mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 01:57:43 +00:00
Code Issues Releases Wiki Activity

Changes to work with tomcat5.5: changed apis to the logging framework

Browse Source 
and request pipeline.
This commit is contained in:
Dominic Reynolds 2007-05-21 20:39:41 +00:00
parent 74b2bfae95
commit c7fbd14641
5 changed files with 85 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
changehat/tomcat_apparmor/tomcat_5_5/Makefile
View File

@ -27,11 +27,11 @@ common/Make.rules: $(COMMONDIR)/Make.rules
endif
LIB = lib
CATALINA_HOME = /usr/share/tomcat5
CATALINA_HOME = /usr/share/tomcat55
# By default build 1.4 bytecode
all:
ant -Dtarget=1.4 jar jni_so
ant -Dcatalina_home=${CATALINA_HOME} -Dtarget=1.5 jar jni_so
clean:
ant clean

5
changehat/tomcat_apparmor/tomcat_5_5/build.xml
View File

@ -18,10 +18,10 @@
<include name="**/*.jar"/>
</fileset>
<fileset id="tomcat.jars" dir="/usr/share/tomcat5/server/lib">
<fileset id="tomcat.jars" dir="${catalina_home}/server/lib">
<include name="**/*.jar"/>
</fileset>
<fileset id="servlet.jars" dir="/usr/share/tomcat5/common/lib">
<fileset id="servlet.jars" dir="${catalina_home}/common/lib">
<include name="**/*.jar"/>
</fileset>
@ -54,6 +54,7 @@
<target name="jni_so" depends="compile" description="Build JNI library">
<mkdir dir="${dist}"/>
<exec dir="${jni_src}" executable="/usr/bin/make">
<arg value="LIB=${install_lib}"/>
<arg value="DESTDIR=${dist}"/>
<arg value="VERSION=${version}"/>
<arg value="RELEASE=${release}"/>

143
changehat/tomcat_apparmor/tomcat_5_5/src/com/novell/apparmor/catalina/valves/ChangeHatValve.java
View File

