backport use uid if user name is not available
Signed-off-by: Guangzhong Yao <yaoguangzhong@xfusion.com>
This commit is contained in:
yaoguangzhong
parent
460893a372
commit
d1cc21c9f7
@ -7,7 +7,7 @@
|
||||
|
||||
Name: mod_security
|
||||
Version: 2.9.5
|
||||
Release: 2
|
||||
Release: 3
|
||||
Summary: Security module for the Apache HTTP Server
|
||||
License: ASL 2.0
|
||||
URL: http://www.modsecurity.org/
|
||||
@ -16,6 +16,7 @@ Source1: mod_security.conf
|
||||
Source2: 10-mod_security.conf
|
||||
Source3: modsecurity_localrules.conf
|
||||
Patch0000: modsecurity-2.9.5-lua-54.patch
|
||||
Patch0001: modsecurity-2.9.5-use-uid-if-user-name-is-not-available.patch
|
||||
|
||||
Requires: httpd httpd-mmn = %{_httpd_mmn}
|
||||
BuildRequires: gcc make perl-generators httpd-devel yajl yajl-devel
|
||||
@ -98,6 +99,9 @@ install -m0755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Jan 6 2023 yaoguangzhong <yaoguangzhong@xfusion.com> - 2.9.5-3
|
||||
- backport use uid if user name is not available
|
||||
|
||||
* Fri Jan 7 2022 liyanan <liyanan32@huawei.com> - 2.9.5-2
|
||||
- Fix build fail with lua 5.4.3
|
||||
|
||||
|
||||
126
modsecurity-2.9.5-use-uid-if-user-name-is-not-available.patch
Normal file
126
modsecurity-2.9.5-use-uid-if-user-name-is-not-available.patch
Normal file
@ -0,0 +1,126 @@
|
||||
From 46c6cb2759327d94e619454dbe61f1e7639dd607 Mon Sep 17 00:00:00 2001
|
||||
From: Armin Abfalterer <armin.abfalterer@united-security-providers.ch>
|
||||
Date: Tue, 12 Mar 2019 16:29:43 +0100
|
||||
Subject: [PATCH] use uid if user name is not available
|
||||
|
||||
---
|
||||
apache2/msc_logging.c | 10 +++++++---
|
||||
apache2/persist_dbm.c | 29 +++++++++++++++++++----------
|
||||
2 files changed, 26 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/apache2/msc_logging.c b/apache2/msc_logging.c
|
||||
index d50f709e..d1a867c3 100644
|
||||
--- a/apache2/msc_logging.c
|
||||
+++ b/apache2/msc_logging.c
|
||||
@@ -234,16 +234,20 @@ static char *construct_auditlog_filename(apr_pool_t *mp, const char *uniqueid) {
|
||||
* This is required for mpm-itk & mod_ruid2, though should be harmless for other implementations
|
||||
* It also changes the return statement.
|
||||
*/
|
||||
- char *username;
|
||||
+ char *userinfo;
|
||||
+ apr_status_t rc;
|
||||
apr_uid_t uid;
|
||||
apr_gid_t gid;
|
||||
apr_uid_current(&uid, &gid, mp);
|
||||
- apr_uid_name_get(&username, uid, mp);
|
||||
+ rc = apr_uid_name_get(&userinfo, uid, mp);
|
||||
+ if (rc != APR_SUCCESS) {
|
||||
+ userinfo = apr_psprintf(mp, "%u", uid);
|
||||
+ }
|
||||
|
||||
apr_time_exp_lt(&t, apr_time_now());
|
||||
|
||||
apr_strftime(tstr, &len, 299, "/%Y%m%d/%Y%m%d-%H%M/%Y%m%d-%H%M%S", &t);
|
||||
- return apr_psprintf(mp, "/%s%s-%s", username, tstr, uniqueid);
|
||||
+ return apr_psprintf(mp, "/%s%s-%s", userinfo, tstr, uniqueid);
|
||||
}
|
||||
|
||||
/**
|
||||
diff --git a/apache2/persist_dbm.c b/apache2/persist_dbm.c
|
||||
index efbbf6eb..e4f8036f 100644
|
||||
--- a/apache2/persist_dbm.c
|
||||
+++ b/apache2/persist_dbm.c
|
||||
@@ -104,11 +104,14 @@ static apr_table_t *collection_retrieve_ex(apr_sdbm_t *existing_dbm, modsec_rec
|
||||
/**
|
||||
* This is required for mpm-itk & mod_ruid2, though should be harmless for other implementations
|
||||
*/
|
||||
- char *username;
|
||||
+ char *userinfo;
|
||||
apr_uid_t uid;
|
||||
apr_gid_t gid;
|
||||
apr_uid_current(&uid, &gid, msr->mp);
|
||||
- apr_uid_name_get(&username, uid, msr->mp);
|
||||
+ rc = apr_uid_name_get(&userinfo, uid, msr->mp);
|
||||
+ if (rc != APR_SUCCESS) {
|
||||
+ userinfo = apr_psprintf(msr->mp, "%u", uid);
