From 6eab2522cdee9d7a474d531bb3aa9b3478d02b11 Mon Sep 17 00:00:00 2001 From: Vitaliy Filippov Date: Sat, 1 Nov 2014 02:45:45 +0300 Subject: [PATCH] Fix testagent.cgi and testserver.pl; determine group by CGI --- testagent.cgi | 9 ++++- testserver.pl | 103 ++++++++++++++++++++------------------------------ 2 files changed, 47 insertions(+), 65 deletions(-) diff --git a/testagent.cgi b/testagent.cgi index 6b26195e8..96df8da8a 100755 --- a/testagent.cgi +++ b/testagent.cgi @@ -16,6 +16,11 @@ # or correct params. use strict; -print "content-type:text/plain\n\n"; -print "OK " . ($::ENV{MOD_PERL} || "mod_cgi") . "\n"; +use POSIX; + +print "HTTP/1.1 200 OK\n"; +print "Content-Type: text/plain\n\n"; +my ($group) = POSIX::getgrgid(POSIX::getegid()); +$group ||= ''; +print "OK " . $::ENV{SERVER_SOFTWARE} . " group=$group\n"; exit; diff --git a/testserver.pl b/testserver.pl index 47590053e..d1e182d00 100755 --- a/testserver.pl +++ b/testserver.pl @@ -36,73 +36,12 @@ if ((@ARGV != 1) || ($ARGV[0] !~ /^https?:/)) exit(1); } -# Try to determine the GID used by the web server. -my @pscmds = ('ps -eo comm,gid', 'ps -acxo command,gid', 'ps -acxo command,rgid'); -my $sgid = 0; -if (!ON_WINDOWS) -{ - foreach my $pscmd (@pscmds) - { - open PH, "$pscmd 2>/dev/null |"; - while (my $line = ) - { - if ($line =~ /^(?:\S*\/)?(?:httpd|apache)2?\s+(\d+)$/) - { - $sgid = $1 if $1 > $sgid; - } - } - close(PH); - } -} - -# Determine the numeric GID of $webservergroup -my $webgroupnum = 0; -my $webservergroup = Bugzilla->localconfig->{webservergroup}; -if ($webservergroup =~ /^(\d+)$/) -{ - $webgroupnum = $1; -} -else -{ - eval { $webgroupnum = (getgrnam $webservergroup) || 0; }; -} - -# Check $webservergroup against the server's GID -if ($sgid > 0) -{ - if ($webservergroup eq "") - { - print -"WARNING \$webservergroup is set to an empty string. -That is a very insecure practice. Please refer to the -Bugzilla documentation.\n"; - } - elsif ($webgroupnum == $sgid || Bugzilla->localconfig->{use_suexec}) - { - print "TEST-OK Webserver is running under group id in \$webservergroup.\n"; - } - else - { - print -"TEST-WARNING Webserver is running under group id not matching \$webservergroup. -This if the tests below fail, this is probably the problem. -Please refer to the web server configuration section of the Bugzilla guide. -If you are using virtual hosts or suexec, this warning may not apply.\n"; - } -} -elsif (!ON_WINDOWS) -{ - print -"TEST-WARNING Failed to find the GID for the 'httpd' process, unable -to validate webservergroup.\n"; -} - # Try to fetch a static file (padlock.png) $ARGV[0] =~ s/\/$//; my $url = $ARGV[0] . "/images/padlock.png"; if (fetch($url)) { - print "TEST-OK Got padlock picture.\n"; + print "TEST-OK Got padlock picture. Webserver is serving static files.\n"; } else { @@ -115,9 +54,47 @@ Check your web server configuration and try again.\n"; # Try to execute a cgi script my $response = fetch($ARGV[0] . "/testagent.cgi"); -if ($response =~ /^OK (.*)$/) +if ($response =~ /^OK (.*?)\s*group=(\S*)\s*$/) { print "TEST-OK Webserver is executing CGIs via $1.\n"; + my ($realgroup) = $2; + if (!$realgroup) + { + if (!ON_WINDOWS) + { + print +"TEST-WARNING Failed to find the GID for the 'httpd' process, unable +to validate webservergroup.\n"; + } + } + else + { + # Determine the name of $webservergroup + my $webservergroup = Bugzilla->localconfig->{webservergroup}; + if ($webservergroup =~ /^\d+$/s) + { + ($webservergroup) = getgrgid $webservergroup; + } + elsif ($webservergroup eq '') + { + print +"TEST-WARNING \$webservergroup is set to an empty string. +That is a very insecure practice. Please refer to the +Bugzilla documentation.\n"; + } + if ($realgroup eq $webservergroup) + { + print "TEST-OK Webserver is running under \$webservergroup ($webservergroup) group.\n"; + } + elsif ($webservergroup ne '') + { + print +"TEST-WARNING Webserver is running under group id not matching \$webservergroup. +This if the tests below fail, this is probably the problem. +Please refer to the web server configuration section of the Bugzilla guide. +If you are using virtual hosts or suexec, this warning may not apply.\n"; + } + } } elsif ($response =~ /^#!/) {