From ff4cb7f23e01e390d2d3bb8a356ec562d0edc3ff Mon Sep 17 00:00:00 2001 From: Victor Hora Date: Sat, 22 Sep 2018 18:33:12 -0400 Subject: [PATCH] ju5t patch to fix mpm-itk mod_ruid2 compatibility --- apache2/msc_logging.c | 12 +++++++++++- apache2/persist_dbm.c | 34 ++++++++++++++++++++++++++++++---- 2 files changed, 41 insertions(+), 5 deletions(-) diff --git a/apache2/msc_logging.c b/apache2/msc_logging.c index 6ee1e58333..a088fc1b2f 100644 --- a/apache2/msc_logging.c +++ b/apache2/msc_logging.c @@ -230,10 +230,20 @@ static char *construct_auditlog_filename(apr_pool_t *mp, const char *uniqueid) { char tstr[300]; apr_size_t len; + /** + * This is required for mpm-itk & mod_ruid2, though should be harmless for other implementations + * It also changes the return statement. + */ + char *username; + apr_uid_t uid; + apr_gid_t gid; + apr_uid_current(&uid, &gid, mp); + apr_uid_name_get(&username, uid, mp); + apr_time_exp_lt(&t, apr_time_now()); apr_strftime(tstr, &len, 299, "/%Y%m%d/%Y%m%d-%H%M/%Y%m%d-%H%M%S", &t); - return apr_psprintf(mp, "%s-%s", tstr, uniqueid); + return apr_psprintf(mp, "/%s%s-%s", username, tstr, uniqueid); } /** diff --git a/apache2/persist_dbm.c b/apache2/persist_dbm.c index 597d5b8fc7..efbbf6ebd9 100644 --- a/apache2/persist_dbm.c +++ b/apache2/persist_dbm.c @@ -101,6 +101,14 @@ static apr_table_t *collection_retrieve_ex(apr_sdbm_t *existing_dbm, modsec_rec int expired = 0; int i; + /** + * This is required for mpm-itk & mod_ruid2, though should be harmless for other implementations + */ + char *username; + apr_uid_t uid; + apr_gid_t gid; + apr_uid_current(&uid, &gid, msr->mp); + apr_uid_name_get(&username, uid, msr->mp); if (msr->txcfg->data_dir == NULL) { msr_log(msr, 1, "collection_retrieve_ex: Unable to retrieve collection (name \"%s\", key \"%s\"). Use " @@ -109,7 +117,7 @@ static apr_table_t *collection_retrieve_ex(apr_sdbm_t *existing_dbm, modsec_rec goto cleanup; } - dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", col_name, NULL); + dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", username, "-", col_name, NULL); if (msr->txcfg->debuglog_level >= 9) { msr_log(msr, 9, "collection_retrieve_ex: collection_retrieve_ex: Retrieving collection (name \"%s\", filename \"%s\")",log_escape(msr->mp, col_name), @@ -374,6 +382,15 @@ int collection_store(modsec_rec *msr, apr_table_t *col) { const apr_table_t *stored_col = NULL; const apr_table_t *orig_col = NULL; + /** + * This is required for mpm-itk & mod_ruid2, though should be harmless for other implementations + */ + char *username; + apr_uid_t uid; + apr_gid_t gid; + apr_uid_current(&uid, &gid, msr->mp); + apr_uid_name_get(&username, uid, msr->mp); + var_name = (msc_string *)apr_table_get(col, "__name"); if (var_name == NULL) { goto error; @@ -392,7 +409,7 @@ int collection_store(modsec_rec *msr, apr_table_t *col) { } // ENH: lowercase the var name in the filename - dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", var_name->value, NULL); + dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", username, "-", var_name->value, NULL); if (msr->txcfg->debuglog_level >= 9) { msr_log(msr, 9, "collection_store: Retrieving collection (name \"%s\", filename \"%s\")",log_escape(msr->mp, var_name->value), @@ -655,6 +672,15 @@ int collections_remove_stale(modsec_rec *msr, const char *col_name) { apr_time_t now = apr_time_sec(msr->request_time); int i; + /** + * This is required for mpm-itk & mod_ruid2, though should be harmless for other implementations + */ + char *username; + apr_uid_t uid; + apr_gid_t gid; + apr_uid_current(&uid, &gid, msr->mp); + apr_uid_name_get(&username, uid, msr->mp); + if (msr->txcfg->data_dir == NULL) { /* The user has been warned about this problem enough times already by now. * msr_log(msr, 1, "Unable to access collection file (name \"%s\"). Use SecDataDir to " @@ -664,9 +690,9 @@ int collections_remove_stale(modsec_rec *msr, const char *col_name) { } if(strstr(col_name,"USER") || strstr(col_name,"SESSION") || strstr(col_name, "RESOURCE")) - dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", msr->txcfg->webappid, "_", col_name, NULL); + dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", username, "-", msr->txcfg->webappid, "_", col_name, NULL); else - dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", col_name, NULL); + dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", username, "-", col_name, NULL); if (msr->txcfg->debuglog_level >= 9) { msr_log(msr, 9, "collections_remove_stale: Retrieving collection (name \"%s\", filename \"%s\")",log_escape(msr->mp, col_name),