2010-12-20 12:29:10 -08:00
|
|
|
/*
|
2006-04-11 21:52:54 +00:00
|
|
|
* Copyright (c) 2004, 2005, 2006 NOVELL (All rights reserved)
|
2014-07-08 00:44:44 -07:00
|
|
|
* Copyright (c) 2014 Canonical, Ltd. (All rights reserved)
|
2006-04-11 21:52:54 +00:00
|
|
|
*
|
|
|
|
|
* The mod_apparmor module is licensed under the terms of the GNU
|
|
|
|
|
* Lesser General Public License, version 2.1. Please see the file
|
|
|
|
|
* COPYING.LGPL.
|
|
|
|
|
*
|
|
|
|
|
* mod_apparmor - (apache 2.0.x)
|
2014-07-08 00:44:44 -07:00
|
|
|
* Author: Steve Beattie <steve@nxnw.org>
|
2006-04-11 21:52:54 +00:00
|
|
|
*
|
|
|
|
|
* This currently only implements change_hat functionality, but could be
|
|
|
|
|
* extended for other stuff we decide to do.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include "ap_config.h"
|
|
|
|
|
#include "httpd.h"
|
|
|
|
|
#include "http_config.h"
|
|
|
|
|
#include "http_request.h"
|
|
|
|
|
#include "http_log.h"
|
2014-01-23 13:38:31 -08:00
|
|
|
#include "http_main.h"
|
2006-04-11 21:52:54 +00:00
|
|
|
#include "http_protocol.h"
|
|
|
|
|
#include "util_filter.h"
|
|
|
|
|
#include "apr.h"
|
|
|
|
|
#include "apr_strings.h"
|
|
|
|
|
#include "apr_lib.h"
|
|
|
|
|
|
2014-01-09 11:57:13 -08:00
|
|
|
#include <sys/apparmor.h>
|
2006-04-11 21:52:54 +00:00
|
|
|
#include <unistd.h>
|
|
|
|
|
|
|
|
|
|
/* #define DEBUG */
|
|
|
|
|
|
2020-06-01 02:51:59 -07:00
|
|
|
#ifndef unused_
|
|
|
|
|
#define unused_ __attribute__ ((unused))
|
|
|
|
|
#endif
|
|
|
|
|
|
2006-04-11 21:52:54 +00:00
|
|
|
/* should the following be configurable? */
|
|
|
|
|
#define DEFAULT_HAT "HANDLING_UNTRUSTED_INPUT"
|
|
|
|
|
#define DEFAULT_URI_HAT "DEFAULT_URI"
|
|
|
|
|
|
2014-01-23 13:38:31 -08:00
|
|
|
/* Compatibility with apache 2.2 */
|
|
|
|
|
#if AP_SERVER_MAJORVERSION_NUMBER == 2 && AP_SERVER_MINORVERSION_NUMBER < 3
|
2014-01-23 13:40:19 -08:00
|
|
|
#define APLOG_TRACE1 APLOG_DEBUG
|
2014-01-23 13:38:31 -08:00
|
|
|
server_rec *ap_server_conf = NULL;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef APLOG_USE_MODULE
|
|
|
|
|
APLOG_USE_MODULE(apparmor);
|
|
|
|
|
#endif
|
2006-04-11 21:52:54 +00:00
|
|
|
module AP_MODULE_DECLARE_DATA apparmor_module;
|
|
|
|
|
|
2014-01-23 13:43:36 -08:00
|
|
|
static unsigned long magic_token = 0;
|
2006-04-11 21:52:54 +00:00
|
|
|
static int inside_default_hat = 0;
|
|
|
|
|
|
|
|
|
|
typedef struct {
|
2014-07-08 00:46:13 -07:00
|
|
|
const char *hat_name;
|
|
|
|
|
char *path;
|
2014-07-08 00:44:44 -07:00
|
|
|
} apparmor_dir_cfg;
|
2006-04-11 21:52:54 +00:00
|
|
|
|
|
|
|
|
typedef struct {
|
2014-07-08 00:46:13 -07:00
|
|
|
const char *hat_name;
|
|
|
|
|
int is_initialized;
|
2014-07-08 00:44:44 -07:00
|
|
|
} apparmor_srv_cfg;
|
2006-04-11 21:52:54 +00:00
|
|
|
|
2014-07-08 00:44:44 -07:00
|
|
|
/* aa_init() gets invoked in the post_config stage of apache.
|
2006-04-11 21:52:54 +00:00
|
|
|
* Unfortunately, apache reads its config once when it starts up, then
|
|
|
|
|
* it re-reads it when goes into its restart loop, where it starts it's
|
|
|
|
|
* children. This means we cannot call change_hat here, as the modules
|
|
|
|
|
* memory will be wiped out, and the magic_token will be lost, so apache
|
|
|
|
|
* wouldn't be able to change_hat back out. */
|
2014-07-08 00:44:44 -07:00
|
|
|
static int
|
2020-06-01 02:51:59 -07:00
|
|
|
aa_init(apr_pool_t *p, unused_ apr_pool_t *plog, unused_ apr_pool_t *ptemp, unused_ server_rec *s)
|
2006-04-11 21:52:54 +00:00
|
|
|
{
|
2014-07-08 00:46:13 -07:00
|
|
|
apr_file_t *file;
|
|
|
|
|
apr_size_t size = sizeof(magic_token);
|
2006-04-11 21:52:54 +00:00
|
|
|
int ret;
|
|
|
|
|
|
|
|
|
|
ret = apr_file_open (&file, "/dev/urandom", APR_READ, APR_OS_DEFAULT, p);
|
|
|
|
|
if (!ret) {
|
2014-07-08 00:46:13 -07:00
|
|
|
apr_file_read(file, (void *) &magic_token, &size);
|
|
|
|
|
apr_file_close(file);
|
2006-04-11 21:52:54 +00:00
|
|
|
} else {
|
2014-01-23 14:50:07 -08:00
|
|
|
ap_log_error(APLOG_MARK, APLOG_ERR, errno, ap_server_conf,
|
2014-07-08 00:46:13 -07:00
|
|
|
"Failed to open /dev/urandom");
|
2006-04-11 21:52:54 +00:00
|
|
|
}
|
2014-07-08 00:46:13 -07:00
|
|
|
ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, ap_server_conf,
|
|
|
|
|
"Opened /dev/urandom successfully");
|
2006-04-11 21:52:54 +00:00
|
|
|
|
|
|
|
|
return OK;
|
|
|
|
|
}
|
2014-07-08 00:46:13 -07:00
|
|
|
|
2006-04-11 21:52:54 +00:00
|
|
|
/* As each child starts up, we'll change_hat into a default hat, mostly
|
|
|
|
|
* to protect ourselves from bugs in parsing network input, but before
|
|
|
|
|
* we change_hat to the uri specific hat. */
|
2014-07-08 00:44:44 -07:00
|
|
|
static void
|
2020-06-01 02:51:59 -07:00
|
|
|
aa_child_init(unused_ apr_pool_t *p, unused_ server_rec *s)
|
2006-04-11 21:52:54 +00:00
|
|
|
{
|
|
|
|
|
int ret;
|
|
|
|
|
|
2014-01-23 13:45:00 -08:00
|
|
|
ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, ap_server_conf,
|
2014-07-08 00:46:13 -07:00
|
|
|
"init: calling change_hat with '%s'", DEFAULT_HAT);
|
2014-01-23 13:43:36 -08:00
|
|
|
ret = aa_change_hat(DEFAULT_HAT, magic_token);
|
2006-04-11 21:52:54 +00:00
|
|
|
if (ret < 0) {
|
2014-01-23 14:50:07 -08:00
|
|
|
ap_log_error(APLOG_MARK, APLOG_ERR, errno, ap_server_conf,
|
2014-07-08 00:46:13 -07:00
|
|
|
"Failed to change_hat to '%s'", DEFAULT_HAT);
|
2006-04-11 21:52:54 +00:00
|
|
|
} else {
|
|
|
|
|
inside_default_hat = 1;
|
|
|
|
|
}
|
2014-07-08 00:46:13 -07:00
|
|
|
}
|
2006-04-11 21:52:54 +00:00
|
|
|
|
|
|
|
|
static void
|
2014-01-23 13:41:57 -08:00
|
|
|
debug_dump_uri(request_rec *r)
|
2006-04-11 21:52:54 +00:00
|
|
|
{
|
2014-01-23 13:41:57 -08:00
|
|
|
apr_uri_t *uri = &r->parsed_uri;
|
|
|
|
|
if (uri)
|
2014-07-08 00:46:13 -07:00
|
|
|
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "Dumping uri info "
|
|
|
|
|
"scheme='%s' host='%s' path='%s' query='%s' fragment='%s'",
|
|
|
|
|
uri->scheme, uri->hostname, uri->path, uri->query,
|
|
|
|
|
uri->fragment);
|
2006-04-11 21:52:54 +00:00
|
|
|
else
|
2014-07-08 00:46:13 -07:00
|
|
|
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "Asked to dump NULL uri");
|
2006-04-11 21:52:54 +00:00
|
|
|
|
|
|
|
|
}
|
2014-01-23 13:41:57 -08:00
|
|
|
|
2014-07-08 00:46:13 -07:00
|
|
|
/*
|
2014-07-08 00:44:44 -07:00
|
|
|
aa_enter_hat will attempt to change_hat in the following order:
|
2006-04-11 21:52:54 +00:00
|
|
|
(1) to a hatname in a location directive
|
mod_apparmor: try uri hat after AADefaultHatName, not before
In trunk revno 2335, a bug was fixed in mod_apparmor that corrected
the storage location for AADefaultHatName. The incorrect storage
caused the hat specified by the AADefaultHatName keyword to be the
default value for AAHatName, and meant that if both an AAHatName and
an AADefaultHatName entry were given in a vhost, mod_apparmor would
not fall back to trying AADefaultHatName if the hat specified in
AAHatName did not exist in the apache apparmor profile.
However, because the value specified in AADefaultHatName was the
default, if no AAHatName was specified, it would be attempted first,
before a hat based on the passed URI, rather than after as the
documentation stated and the code intended. By fixing the storage bug,
the attempted hat ordering now matched the documentation. But a number
of users came to rely on AADefaultHatName being attempted before
the URI. For trunk, this issue is less severe because mod_apparmor
passes a vector of hats to aa_change_hatv(), and thus missing URI
hats are not logged by the kernel apparmor bits. It still represents
a behavioral change to users, though.
This patch re-adjusts the ordering so that the URI-based hat is
attempted after the hat specified by AADefaultHatName is attempted,
thus maintaining the actual behavior before the bug addressed in
revno 2335 was fixed.
Patch history:
v1: initial revision
v2: no code changes; adjust comments and improve the man page
documentation
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
2014-07-08 00:39:05 -07:00
|
|
|
(2) to the server name or a defined per-server default
|
2014-07-08 00:41:58 -07:00
|
|
|
(3) to the server name + "-" + uri
|
|
|
|
|
(4) to the uri
|
|
|
|
|
(5) to DEFAULT_URI
|
|
|
|
|
(6) back to the parent profile
|
2006-04-11 21:52:54 +00:00
|
|
|
*/
|
2014-07-08 00:44:44 -07:00
|
|
|
static int
|
|
|
|
|
aa_enter_hat(request_rec *r)
|
2006-04-11 21:52:54 +00:00
|
|
|
{
|
2014-07-08 00:44:44 -07:00
|
|
|
int aa_ret = -1;
|
|
|
|
|
apparmor_dir_cfg *dcfg = (apparmor_dir_cfg *)
|
2014-07-08 00:46:13 -07:00
|
|
|
ap_get_module_config(r->per_dir_config, &apparmor_module);
|
2014-07-08 00:44:44 -07:00
|
|
|
apparmor_srv_cfg *scfg = (apparmor_srv_cfg *)
|
2014-07-08 00:46:13 -07:00
|
|
|
ap_get_module_config(r->server->module_config, &apparmor_module);
|
2014-07-08 00:41:58 -07:00
|
|
|
const char *aa_hat_array[6] = { NULL, NULL, NULL, NULL, NULL, NULL };
|
mod_apparmor: convert aa_change_hat()s into single aa_change_hatv()
This patch converts the request entry point from using multiple (if
necessary) aa_change_hat() calls into a single aa_change_hatv() call,
simplifying the code a bit, requiring fewer round trips between
mod_apparmor and the kernel for each request, as well as providing more
information when the apache profile is in complain mode.
