diff options
Diffstat (limited to 'net-www/apache/files/suexec_pam_gentoo.patch')
| -rw-r--r-- | net-www/apache/files/suexec_pam_gentoo.patch | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/net-www/apache/files/suexec_pam_gentoo.patch b/net-www/apache/files/suexec_pam_gentoo.patch new file mode 100644 index 000000000000..cad50147b683 --- /dev/null +++ b/net-www/apache/files/suexec_pam_gentoo.patch @@ -0,0 +1,70 @@ +diff -ur apache_1.3.27/src/support/Makefile.tmpl apache_1.3.27.old/src/support/Makefile.tmpl~ +--- apache_1.3.27/src/support/Makefile.tmpl Sat Mar 2 20:46:23 2002 ++++ apache_1.3.27.old/src/support/Makefile.tmpl Mon Nov 4 14:33:14 2002 +@@ -49,6 +49,8 @@ + -e 's%@LDFLAGS_MOD_SHLIB@%$(LDFLAGS_MOD_SHLIB)%g' \ + -e 's%@LIBS_SHLIB@%$(LIBS_SHLIB)%g' && chmod a+x apxs + ++suexec: CFLAGS += -DSUEXEC_PAM_SESSION ++suexec: LIBS += -lpam + suexec: suexec.o + $(CC) $(CFLAGS) -o suexec $(LDFLAGS) suexec.o $(LIBS) + +diff -ur apache_1.3.27/src/support/suexec.c apache_1.3.27.old/src/support/suexec.c +--- apache_1.3.27/src/support/suexec.c Mon Nov 4 14:30:16 2002 ++++ apache_1.3.27.old/src/support/suexec.c Mon Nov 4 14:35:45 2002 +@@ -92,6 +92,10 @@ + #include <stdarg.h> + #include <strings.h> + ++#ifdef SUEXEC_PAM_SESSION ++#include <security/pam_appl.h> ++#endif ++ + #include "suexec.h" + + /* +@@ -848,6 +852,43 @@ + #endif /* SUEXEC_UMASK */ + clean_env(); + ++#ifdef SUEXEC_PAM_SESSION ++ /* ++ * Use PAM session support. Initial goal was to use the pam_limits module. ++ */ ++ ++#ifndef PAM_SERVICE_NAME ++#define PAM_SERVICE_NAME "suexec" ++#endif /* PAM_SERVICE_NAME */ ++ ++#define PAM_CALL(call, name, err_code, do_end) \ ++ do \ ++ { \ ++ rc = (call); \ ++ if (rc != PAM_SUCCESS) \ ++ { \ ++ log_err("error: %s(): [%d] %s\n", (name), rc, pam_strerror(pamh, rc)); \ ++ (do_end) && pam_end(pamh, rc); \ ++ exit(err_code); \ ++ } \ ++ } while (0) ++ ++ { ++ int rc; ++ pam_handle_t *pamh = NULL; ++ struct pam_conv pamc = { NULL, NULL }; ++ ++ PAM_CALL(pam_start(PAM_SERVICE_NAME, actual_uname, &pamc, &pamh), ++ "pam_start", 241, 0); ++ PAM_CALL(pam_open_session(pamh, 0), "pam_open_session", 242, 1); ++ PAM_CALL(pam_close_session(pamh, 0), "pam_close_session", 243, 1); ++ PAM_CALL(pam_end(pamh, 0), "pam_end", 244, 0); ++ } ++ ++#undef PAM_CALL ++#undef PAM_SERVICE_NAME ++#endif /* SUEXEC_PAM_SESSION */ ++ + /* + * Be sure to close the log file so the CGI can't + * mess with it. If the exec fails, it will be reopened |