer than 128 + * bytes, only the first 128 bytes will be used. Any character + * value from 0-255 is fine. User recovery: Make sure the key file + * is at least 8 bytes long. + */ + LogFrontPageError(s, "Key file \"%-.1024s\" is unreadable or is too short (must be at least 8 bytes)", + KEYFILEXOR, "FrontPageInit()", TRUE); + return; + } + + /* + * Now generate the effective key we'll be using by XORing your key + * with 5 "random" 32-bit integers. The primary security of this + * scheme is your key; properly setting it and changing it often keeps + * the FrontPage SUID scheme secure. All this work above to generate 5 + * random 32-bit integers is soley to make your key somewhat harder to + * crack (assuming the key files are properly protected). If you don't + * like the algorithm used to generate the 5 random integers, feel free + * to substitute as appropriate (check out SGI's Lavarand (TM) at + * lavarand.sgi.com). + */ + for (i = 0; i < KEYLEN; i++) + gszKeyVal[i] = szBuf[i % iCount] ^ szRandom[i % sizeof(iRandom)]; + close(fd); + } + +#if defined(SUNOS4) + pid = getpgrp(0); +#else + pid = getpgrp(); +#endif + sprintf(szKeyFile, KEYFILE, (int)pid); + + fd = creat(szKeyFile, 0600); + if (fd < 0) + { + /* + * This should be a rare occurrence, because we're running as root and + * should always have permission to create the file. User recovery: + * check that you are not out of disk space, or that the file is not + * NFS-mounted on a share where you do not have permissions. + */ + LogFrontPageError(s, "Could not create key file \"%-.1024s\"", + szKeyFile, "FrontPageInit()", TRUE); + return; + } + + if (write(fd, gszKeyVal, 128) != 128) + { + /* + * This should be a rare occurrence. User recovery: check that you are + * not out of disk space. + */ + close(fd); + unlink(szKeyFile); + LogFrontPageError(s, "Could not write to key file \"%-.1024s\"", + szKeyFile, "FrontPageInit()", TRUE); + return; + } + + close(fd); + + /* + * Everything looks OK enough to start the suid scheme. + */ + gbEnabled = TRUE; + + /* + * Thanks to Scot Hetzel (hetzels@westbend.net) + */ + ap_add_version_component("FrontPage/3.0.4.3"); +} + + +/* + * Look for a valid FrontPage extensions scenario and fake a scriptalias if + * appropriate. If there are any problems, we silently decline. + */ +static int FrontPageAlias( + request_rec* r, + char* szCgi, + const char* szFpexe) +{ + int iLen; + struct stat webroot; + struct stat vti_pvt; + struct stat stub; + char szBuf[MAXPATHLEN]; + char chSave; + char szFormat[MAXPATHLEN * 2]; + + /* + * Decline if we cannot run the stub, or it is writable. + */ + if (Vstat(FPSTUB, &stub) == -1 || !(stub.st_mode & S_IXOTH) || + stub.st_mode & (S_IWGRP | S_IWOTH)) + { + /* + * The stub used to be correctly permissioned; what happened? User + * recovery: set stub to be owned by by root with permissions + * r*s*-x*-x. + */ + LogFrontPageError(r->server, "Incorrect permissions on stub \"%-.1024s\", must be owned by root with permissions r*s*-x*-x", + FPSTUB, "FrontPageAlias()", FALSE); + return DECLINED; + } + + chSave = szCgi[1]; + szCgi[1] = '\0'; + ap_translate_name(r); + szCgi[1] = chSave; + + /* + * Zap trailing slash that confuses some OSes. + */ + iLen = strlen(r->filename); + r->filename[--iLen] = 0; + + if (iLen > MAXPATHLEN - 10) + return DECLINED; + sprintf(szBuf, "%s/_vti_pvt", r->filename); + + /* + * Decline if webroot and webroot/_vti_pvt don't have the same + * user and group or uid < LOWEST_VALID_UID or gid < LOWEST_VALID_GID. + */ + if (Vstat(szBuf, &vti_pvt) == -1 || + vti_pvt.st_uid < LOWEST_VALID_UID || + vti_pvt.st_gid < LOWEST_VALID_GID || + Vstat(r->filename, &webroot) != 0 || + webroot.st_uid != vti_pvt.st_uid || + webroot.st_gid != vti_pvt.st_gid) + { + /* + * The webroot and webroot/_vti_pvt don't match. User recovery: fix + * the owners and groups of both directories to match, and have both a + * uid and gid in the allowable range. + */ + sprintf(szFormat, "Incorrect permissions on webroot \"\%-.0124s\" and webroot's _vti_pvt directory, the owners and groups must match and have a uid >= %d and gid >= %d", LOWEST_VALID_UID, LOWEST_VALID_GID); + + LogFrontPageError(r->server, szFormat, + szBuf, "FrontPageAlias()", FALSE); + return DECLINED; + } + + /* + * If the pipe is active, it was because we previously executed a CGI. + * That CGI must have finished by now (otherwise we wouldn't be processing + * this next request), so we can and should close the pipe to avoid a + * resource leak. + */ + if (gbKeyPipeActive) + { + close(gfdKeyPipe[0]); + gbKeyPipeActive = FALSE; + } + + /* + * If we can't get a pipe, that's really bad. We'll log an error, and + * decline. This should be a rare occurrence. User recovery: check to see + * why the system cannot allocate a pipe (is the file table full from + * run-away processes?), and fix the problem or reboot, then try again. + */ + if (pipe(gfdKeyPipe) == -1) + { + LogFrontPageError(r->server, "pipe() failed", 0, + "FrontPageAlias()", FALSE); + return DECLINED; + } + + /* + * Note: ap_pstrdup allocates memory, but it checks for out of memory + * conditions - it will not return if out of memory. + */ + r->handler = ap_pstrdup(r->pool, "cgi-script"); + ap_table_set(r->notes, "alias-forced-type", r->handler); + + ap_table_set(r->subprocess_env, "FPEXE", ap_pstrdup(r->pool, szFpexe)); + sprintf(szBuf, "%d", webroot.st_uid ); + ap_table_set(r->subprocess_env, "FPUID", ap_pstrdup(r->pool, szBuf)); + sprintf(szBuf, "%d", webroot.st_gid ); + ap_table_set(r->subprocess_env, "FPGID", ap_pstrdup(r->pool, szBuf)); + sprintf(szBuf, "%d", gfdKeyPipe[0]); + ap_table_set(r->subprocess_env, "FPFD", ap_pstrdup(r->pool, szBuf)); + + r->execfilename = ap_pstrcat(r->pool, FPSTUB, szCgi + strlen(szFpexe), NULL); + r->filename = ap_pstrcat(r->pool, r->filename, szCgi, NULL); + + if (write(gfdKeyPipe[1], gszKeyVal, 128) != 128) + { + /* + * If we can't write to the pipe, that's really bad. We'll log an + * error, and decline. This should be a rare occurrence. User + * recovery: check to see why the system cannot write to the pipe (is + * the system being choked with too much load?), and fix the problem or + * reboot, then try again. + */ + LogFrontPageError(r->server, "Write to pipe failed", 0, + "FrontPageAlias()", FALSE); + close (gfdKeyPipe[0]); + close (gfdKeyPipe[1]); + return DECLINED; + } + close(gfdKeyPipe[1]); + + gbKeyPipeActive = TRUE; + return OK; +} + + +/* + * This routine looks for shtml.exe, fpcount.exe, author.exe and admin.exe + * in a URI, and if found we call FrontPageAlias() to check for a valid + * FrontPage scenario. + * + * The return value is OK or DECLINED. + */ +static int FrontPageXlate( + request_rec *r) +{ + char *szVti; + char *szCgi; + + /* + * Decline if we're improperly initialized. + */ + if (!gbEnabled) + return DECLINED; + + /* + * Check once for anything with _vti_bin. This is much faster than + * checking all four paths, because anything without this is definitely + * not a FrontPage scenario. + */ + if (!