head	1.2;
access;
symbols
	RELEASE_8_3_0:1.1
	RELEASE_9_0_0:1.1
	RELEASE_7_4_0:1.1
	RELEASE_8_2_0:1.1
	RELEASE_6_EOL:1.1
	RELEASE_8_1_0:1.1;
locks; strict;
comment	@# @;


1.2
date	2012.08.18.14.29.08;	author ohauer;	state dead;
branches;
next	1.1;

1.1
date	2010.05.14.18.52.32;	author pgollucci;	state Exp;
branches;
next	;


desc
@@


1.2
log
@SVN rev 302724 on 2012-08-18 14:29:08Z by ohauer

- remove www/apache20 and devel/apr0
- s/USE_APACHE= 20+/USE_APACHE= 22+/
- unify s/YES/yes/
- cleanup APACHE_VERSION <= 22 usage
- add entry to MOVED

with hat apache@@
@
text
@diff -Nru support/Makefile.in.orig1 support/Makefile.in
--- support/Makefile.in.orig1	2010-05-14 10:05:11.000000000 +0400
+++ support/Makefile.in	2010-05-14 10:05:41.000000000 +0400
@@@@ -57,7 +57,7 @@@@
 
 suexec_OBJECTS = suexec.lo
 suexec: $(suexec_OBJECTS)
-	$(LINK) $(suexec_OBJECTS)
+	$(LINK) -lutil $(suexec_OBJECTS)
 
 httxt2dbm_OBJECTS = httxt2dbm.lo
 httxt2dbm: $(httxt2dbm_OBJECTS)
diff -Nru support/suexec.c.orig1 support/suexec.c
--- support/suexec.c.orig1	2006-07-12 11:40:55.000000000 +0400
+++ support/suexec.c	2010-05-14 10:05:41.000000000 +0400
@@@@ -37,6 +37,7 @@@@
 #include <sys/param.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#include <login_cap.h>
 #include <string.h>
 #include <time.h>
 #if APR_HAVE_UNISTD_H
@@@@ -242,6 +243,7 @@@@
     char *cmd;              /* command to be executed    */
     char cwd[AP_MAXPATH];   /* current working directory */
     char dwd[AP_MAXPATH];   /* docroot working directory */
+    login_cap_t *lc;        /* user resource limits      */
     struct passwd *pw;      /* password entry holder     */
     struct group *gr;       /* group entry holder        */
     struct stat dir_info;   /* directory info holder     */
@@@@ -448,6 +450,18 @@@@
     }
 
     /*
+     * Apply user resource limits based on login class.
+     */
+    if ((lc = login_getclassbyname(pw->pw_class, pw)) == NULL) {
+               log_err("failed to login_getclassbyname()\n");
+               exit(109);
+       }
+       if ((setusercontext(lc, pw, uid, LOGIN_SETRESOURCES)) != 0) {
+               log_err("failed to setusercontext()\n");
+               exit(109);
+       }
+
+    /*
      * Change UID/GID here so that the following tests work over NFS.
      *
      * Initialize the group access list for the target user,
@


1.1
log
@By default suexec doesn't enforces different resource limitations configured in
login.conf(5). This is probably because resource limitations are handled
differently on various different platforms.

This modifies suexec behaviour to set resource limits for CGI's
from /etc/login.conf before execing the customers CGI script.

Doesn't affect default package, so no PORTREVISION bumps.

I will follow up at dev@@httpd.apache.org to see about adding this
with #ifdefs.

PR:             ports/136928
Submitted by:   Alexey V.Degtyarev <alexey@@renatasystems.org>
With Hat:       apache@@
@
text
@@

