Skip to content

@ju5t patch to fix mpm-itk / mod_ruid2 compatibility #1912

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Oct 13, 2018
Merged

@ju5t patch to fix mpm-itk / mod_ruid2 compatibility #1912

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 11 additions & 1 deletion apache2/msc_logging.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -230,10 +230,20 @@ static char *construct_auditlog_filename(apr_pool_t *mp, const char *uniqueid) {
char tstr[300];
apr_size_t len;

/**
* This is required for mpm-itk & mod_ruid2, though should be harmless for other implementations
* It also changes the return statement.
*/
char *username;
apr_uid_t uid;
apr_gid_t gid;
apr_uid_current(&uid, &gid, mp);
apr_uid_name_get(&username, uid, mp);

apr_time_exp_lt(&t, apr_time_now());

apr_strftime(tstr, &len, 299, "/%Y%m%d/%Y%m%d-%H%M/%Y%m%d-%H%M%S", &t);
return apr_psprintf(mp, "%s-%s", tstr, uniqueid);
return apr_psprintf(mp, "/%s%s-%s", username, tstr, uniqueid);
}

/**
Expand Down
34 changes: 30 additions & 4 deletions apache2/persist_dbm.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,14 @@ static apr_table_t *collection_retrieve_ex(apr_sdbm_t *existing_dbm, modsec_rec
int expired = 0;
int i;

/**
* This is required for mpm-itk & mod_ruid2, though should be harmless for other implementations
*/
char *username;
apr_uid_t uid;
apr_gid_t gid;
apr_uid_current(&uid, &gid, msr->mp);
apr_uid_name_get(&username, uid, msr->mp);

if (msr->txcfg->data_dir == NULL) {
msr_log(msr, 1, "collection_retrieve_ex: Unable to retrieve collection (name \"%s\", key \"%s\"). Use "
Expand All @@ -109,7 +117,7 @@ static apr_table_t *collection_retrieve_ex(apr_sdbm_t *existing_dbm, modsec_rec
goto cleanup;
}

dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", col_name, NULL);
dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", username, "-", col_name, NULL);

if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "collection_retrieve_ex: collection_retrieve_ex: Retrieving collection (name \"%s\", filename \"%s\")",log_escape(msr->mp, col_name),
Expand Down Expand Up @@ -374,6 +382,15 @@ int collection_store(modsec_rec *msr, apr_table_t *col) {
const apr_table_t *stored_col = NULL;
const apr_table_t *orig_col = NULL;

/**
* This is required for mpm-itk & mod_ruid2, though should be harmless for other implementations
*/
char *username;
apr_uid_t uid;
apr_gid_t gid;
apr_uid_current(&uid, &gid, msr->mp);
apr_uid_name_get(&username, uid, msr->mp);

var_name = (msc_string *)apr_table_get(col, "__name");
if (var_name == NULL) {
goto error;
Expand All @@ -392,7 +409,7 @@ int collection_store(modsec_rec *msr, apr_table_t *col) {
}

// ENH: lowercase the var name in the filename
dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", var_name->value, NULL);
dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", username, "-", var_name->value, NULL);

if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "collection_store: Retrieving collection (name \"%s\", filename \"%s\")",log_escape(msr->mp, var_name->value),
Expand Down Expand Up @@ -655,6 +672,15 @@ int collections_remove_stale(modsec_rec *msr, const char *col_name) {
apr_time_t now = apr_time_sec(msr->request_time);
int i;

/**
* This is required for mpm-itk & mod_ruid2, though should be harmless for other implementations
*/
char *username;
apr_uid_t uid;
apr_gid_t gid;
apr_uid_current(&uid, &gid, msr->mp);
apr_uid_name_get(&username, uid, msr->mp);

if (msr->txcfg->data_dir == NULL) {
/* The user has been warned about this problem enough times already by now.
* msr_log(msr, 1, "Unable to access collection file (name \"%s\"). Use SecDataDir to "
Expand All @@ -664,9 +690,9 @@ int collections_remove_stale(modsec_rec *msr, const char *col_name) {
}

if(strstr(col_name,"USER") || strstr(col_name,"SESSION") || strstr(col_name, "RESOURCE"))
dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", msr->txcfg->webappid, "_", col_name, NULL);
dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", username, "-", msr->txcfg->webappid, "_", col_name, NULL);
else
dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", col_name, NULL);
dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", username, "-", col_name, NULL);

if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "collections_remove_stale: Retrieving collection (name \"%s\", filename \"%s\")",log_escape(msr->mp, col_name),
Expand Down