(szVti = strstr(r->uri, VTI_BIN))) + return DECLINED; + + /* + * Test for FrontPage server extenders: + * .../_vti_bin/shtml.exe... + * .../_vti_bin/shtml.dll... + * .../_vti_bin/fpcount.exe... + * .../_vti_bin/_vti_aut/author.exe... + * .../_vti_bin/_vti_adm/admin.exe... + */ + if (szCgi = strstr(szVti, AUTHOR )) + return FrontPageAlias(r, szCgi, AUTHOR); + /* + * Convert inadvertent shtml.dll to shtml.exe + * Thanks for the idea to Scot Hetzel (hetzels@westbend.net) + */ + if (szCgi = strstr(szVti, SHTML2 )) + { + int iShtmlExtPos = strlen(SHTML2) - 3; + strncpy(szCgi + iShtmlExtPos, SHTML + iShtmlExtPos, 3); + } + if (szCgi = strstr(szVti, SHTML )) + return FrontPageAlias(r, szCgi, SHTML); + if (szCgi = strstr(szVti, ADMIN )) + return FrontPageAlias(r, szCgi, ADMIN); + if (szCgi = strstr(szVti, FPCOUNT)) + return FrontPageAlias(r, szCgi, FPCOUNT); + + return DECLINED; +} + + +/* + * Declare ourselves so the configuration routines can find us. + */ +module MODULE_VAR_EXPORT frontpage_module = +{ + STANDARD_MODULE_STUFF, + FrontPageInit, /* initializer */ + NULL, /* per-directory config creater */ + NULL, /* dir config merger - default is to override */ + NULL, /* server config creator */ + NULL, /* server config merger */ + NULL, /* command table */ + NULL, /* [6] list of handlers */ + FrontPageXlate, /* [1] filename-to-URI translation */ + NULL, /* [4] check/validate HTTP user_id */ + NULL, /* [5] check HTTP user_id is valid *here* */ + NULL, /* [3] check access by host address, etc. */ + NULL, /* [6] MIME type checker/setter */ + NULL, /* [7] fixups */ + NULL, /* [9] logger */ + NULL, /* [2] header parser */ + NULL, /* child_init */ + NULL, /* child_exit */ + NULL /* post read-request */ +}; diff --git a/www/apache13-fp/files/patch-aa b/www/apache13-fp/files/patch-aa index 1ac59f83f9e2..95661a056d8d 100644 --- a/www/apache13-fp/files/patch-aa +++ b/www/apache13-fp/files/patch-aa @@ -1,148 +1,40 @@ -*** src/Configuration.orig Sun Jul 6 06:20:07 1997 ---- src/Configuration Tue Jul 15 01:18:42 1997 +*** configure.orig Thu Sep 17 12:07:53 1998 +--- configure Thu Sep 24 03:57:33 1998 *************** -*** 41,49 **** - # Settings here have priority; If not set, Configure will attempt to guess - # the C compiler, and set OPTIM to '-O2' - # -! EXTRA_CFLAGS= - EXTRA_LFLAGS= -! EXTRA_LIBS= - EXTRA_INCLUDES= - - #CC= ---- 41,62 ---- - # Settings here have priority; If not set, Configure will attempt to guess - # the C compiler, and set OPTIM to '-O2' - # -! EXTRA_CFLAGS= \ -! -DHTTPD_ROOT=\"${PREFIX}/etc/apache/\" \ -! -DDOCUMENT_LOCATION=\"${PREFIX}/www/data/\" \ -! -DSERVER_CONFIG_FILE=\"httpd.conf\" \ -! -DRESOURCE_CONFIG_FILE=\"srm.conf\" \ -! -DTYPES_CONFIG_FILE=\"mime.types\" \ -! -DACCESS_CONFIG_FILE=\"access.conf\" \ -! -DDEFAULT_PATH=\"/bin:/usr/bin:${PREFIX}/bin\" \ -! -DSUEXEC_BIN=\"${PREFIX}/sbin/suexec\" \ -! -DDEFAULT_XFERLOG=\"/var/log/httpd-access.log\" \ -! -DDEFAULT_ERRORLOG=\"/var/log/httpd-error.log\" \ -! -DDEFAULT_PIDLOG=\"/var/run/httpd.pid\" \ -! -DDEFAULT_SCOREBOARD=\"/var/run/apache_runtime_status\" \ -! -DDEFAULT_LOCKFILE=\"/var/spool/lock/accept.lock\" - EXTRA_LFLAGS= -! EXTRA_LIBS=-lmd - EXTRA_INCLUDES= - - #CC= +*** 870,877 **** + echo " DEFAULT_PIDLOG: ${runtimedir_relative}httpd.pid" + echo " DEFAULT_SCOREBOARD: ${runtimedir_relative}httpd.scoreboard" + echo " DEFAULT_LOCKFILE: ${runtimedir_relative}httpd.lock" +! echo " DEFAULT_XFERLOG: ${logfiledir_relative}access_log" +! echo " DEFAULT_ERRORLOG: ${logfiledir_relative}error_log" + echo " TYPES_CONFIG_FILE: ${sysconfdir_relative}mime.types" + echo " SERVER_CONFIG_FILE: ${sysconfdir_relative}httpd.conf" + echo " ACCESS_CONFIG_FILE: ${sysconfdir_relative}access.conf" +--- 870,877 ---- + echo " DEFAULT_PIDLOG: ${runtimedir_relative}httpd.pid" + echo " DEFAULT_SCOREBOARD: ${runtimedir_relative}httpd.scoreboard" + echo " DEFAULT_LOCKFILE: ${runtimedir_relative}httpd.lock" +! echo " DEFAULT_XFERLOG: ${logfiledir_relative}httpd-access.log" +! echo " DEFAULT_ERRORLOG: ${logfiledir_relative}httpd-error.log" + echo " TYPES_CONFIG_FILE: ${sysconfdir_relative}mime.types" + echo " SERVER_CONFIG_FILE: ${sysconfdir_relative}httpd.conf" + echo " ACCESS_CONFIG_FILE: ${sysconfdir_relative}access.conf" *************** -*** 162,173 **** - ## STATUS=yes (see the Rules section near the start of this file) to allow - ## full status information. Check conf/access.conf on how to enable this. - -! # Module status_module mod_status.o - - ## The Info module displays configuration information for the server and - ## all included modules. It's very useful for debugging. - -! # Module info_module mod_info.o - - ## mod_include translates server-side include (SSI) statements in text files. - ## mod_dir handles requests on directories and directory indexes. ---- 175,186 ---- - ## STATUS=yes (see the Rules section near the start of this file) to allow - ## full status information. Check conf/access.conf on how to enable this. - -! Module status_module mod_status.o - - ## The Info module displays configuration information for the server and - ## all included modules. It's very useful for debugging. - -! Module info_module mod_info.o - - ## mod_include translates server-side include (SSI) statements in text files. - ## mod_dir handles requests on directories and directory indexes. -*************** -*** 209,215 **** - ## mod_rewrite allows for powerful URI-to-URI and URI-to-filename mapping, - ## using regular expressions. - -! # Module rewrite_module mod_rewrite.o - - ## - ## Access control and authentication modules. ---- 222,228 ---- - ## mod_rewrite allows for powerful URI-to-URI and URI-to-filename mapping, - ## using regular expressions. - -! Module rewrite_module mod_rewrite.o - - ## - ## Access control and authentication modules. -*************** -*** 227,233 **** - ## "gdbm" package if not and possibly adjust EXTRA_LIBS. (This may be - ## done by Configure at a later date) - -! # Module db_auth_module mod_auth_db.o - # Module dbm_auth_module mod_auth_dbm.o - - ## msql_auth checks against an mSQL database. You must have mSQL installed ---- 240,246 ---- - ## "gdbm" package if not and possibly adjust EXTRA_LIBS. (This may be - ## done by Configure at a later date) - -! Module db_auth_module mod_auth_db.o - # Module dbm_auth_module mod_auth_dbm.o - - ## msql_auth checks against an mSQL database. You must have mSQL installed -*************** -*** 244,267 **** - ## "digest" implements HTTP Digest Authentication rather than the less - ## secure Basic Auth used by the other modules. - -! # Module digest_module mod_digest.o - - ## Optional response header manipulation modules. - ## - ## cern_meta mimics the behavior of the CERN web server with regards to - ## metainformation