Patch history:
v1: initial version
v2: - the server config (scfg) code accidentally re-added the
directory config (dcfg) hat to the vector of hats, fix that
- actually add the DEFAULT_URI hat to the vector of hats, instead
of only logging that that is happening.
- pass errno to ap_log_rerror() if aa_change_hatv() call fails.
- don't call aa_change_hat again if aa_change_hatv() call fails,
as this is no longer necessary.
v3: - Based on feedback from jjohansen, convert exit point
aa_change_hat() call to aa_change_hatv(), in order to work
around aa_change_hat() bug addressed in trunk rev 2329,
which causes the exiting aa_change_hat() call to fail and
results in the apache process being killed by the kernel.
When it's no longer likely that mod_apparmor could run into
a system libapparmor that still contains this bug, this can
be converted back.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 14:08:46 -08:00
|
|
|
int i = 0;
|
2015-02-09 18:46:49 -06:00
|
|
|
char *aa_label, *aa_mode, *aa_hat;
|
2014-07-08 00:41:58 -07:00
|
|
|
const char *vhost_uri;
|
2006-04-11 21:52:54 +00:00
|
|
|
|
2014-01-23 13:41:57 -08:00
|
|
|
debug_dump_uri(r);
|
2014-07-08 00:44:44 -07:00
|
|
|
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "aa_enter_hat (%s) n:0x%lx p:0x%lx main:0x%lx",
|
2014-07-08 00:46:13 -07:00
|
|
|
dcfg->path, (unsigned long) r->next, (unsigned long) r->prev,
|
|
|
|
|
(unsigned long) r->main);
|
2006-04-11 21:52:54 +00:00
|
|
|
|
|
|
|
|
/* We only call change_hat for the main request, not subrequests */
|
2014-07-08 00:46:13 -07:00
|
|
|
if (r->main)
|
|
|
|
|
return OK;
|
2006-04-11 21:52:54 +00:00
|
|
|
|
|
|
|
|
if (inside_default_hat) {
|
2014-01-23 13:43:36 -08:00
|
|
|
aa_change_hat(NULL, magic_token);
|
2014-07-08 00:46:13 -07:00
|
|
|
inside_default_hat = 0;
|
2006-04-11 21:52:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (dcfg != NULL && dcfg->hat_name != NULL) {
|
mod_apparmor: convert aa_change_hat()s into single aa_change_hatv()
This patch converts the request entry point from using multiple (if
necessary) aa_change_hat() calls into a single aa_change_hatv() call,
simplifying the code a bit, requiring fewer round trips between
mod_apparmor and the kernel for each request, as well as providing more
information when the apache profile is in complain mode.
Patch history:
v1: initial version
v2: - the server config (scfg) code accidentally re-added the
directory config (dcfg) hat to the vector of hats, fix that
- actually add the DEFAULT_URI hat to the vector of hats, instead
of only logging that that is happening.
- pass errno to ap_log_rerror() if aa_change_hatv() call fails.
- don't call aa_change_hat again if aa_change_hatv() call fails,
as this is no longer necessary.
v3: - Based on feedback from jjohansen, convert exit point
aa_change_hat() call to aa_change_hatv(), in order to work
around aa_change_hat() bug addressed in trunk rev 2329,
which causes the exiting aa_change_hat() call to fail and
results in the apache process being killed by the kernel.
When it's no longer likely that mod_apparmor could run into
a system libapparmor that still contains this bug, this can
be converted back.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 14:08:46 -08:00
|
|
|
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
|
2014-07-08 00:46:13 -07:00
|
|
|
"[dcfg] adding hat '%s' to aa_change_hat vector", dcfg->hat_name);
|
mod_apparmor: convert aa_change_hat()s into single aa_change_hatv()
This patch converts the request entry point from using multiple (if
necessary) aa_change_hat() calls into a single aa_change_hatv() call,
simplifying the code a bit, requiring fewer round trips between
mod_apparmor and the kernel for each request, as well as providing more
information when the apache profile is in complain mode.
Patch history:
v1: initial version
v2: - the server config (scfg) code accidentally re-added the
directory config (dcfg) hat to the vector of hats, fix that
- actually add the DEFAULT_URI hat to the vector of hats, instead
of only logging that that is happening.
- pass errno to ap_log_rerror() if aa_change_hatv() call fails.
- don't call aa_change_hat again if aa_change_hatv() call fails,
as this is no longer necessary.
v3: - Based on feedback from jjohansen, convert exit point
aa_change_hat() call to aa_change_hatv(), in order to work
around aa_change_hat() bug addressed in trunk rev 2329,
which causes the exiting aa_change_hat() call to fail and
results in the apache process being killed by the kernel.
When it's no longer likely that mod_apparmor could run into
a system libapparmor that still contains this bug, this can
be converted back.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 14:08:46 -08:00
|
|
|
aa_hat_array[i++] = dcfg->hat_name;
|
2006-04-11 21:52:54 +00:00
|
|
|
}
|
|
|
|
|
|
2014-01-23 13:46:17 -08:00
|
|
|
if (scfg) {
|
2014-07-08 00:46:13 -07:00
|
|
|
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "Dumping scfg info: "
|
|
|
|
|
"scfg='0x%lx' scfg->hat_name='%s'",
|
|
|
|
|
(unsigned long) scfg, scfg->hat_name);
|
2014-01-23 13:46:17 -08:00
|
|
|
} else {
|
2014-07-08 00:46:13 -07:00
|
|
|
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "scfg is null");
|
2014-01-23 13:46:17 -08:00
|
|
|
}
|
mod_apparmor: make the ServerName be the default AADefaultHatName
Bug: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1207424
This patch makes the default value for AADefaultHatName be the
server/vhost name, which can be specified in apache via the ServerName
configuration declaration. It can be overridden by setting
AADefaultHatName directly. Thus, with this patch applied, the order of
attempted hats will be:
1. try to aa_change_hat(2) into a matching AAHatName hat if it exists
and applies, otherwise
2. try to aa_change_hat(2) into the URI itself, otherwise
3. try to aa_change_hat(2) into the value of ServerName, unless
AADefaultHatName has been explicitly set for this server/vhost, in
which case that value will be used, otherwise
4. try to aa_change_hat(2) into the DEFAULT_URI hat, if it exists,
otherwise
5. fall back to the global Apache policy
This should eliminate the need for most admins to define both
ServerName and AADefaultHatName, unless there's a specific need for
the values to deviate.
