From 1a008da2952c77aaea57088aa74a0db0bd0d6940 Mon Sep 17 00:00:00 2001
From: Steve Beattie <sbeattie@ubuntu.com>
Date: Thu, 23 Jan 2014 13:46:17 -0800
Subject: [PATCH] mod_apparmor: fix AADefaultHatName storage

When defining an AADefaultHatName entry, it was being stored in the
passed mconfig location, which is not the module specific server
config, but instead the top level (i.e. no path defined) default
directory/location config. This would be superceded by a more specific
directory config if it applied to the request. Thus, if an AAHatName was
defined that applied, but the named hat was not defined in the apparmor
policy, mod_apparmor would not attempt to fall back to the defined
AADefaultHatName, but instead jump directly to trying the DEFAULT_URI
hat.

This patch fixes it by storing the defined AADefaultHatName correctly in
the module specific storage in the related server data structure. It
also adds a bit of developer debugging statements.

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>


Bug: https://launchpad.net/bugs/1207424
---
 changehat/mod_apparmor/mod_apparmor.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/changehat/mod_apparmor/mod_apparmor.c b/changehat/mod_apparmor/mod_apparmor.c
index 351b64c1f..62246d534 100644
--- a/changehat/mod_apparmor/mod_apparmor.c
+++ b/changehat/mod_apparmor/mod_apparmor.c
@@ -168,6 +168,13 @@ immunix_enter_hat (request_rec *r)
 	    return OK;
     }
 
+    if (scfg) {
+    	ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "Dumping scfg info: "
+    	          "scfg='0x%lx' scfg->hat_name='%s'",
+    		  (unsigned long) scfg, scfg->hat_name);
+    } else {
+    	ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "scfg is null");
+    }
     if (scfg != NULL && scfg->hat_name != NULL) {
         ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "calling change_hat [scfg] %s", scfg->hat_name);
         sd_ret = aa_change_hat(scfg->hat_name, magic_token);
@@ -241,7 +248,8 @@ aa_cmd_ch_srv (cmd_parms * cmd, void * mconfig, const char * parm1)
 {
     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf, "server config change hat %s",
     			parm1 ? parm1 : "DEFAULT");
-    immunix_srv_cfg * scfg = mconfig;
+    immunix_srv_cfg * scfg = (immunix_srv_cfg *)
+	    ap_get_module_config(cmd->server->module_config, &apparmor_module);
     if (parm1 != NULL) {
     	scfg->hat_name = parm1;
     } else {