files. - -! # Module cern_meta_module mod_cern_meta.o - - ## The expires module can apply Expires: headers to resources, - ## as a function of access time or modification time. - -! # Module expires_module mod_expires.o - - ## The headers module can set arbitrary HTTP response headers, - ## as configured in server, vhost, access.conf or .htaccess configs - -! # Module headers_module mod_headers.o - - ## Miscellaneous modules - ## ---- 257,280 ---- - ## "digest" implements HTTP Digest Authentication rather than the less - ## secure Basic Auth used by the other modules. - -! Module digest_module mod_digest.o - - ## Optional response header manipulation modules. - ## - ## cern_meta mimics the behavior of the CERN web server with regards to - ## metainformation files. - -! Module cern_meta_module mod_cern_meta.o - - ## The expires module can apply Expires: headers to resources, - ## as a function of access time or modification time. - -! Module expires_module mod_expires.o - - ## The headers module can set arbitrary HTTP response headers, - ## as configured in server, vhost, access.conf or .htaccess configs - -! Module headers_module mod_headers.o - - ## Miscellaneous modules - ## +*** 935,942 **** + echo "echo '-DDEFAULT_PIDLOG=\"${runtimedir_relative}httpd.pid\"'" >>$src/apaci + echo "echo '-DDEFAULT_SCOREBOARD=\"${runtimedir_relative}httpd.scoreboard\"'" >>$src/apaci + echo "echo '-DDEFAULT_LOCKFILE=\"${runtimedir_relative}httpd.lock\"'" >>$src/apaci +! echo "echo '-DDEFAULT_XFERLOG=\"${logfiledir_relative}access_log\"'" >>$src/apaci +! echo "echo '-DDEFAULT_ERRORLOG=\"${logfiledir_relative}error_log\"'" >>$src/apaci + echo "echo '-DTYPES_CONFIG_FILE=\"${sysconfdir_relative}mime.types\"'" >>$src/apaci + echo "echo '-DSERVER_CONFIG_FILE=\"${sysconfdir_relative}httpd.conf\"'" >>$src/apaci + echo "echo '-DACCESS_CONFIG_FILE=\"${sysconfdir_relative}access.conf\"'" >>$src/apaci +--- 935,942 ---- + echo "echo '-DDEFAULT_PIDLOG=\"${runtimedir_relative}httpd.pid\"'" >>$src/apaci + echo "echo '-DDEFAULT_SCOREBOARD=\"${runtimedir_relative}httpd.scoreboard\"'" >>$src/apaci + echo "echo '-DDEFAULT_LOCKFILE=\"${runtimedir_relative}httpd.lock\"'" >>$src/apaci +! echo "echo '-DDEFAULT_XFERLOG=\"${logfiledir_relative}httpd-access.log\"'" >>$src/apaci +! echo "echo '-DDEFAULT_ERRORLOG=\"${logfiledir_relative}httpd-error.log\"'" >>$src/apaci + echo "echo '-DTYPES_CONFIG_FILE=\"${sysconfdir_relative}mime.types\"'" >>$src/apaci + echo "echo '-DSERVER_CONFIG_FILE=\"${sysconfdir_relative}httpd.conf\"'" >>$src/apaci + echo "echo '-DACCESS_CONFIG_FILE=\"${sysconfdir_relative}access.conf\"'" >>$src/apaci diff --git a/www/apache13-fp/files/patch-ab b/www/apache13-fp/files/patch-ab index 2fadd018dac7..875c96ac7a82 100644 --- a/www/apache13-fp/files/patch-ab +++ b/www/apache13-fp/files/patch-ab @@ -1,55 +1,153 @@ -*** conf/access.conf-dist.orig Mon Mar 31 18:52:33 1997 ---- conf/access.conf-dist Sat Oct 25 14:15:32 1997 +*** Makefile.tmpl.orig Sat Sep 19 07:41:48 1998 +--- Makefile.tmpl Wed Oct 14 19:07:18 1998 *************** -*** 12,18 **** +*** 107,112 **** +--- 107,113 ---- + runtimedir = @runtimedir@ + logfiledir = @logfiledir@ + proxycachedir = @proxycachedir@ ++ doc_prefix = $(prefix)/share/doc/apache - # This should be changed to whatever you set DocumentRoot to. + libexecdir_relative = @libexecdir_relative@ -! <Directory /usr/local/etc/httpd/htdocs> - - # This may also be "None", "All", or any combination of "Indexes", - # "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews". ---- 12,18 ---- - - # This should be changed to whatever you set DocumentRoot to. - -! <Directory /usr/local/www/data> - - # This may also be "None", "All", or any combination of "Indexes", - # "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews". *************** -*** 26,32 **** - # override. Can also be "All", or any combination of "Options", "FileInfo", - # "AuthConfig", and "Limit" - -! AllowOverride None - - # Controls who can get stuff from this server. - ---- 26,32 ---- - # override. Can also be "All", or any combination of "Options", "FileInfo", - # "AuthConfig", and "Limit" - -! AllowOverride All - - # Controls who can get stuff from this server. - +*** 166,173 **** + -DUID_MIN=$(suexec_uidmin) \ + -DGID_MIN=$(suexec_gidmin) \ + -DUSERDIR_SUFFIX=\"$(suexec_userdir)\" \ +! -DLOG_EXEC=\"$(logfiledir)/suexec_log\" \ +! -DDOC_ROOT=\"$(datadir)/htdocs\" \ + -DSAFE_PATH=\"$(suexec_safepath)\" \ + ' \ + suexec; \ +--- 167,174 ---- + -DUID_MIN=$(suexec_uidmin) \ + -DGID_MIN=$(suexec_gidmin) \ + -DUSERDIR_SUFFIX=\"$(suexec_userdir)\" \ +! -DLOG_EXEC=\"$(logfiledir)/httpd-suexec.log\" \ +! -DDOC_ROOT=\"$(datadir)/data\" \ + -DSAFE_PATH=\"$(suexec_safepath)\" \ + ' \ + suexec; \ *************** -*** 38,45 **** - # /usr/local/etc/httpd/cgi-bin should be changed to whatever your ScriptAliased - # CGI directory exists, if you have that configured. - -! <Directory /usr/local/etc/httpd/cgi-bin> -! AllowOverride None - Options None - </Directory> - ---- 38,45 ---- - # /usr/local/etc/httpd/cgi-bin should be changed to whatever your ScriptAliased - # CGI directory exists, if you have that configured. - -! <Directory /usr/local/www/cgi-bin> -! AllowOverride All - Options None - </Directory> - +*** 224,232 **** + $(MKDIR) $(root)$(mandir)/man1 + $(MKDIR) $(root)$(mandir)/man8 + $(MKDIR) $(root)$(sysconfdir) +! $(MKDIR) $(root)$(datadir)/htdocs + $(MKDIR) $(root)$(datadir)/icons +! $(MKDIR) $(root)$(datadir)/cgi-bin + $(MKDIR) $(root)$(includedir) + $(MKDIR) $(root)$(runtimedir) + $(MKDIR) $(root)$(logfiledir) +--- 225,233 ---- + $(MKDIR) $(root)$(mandir)/man1 + $(MKDIR) $(root)$(mandir)/man8 + $(MKDIR) $(root)$(sysconfdir) +! $(MKDIR) $(root)$(doc_prefix) + $(MKDIR) $(root)$(datadir)/icons +! $(MKDIR) $(root)$(datadir)/cgi-bin.default + $(MKDIR) $(root)$(includedir) + $(MKDIR) $(root)$(runtimedir) + $(MKDIR) $(root)$(logfiledir) +*************** +*** 340,364 **** + # icons and distributed CGI scripts. + install-data: + @echo "===> [data: Installing initial data files]" +! -@if [ -f $(root)$(datadir)/htdocs/index.html ]; then \ +! echo "[PRESERVING EXISTING DATA SUBDIR: $(root)$(datadir)/htdocs/]"; \ +! else \ +! echo "Copying tree $(TOP)/htdocs/ -> $(root)$(datadir)/htdocs/"; \ + (cd $(TOP)/htdocs/ && $(TAR) cf - *) |\ +! (cd $(root)$(datadir)/htdocs/ && $(TAR) xf -); \ +! find $(root)$(datadir)/htdocs/ -type d -exec chmod a+rx {} \; ; \ +! find $(root)$(datadir)/htdocs/ -type f -exec chmod a+r {} \; ; \ + fi +! -@if [ -f $(root)$(datadir)/cgi-bin/printenv ]; then \ +! echo "[PRESERVING EXISTING DATA SUBDIR: $(root)$(datadir)/cgi-bin/]"; \ +! else \ + for script in printenv test-cgi; do \ + cat $(TOP)/cgi-bin/$${script} |\ + sed -e 's;^#!/.*perl;#!