Man page documentation is updated as well, though probably more
wordsmithing is needed there for clarity.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:51:34 -08:00
|
|
|
if (scfg != NULL) {
|
2014-07-08 00:46:13 -07:00
|
|
|
if (scfg->hat_name != NULL) {
|
mod_apparmor: convert aa_change_hat()s into single aa_change_hatv()
This patch converts the request entry point from using multiple (if
necessary) aa_change_hat() calls into a single aa_change_hatv() call,
simplifying the code a bit, requiring fewer round trips between
mod_apparmor and the kernel for each request, as well as providing more
information when the apache profile is in complain mode.
Patch history:
v1: initial version
v2: - the server config (scfg) code accidentally re-added the
directory config (dcfg) hat to the vector of hats, fix that
- actually add the DEFAULT_URI hat to the vector of hats, instead
of only logging that that is happening.
- pass errno to ap_log_rerror() if aa_change_hatv() call fails.
- don't call aa_change_hat again if aa_change_hatv() call fails,
as this is no longer necessary.
v3: - Based on feedback from jjohansen, convert exit point
aa_change_hat() call to aa_change_hatv(), in order to work
around aa_change_hat() bug addressed in trunk rev 2329,
which causes the exiting aa_change_hat() call to fail and
results in the apache process being killed by the kernel.
When it's no longer likely that mod_apparmor could run into
a system libapparmor that still contains this bug, this can
be converted back.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 14:08:46 -08:00
|
|
|
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
|
2014-07-08 00:46:13 -07:00
|
|
|
"[scfg] adding hat '%s' to aa_change_hat vector", scfg->hat_name);
|
mod_apparmor: convert aa_change_hat()s into single aa_change_hatv()
This patch converts the request entry point from using multiple (if
necessary) aa_change_hat() calls into a single aa_change_hatv() call,
simplifying the code a bit, requiring fewer round trips between
mod_apparmor and the kernel for each request, as well as providing more
information when the apache profile is in complain mode.
Patch history:
v1: initial version
v2: - the server config (scfg) code accidentally re-added the
directory config (dcfg) hat to the vector of hats, fix that
- actually add the DEFAULT_URI hat to the vector of hats, instead
of only logging that that is happening.
- pass errno to ap_log_rerror() if aa_change_hatv() call fails.
- don't call aa_change_hat again if aa_change_hatv() call fails,
as this is no longer necessary.
v3: - Based on feedback from jjohansen, convert exit point
aa_change_hat() call to aa_change_hatv(), in order to work
around aa_change_hat() bug addressed in trunk rev 2329,
which causes the exiting aa_change_hat() call to fail and
results in the apache process being killed by the kernel.
When it's no longer likely that mod_apparmor could run into
a system libapparmor that still contains this bug, this can
be converted back.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 14:08:46 -08:00
|
|
|
aa_hat_array[i++] = scfg->hat_name;
|
mod_apparmor: make the ServerName be the default AADefaultHatName
Bug: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1207424
This patch makes the default value for AADefaultHatName be the
server/vhost name, which can be specified in apache via the ServerName
configuration declaration. It can be overridden by setting
AADefaultHatName directly. Thus, with this patch applied, the order of
attempted hats will be:
1. try to aa_change_hat(2) into a matching AAHatName hat if it exists
and applies, otherwise
2. try to aa_change_hat(2) into the URI itself, otherwise
3. try to aa_change_hat(2) into the value of ServerName, unless
AADefaultHatName has been explicitly set for this server/vhost, in
which case that value will be used, otherwise
4. try to aa_change_hat(2) into the DEFAULT_URI hat, if it exists,
otherwise
5. fall back to the global Apache policy
This should eliminate the need for most admins to define both
ServerName and AADefaultHatName, unless there's a specific need for
the values to deviate.
Man page documentation is updated as well, though probably more
wordsmithing is needed there for clarity.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 13:51:34 -08:00
|
|
|
} else {
|
mod_apparmor: convert aa_change_hat()s into single aa_change_hatv()
This patch converts the request entry point from using multiple (if
necessary) aa_change_hat() calls into a single aa_change_hatv() call,
simplifying the code a bit, requiring fewer round trips between
mod_apparmor and the kernel for each request, as well as providing more
information when the apache profile is in complain mode.
Patch history:
v1: initial version
v2: - the server config (scfg) code accidentally re-added the
directory config (dcfg) hat to the vector of hats, fix that
- actually add the DEFAULT_URI hat to the vector of hats, instead
of only logging that that is happening.
- pass errno to ap_log_rerror() if aa_change_hatv() call fails.
- don't call aa_change_hat again if aa_change_hatv() call fails,
as this is no longer necessary.
v3: - Based on feedback from jjohansen, convert exit point
aa_change_hat() call to aa_change_hatv(), in order to work
around aa_change_hat() bug addressed in trunk rev 2329,
which causes the exiting aa_change_hat() call to fail and
results in the apache process being killed by the kernel.
When it's no longer likely that mod_apparmor could run into
a system libapparmor that still contains this bug, this can
be converted back.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 14:08:46 -08:00
|
|
|
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
|
2014-07-08 00:46:13 -07:00
|
|
|
"[scfg] adding server_name '%s' to aa_change_hat vector",
|
|
|
|
|
r->server->server_hostname);
|
mod_apparmor: convert aa_change_hat()s into single aa_change_hatv()
This patch converts the request entry point from using multiple (if
necessary) aa_change_hat() calls into a single aa_change_hatv() call,
simplifying the code a bit, requiring fewer round trips between
mod_apparmor and the kernel for each request, as well as providing more
information when the apache profile is in complain mode.
Patch history:
v1: initial version
v2: - the server config (scfg) code accidentally re-added the
directory config (dcfg) hat to the vector of hats, fix that
- actually add the DEFAULT_URI hat to the vector of hats, instead
of only logging that that is happening.
- pass errno to ap_log_rerror() if aa_change_hatv() call fails.
- don't call aa_change_hat again if aa_change_hatv() call fails,
as this is no longer necessary.
v3: - Based on feedback from jjohansen, convert exit point
aa_change_hat() call to aa_change_hatv(), in order to work
around aa_change_hat() bug addressed in trunk rev 2329,
which causes the exiting aa_change_hat() call to fail and
results in the apache process being killed by the kernel.
When it's no longer likely that mod_apparmor could run into
a system libapparmor that still contains this bug, this can
be converted back.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 14:08:46 -08:00
|
|
|
aa_hat_array[i++] = r->server->server_hostname;
|
2014-07-08 00:46:13 -07:00
|
|
|
}
|
2014-07-08 00:41:58 -07:00
|
|
|
|
2014-07-08 00:46:13 -07:00
|
|
|
vhost_uri = apr_pstrcat(r->pool, r->server->server_hostname, "-", r->uri, NULL);
|
|
|
|
|
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
|
|
|
|
|
"[vhost+uri] adding vhost+uri '%s' to aa_change_hat vector", vhost_uri);
|
|
|
|
|
aa_hat_array[i++] = vhost_uri;
|
2006-04-11 21:52:54 +00:00
|
|
|
}
|
|
|
|
|
|
mod_apparmor: try uri hat after AADefaultHatName, not before
In trunk revno 2335, a bug was fixed in mod_apparmor that corrected
the storage location for AADefaultHatName. The incorrect storage
caused the hat specified by the AADefaultHatName keyword to be the
default value for AAHatName, and meant that if both an AAHatName and
an AADefaultHatName entry were given in a vhost, mod_apparmor would
not fall back to trying AADefaultHatName if the hat specified in
AAHatName did not exist in the apache apparmor profile.
However, because the value specified in AADefaultHatName was the
default, if no AAHatName was specified, it would be attempted first,
before a hat based on the passed URI, rather than after as the
documentation stated and the code intended. By fixing the storage bug,
the attempted hat ordering now matched the documentation. But a number
of users came to rely on AADefaultHatName being attempted before
the URI. For trunk, this issue is less severe because mod_apparmor
passes a vector of hats to aa_change_hatv(), and thus missing URI
hats are not logged by the kernel apparmor bits. It still represents
a behavioral change to users, though.
This patch re-adjusts the ordering so that the URI-based hat is
attempted after the hat specified by AADefaultHatName is attempted,
thus maintaining the actual behavior before the bug addressed in
revno 2335 was fixed.
Patch history:
v1: initial revision
v2: no code changes; adjust comments and improve the man page
documentation
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
2014-07-08 00:39:05 -07:00
|
|
|
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
|
2014-07-08 00:46:13 -07:00
|
|
|
"[uri] adding uri '%s' to aa_change_hat vector", r->uri);
|
mod_apparmor: try uri hat after AADefaultHatName, not before
In trunk revno 2335, a bug was fixed in mod_apparmor that corrected
the storage location for AADefaultHatName. The incorrect storage
caused the hat specified by the AADefaultHatName keyword to be the
default value for AAHatName, and meant that if both an AAHatName and
an AADefaultHatName entry were given in a vhost, mod_apparmor would
not fall back to trying AADefaultHatName if the hat specified in
AAHatName did not exist in the apache apparmor profile.
However, because the value specified in AADefaultHatName was the
default, if no AAHatName was specified, it would be attempted first,
before a hat based on the passed URI, rather than after as the
documentation stated and the code intended. By fixing the storage bug,
the attempted hat ordering now matched the documentation. But a number
of users came to rely on AADefaultHatName being attempted before
the URI. For trunk, this issue is less severe because mod_apparmor
passes a vector of hats to aa_change_hatv(), and thus missing URI
hats are not logged by the kernel apparmor bits. It still represents
a behavioral change to users, though.
This patch re-adjusts the ordering so that the URI-based hat is
attempted after the hat specified by AADefaultHatName is attempted,
thus maintaining the actual behavior before the bug addressed in
revno 2335 was fixed.
Patch history:
v1: initial revision
v2: no code changes; adjust comments and improve the man page
documentation
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
2014-07-08 00:39:05 -07:00
|
|
|
aa_hat_array[i++] = r->uri;
|
|
|
|
|
|
mod_apparmor: convert aa_change_hat()s into single aa_change_hatv()
This patch converts the request entry point from using multiple (if
necessary) aa_change_hat() calls into a single aa_change_hatv() call,
simplifying the code a bit, requiring fewer round trips between
mod_apparmor and the kernel for each request, as well as providing more
information when the apache profile is in complain mode.
Patch history:
v1: initial version
v2: - the server config (scfg) code accidentally re-added the
directory config (dcfg) hat to the vector of hats, fix that
- actually add the DEFAULT_URI hat to the vector of hats, instead
of only logging that that is happening.
- pass errno to ap_log_rerror() if aa_change_hatv() call fails.
- don't call aa_change_hat again if aa_change_hatv() call fails,
as this is no longer necessary.
v3: - Based on feedback from jjohansen, convert exit point
aa_change_hat() call to aa_change_hatv(), in order to work
around aa_change_hat() bug addressed in trunk rev 2329,
which causes the exiting aa_change_hat() call to fail and
results in the apache process being killed by the kernel.
When it's no longer likely that mod_apparmor could run into
a system libapparmor that still contains this bug, this can
be converted back.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 14:08:46 -08:00
|
|
|
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
|
2014-07-08 00:46:13 -07:00
|
|
|
"[default] adding '%s' to aa_change_hat vector", DEFAULT_URI_HAT);
|
mod_apparmor: convert aa_change_hat()s into single aa_change_hatv()
This patch converts the request entry point from using multiple (if
necessary) aa_change_hat() calls into a single aa_change_hatv() call,
simplifying the code a bit, requiring fewer round trips between
mod_apparmor and the kernel for each request, as well as providing more
information when the apache profile is in complain mode.
Patch history:
v1: initial version
v2: - the server config (scfg) code accidentally re-added the
directory config (dcfg) hat to the vector of hats, fix that
- actually add the DEFAULT_URI hat to the vector of hats, instead
of only logging that that is happening.
- pass errno to ap_log_rerror() if aa_change_hatv() call fails.
- don't call aa_change_hat again if aa_change_hatv() call fails,
as this is no longer necessary.
v3: - Based on feedback from jjohansen, convert exit point
aa_change_hat() call to aa_change_hatv(), in order to work
around aa_change_hat() bug addressed in trunk rev 2329,
which causes the exiting aa_change_hat() call to fail and
results in the apache process being killed by the kernel.
