Fix testagent.cgi and testserver.pl; determine group by CGI
parent
af626f554e
commit
6eab2522cd
|
@ -16,6 +16,11 @@
|
|||
# or correct params.
|
||||
|
||||
use strict;
|
||||
print "content-type:text/plain\n\n";
|
||||
print "OK " . ($::ENV{MOD_PERL} || "mod_cgi") . "\n";
|
||||
use POSIX;
|
||||
|
||||
print "HTTP/1.1 200 OK\n";
|
||||
print "Content-Type: text/plain\n\n";
|
||||
my ($group) = POSIX::getgrgid(POSIX::getegid());
|
||||
$group ||= '';
|
||||
print "OK " . $::ENV{SERVER_SOFTWARE} . " group=$group\n";
|
||||
exit;
|
||||
|
|
103
testserver.pl
103
testserver.pl
|
@ -36,73 +36,12 @@ if ((@ARGV != 1) || ($ARGV[0] !~ /^https?:/))
|
|||
exit(1);
|
||||
}
|
||||
|
||||
# Try to determine the GID used by the web server.
|
||||
my @pscmds = ('ps -eo comm,gid', 'ps -acxo command,gid', 'ps -acxo command,rgid');
|
||||
my $sgid = 0;
|
||||
if (!ON_WINDOWS)
|
||||
{
|
||||
foreach my $pscmd (@pscmds)
|
||||
{
|
||||
open PH, "$pscmd 2>/dev/null |";
|
||||
while (my $line = <PH>)
|
||||
{
|
||||
if ($line =~ /^(?:\S*\/)?(?:httpd|apache)2?\s+(\d+)$/)
|
||||
{
|
||||
$sgid = $1 if $1 > $sgid;
|
||||
}
|
||||
}
|
||||
close(PH);
|
||||
}
|
||||
}
|
||||
|
||||
# Determine the numeric GID of $webservergroup
|
||||
my $webgroupnum = 0;
|
||||
my $webservergroup = Bugzilla->localconfig->{webservergroup};
|
||||
if ($webservergroup =~ /^(\d+)$/)
|
||||
{
|
||||
$webgroupnum = $1;
|
||||
}
|
||||
else
|
||||
{
|
||||
eval { $webgroupnum = (getgrnam $webservergroup) || 0; };
|
||||
}
|
||||
|
||||
# Check $webservergroup against the server's GID
|
||||
if ($sgid > 0)
|
||||
{
|
||||
if ($webservergroup eq "")
|
||||
{
|
||||
print
|
||||
"WARNING \$webservergroup is set to an empty string.
|
||||
That is a very insecure practice. Please refer to the
|
||||
Bugzilla documentation.\n";
|
||||
}
|
||||
elsif ($webgroupnum == $sgid || Bugzilla->localconfig->{use_suexec})
|
||||
{
|
||||
print "TEST-OK Webserver is running under group id in \$webservergroup.\n";
|
||||
}
|
||||
else
|
||||
{
|
||||
print
|
||||
"TEST-WARNING Webserver is running under group id not matching \$webservergroup.
|
||||
This if the tests below fail, this is probably the problem.
|
||||
Please refer to the web server configuration section of the Bugzilla guide.
|
||||
If you are using virtual hosts or suexec, this warning may not apply.\n";
|
||||
}
|
||||
}
|
||||
elsif (!ON_WINDOWS)
|
||||
{
|
||||
print
|
||||
"TEST-WARNING Failed to find the GID for the 'httpd' process, unable
|
||||
to validate webservergroup.\n";
|
||||
}
|
||||
|
||||
# Try to fetch a static file (padlock.png)
|
||||
$ARGV[0] =~ s/\/$//;
|
||||
my $url = $ARGV[0] . "/images/padlock.png";
|
||||
if (fetch($url))
|
||||
{
|
||||
print "TEST-OK Got padlock picture.\n";
|
||||
print "TEST-OK Got padlock picture. Webserver is serving static files.\n";
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -115,9 +54,47 @@ Check your web server configuration and try again.\n";
|
|||
|
||||
# Try to execute a cgi script
|
||||
my $response = fetch($ARGV[0] . "/testagent.cgi");
|
||||
if ($response =~ /^OK (.*)$/)
|
||||
if ($response =~ /^OK (.*?)\s*group=(\S*)\s*$/)
|
||||
{
|
||||
print "TEST-OK Webserver is executing CGIs via $1.\n";
|
||||
my ($realgroup) = $2;
|
||||
if (!$realgroup)
|
||||
{
|
||||
if (!ON_WINDOWS)
|
||||
{
|
||||
print
|
||||
"TEST-WARNING Failed to find the GID for the 'httpd' process, unable
|
||||
to validate webservergroup.\n";
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
# Determine the name of $webservergroup
|
||||
my $webservergroup = Bugzilla->localconfig->{webservergroup};
|
||||
if ($webservergroup =~ /^\d+$/s)
|
||||
{
|
||||
($webservergroup) = getgrgid $webservergroup;
|
||||
}
|
||||
elsif ($webservergroup eq '')
|
||||
{
|
||||
print
|
||||
"TEST-WARNING \$webservergroup is set to an empty string.
|
||||
That is a very insecure practice. Please refer to the
|
||||
Bugzilla documentation.\n";
|
||||
}
|
||||
if ($realgroup eq $webservergroup)
|
||||
{
|
||||
print "TEST-OK Webserver is running under \$webservergroup ($webservergroup) group.\n";
|
||||
}
|
||||
elsif ($webservergroup ne '')
|
||||
{
|
||||
print
|
||||
"TEST-WARNING Webserver is running under group id not matching \$webservergroup.
|
||||
This if the tests below fail, this is probably the problem.
|
||||
Please refer to the web server configuration section of the Bugzilla guide.
|
||||
If you are using virtual hosts or suexec, this warning may not apply.\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
elsif ($response =~ /^#!/)
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue