Fix testagent.cgi and testserver.pl; determine group by CGI
parent
af626f554e
commit
6eab2522cd
|
@ -16,6 +16,11 @@
|
||||||
# or correct params.
|
# or correct params.
|
||||||
|
|
||||||
use strict;
|
use strict;
|
||||||
print "content-type:text/plain\n\n";
|
use POSIX;
|
||||||
print "OK " . ($::ENV{MOD_PERL} || "mod_cgi") . "\n";
|
|
||||||
|
print "HTTP/1.1 200 OK\n";
|
||||||
|
print "Content-Type: text/plain\n\n";
|
||||||
|
my ($group) = POSIX::getgrgid(POSIX::getegid());
|
||||||
|
$group ||= '';
|
||||||
|
print "OK " . $::ENV{SERVER_SOFTWARE} . " group=$group\n";
|
||||||
exit;
|
exit;
|
||||||
|
|
103
testserver.pl
103
testserver.pl
|
@ -36,73 +36,12 @@ if ((@ARGV != 1) || ($ARGV[0] !~ /^https?:/))
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
# Try to determine the GID used by the web server.
|
|
||||||
my @pscmds = ('ps -eo comm,gid', 'ps -acxo command,gid', 'ps -acxo command,rgid');
|
|
||||||
my $sgid = 0;
|
|
||||||
if (!ON_WINDOWS)
|
|
||||||
{
|
|
||||||
foreach my $pscmd (@pscmds)
|
|
||||||
{
|
|
||||||
open PH, "$pscmd 2>/dev/null |";
|
|
||||||
while (my $line = <PH>)
|
|
||||||
{
|
|
||||||
if ($line =~ /^(?:\S*\/)?(?:httpd|apache)2?\s+(\d+)$/)
|
|
||||||
{
|
|
||||||
$sgid = $1 if $1 > $sgid;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
close(PH);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Determine the numeric GID of $webservergroup
|
|
||||||
my $webgroupnum = 0;
|
|
||||||
my $webservergroup = Bugzilla->localconfig->{webservergroup};
|
|
||||||
if ($webservergroup =~ /^(\d+)$/)
|
|
||||||
{
|
|
||||||
$webgroupnum = $1;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
eval { $webgroupnum = (getgrnam $webservergroup) || 0; };
|
|
||||||
}
|
|
||||||
|
|
||||||
# Check $webservergroup against the server's GID
|
|
||||||
if ($sgid > 0)
|
|
||||||
{
|
|
||||||
if ($webservergroup eq "")
|
|
||||||
{
|
|
||||||
print
|
|
||||||
"WARNING \$webservergroup is set to an empty string.
|
|
||||||
That is a very insecure practice. Please refer to the
|
|
||||||
Bugzilla documentation.\n";
|
|
||||||
}
|
|
||||||
elsif ($webgroupnum == $sgid || Bugzilla->localconfig->{use_suexec})
|
|
||||||
{
|
|
||||||
print "TEST-OK Webserver is running under group id in \$webservergroup.\n";
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
print
|
|
||||||
"TEST-WARNING Webserver is running under group id not matching \$webservergroup.
|
|
||||||
This if the tests below fail, this is probably the problem.
|
|
||||||
Please refer to the web server configuration section of the Bugzilla guide.
|
|
||||||
If you are using virtual hosts or suexec, this warning may not apply.\n";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
elsif (!ON_WINDOWS)
|
|
||||||
{
|
|
||||||
print
|
|
||||||
"TEST-WARNING Failed to find the GID for the 'httpd' process, unable
|
|
||||||
to validate webservergroup.\n";
|
|
||||||
}
|
|
||||||
|
|
||||||
# Try to fetch a static file (padlock.png)
|
# Try to fetch a static file (padlock.png)
|
||||||
$ARGV[0] =~ s/\/$//;
|
$ARGV[0] =~ s/\/$//;
|
||||||
my $url = $ARGV[0] . "/images/padlock.png";
|
my $url = $ARGV[0] . "/images/padlock.png";
|
||||||
if (fetch($url))
|
if (fetch($url))
|
||||||
{
|
{
|
||||||
print "TEST-OK Got padlock picture.\n";
|
print "TEST-OK Got padlock picture. Webserver is serving static files.\n";
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -115,9 +54,47 @@ Check your web server configuration and try again.\n";
|
||||||
|
|
||||||
# Try to execute a cgi script
|
# Try to execute a cgi script
|
||||||
my $response = fetch($ARGV[0] . "/testagent.cgi");
|
my $response = fetch($ARGV[0] . "/testagent.cgi");
|
||||||
if ($response =~ /^OK (.*)$/)
|
if ($response =~ /^OK (.*?)\s*group=(\S*)\s*$/)
|
||||||
{
|
{
|
||||||
print "TEST-OK Webserver is executing CGIs via $1.\n";
|
print "TEST-OK Webserver is executing CGIs via $1.\n";
|
||||||
|
my ($realgroup) = $2;
|
||||||
|
if (!$realgroup)
|
||||||
|
{
|
||||||
|
if (!ON_WINDOWS)
|
||||||
|
{
|
||||||
|
print
|
||||||
|
"TEST-WARNING Failed to find the GID for the 'httpd' process, unable
|
||||||
|
to validate webservergroup.\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
# Determine the name of $webservergroup
|
||||||
|
my $webservergroup = Bugzilla->localconfig->{webservergroup};
|
||||||
|
if ($webservergroup =~ /^\d+$/s)
|
||||||
|
{
|
||||||
|
($webservergroup) = getgrgid $webservergroup;
|
||||||
|
}
|
||||||
|
elsif ($webservergroup eq '')
|
||||||
|
{
|
||||||
|
print
|
||||||
|
"TEST-WARNING \$webservergroup is set to an empty string.
|
||||||
|
That is a very insecure practice. Please refer to the
|
||||||
|
Bugzilla documentation.\n";
|
||||||
|
}
|
||||||
|
if ($realgroup eq $webservergroup)
|
||||||
|
{
|
||||||
|
print "TEST-OK Webserver is running under \$webservergroup ($webservergroup) group.\n";
|
||||||
|
}
|
||||||
|
elsif ($webservergroup ne '')
|
||||||
|
{
|
||||||
|
print
|
||||||
|
"TEST-WARNING Webserver is running under group id not matching \$webservergroup.
|
||||||
|
This if the tests below fail, this is probably the problem.
|
||||||
|
Please refer to the web server configuration section of the Bugzilla guide.
|
||||||
|
If you are using virtual hosts or suexec, this warning may not apply.\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
elsif ($response =~ /^#!/)
|
elsif ($response =~ /^#!/)
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue