[Fedora-directory-commits] mod_admserv mod_admserv.c,1.17,1.18
Richard Allen Megginson (rmeggins)
fedora-directory-commits at redhat.com
Fri Nov 18 21:18:49 UTC 2005
Author: rmeggins
Update of /cvs/dirsec/mod_admserv
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3754
Modified Files:
mod_admserv.c
Log Message:
Make sure the pset cache file (local.conf) is owned by the server uid.
Change the euid to the server uid before calling psetCreateSSL, then change
it back afterwards.
Index: mod_admserv.c
===================================================================
RCS file: /cvs/dirsec/mod_admserv/mod_admserv.c,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- mod_admserv.c 15 Aug 2005 15:55:16 -0000 1.17
+++ mod_admserv.c 18 Nov 2005 21:18:42 -0000 1.18
@@ -42,6 +42,12 @@
#include "http_request.h"
#include "http_log.h"
+/* need uid and gid of apache process after setuid */
+#if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)
+#include "unixd.h"
+#define CHANGE_EUID 1
+#endif
+
#include "libadminutil/distadm.h"
#include "libadminutil/admutil.h"
#include "libadminutil/resource.h"
@@ -1948,7 +1954,9 @@
server_rec *base_server)
{
int error;
-
+#ifdef CHANGE_EUID
+ int reseteuid = 0;
+#endif /* CHANGE_EUID */
AdmldapInfo info;
PsetHndl pset;
char *val;
@@ -1979,11 +1987,26 @@
}
}
+#ifdef CHANGE_EUID
+ /* make sure pset creates the cache file owned by the server uid, not root */
+ if (geteuid() == 0) {
+ seteuid(unixd_config.user_id);
+ reseteuid = 1;
+ }
+#endif /* CHANGE_EUID */
+
pset = psetCreateSSL((char*)"admin-serv",
path,
NULL,
NULL,
&error);
+
+#ifdef CHANGE_EUID
+ if (reseteuid) {
+ seteuid(0);
+ }
+#endif /* CHANGE_EUID */
+
if (pset) {
} else {
ap_log_error(APLOG_MARK, APLOG_CRIT, 0, base_server,
More information about the Fedora-directory-commits
mailing list