$(PERL);' \ + > $(TOP)/$(SRC)/.apaci.install.tmp; \ +! echo "$(INSTALL_DATA) $(TOP)/conf/$${script}[*] $(root)$(datadir)/cgi-bin/$${script}"; \ +! $(INSTALL_DATA) $(TOP)/$(SRC)/.apaci.install.tmp $(root)$(datadir)/cgi-bin/$${script}; \ + done; \ + fi + @echo "Copying tree $(TOP)/icons/ -> $(root)$(datadir)/icons/"; \ + (cd $(TOP)/icons/ && $(TAR) cf - *) |\ +--- 341,372 ---- + # icons and distributed CGI scripts. + install-data: + @echo "===> [data: Installing initial data files]" +! # -@if [ -f $(root)$(datadir)/htdocs/index.html ]; then \ +! # echo "[PRESERVING EXISTING DATA SUBDIR: $(root)$(datadir)/htdocs/]"; \ +! # else \ +! echo "Copying tree $(TOP)/htdocs/ -> $(root)$(doc_prefix)/"; \ + (cd $(TOP)/htdocs/ && $(TAR) cf - *) |\ +! (cd $(root)$(doc_prefix)/ && $(TAR) xf -); \ +! find $(root)$(doc_prefix)/ -type d -exec chmod a+rx {} \; ; \ +! find $(root)$(doc_prefix)/ -type f -exec chmod a+r {} \; ; \ +! # fi +! if [ ! -d $(root)$(datadir)/data ]; then \ +! $(LN) -sf $(root)$(doc_prefix) $(root)$(datadir)/data; \ + fi +! $(LN) -sf $(root)$(doc_prefix) $(root)$(datadir)/data.default +! # -@if [ -f $(root)$(datadir)/cgi-bin/printenv ]; then \ +! # echo "[PRESERVING EXISTING DATA SUBDIR: $(root)$(datadir)/cgi-bin/]"; \ +! # else \ + for script in printenv test-cgi; do \ + cat $(TOP)/cgi-bin/$${script} |\ + sed -e 's;^#!/.*perl;#!$(PERL);' \ + > $(TOP)/$(SRC)/.apaci.install.tmp; \ +! echo "$(INSTALL_DATA) $(TOP)/conf/$${script}[*] $(root)$(datadir)/cgi-bin.default/$${script}"; \ +! $(INSTALL_DATA) $(TOP)/$(SRC)/.apaci.install.tmp $(root)$(datadir)/cgi-bin.default/$${script}; \ + done; \ ++ # fi ++ if [ ! -d $(root)$(datadir)/cgi-bin ]; then \ ++ $(LN) -sf $(root)$(datadir)/cgi-bin.default $(root)$(datadir)/cgi-bin; \ + fi + @echo "Copying tree $(TOP)/icons/ -> $(root)$(datadir)/icons/"; \ + (cd $(TOP)/icons/ && $(TAR) cf - *) |\ +*************** +*** 378,395 **** + echo ""; \ + cat $(TOP)/conf/$${conf}-dist ) |\ + sed -e '/# LoadModule/r $(TOP)/$(SRC)/.apaci.install.conf' \ +! -e 's;@@ServerRoot@@/htdocs;$(datadir)/htdocs;' \ + -e 's;@@ServerRoot@@/icons;$(datadir)/icons;' \ + -e 's;@@ServerRoot@@/cgi-bin;$(datadir)/cgi-bin;' \ + -e 's;@@ServerRoot@@/proxy;$(proxycachedir);' \ + -e 's;@@ServerRoot@@;$(prefix);' \ + -e 's;logs/accept.lock;$(runtimedir)/httpd.lock;' \ + -e 's;logs/apache_runtime_status;$(runtimedir)/httpd.scoreboard;' \ + -e 's;logs/httpd.pid;$(runtimedir)/httpd.pid;' \ +! -e 's;logs/access_log;$(logfiledir)/access_log;' \ +! -e 's;logs/error_log;$(logfiledir)/error_log;' \ +! -e 's;logs/referer_log;$(logfiledir)/referer_log;' \ +! -e 's;logs/agent_log;$(logfiledir)/agent_log;' \ + -e 's;conf/magic;$(sysconfdir)/magic;' \ + -e 's;conf/mime.types;$(sysconfdir)/mime.types;' \ + -e 's;Group #-1;Group $(conf_group);' \ +--- 386,405 ---- + echo ""; \ + cat $(TOP)/conf/$${conf}-dist ) |\ + sed -e '/# LoadModule/r $(TOP)/$(SRC)/.apaci.install.conf' \ +! -e 's;@@ServerRoot@@/htdocs;$(datadir)/data;' \ + -e 's;@@ServerRoot@@/icons;$(datadir)/icons;' \ + -e 's;@@ServerRoot@@/cgi-bin;$(datadir)/cgi-bin;' \ + -e 's;@@ServerRoot@@/proxy;$(proxycachedir);' \ ++ -e 's;@@ServerRoot@@/srm.conf;$(sysconfdir)/srm.conf;' \ ++ -e 's;@@ServerRoot@@/access.conf;$(sysconfdir)/access.conf;' \ + -e 's;@@ServerRoot@@;$(prefix);' \ + -e 's;logs/accept.lock;$(runtimedir)/httpd.lock;' \ + -e 's;logs/apache_runtime_status;$(runtimedir)/httpd.scoreboard;' \ + -e 's;logs/httpd.pid;$(runtimedir)/httpd.pid;' \ +! -e 's;logs/access_log;$(logfiledir)/httpd-access.log;' \ +! -e 's;logs/error_log;$(logfiledir)/httpd-error.log;' \ +! -e 's;logs/referer_log;$(logfiledir)/httpd-referer.log;' \ +! -e 's;logs/agent_log;$(logfiledir)/httpd-agent.log;' \ + -e 's;conf/magic;$(sysconfdir)/magic;' \ + -e 's;conf/mime.types;$(sysconfdir)/mime.types;' \ + -e 's;Group #-1;Group $(conf_group);' \ diff --git a/www/apache13-fp/files/patch-ag b/www/apache13-fp/files/patch-ag new file mode 100644 index 000000000000..bcbbc23ef065 --- /dev/null +++ b/www/apache13-fp/files/patch-ag @@ -0,0 +1,72 @@ +*** conf/httpd.conf-dist.orig Wed May 6 16:12:39 1998 +--- conf/httpd.conf-dist Sat Jun 6 13:08:52 1998 +*************** +*** 50,56 **** + # don't use Group #-1 on these systems! + + User nobody +! Group #-1 + + # ServerAdmin: Your address, where problems with the server should be + # e-mailed. +--- 50,56 ---- + # don't use Group #-1 on these systems! + + User nobody +! Group nogroup + + # ServerAdmin: Your address, where problems with the server should be + # e-mailed. +*************** +*** 65,70 **** +--- 65,80 ---- + + ServerRoot @@ServerRoot@@ + ++ # AccessConfig: The name and location of the Access Configuration file ++ # ++ ++ AccessConfig @@ServerRoot@@/access.conf ++ ++ # ResourceConfig: The name and location of the Resource Configuration file ++ # ++ ++ ResourceConfig @@ServerRoot@@/srm.conf ++ + # BindAddress: You can support virtual hosts with this option. This option + # is used to tell the server which IP address to listen to. It can either + # contain "*", an IP address, or a fully qualified Internet domain name. +*************** +*** 94,100 **** + # The location of the access logfile (Common Logfile Format). + # If this does not start with /, ServerRoot is prepended to it. + +! CustomLog logs/access_log common + + # If you would like to have an agent and referer logfile uncomment the + # following directives. +--- 104,110 ---- + # The location of the access logfile (Common Logfile Format). + # If this does not start with /, ServerRoot is prepended to it. + +! #CustomLog logs/access_log common + + # If you would like to have an agent and referer logfile uncomment the + # following directives. +*************** +*** 105,111 **** + # If you prefer a single logfile with access, agent and referer information + # (Combined Logfile Format) you can use the following directive. + +! #CustomLog logs/access_log combined + + # PidFile: The file the server should log its pid to + PidFile logs/httpd.pid +--- 115,121 ---- + # If you prefer a single logfile with access, agent and referer information + # (Combined Logfile Format) you can use the following directive. + +! CustomLog logs/access_log combined + + # PidFile: The file the server should log its pid to + PidFile logs/httpd.pid diff --git a/www/apache13-fp/files/patch-ak b/www/apache13-fp/files/patch-ak new file mode 100644 index 000000000000..7cda58a4604b --- /dev/null +++ b/www/apache13-fp/files/patch-ak @@ -0,0 +1,40 @@ +*** src/support/apachectl.orig Fri Jul 17 01:25:54 1998 +--- src/support/apachectl Fri Jul 24 00:34:59 1998 +*************** +*** 39,44 **** +--- 39,46 ---- + # -------------------- -------------------- + # |||||||||||||||||||| END CONFIGURATION SECTION |||||||||||||||||||| + ++ eval `limits -e -C daemon` >/dev/null 2>&1 ++ + ERROR=0 + ARGV="$@" + if [ "x$ARGV" = "x" ] ; then +*************** +*** 50,56 **** + # check for pidfile + if [ -f $PIDFILE ] ; then + PID=`cat $PIDFILE` +! if kill -0 $PID; then + STATUS="httpd (pid $PID) running" + RUNNING=1 + else +--- 52,58 ---- + # check for pidfile + if [ -f $PIDFILE ] ; then + PID=`cat $PIDFILE` +! if kill -0 $PID > /dev/null 2>&1; then + STATUS="httpd (pid $PID) running" + RUNNING=1 + else +*************** +*** 82,87 **** +--- 84,90 ---- + fi + if kill $PID ; then + echo "$0 $ARG: httpd stopped" ++ rm $PIDFILE + else + echo "$0 $ARG: httpd could not be stopped" + ERROR=4 diff --git a/www/apache13-fp/files/patch-al b/www/apache13-fp/files/patch-al new file mode 100644 index 000000000000..039d6320f415 --- /dev/null +++ b/www/apache13-fp/files/patch-al @@ -0,0 +1,50 @@ +*** src/support/log_server_status.orig Tue Mar 31 16:53:50 1998 +--- src/support/log_server_status Tue Apr 21 17:18:10 1998 +*************** +*** 67,76 **** + # + require 'sys/socket.ph'; + +! $wherelog = "/var/log/graph/"; # Logs will be like "/var/log/graph/960312" + $server = "localhost"; # Name of server, could be "www.foo.com" + $port = "80"; # Port on server +! $request = "/status/?auto"; # Request to send + + sub tcp_connect + { +--- 67,76 ---- + # + require 'sys/socket.ph'; + +! $wherelog = "/var/log/httpd-status-"; # Logs will be like "/var/log/graph/960312" + $server = "localhost"; # Name of server, could be "www.foo.com" + $port = "80"; # Port on server +! $request = "/server-status/?auto"; # Request to send + + sub tcp_connect + { +*************** +*** 93,103 **** + ### Main + + { +! $date=`date +%y%m%d:%H%M%S`; + chop($date); + ($day,$time)=split(/:/,$date); + $res=&tcp_connect($server,$port); +! open(OUT,">>$wherelog$day"); + if ($res) { + print OUT "$time:-1:-1:-1:-1:$res\n"; + exit 1; +--- 93,103 ---- + ### Main + + { +! $date=`LC_TIME=C date +%y%m%d:%H%M%S`; + chop($date); + ($day,$time)=split(/:/,$date); + $res=&tcp_connect($server,$port); +! open(OUT,">>$wherelog$day.log"); + if ($res) { + print OUT "$time:-1:-1:-1:-1:$res\n"; + exit 1; diff --git a/www/apache13-fp/files/patch-fd b/www/apache13-fp/files/patch-fd index 89b500967937..81d1cb8ac816 100644 --- a/www/apache13-fp/files/patch-fd +++ b/www/apache13-fp/files/patch-fd @@ -1,96 +1,59 @@ -*** support/suexec.h.orig Sat May 10 00:06:17 1997 ---- support/suexec.h Thu Apr 23 15:57:52 1998 +*** src/support/suexec.h.orig Tue Mar 31 06:54:09 1998 +--- src/support/suexec.h Thu May 21 19:18:25 1998 *************** -*** 50,55 **** ---- 50,62 ---- - * +*** 56,61 **** +--- 56,72 ---- */ -+ /* "FPEXE modification made on Nov 2nd 1997 by Mark Wormgoor (riddles@ipe.nl) + /* ++ * "FPEXE modification made on 98.05.21 by Scot Hetzel (hetzels@westbend.net) ++ * based on previous FPEXE modifications supplied by Mark Wormgoor ++ * (riddles@ipe.nl) + * + * Changes were made in order to use Suexec and Frontpage 98 at the same time. -+ * Instead of trying to run suid on /usr/local/frontpage/currentversion/bin/fpexe, -+ * we execute this so the suid-bit does all the work -+ */ ++ * After we change to the target_uid and target_gid. We check if cmd = FPEXE, ++ * if it does then we execute the cmd without performing any further tests. ++ * ++ */ + - /* ++ /* * suexec.h -- user-definable variables for the suexec wrapper code. */ -*************** -*** 114,129 **** - * debugging purposes. - */ - #ifndef LOG_EXEC -! #define LOG_EXEC "/usr/local/etc/httpd/logs/cgi.log" /* Need me? */ - #endif - - /* - * DOC_ROOT -- Define as the DocumentRoot set for Apache. This - * will be the only hierarchy (aside from UserDirs) - * that can be used for suEXEC behavior. - */ - #ifndef DOC_ROOT -! #define DOC_ROOT "/usr/local/etc/httpd/htdocs" - #endif - - /* ---- 121,162 ---- - * debugging purposes. - */ - #ifndef LOG_EXEC -! #define LOG_EXEC "/var/log/httpd-cgi.log" /* Need me? */ - #endif - /* - * DOC_ROOT -- Define as the DocumentRoot set for Apache. This - * will be the only hierarchy (aside from UserDirs) - * that can be used for suEXEC behavior. -+ * This is not used, since we have VirtualHosts defined. +*************** +*** 129,134 **** +--- 140,173 ---- */ #ifndef DOC_ROOT -! #define DOC_ROOT "/usr/local/www" -! #endif -! -! /* -! * FPEXE -! * FRONTPAGE_EXE -- We are running frontpage and we don't need to run -! * fpexe suid, since it's already set suid. Also, the -! * dir-rights are incorrect and so on... -! */ -! #ifndef FPEXE -! #define FPEXE "fpexe" -! #endif -! -! #ifndef FRONTPAGE_EXE -! #define FRONTPAGE_EXE "/usr/local/frontpage/version3.0/apache-fp/_vti_bin/fpexe" -! #endif -! -! /* -! * SYSTEM_CGI -- Define as the cgi directory for system-wide CGI's -! * Note that UID/GID of the cgi or the directory are -! * NOT matched if they're in this directory, although -! * all the other checks still apply. Caveat Emptor. -! */ -! -! #ifndef SYSTEM_CGI -! #define SYSTEM_CGI "/usr/local/www/cgi-bin" + #define DOC_ROOT "/usr/local/apache/htdocs" ++ #endif ++ ++ /* ++ * FPEXE, FPSTUB ++ * FPSTUBDIR -- We are running frontpage and we don't need to run ++ * fpexe suid, since it's already set suid. Also, the ++ * dir-rights are incorrect and so on... ++ */ ++ #ifndef FPEXE ++ #define FPEXE "fpexe" ++ #endif ++ ++ #ifndef FPSTUB ++ #define FPSTUB "/usr/local/frontpage/version3.0/apache-fp/_vti_bin/fpexe" ++ #endif ++ ++ #ifndef FPSTUBDIR ++ #define FPSTUBDIR "/usr/local/frontpage/currentversion/apache-fp/_vti_bin" ++ #endif ++ ++ /* ++ * SYSTEM_CGI -- Define as the cgi directory for system-wide CGI's ++ * Note that UID/GID of the cgi or the directory are ++ * NOT matched if they're in this directory, although ++ * all the other checks still apply. Caveat Emptor. ++ */ ++ #ifndef SYSTEM_CGI ++ #define SYSTEM_CGI "/usr/local/www/cgi-bin" #endif /* -*************** -*** 131,137 **** - * - */ - #ifndef SAFE_PATH -! #define SAFE_PATH "/usr/local/bin:/usr/bin:/bin" - #endif - - #endif /* _SUEXEC_H */ ---- 164,170 ---- - * - */ - #ifndef SAFE_PATH -! #define SAFE_PATH "/usr/local/bin:/usr/bin:/bin:." - #endif - - #endif /* _SUEXEC_H */ diff --git a/www/apache13-fp/files/patch-fe b/www/apache13-fp/files/patch-fe index f2877b36197c..03fc4063b108 100644 --- a/www/apache13-fp/files/patch-fe +++ b/www/apache13-fp/files/patch-fe @@ -1,11 +1,11 @@ -*** support/suexec.c.orig Fri Jan 30 08:45:44 1998 ---- support/suexec.c Fri Apr 24 17:32:21 1998 +*** src/support/suexec.c.orig Tue Apr 21 15:14:06 1998 +--- src/support/suexec.c Fri May 22 17:59:43 1998 *************** -*** 66,71 **** ---- 66,94 ---- +*** 70,75 **** +--- 70,98 ---- + * * */ - + /* + * "System" CGI modification 97.05.10 by Rick Franchuk (rickf@netnation.com) + * @@ -19,8 +19,8 @@ + * The docroot check had to be bypassed to allow functionality for VirtualHost + * entries. I'm somewhat suprised noone encountered that behavior before. + */ -+ -+ /* "FPEXE modification made on 98.04.24 by Scot Hetzel (hetzels@westbend.net) ++ /* ++ * "FPEXE modification made on 98.05.19 by Scot Hetzel (hetzels@westbend.net) + * based on previous FPEXE modifications supplied by Mark Wormgoor + * (riddles@ipe.nl) + * @@ -28,127 +28,13 @@ + * After we change to the target_uid and target_gid. We check if cmd = FPEXE, + * if it does then we execute the cmd without performing any further tests. + * -+ */ - - #include "suexec.h" - -*************** -*** 75,81 **** - #include <sys/types.h> - #include <stdio.h> - #include <stdarg.h> -! #include <string.h> - #include <pwd.h> - #include <grp.h> - #include <time.h> ---- 98,104 ---- - #include <sys/types.h> - #include <stdio.h> - #include <stdarg.h> -! #include <strings.h> - #include <pwd.h> - #include <grp.h> - #include <time.h> -*************** -*** 138,144 **** - - static void err_output(const char *fmt, va_list ap) - { -- #ifdef LOG_EXEC - time_t timevar; - struct tm *lt; ++ */ ---- 161,166 ---- -*************** -*** 158,164 **** - vfprintf(log, fmt, ap); - - fflush(log); -- #endif /* LOG_EXEC */ - return; - } - ---- 180,185 ---- -*************** -*** 264,270 **** - log_err("user mismatch (%s)\n", pw->pw_name); - exit(103); - } -! - /* - * Check for a leading '/' (absolute path) in the command to be executed, - * or attempts to back up out of the current directory, ---- 285,291 ---- - log_err("user mismatch (%s)\n", pw->pw_name); - exit(103); - } -! - /* - * Check for a leading '/' (absolute path) in the command to be executed, - * or attempts to back up out of the current directory, + #include "conf.h" + #include <sys/param.h> *************** -*** 301,306 **** ---- 322,328 ---- - /* - * Error out if the target group name is invalid. - */ -+ - if (strspn(target_gname, "1234567890") != strlen(target_gname)) { - if ((gr = getgrnam(target_gname)) == NULL) { - log_err("invalid target group name: (%s)\n", target_gname); -*************** -*** 325,331 **** - * Log the transaction here to be sure we have an open log - * before we setuid(). - */ -! log_err("uid: (%s/%s) gid: (%s/%s) %s\n", - target_uname, actual_uname, - target_gname, actual_gname, - cmd); ---- 347,353 ---- - * Log the transaction here to be sure we have an open log - * before we setuid(). - */ -! log_err("uid: (%s/%s) gid: (%s/%s) cmd: %s\n", - target_uname, actual_uname, - target_gname, actual_gname, - cmd); -*************** -*** 357,363 **** - * and setgid() to the target group. If unsuccessful, error out. - */ - if (((setgid(gid)) != 0) || (initgroups(actual_uname,gid) != 0)) { -! log_err("failed to setgid (%ld: %s)\n", gid, cmd); - exit(109); - } - ---- 379,385 ---- - * and setgid() to the target group. If unsuccessful, error out. - */ - if (((setgid(gid)) != 0) || (initgroups(actual_uname,gid) != 0)) { -! log_err("failed to setgid (%ld: %s/%s)\n", gid, cwd, cmd); - exit(109); - } - -*************** -*** 365,375 **** - * setuid() to the target user. Error out on fail. - */ - if ((setuid(uid)) != 0) { -! log_err("failed to setuid (%ld: %s)\n", uid, cmd); - exit(110); - } - - /* - * Get the current working directory, as well as the proper - * document root (dependant upon whether or not it is a - * ~userdir request). Error out if we cannot get either one, ---- 387,405 ---- - * setuid() to the target user. Error out on fail. - */ - if ((setuid(uid)) != 0) { -! log_err("failed to setuid (%ld: %s/%s)\n", uid, cwd, cmd); - exit(110); +*** 393,398 **** +--- 416,429 ---- } /* @@ -156,17 +42,17 @@ + * user is ok. We run fpexe now and bail out before anything goes wrong. + */ + #ifdef FPEXE -+ if ((strcmp(cmd, FPEXE)) != NULL) { -+ #endif ++ if ((strcmp(cmd, FPEXE)) != NULL) { ++ #endif + + /* * Get the current working directory, as well as the proper * document root (dependant upon whether or not it is a * ~userdir request). Error out if we cannot get either one, *************** -*** 402,411 **** ---- 432,446 ---- - } +*** 423,432 **** +--- 454,468 ---- + } } + /* @@ -174,74 +60,87 @@ + * VirtualHosts running CGI in thier own directories. + * if ((strncmp(cwd, dwd, strlen(dwd))) != 0) { - log_err("command not in docroot (%s/%s)\n", cwd, cmd); - exit(114); + log_err("command not in docroot (%s/%s)\n", cwd, cmd); + exit(114); } + */ /* * Stat the cwd and verify it is a directory, or error out. *************** -*** 451,470 **** +*** 472,477 **** +--- 508,516 ---- * Error out if the target name/group is different from * the name/group of the cwd or the program. */ -! if ((uid != dir_info.st_uid) || -! (gid != dir_info.st_gid) || -! (uid != prg_info.st_uid) || -! (gid != prg_info.st_gid)) -! { -! log_err("target uid/gid (%ld/%ld) mismatch with directory (%ld/%ld) or program (%ld/%ld)\n", -! uid, gid, -! dir_info.st_uid, dir_info.st_gid, -! prg_info.st_uid, prg_info.st_gid); -! exit(120); - } - - clean_env(); - - /* - * Be sure to close the log file so the CGI can't - * mess with it. If the exec fails, it will be reopened ---- 486,516 ---- - * Error out if the target name/group is different from - * the name/group of the cwd or the program. - */ -! -! #ifdef SYSTEM_CGI -! if (strncmp(cwd, SYSTEM_CGI, strlen(SYSTEM_CGI))) { -! #endif -! if ((uid != dir_info.st_uid) || -! (gid != dir_info.st_gid) || -! (uid != prg_info.st_uid) || -! (gid != prg_info.st_gid)) -! { -! log_err("target uid/gid (%ld/%ld) mismatch with directory %s(%ld/%ld) or program %s(%ld/%ld)\n", -! uid, gid, -! cwd, dir_info.st_uid, dir_info.st_gid, -! cmd, prg_info.st_uid, prg_info.st_gid); -! exit(120); -! } -! #ifdef SYSTEM_CGI ++ #ifdef SYSTEM_CGI ++ if (strncmp(cwd, SYSTEM_CGI, strlen(SYSTEM_CGI))) { ++ #endif + if ((uid != dir_info.st_uid) || + (gid != dir_info.st_gid) || + (uid != prg_info.st_uid) || +*************** +*** 482,487 **** +--- 521,530 ---- + prg_info.st_uid, prg_info.st_gid); + exit(120); } ++ #ifdef SYSTEM_CGI ++ } + #endif ++ + /* + * Error out if the program is not executable for the user. + * Otherwise, she won't find any error in the logs except for +*************** +*** 493,498 **** +--- 536,584 ---- + } clean_env(); - ++ + #ifdef FPEXE + } -+ #endif ++ else { ++ ++ /* The following taken from mod_frontpage.c to check permissions */ + ++ /* ++ * We can't stat the stub dir. Make sure the stub directory is not ++ * owned by root and not group/world writable ++ */ ++ if ((lstat(FPSTUBDIR, &dir_info) == -1 || ++ dir_info.st_uid || ++ (dir_info.st_mode & (S_IWGRP | S_IWOTH)) || ++ (!S_ISDIR(dir_info.st_mode)))) { ++ /* ++ * User recovery: set directory to be owned by by root with ++ * permissions r*x*-x*-x. ++ */ ++ log_err("Incorrect permissions on stub directory \"%-.1024s\"", ++ FPSTUBDIR); ++ exit (250); ++ } ++ ++ /* ++ * We can't stat the stub. Make sure the stub is not owned by root, ++ * set-uid, set-gid, and is not group/world writable or executable. ++ */ ++ if ((stat(cmd, &prg_info) == -1 || ++ prg_info.st_uid || ++ !(prg_info.st_mode & S_ISUID) || ++ (prg_info.st_mode & S_ISGID) || ++ (prg_info.st_mode & (S_IWGRP | S_IWOTH)) || ++ !