When it's no longer likely that mod_apparmor could run into
a system libapparmor that still contains this bug, this can
be converted back.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 14:08:46 -08:00
|
|
|
aa_hat_array[i++] = DEFAULT_URI_HAT;
|
|
|
|
|
|
2014-07-08 00:44:44 -07:00
|
|
|
aa_ret = aa_change_hatv(aa_hat_array, magic_token);
|
|
|
|
|
if (aa_ret < 0) {
|
mod_apparmor: convert aa_change_hat()s into single aa_change_hatv()
This patch converts the request entry point from using multiple (if
necessary) aa_change_hat() calls into a single aa_change_hatv() call,
simplifying the code a bit, requiring fewer round trips between
mod_apparmor and the kernel for each request, as well as providing more
information when the apache profile is in complain mode.
Patch history:
v1: initial version
v2: - the server config (scfg) code accidentally re-added the
directory config (dcfg) hat to the vector of hats, fix that
- actually add the DEFAULT_URI hat to the vector of hats, instead
of only logging that that is happening.
- pass errno to ap_log_rerror() if aa_change_hatv() call fails.
- don't call aa_change_hat again if aa_change_hatv() call fails,
as this is no longer necessary.
v3: - Based on feedback from jjohansen, convert exit point
aa_change_hat() call to aa_change_hatv(), in order to work
around aa_change_hat() bug addressed in trunk rev 2329,
which causes the exiting aa_change_hat() call to fail and
results in the apache process being killed by the kernel.
When it's no longer likely that mod_apparmor could run into
a system libapparmor that still contains this bug, this can
be converted back.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 14:08:46 -08:00
|
|
|
ap_log_rerror(APLOG_MARK, APLOG_WARNING, errno, r, "aa_change_hatv call failed");
|
|
|
|
|
}
|
2006-04-11 21:52:54 +00:00
|
|
|
|
2014-01-23 14:42:00 -08:00
|
|
|
/* Check to see if a defined AAHatName or AADefaultHatName would
|
|
|
|
|
* apply, but wasn't the hat we landed up in; report a warning if
|
|
|
|
|
* that's the case. */
|
2015-02-09 18:46:49 -06:00
|
|
|
aa_ret = aa_getcon(&aa_label, &aa_mode);
|
2014-07-08 00:44:44 -07:00
|
|
|
if (aa_ret < 0) {
|
2014-01-23 14:42:00 -08:00
|
|
|
ap_log_rerror(APLOG_MARK, APLOG_WARNING, errno, r, "aa_getcon call failed");
|
|
|
|
|
} else {
|
2014-07-08 00:46:13 -07:00
|
|
|
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,
|
2015-02-09 18:46:49 -06:00
|
|
|
"AA checks: aa_getcon result is '%s', mode '%s'", aa_label, aa_mode);
|
2014-07-08 00:46:13 -07:00
|
|
|
/* TODO: use libapparmor get hat_name fn here once it is implemented */
|
2015-02-09 18:46:49 -06:00
|
|
|
aa_hat = strstr(aa_label, "//");
|
2014-07-08 00:46:13 -07:00
|
|
|
if (aa_hat != NULL && strcmp(aa_mode, "enforce") == 0) {
|
|
|
|
|
aa_hat += 2; /* skip "//" */
|
|
|
|
|
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,
|
|
|
|
|
"AA checks: apache is in hat '%s', mode '%s'", aa_hat, aa_mode);
|
|
|
|
|
if (dcfg != NULL && dcfg->hat_name != NULL) {
|
|
|
|
|
if (strcmp(aa_hat, dcfg->hat_name) != 0)
|
|
|
|
|
ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
|
|
|
|
|
"AAHatName '%s' applies, but does not appear to be a hat in the apache apparmor policy",
|
|
|
|
|
dcfg->hat_name);
|
|
|
|
|
} else if (scfg != NULL && scfg->hat_name != NULL) {
|
|
|
|
|
if (strcmp(aa_hat, scfg->hat_name) != 0 &&
|
|
|
|
|
strcmp(aa_hat, r->uri) != 0)
|
|
|
|
|
ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
|
|
|
|
|
"AADefaultHatName '%s' applies, but does not appear to be a hat in the apache apparmor policy",
|
|
|
|
|
scfg->hat_name);
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-02-09 18:46:49 -06:00
|
|
|
free(aa_label);
|
2014-01-23 14:42:00 -08:00
|
|
|
}
|
|
|
|
|
|
2006-04-11 21:52:54 +00:00
|
|
|
return OK;
|
|
|
|
|
}
|
|
|
|
|
|
2014-07-08 00:44:44 -07:00
|
|
|
static int
|
|
|
|
|
aa_exit_hat(request_rec *r)
|
2006-04-11 21:52:54 +00:00
|
|
|
{
|
2014-07-08 00:44:44 -07:00
|
|
|
int aa_ret;
|
|
|
|
|
apparmor_dir_cfg *dcfg = (apparmor_dir_cfg *)
|
2014-07-08 00:46:13 -07:00
|
|
|
ap_get_module_config(r->per_dir_config, &apparmor_module);
|
2014-07-08 00:44:44 -07:00
|
|
|
/* apparmor_srv_cfg *scfg = (apparmor_srv_cfg *)
|
2014-07-08 00:46:13 -07:00
|
|
|
ap_get_module_config(r->server->module_config, &apparmor_module); */
|
2014-01-23 13:45:00 -08:00
|
|
|
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "exiting change_hat: dir hat %s dir path %s",
|
2014-07-08 00:46:13 -07:00
|
|
|
dcfg->hat_name, dcfg->path);
|
mod_apparmor: convert aa_change_hat()s into single aa_change_hatv()
This patch converts the request entry point from using multiple (if
necessary) aa_change_hat() calls into a single aa_change_hatv() call,
simplifying the code a bit, requiring fewer round trips between
mod_apparmor and the kernel for each request, as well as providing more
information when the apache profile is in complain mode.
Patch history:
v1: initial version
v2: - the server config (scfg) code accidentally re-added the
directory config (dcfg) hat to the vector of hats, fix that
- actually add the DEFAULT_URI hat to the vector of hats, instead
of only logging that that is happening.
- pass errno to ap_log_rerror() if aa_change_hatv() call fails.
