Author: rmeggins Update of /cvs/dirsec/mod_admserv In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3754 Modified Files: mod_admserv.c Log Message: Make sure the pset cache file (local.conf) is owned by the server uid. Change the euid to the server uid before calling psetCreateSSL, then change it back afterwards. Index: mod_admserv.c =================================================================== RCS file: /cvs/dirsec/mod_admserv/mod_admserv.c,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- mod_admserv.c 15 Aug 2005 15:55:16 -0000 1.17 +++ mod_admserv.c 18 Nov 2005 21:18:42 -0000 1.18 @@ -42,6 +42,12 @@ #include "http_request.h" #include "http_log.h" +/* need uid and gid of apache process after setuid */ +#if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE) +#include "unixd.h" +#define CHANGE_EUID 1 +#endif + #include "libadminutil/distadm.h" #include "libadminutil/admutil.h" #include "libadminutil/resource.h" @@ -1948,7 +1954,9 @@ server_rec *base_server) { int error; - +#ifdef CHANGE_EUID + int reseteuid = 0; +#endif /* CHANGE_EUID */ AdmldapInfo info; PsetHndl pset; char *val; @@ -1979,11 +1987,26 @@ } } +#ifdef CHANGE_EUID + /* make sure pset creates the cache file owned by the server uid, not root */ + if (geteuid() == 0) { + seteuid(unixd_config.user_id); + reseteuid = 1; + } +#endif /* CHANGE_EUID */ + pset = psetCreateSSL((char*)"admin-serv", path, NULL, NULL, &error); + +#ifdef CHANGE_EUID + if (reseteuid) { + seteuid(0); + } +#endif /* CHANGE_EUID */ + if (pset) { } else { ap_log_error(APLOG_MARK, APLOG_CRIT, 0, base_server,