@ -1,11 +1,11 @@
/* ------------------------------------------------------------------
*
* Copyright (C) 2002-2005 Novell/SUSE
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of version 2 of the GNU General Public
* License published by the Free Software Foundation.
*
/* ------------------------------------------------------------------
*
* Copyright (C) 2002-2007 Novell/SUSE
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of version 2 of the GNU General Public
* License published by the Free Software Foundation.
*
* ------------------------------------------------------------------ */
package com.novell.apparmor.catalina.valves;
@ -13,10 +13,7 @@ package com.novell.apparmor.catalina.valves;
import com.novell.apparmor.JNIChangeHat;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import org.apache.catalina.HttpRequest;
import org.apache.catalina.Container;
import org.apache.catalina.HttpResponse;
import org.apache.catalina.valves.ValveBase;
import java.security.SecureRandom;
@ -28,9 +25,9 @@ public final class ChangeHatValve extends ValveBase {
private static String DEFAULT_HAT = "DEFAULT";
private static int SERVLET_PATH_MEDIATION = 0;
private static int URI_MEDIATION = 1;
private int mediationType = ChangeHatValve.SERVLET_PATH_MEDIATION;
/*
*
* Property setter called during the parsing of the server.xml.
@ -53,18 +50,18 @@ public final class ChangeHatValve extends ValveBase {
this.mediationType = ChangeHatValve.SERVLET_PATH_MEDIATION;
}
}
/*
*
* Return an int value representing the currently configured
* <code>mediationType</code> for this instance.
*
*/
int getMediationType() {
public int getMediationType() {
return this.mediationType;
}
/*
*
* Return an instance of <code>SecureRandom</code> creating one if necessary
@ -76,7 +73,7 @@ public final class ChangeHatValve extends ValveBase {
}
return ChangeHatValve.randomNumberGenerator;
}
/*
*
* Call to return a random cookie from the <code>SecureRandom</code> PRNG
@ -85,13 +82,15 @@ public final class ChangeHatValve extends ValveBase {
int getCookie() {
SecureRandom rnd = getRndGen();
if ( rnd == null ) {
this.getContainer().getLogger().log( "[APPARMOR] can't initialize SecureRandom for cookie generation for change_hat() call.", container.getLogger().ERROR);
this.getContainer().getLogger().error(
"[APPARMOR] can't initialize SecureRandom for cookie" +
" generation for change_hat() call.");
return 0;
}
return rnd.nextInt();
}
/*
*
* Call out to AppArmor change_hat(2) to change the security
@ -110,87 +109,71 @@ public final class ChangeHatValve extends ValveBase {
* @exception ServletException if a servlet error has occurred
*
*/
public void invoke( org.apache.catalina.Request request,
org.apache.catalina.Response response,
org.apache.catalina.ValveContext context )
public void invoke( org.apache.catalina.connector.Request request,
org.apache.catalina.connector.Response response )
throws IOException, ServletException {
Container container = this.getContainer();
int cookie, result;
boolean inSubHat = false;
container.getLogger().log(this.getClass().toString() +
"[APPARMOR] Request received [" + request.getInfo()
+ "]", container.getLogger().DEBUG);
if ( !( request instanceof HttpRequest)
|| !(response instanceof HttpResponse) ) {
container.getLogger().log(this.getClass().toString()
+ "[APPARMOR] Non HttpRequest received. Not changing context. "
+ "[" + request.getInfo() + "]", container.getLogger().ERROR);
context.invokeNext(request, response);
return;
}
HttpRequest httpRequest = (HttpRequest) request;
HttpServletRequest servletRequest = (HttpServletRequest)
httpRequest.getRequest();
container.getLogger().debug(this.getClass().toString() +
"[APPARMOR] Request received [" + request.getInfo()
+ "]");
String hatname = ChangeHatValve.DEFAULT_HAT;;
if ( getMediationType() == ChangeHatValve.SERVLET_PATH_MEDIATION ) {
hatname = servletRequest.getServletPath();
hatname = request.getServletPath();
} else if ( getMediationType() == ChangeHatValve.URI_MEDIATION ) {
hatname = servletRequest.getRequestURI();
hatname = request.getRequestURI();
}
/*
* Select the AppArmor container for this request:
*
* 1. try hat name from either URI or ServletPath
*
* 1. try hat name from either URI or ServletPath
* (based on configuration)
*
* 2. try hat name of the defined DEFAULT_HAT
*
*
* 2. try hat name of the defined DEFAULT_HAT
*
* 3. run in the current AppArmor context
*/
cookie = getCookie();
if ( hatname == null || "".equals(hatname) ) {
hatname = ChangeHatValve.DEFAULT_HAT;
}
container.getLogger().log("[APPARMOR] ChangeHat to [" + hatname
+ "] cookie [" + cookie + "]", container.getLogger().DEBUG);
}
container.getLogger().debug("[APPARMOR] ChangeHat to [" + hatname
+ "] cookie [" + cookie + "]");
result = changehat_wrapper.changehat_in(hatname, cookie);
if ( result == JNIChangeHat.EPERM ) {
container.getLogger().log("[APPARMOR] change_hat valve " +
container.getLogger().error("[APPARMOR] change_hat valve " +
"configured but Tomcat process is not confined by an " +
"AppArmor profile.", container.getLogger().ERROR);
context.invokeNext(request, response);
"AppArmor profile.");
getNext().invoke(request, response);
} else {
if ( result == JNIChangeHat.EACCES ) {
changehat_wrapper.changehat_out(cookie);
result = changehat_wrapper.changehat_in(ChangeHatValve.DEFAULT_HAT,
cookie);
if ( result != 0 ) {
changehat_wrapper.changehat_out(cookie);
container.getLogger().log("[APPARMOR] ChangeHat to [" + hatname
+ "] failed. Running in parent context.",
container.getLogger().ERROR);
} else {
inSubHat = true;
}
} else if ( result != 0 ) {
changehat_wrapper.changehat_out(cookie);
container.getLogger().log("[APPARMOR] ChangeHat to [" + hatname
+ "] failed. Running in parent context.",
container.getLogger().ERROR);
} else {
inSubHat = true;
}
context.invokeNext(request, response);
if ( inSubHat ) changehat_wrapper.changehat_out(cookie);
changehat_wrapper.changehat_out(cookie);
result = changehat_wrapper.changehat_in(ChangeHatValve.DEFAULT_HAT,
cookie);
if ( result != 0 ) {
changehat_wrapper.changehat_out(cookie);
container.getLogger().error("[APPARMOR] ChangeHat to [" + hatname
+ "] failed. Running in parent context.");
} else {
inSubHat = true;
}
} else if ( result != 0 ) {
changehat_wrapper.changehat_out(cookie);
container.getLogger().error("[APPARMOR] ChangeHat to [" + hatname
+ "] failed. Running in parent context.");
} else {
inSubHat = true;
}
getNext().invoke(request, response);
if ( inSubHat ) changehat_wrapper.changehat_out(cookie);
}
}
}