- don't call aa_change_hat again if aa_change_hatv() call fails,
as this is no longer necessary.
v3: - Based on feedback from jjohansen, convert exit point
aa_change_hat() call to aa_change_hatv(), in order to work
around aa_change_hat() bug addressed in trunk rev 2329,
which causes the exiting aa_change_hat() call to fail and
results in the apache process being killed by the kernel.
When it's no longer likely that mod_apparmor could run into
a system libapparmor that still contains this bug, this can
be converted back.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-23 14:08:46 -08:00
|
|
|
|
|
|
|
|
/* can convert the following back to aa_change_hat() when the
|
|
|
|
|
* aa_change_hat() bug addressed in trunk commit 2329 lands in most
|
|
|
|
|
* system libapparmors */
|
|
|
|
|
aa_change_hatv(NULL, magic_token);
|
2006-04-11 21:52:54 +00:00
|
|
|
|
2014-07-08 00:44:44 -07:00
|
|
|
aa_ret = aa_change_hat(DEFAULT_HAT, magic_token);
|
|
|
|
|
if (aa_ret < 0) {
|
2014-01-23 14:50:07 -08:00
|
|
|
ap_log_rerror(APLOG_MARK, APLOG_ERR, errno, r,
|
2014-07-08 00:46:13 -07:00
|
|
|
"Failed to change_hat to '%s'", DEFAULT_HAT);
|
2006-04-11 21:52:54 +00:00
|
|
|
} else {
|
|
|
|
|
inside_default_hat = 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return OK;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static const char *
|
2020-06-01 02:51:59 -07:00
|
|
|
aa_cmd_ch_path(unused_ cmd_parms *cmd, unused_ void *mconfig, const char *parm1)
|
2006-04-11 21:52:54 +00:00
|
|
|
{
|
2014-01-23 13:38:31 -08:00
|
|
|
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf, "directory config change hat %s",
|
2014-07-08 00:46:13 -07:00
|
|
|
parm1 ? parm1 : "DEFAULT");
|
2014-07-08 00:44:44 -07:00
|
|
|
apparmor_dir_cfg *dcfg = mconfig;
|
2006-04-11 21:52:54 +00:00
|
|
|
if (parm1 != NULL) {
|
2014-07-08 00:46:13 -07:00
|
|
|
dcfg->hat_name = parm1;
|
2006-04-11 21:52:54 +00:00
|
|
|
} else {
|
2014-07-08 00:46:13 -07:00
|
|
|
dcfg->hat_name = "DEFAULT";
|
2006-04-11 21:52:54 +00:00
|
|
|
}
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int path_warn_once;
|
|
|
|
|
|
|
|
|
|
static const char *
|
2014-07-08 00:46:13 -07:00
|
|
|
immunix_cmd_ch_path(cmd_parms *cmd, void *mconfig, const char *parm1)
|
2006-04-11 21:52:54 +00:00
|
|
|
{
|
|
|
|
|
if (path_warn_once == 0) {
|
2014-07-08 00:46:13 -07:00
|
|
|
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf, "ImmHatName is "
|
|
|
|
|
"deprecated, please use AAHatName instead");
|
|
|
|
|
path_warn_once = 1;
|
2006-04-11 21:52:54 +00:00
|
|
|
}
|
|
|
|
|
return aa_cmd_ch_path(cmd, mconfig, parm1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static const char *
|
2020-06-01 02:51:59 -07:00
|
|
|
aa_cmd_ch_srv(cmd_parms *cmd, unused_ void *mconfig, const char *parm1)
|
2006-04-11 21:52:54 +00:00
|
|
|
{
|
2014-01-23 13:38:31 -08:00
|
|
|
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf, "server config change hat %s",
|
2014-07-08 00:46:13 -07:00
|
|
|
parm1 ? parm1 : "DEFAULT");
|
2014-07-08 00:44:44 -07:00
|
|
|
apparmor_srv_cfg *scfg = (apparmor_srv_cfg *)
|
2014-07-08 00:46:13 -07:00
|
|
|
ap_get_module_config(cmd->server->module_config, &apparmor_module);
|
2006-04-11 21:52:54 +00:00
|
|
|
if (parm1 != NULL) {
|
2014-07-08 00:46:13 -07:00
|
|
|
scfg->hat_name = parm1;
|
2006-04-11 21:52:54 +00:00
|
|
|
} else {
|
2014-07-08 00:46:13 -07:00
|
|
|
scfg->hat_name = "DEFAULT";
|
2006-04-11 21:52:54 +00:00
|
|
|
}
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int srv_warn_once;
|
|
|
|
|
|
|
|
|
|
static const char *
|
2014-07-08 00:46:13 -07:00
|
|
|
immunix_cmd_ch_srv(cmd_parms *cmd, void *mconfig, const char *parm1)
|
2006-04-11 21:52:54 +00:00
|
|
|
{
|
|
|
|
|
if (srv_warn_once == 0) {
|
2014-07-08 00:46:13 -07:00
|
|
|
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf, "ImmDefaultHatName is "
|
|
|
|
|
"deprecated, please use AADefaultHatName instead");
|
|
|
|
|
srv_warn_once = 1;
|
2006-04-11 21:52:54 +00:00
|
|
|
}
|
|
|
|
|
return aa_cmd_ch_srv(cmd, mconfig, parm1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void *
|
2014-07-08 00:44:44 -07:00
|
|
|
aa_create_dir_config(apr_pool_t *p, char *path)
|
2006-04-11 21:52:54 +00:00
|
|
|
{
|
2014-07-08 00:44:44 -07:00
|
|
|
apparmor_dir_cfg *newcfg = (apparmor_dir_cfg *) apr_pcalloc(p, sizeof(*newcfg));
|
2006-04-11 21:52:54 +00:00
|
|
|
|
2014-07-08 00:44:44 -07:00
|
|
|
ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, ap_server_conf,
|
2014-07-08 00:46:13 -07:00