|
||||
+ }
|
||||
|
||||
if (msr->txcfg->data_dir == NULL) {
|
||||
msr_log(msr, 1, "collection_retrieve_ex: Unable to retrieve collection (name \"%s\", key \"%s\"). Use "
|
||||
@@ -117,7 +120,7 @@ static apr_table_t *collection_retrieve_ex(apr_sdbm_t *existing_dbm, modsec_rec
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
- dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", username, "-", col_name, NULL);
|
||||
+ dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", userinfo, "-", col_name, NULL);
|
||||
|
||||
if (msr->txcfg->debuglog_level >= 9) {
|
||||
msr_log(msr, 9, "collection_retrieve_ex: collection_retrieve_ex: Retrieving collection (name \"%s\", filename \"%s\")",log_escape(msr->mp, col_name),
|
||||
@@ -385,11 +388,14 @@ int collection_store(modsec_rec *msr, apr_table_t *col) {
|
||||
/**
|
||||
* This is required for mpm-itk & mod_ruid2, though should be harmless for other implementations
|
||||
*/
|
||||
- char *username;
|
||||
+ char *userinfo;
|
||||
apr_uid_t uid;
|
||||
apr_gid_t gid;
|
||||
apr_uid_current(&uid, &gid, msr->mp);
|
||||
- apr_uid_name_get(&username, uid, msr->mp);
|
||||
+ rc = apr_uid_name_get(&userinfo, uid, msr->mp);
|
||||
+ if (rc != APR_SUCCESS) {
|
||||
+ userinfo = apr_psprintf(msr->mp, "%u", uid);
|
||||
+ }
|
||||
|
||||
var_name = (msc_string *)apr_table_get(col, "__name");
|
||||
if (var_name == NULL) {
|
||||
@@ -409,7 +415,7 @@ int collection_store(modsec_rec *msr, apr_table_t *col) {
|
||||
}
|
||||
|
||||
// ENH: lowercase the var name in the filename
|
||||
- dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", username, "-", var_name->value, NULL);
|
||||
+ dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", userinfo, "-", var_name->value, NULL);
|
||||
|
||||
if (msr->txcfg->debuglog_level >= 9) {
|
||||
msr_log(msr, 9, "collection_store: Retrieving collection (name \"%s\", filename \"%s\")",log_escape(msr->mp, var_name->value),
|
||||
@@ -675,11 +681,14 @@ int collections_remove_stale(modsec_rec *msr, const char *col_name) {
|
||||
/**
|
||||
* This is required for mpm-itk & mod_ruid2, though should be harmless for other implementations
|
||||
*/
|
||||
- char *username;
|
||||
+ char *userinfo;
|
||||
apr_uid_t uid;
|
||||
apr_gid_t gid;
|
||||
apr_uid_current(&uid, &gid, msr->mp);
|
||||
- apr_uid_name_get(&username, uid, msr->mp);
|
||||
+ rc = apr_uid_name_get(&userinfo, uid, msr->mp);
|
||||
+ if (rc != APR_SUCCESS) {
|
||||
+ userinfo = apr_psprintf(msr->mp, "%u", uid);
|
||||
+ }
|
||||
|
||||
if (msr->txcfg->data_dir == NULL) {
|
||||
/* The user has been warned about this problem enough times already by now.
|
||||
@@ -690,9 +699,9 @@ int collections_remove_stale(modsec_rec *msr, const char *col_name) {
|
||||
}
|
||||
|
||||
if(strstr(col_name,"USER") || strstr(col_name,"SESSION") || strstr(col_name, "RESOURCE"))
|
||||
- dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", username, "-", msr->txcfg->webappid, "_", col_name, NULL);
|
||||
+ dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", userinfo, "-", msr->txcfg->webappid, "_", col_name, NULL);
|
||||
else
|
||||
- dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", username, "-", col_name, NULL);
|
||||
+ dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", userinfo, "-", col_name, NULL);
|
||||
|
||||
if (msr->txcfg->debuglog_level >= 9) {
|
||||
msr_log(msr, 9, "collections_remove_stale: Retrieving collection (name \"%s\", filename \"%s\")",log_escape(msr->mp, col_name),
|
||||
--
|
||||
2.27.0
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user