24
changehat/tomcat_apparmor/tomcat_5_5/src/jni_src/Makefile
View File

@ -1,15 +1,15 @@
INCLUDE=/usr/lib/jvm/java/include
TOP=../..
CLASSPATH=${TOP}/build
CFLAGS=-g -O2 -Wall -Wstrict-prototypes -Wl,-soname,$@.${SO_VERS} -pipe -fpic -D_REENTRANT
INCLUDES=-I$(INCLUDE) -I$(INCLUDE)/linux
CLASSFILE=${CLASSPATH}/com/novell/apparmor/${JAVA_CLASSNAME}.class
DESTDIR=${TOP}/dist
SO_VERS = 1
LIB = lib/
LIBDIR = /usr/${LIB}
JAVA_CLASSNAME=JNIChangeHat
TARGET=lib${JAVA_CLASSNAME}
TOP = ../..
CLASSPATH = ${TOP}/build
LIB = lib/
LIBDIR = /usr/${LIB}
INCLUDE = ${LIBDIR}/jvm/java/include
CFLAGS = -g -O2 -Wall -Wstrict-prototypes -Wl,-soname,$@.${SO_VERS} -pipe -fpic -D_REENTRANT
INCLUDES = -I$(INCLUDE) -I$(INCLUDE)/linux
CLASSFILE = ${CLASSPATH}/com/novell/apparmor/${JAVA_CLASSNAME}.class
DESTDIR = ${TOP}/dist
SO_VERS = 1
JAVA_CLASSNAME = JNIChangeHat
TARGET = lib${JAVA_CLASSNAME}
all: ${TARGET}.so

9
changehat/tomcat_apparmor/tomcat_5_5/tomcat_apparmor.spec.in
View File

@ -23,7 +23,7 @@
%endif
%if %{distro} == "suse"
%define CATALINA_HOME /usr/share/tomcat5
%define CATALINA_HOME /usr/share/tomcat55
%endif
%define APPARMOR_DOC_DIR /usr/share/doc/packages/apparmor-docs/
%define JNI_SO libJNIChangeHat.so
@ -39,9 +39,8 @@ Source0: %{name}-%{version}-@@repo_version@@.tar.gz
License: LGPL
BuildRoot: %{?_tmppath:}%{!?_tmppath:/var/tmp}/%{name}-%{version}-build
Url: http://developer.novell.com/wiki/index.php/Novell_AppArmor
Prereq: tomcat5, servletapi5, libapparmor
BuildRequires: tomcat5, servletapi5 ant, java, libapparmor, java2-devel-packages, apparmor-docs
Provides: tomcat_apparmor
Prereq: tomcat55, servletapi5, libapparmor
BuildRequires: tomcat55, servletapi5, ant, java, libapparmor, java2-devel-packages, apparmor-docs
%description
tomcat_apparmor - is a plugin for Apache Tomcat version 5.x that provides
@ -57,7 +56,7 @@ URL processing or per servlet.
%build
[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT}
ant -Ddist=${RPM_BUILD_DIR}/%{name}-%{version} -Dtarget=1.4 jar jni_so
ant -Dinstall_lib=%{_lib} -Dcatalina_home=%{CATALINA_HOME} -Ddist=${RPM_BUILD_DIR}/%{name}-%{version} -Dtarget=1.4 jar jni_so
%install
ant -Ddist=${RPM_BUILD_DIR}/%{name}-%{version} -Dversion=%{version} -Drelease=%{release} -Dcatalina_home=%{CATALINA_HOME} -Dinstall_root=${RPM_BUILD_ROOT} -Dinstall_lib=%{_lib} install_jar install_jni