|
|
|
"aa_create_dir_cfg (%s)", path ? path : ":no path:");
|
2006-04-11 21:52:54 +00:00
|
|
|
if (newcfg == NULL) {
|
2014-07-08 00:44:44 -07:00
|
|
|
ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf,
|
2014-07-08 00:46:13 -07:00
|
|
|
"aa_create_dir_config: couldn't alloc dir config");
|
|
|
|
|
return NULL;
|
2006-04-11 21:52:54 +00:00
|
|
|
}
|
2014-07-08 00:46:13 -07:00
|
|
|
newcfg->path = apr_pstrdup(p, path ? path : ":no path:");
|
2006-04-11 21:52:54 +00:00
|
|
|
|
|
|
|
|
return newcfg;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* XXX: Should figure out an appropriate action to take here, if any
|
|
|
|
|
|
|
|
|
|
static void *
|
2014-07-08 00:46:13 -07:00
|
|
|
aa_merge_dir_config(apr_pool_t *p, void *parent, void *child)
|
2006-04-11 21:52:54 +00:00
|
|
|
{
|
2014-07-08 00:44:44 -07:00
|
|
|
apparmor_dir_cfg *newcfg = (apparmor_dir_cfg *) apr_pcalloc(p, sizeof(*newcfg));
|
2006-04-11 21:52:54 +00:00
|
|
|
|
2014-01-23 13:40:19 -08:00
|
|
|
ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, ap_server_conf, "in immunix_merge_dir ()");
|
2006-04-11 21:52:54 +00:00
|
|
|
if (newcfg == NULL)
|
2014-07-08 00:46:13 -07:00
|
|
|
return NULL;
|
2006-04-11 21:52:54 +00:00
|
|
|
|
|
|
|
|
return newcfg;
|
|
|
|
|
}
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
static void *
|
2020-06-01 02:51:59 -07:00
|
|
|
aa_create_srv_config(apr_pool_t *p, unused_ server_rec *srv)
|
2006-04-11 21:52:54 +00:00
|
|
|
{
|
2014-07-08 00:44:44 -07:00
|
|
|
apparmor_srv_cfg *newcfg = (apparmor_srv_cfg *) apr_pcalloc(p, sizeof(*newcfg));
|
2006-04-11 21:52:54 +00:00
|
|
|
|
2014-07-08 00:44:44 -07:00
|
|
|
ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, ap_server_conf,
|
2014-07-08 00:46:13 -07:00
|
|
|
"in aa_create_srv_config");
|
2006-04-11 21:52:54 +00:00
|
|
|
if (newcfg == NULL) {
|
2014-07-08 00:44:44 -07:00
|
|
|
ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf,
|
2014-07-08 00:46:13 -07:00
|
|
|
"aa_create_srv_config: couldn't alloc srv config");
|
|
|
|
|
return NULL;
|
2006-04-11 21:52:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return newcfg;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2014-07-08 00:44:44 -07:00
|
|
|
static const command_rec mod_apparmor_cmds[] = {
|
2006-04-11 21:52:54 +00:00
|
|
|
|
2014-07-08 00:46:13 -07:00
|
|
|
AP_INIT_TAKE1(
|
2006-04-11 21:52:54 +00:00
|
|
|
"ImmHatName",
|
2014-07-08 00:46:13 -07:00
|
|
|
immunix_cmd_ch_path,
|
|
|
|
|
NULL,
|
|
|
|
|
ACCESS_CONF,
|
|
|
|
|
""
|
2006-04-11 21:52:54 +00:00
|
|
|
),
|
2014-07-08 00:46:13 -07:00
|
|
|
AP_INIT_TAKE1(
|
2006-04-11 21:52:54 +00:00
|
|
|
"ImmDefaultHatName",
|
2014-07-08 00:46:13 -07:00
|
|
|
immunix_cmd_ch_srv,
|
|
|
|
|
NULL,
|
|
|
|
|
RSRC_CONF,
|
|
|
|
|
""
|
2006-04-11 21:52:54 +00:00
|
|
|
),
|
2014-07-08 00:46:13 -07:00
|
|
|
AP_INIT_TAKE1(
|
2006-04-11 21:52:54 +00:00
|
|
|
"AAHatName",
|
2014-07-08 00:46:13 -07:00
|
|
|
aa_cmd_ch_path,
|
|
|
|
|
NULL,
|
|
|
|
|
ACCESS_CONF,
|
|
|
|
|
""
|
2006-04-11 21:52:54 +00:00
|
|
|
),
|
2014-07-08 00:46:13 -07:00
|
|
|
AP_INIT_TAKE1(
|
2006-04-11 21:52:54 +00:00
|
|
|
"AADefaultHatName",
|
2014-07-08 00:46:13 -07:00
|
|
|
aa_cmd_ch_srv,
|
|
|
|
|
NULL,
|
|
|
|
|
RSRC_CONF,
|
|
|
|
|
""
|
2006-04-11 21:52:54 +00:00
|
|
|
),
|
|
|
|
|
{ NULL }
|
|
|
|
|
};
|
|
|
|
|
|
2014-07-08 00:46:13 -07:00
|
|
|
static void
|
2020-06-01 02:51:59 -07:00
|
|
|
register_hooks(unused_ apr_pool_t *p)
|
2006-04-11 21:52:54 +00:00
|
|
|
{
|
2014-07-08 00:44:44 -07:00
|
|
|
ap_hook_post_config(aa_init, NULL, NULL, APR_HOOK_MIDDLE);
|
|
|
|
|
ap_hook_child_init(aa_child_init, NULL, NULL, APR_HOOK_MIDDLE);
|
|
|
|
|
ap_hook_access_checker(aa_enter_hat, NULL, NULL, APR_HOOK_FIRST);
|
|
|
|
|
/* ap_hook_post_read_request(aa_enter_hat, NULL, NULL, APR_HOOK_FIRST); */
|
|
|
|
|
ap_hook_log_transaction(aa_exit_hat, NULL, NULL, APR_HOOK_LAST);
|
2006-04-11 21:52:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
module AP_MODULE_DECLARE_DATA apparmor_module = {
|
|
|
|
|
STANDARD20_MODULE_STUFF,
|
2014-07-08 00:46:13 -07:00
|
|
|
aa_create_dir_config, /* dir config creater */
|
|
|
|
|
NULL, /* dir merger --- default is to override */
|
|
|
|
|
/* immunix_merge_dir_config, */ /* dir merger --- default is to override */
|
|
|
|
|
aa_create_srv_config, /* server config */
|
|
|
|
|
NULL, /* merge server config */
|
|
|
|
|
mod_apparmor_cmds, /* command table */
|
|
|
|
|
register_hooks /* register hooks */
|
2006-04-11 21:52:54 +00:00
|
|
|
};
|