From: Adam Chlipala Date: Sat, 17 Feb 2007 21:18:43 +0000 (+0000) Subject: Allow vetoing of suexec X-Git-Tag: release_2010-11-19~260 X-Git-Url: https://git.hcoop.net/hcoop/domtool2.git/commitdiff_plain/00a13ad8579e0ee0d950d3b944429551de3bf532?hp=e2359100bb0efe3fa95b4fd84af422de9007c831 Allow vetoing of suexec --- diff --git a/lib/apache.dtl b/lib/apache.dtl index 1e5d54e..d80d7ef 100644 --- a/lib/apache.dtl +++ b/lib/apache.dtl @@ -8,13 +8,19 @@ extern val web_node_to_node : web_node -> node; context Vhost; {{A WWW virtual host}} +extern type suexec_flag; +extern val suexec_flag : bool -> suexec_flag; +{{Whether or not to use Suexec with a vhost. +[suexec_flag] fails when passed [false] by a user without the 'www' privilege.}} + extern val vhost : host -> Vhost => [Domain] {WebNodes : [web_node], SSL : bool, User : your_user, Group : your_group, DocumentRoot : your_path, - ServerAdmin : email}; + ServerAdmin : email, + SuExec : suexec_flag}; {{Add a new named Apache virtual host, specifying which nodes' Apache servers should answer requests for this host, whether it should use SSL, what UNIX user and group dynamic content generators should be run as, the filesystem diff --git a/src/plugins/apache.sml b/src/plugins/apache.sml index 65ba7fb..3d7c199 100644 --- a/src/plugins/apache.sml +++ b/src/plugins/apache.sml @@ -58,6 +58,10 @@ val _ = Env.type_one "rewrite_arg" Env.string (CharVector.all Char.isAlphaNum) +val _ = Env.type_one "suexec_flag" + Env.bool + (fn b => b orelse Domain.hasPriv "www") + fun validLocation s = size s > 0 andalso size s < 1000 andalso CharVector.all (fn ch => Char.isAlphaNum ch @@ -96,6 +100,10 @@ val _ = Defaults.registerDefault ("ServerAdmin", (TBase "email", dl), (fn () => (EString (Domain.getUser () ^ "@" ^ Config.defaultDomain), dl))) +val _ = Defaults.registerDefault ("SuExec", + (TBase "suexec_flag", dl), + (fn () => (EApp ((EVar "suexec_flag", dl), + (EVar "true", dl)), dl))) val redirect_code = fn (EVar "temp", _) => SOME "temp" | (EVar "permanent", _) => SOME "permanent" @@ -194,9 +202,12 @@ fun findVhostUser fname = case TextIO.inputLine inf of NONE => NONE | SOME line => - case String.tokens Char.isSpace line of - ["SuexecUserGroup", user, _] => SOME user - | _ => loop () + if String.isPrefix "# Owner: " line then + case String.tokens Char.isSpace line of + [_, _, user] => SOME user + | _ => NONE + else + loop () in loop () before TextIO.closeIn inf @@ -310,6 +321,9 @@ fun registerAliaser f = aliaser := (fn x => (old x; f x)) end +fun suexec_flag (EApp ((EVar "suexec_flag", _), e), _) = Env.bool e + | suexec_flag _ = NONE + val () = Env.containerV_one "vhost" ("host", Env.string) (fn (env, host) => @@ -321,6 +335,7 @@ val () = Env.containerV_one "vhost" val group = Env.env Env.string (env, "Group") val docroot = Env.env Env.string (env, "DocumentRoot") val sadmin = Env.env Env.string (env, "ServerAdmin") + val suexec = Env.env suexec_flag (env, "SuExec") val fullHost = host ^ "." ^ Domain.currentDomain () val vhostId = fullHost ^ (if ssl then ".ssl" else "") @@ -336,7 +351,9 @@ val () = Env.containerV_one "vhost" val file = Domain.domainFile {node = node, name = confFile} in - TextIO.output (file, "