(prg_info.st_mode & (S_IXGRP | S_IXOTH)))) { ++ /* ++ * User recovery: set stub to be owned by by root with permissions ++ * r*s*-x*-x. ++ */ ++ log_err("Incorrect permissions on stub \"%-.1024s\"", cmd); ++ exit (251); ++ } ++ } ++ #endif + /* * Be sure to close the log file so the CGI can't - * mess with it. If the exec fails, it will be reopened -*************** -*** 486,491 **** ---- 532,538 ---- - * - * Oh well, log the failure and error out. - */ -+ - log_err("exec failed (%s)\n", cmd); - exit(255); - } diff --git a/www/apache13-fp/files/patch-ff b/www/apache13-fp/files/patch-ff deleted file mode 100644 index da0f609a2566..000000000000 --- a/www/apache13-fp/files/patch-ff +++ /dev/null @@ -1,42 +0,0 @@ -*** support/Makefile.tmpl.orig Mon Mar 10 03:31:34 1997 ---- support/Makefile.tmpl Thu Apr 23 13:20:33 1998 -*************** -*** 8,18 **** ---- 8,32 ---- - INCLUDES=-I../src -I../src/regex $(INCLUDES1) $(EXTRA_INCLUDES) - LFLAGS=$(LFLAGS1) $(EXTRA_LFLAGS) - -+ PREFIX?=/usr/local -+ USER_CGI_BIN?=public_html -+ HTTPD_USER?=www -+ FP_EXE=${PREFIX}/frontpage/version3.0/apache-fp/_vti_bin/fpexe -+ SYS_CGI_BIN=${PREFIX}/www/cgi-bin -+ SU_FLAGS=-DHTTPD_USER=\"${HTTPD_USER}\" -+ SU_FLAGS+=-DSYSTEM_CGI=\"${SYS_CGI_BIN}\" -+ SU_FLAGS+=-DFRONTPAGE_EXE=\"${FP_EXE}\" -+ SU_FLAGS+=-DUSERDIR_SUFFIX=\"${USER_CGI_BIN}\" -+ - .c.o: - $(CC) -c $(CFLAGS) $(INCLUDES) $< - - TARGETS=htpasswd htdigest httpd_monitor rotatelogs logresolve - -+ .if defined(SUEXEC) -+ TARGETS+=suexec -+ .endif -+ - all: $(TARGETS) - - htpasswd: htpasswd.c -*************** -*** 29,34 **** ---- 43,51 ---- - - logresolve: logresolve.c - $(CC) $(INCLUDES) $(CFLAGS) logresolve.c -o logresolve $(LIBS) -+ -+ suexec: suexec.c -+ $(CC) $(INCLUDES) $(CFLAGS) ${SU_FLAGS} suexec.c -o suexec - - clean: - rm -f $(TARGETS) diff --git a/www/apache13-fp/files/patch-fh b/www/apache13-fp/files/patch-fh new file mode 100644 index 000000000000..82895f03799b --- /dev/null +++ b/www/apache13-fp/files/patch-fh @@ -0,0 +1,24 @@ +*** src/include/httpd.h.orig Thu May 21 19:37:29 1998 +--- src/include/httpd.h Fri May 22 16:57:19 1998 +*************** +*** 689,695 **** + + char *unparsed_uri; /* the uri without any parsing performed */ + char *uri; /* the path portion of the URI */ +! char *filename; + char *path_info; + char *args; /* QUERY_ARGS, if any */ + struct stat finfo; /* ST_MODE set to zero if no such file */ +--- 689,700 ---- + + char *unparsed_uri; /* the uri without any parsing performed */ + char *uri; /* the path portion of the URI */ +! char *execfilename; /* physical filename to exec */ +! char *filename; /* logical filename to exec -- always the same +! * except for FrontPage CGI programs where we +! * will execute the CGI program in +! * /usr/local/frontpage.... +! */ + char *path_info; + char *args; /* QUERY_ARGS, if any */ + struct stat finfo; /* ST_MODE set to zero if no such file */ diff --git a/www/apache13-fp/files/patch-fi b/www/apache13-fp/files/patch-fi new file mode 100644 index 000000000000..c23dfa3c9efc --- /dev/null +++ b/www/apache13-fp/files/patch-fi @@ -0,0 +1,23 @@ +*** src/main/http_request.c.orig Tue Oct 6 14:06:09 1998 +--- src/main/http_request.c Sat Oct 31 15:49:04 1998 +*************** +*** 187,192 **** +--- 187,194 ---- + return OK; + } + ++ if (r->execfilename) path = r->execfilename; ++ + #ifdef WIN32 + /* If the path is x:/, then convert it to x:/., coz that's what stat + * needs to work properly +*************** +*** 461,466 **** +--- 463,469 ---- + res = ap_parse_htaccess(&htaccess_conf, r, overrides_here, + ap_pstrdup(r->pool, test_dirname), + sconf->access_name); ++ if (r->execfilename) r->filename = r->execfilename; + if (res) + return res; + diff --git a/www/apache13-fp/files/patch-fj b/www/apache13-fp/files/patch-fj new file mode 100644 index 000000000000..e0b1414f0011 --- /dev/null +++ b/www/apache13-fp/files/patch-fj @@ -0,0 +1,19 @@ +*** src/main/util.c.orig Sat May 9 09:27:27 1998 +--- src/main/util.c Fri May 22 16:57:19 1998 +*************** +*** 582,588 **** + char *res; + + for (x = 0; (*line)[x]; x++) { +! if (ap_isspace((*line)[x])) { + pos = x; + break; + } +--- 582,588 ---- + char *res; + + for (x = 0; (*line)[x]; x++) { +! if (ap_isspace((*line)[x]) && ((*line)[x] & 0x80)==0) { + pos = x; + break; + } diff --git a/www/apache13-fp/pkg-descr b/www/apache13-fp/pkg-descr index 940efc31c70c..e92255245e4f 100644 --- a/www/apache13-fp/pkg-descr +++ b/www/apache13-fp/pkg-descr @@ -1,4 +1,5 @@ Apache-FP + Version 1.0 (and up) What is it? ----------- @@ -6,7 +7,16 @@ What is it? Apache is an HTTP server designed as a plug-in replacement for the NCSA server version 1.3 (or 1.4). It fixes numerous bugs in the NCSA server and includes many frequently requested new features, and has an API which -allows it to be extended to meet users' needs more easily. +Allows it to be extended to meet users' needs more easily. -Microsoft Frontpage Extentions allows web administrators and authers to -create, modify the web pages on the Apache server using Microsoft FrontPage. +Microsoft Frontpage Extentions allows web administrators and authors to +remotely manage, create, modify, or delete web pages on the Apache server +using Microsoft FrontPage 98. + +Documentation +------------- + +All the documentation is on-line on the WWW, via the URL's: + + Apache - http://www.apache.org + FrontPage - http://www.microsoft.com/frontpage/wpp/SERK diff --git a/www/apache13-fp/pkg-plist b/www/apache13-fp/pkg-plist index 1c59a182289c..af7db72aba77 100644 --- a/www/apache13-fp/pkg-plist +++ b/www/apache13-fp/pkg-plist @@ -1,58 +1,120 @@ +bin/dbmmanage +bin/htdigest +bin/htpasswd +etc/apache/access.conf.default +etc/apache/httpd.conf.default +etc/apache/magic.default +etc/apache/mime.types.default +etc/apache/srm.conf.default etc/rc.d/apache.sh -@exec mkdir -p %D/www/cgi-bin %D/www/data -etc/apache/httpd.conf-dist -etc/apache/srm.conf-dist -etc/apache/access.conf-dist -etc/apache/mime.types-dist +etc/rc.d/apache.sh.tmpl +include/apache/alloc.h +include/apache/ap.h +include/apache/ap_compat.h +include/apache/ap_config.h +include/apache/ap_config_auto.h +include/apache/ap_ctype.h +include/apache/ap_md5.h +include/apache/ap_mmn.h +include/apache/buff.h +include/apache/compat.h +include/apache/conf.h +include/apache/explain.h +include/apache/fnmatch.h +include/apache/hsregex.h +include/apache/http_conf_globals.h +include/apache/http_config.h +include/apache/http_core.h +include/apache/http_log.h +include/apache/http_main.h +include/apache/http_protocol.h +include/apache/http_request.h +include/apache/http_vhost.h +include/apache/httpd.h +include/apache/multithread.h +include/apache/os.h +include/apache/rfc1413.h +include/apache/scoreboard.h +include/apache/util_date.h +include/apache/util_md5.h +include/apache/util_script.h +include/apache/util_uri.h +libexec/apache/libproxy.so +libexec/apache/mod_auth_anon.so +libexec/apache/mod_auth_db.so +libexec/apache/mod_cern_meta.so +libexec/apache/mod_digest.so +libexec/apache/mod_expires.so +libexec/apache/mod_frontpage.so +libexec/apache/mod_headers.so +libexec/apache/mod_info.so +libexec/apache/mod_mime_magic.so +libexec/apache/mod_rewrite.so +libexec/apache/mod_speling.so +libexec/apache/mod_unique_id.so +libexec/apache/mod_usertrack.so +sbin/ab +sbin/apachectl +sbin/apxs sbin/httpd +sbin/logresolve +sbin/rotatelogs sbin/suexec -share/doc/apache/ABOUT_APACHE -share/doc/apache/LICENSE -share/doc/apache/README share/doc/apache/apache_pb.gif +@exec mkdir -p %D/www +@exec ln -fs %B %D/www/data.default +@unexec rm -f %D/www/data.default share/doc/apache/index.html share/doc/apache/manual/LICENSE -share/doc/apache/manual/TODO share/doc/apache/manual/bind.html share/doc/apache/manual/cgi_path.html share/doc/apache/manual/content-negotiation.html share/doc/apache/manual/custom-error.html share/doc/apache/manual/dns-caveats.html +share/doc/apache/manual/dso.html +share/doc/apache/manual/ebcdic.html share/doc/apache/manual/env.html share/doc/apache/manual/footer.html share/doc/apache/manual/handler.html share/doc/apache/manual/header.html -share/doc/apache/manual/host.html +share/doc/apache/manual/images/custom_errordocs.gif share/doc/apache/manual/images/home.gif share/doc/apache/manual/images/index.gif +share/doc/apache/manual/images/mod_rewrite_fig1.fig +share/doc/apache/manual/images/mod_rewrite_fig1.gif +share/doc/apache/manual/images/mod_rewrite_fig2.fig +share/doc/apache/manual/images/mod_rewrite_fig2.gif share/doc/apache/manual/images/sub.gif share/doc/apache/manual/index.html share/doc/apache/manual/install.html -share/doc/apache/manual/install_1_1.html share/doc/apache/manual/invoking.html share/doc/apache/manual/keepalive.html share/doc/apache/manual/location.html share/doc/apache/manual/man-template.html share/doc/apache/manual/misc/API.html share/doc/apache/manual/misc/FAQ.html +share/doc/apache/manual/misc/HTTP_Features.tsv share/doc/apache/manual/misc/client_block_api.html share/doc/apache/manual/misc/compat_notes.html +share/doc/apache/manual/misc/custom_errordocs.html share/doc/apache/manual/misc/descriptors.html share/doc/apache/manual/misc/fin_wait_2.html share/doc/apache/manual/misc/footer.html share/doc/apache/manual/misc/header.html share/doc/apache/manual/misc/howto.html share/doc/apache/manual/misc/index.html -share/doc/apache/manual/misc/known_bugs.html share/doc/apache/manual/misc/known_client_problems.html share/doc/apache/manual/misc/nopgp.html share/doc/apache/manual/misc/perf-bsd44.html share/doc/apache/manual/misc/perf-dec.html +share/doc/apache/manual/misc/perf-hp.html +share/doc/apache/manual/misc/perf-tuning.html share/doc/apache/manual/misc/perf.html share/doc/apache/manual/misc/security_tips.html share/doc/apache/manual/misc/vif-info.html share/doc/apache/manual/misc/windoz_keepalive.html share/doc/apache/manual/mod/core.html +share/doc/apache/manual/mod/directive-dict.html share/doc/apache/manual/mod/directives.html share/doc/apache/manual/mod/footer.html share/doc/apache/manual/mod/header.html @@ -65,7 +127,7 @@ share/doc/apache/manual/mod/mod_auth.html share/doc/apache/manual/mod/mod_auth_anon.html share/doc/apache/manual/mod/mod_auth_db.html share/doc/apache/manual/mod/mod_auth_dbm.html -share/doc/apache/manual/mod/mod_auth_msql.html +share/doc/apache/manual/mod/mod_autoindex.html share/doc/apache/manual/mod/mod_browser.html share/doc/apache/manual/mod/mod_cern_meta.html share/doc/apache/manual/mod/mod_cgi.html @@ -73,6 +135,7 @@ share/doc/apache/manual/mod/mod_cookies.html share/doc/apache/manual/mod/mod_digest.html share/doc/apache/manual/mod/mod_dir.html share/doc/apache/manual/mod/mod_dld.html +share/doc/apache/manual/mod/mod_dll.html share/doc/apache/manual/mod/mod_env.html share/doc/apache/manual/mod/mod_example.html share/doc/apache/manual/mod/mod_expires.html @@ -80,32 +143,51 @@ share/doc/apache/manual/mod/mod_headers.html share/doc/apache/manual/mod/mod_imap.html share/doc/apache/manual/mod/mod_include.html share/doc/apache/manual/mod/mod_info.html +share/doc/apache/manual/mod/mod_isapi.html share/doc/apache/manual/mod/mod_log_agent.html share/doc/apache/manual/mod/mod_log_common.html share/doc/apache/manual/mod/mod_log_config.html share/doc/apache/manual/mod/mod_log_referer.html share/doc/apache/manual/mod/mod_mime.html +share/doc/apache/manual/mod/mod_mime_magic.html +share/doc/apache/manual/mod/mod_mmap_static.html share/doc/apache/manual/mod/mod_negotiation.html share/doc/apache/manual/mod/mod_proxy.html share/doc/apache/manual/mod/mod_rewrite.html +share/doc/apache/manual/mod/mod_setenvif.html +share/doc/apache/manual/mod/mod_so.html +share/doc/apache/manual/mod/mod_speling.html share/doc/apache/manual/mod/mod_status.html +share/doc/apache/manual/mod/mod_unique_id.html share/doc/apache/manual/mod/mod_userdir.html share/doc/apache/manual/mod/mod_usertrack.html share/doc/apache/manual/multilogs.html share/doc/apache/manual/new_features_1_0.html share/doc/apache/manual/new_features_1_1.html share/doc/apache/manual/new_features_1_2.html +share/doc/apache/manual/new_features_1_3.html share/doc/apache/manual/process-model.html +share/doc/apache/manual/sections.html +share/doc/apache/manual/sourcereorg.html share/doc/apache/manual/stopping.html share/doc/apache/manual/suexec.html share/doc/apache/manual/unixware.html -share/doc/apache/manual/vhosts-in-depth.html -share/doc/apache/manual/virtual-host.html -@dirrm share/doc/apache/manual/images -@dirrm share/doc/apache/manual/misc -@dirrm share/doc/apache/manual/mod -@dirrm share/doc/apache/manual -@dirrm share/doc/apache +share/doc/apache/manual/upgrading_to_1_3.html +share/doc/apache/manual/vhosts/details.html +share/doc/apache/manual/vhosts/details_1_2.html +share/doc/apache/manual/vhosts/examples.html +share/doc/apache/manual/vhosts/fd-limits.html +share/doc/apache/manual/vhosts/footer.html +share/doc/apache/manual/vhosts/header.html +share/doc/apache/manual/vhosts/host.html +share/doc/apache/manual/vhosts/index.html +share/doc/apache/manual/vhosts/ip-based.html +share/doc/apache/manual/vhosts/name-based.html +share/doc/apache/manual/vhosts/vhosts-in-depth.html +share/doc/apache/manual/vhosts/virtual-host.html +share/doc/apache/manual/windows.html +www/cgi-bin.default/printenv +www/cgi-bin.default/test-cgi www/icons/README www/icons/a.gif www/icons/alert.black.gif @@ -182,9 +264,19 @@ www/icons/uu.gif www/icons/uuencoded.gif www/icons/world1.gif www/icons/world2.gif -@dirrm www/cgi-bin -@dirrm www/data +@exec mkdir -p %D/www/proxy +@dirrm etc/apache +@dirrm include/apache +@dirrm libexec/apache +@dirrm share/doc/apache/manual/images +@dirrm share/doc/apache/manual/misc +@dirrm share/doc/apache/manual/mod +@dirrm share/doc/apache/manual/vhosts +@dirrm share/doc/apache/manual +@dirrm share/doc/apache +@dirrm www/cgi-bin.default @dirrm www/icons +@dirrm www/proxy @dirrm www frontpage/version3.0/LICENSE.TXT frontpage/version3.0/change_server.sh |